JP2002215029A - Information authentication device and digital camera using the same - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information authentication device and a digital camera using the device, which are suitable to enhance the probative capacity as an evidence of data by securing objectivity of data. SOLUTION: A digital camera 100 is comprised of an image pickup part 10 and a tamperproof device 24 as an information authentication device. The tamperproof device 24 has a first time information generator 26 incapable of time correction, a second time information generator 28 capable of time correction, and a position measuring instrument 30. When digital picture data is inputted from the image pickup part 10, not only individual hash values of owner information and position information but also a synthetic hash value Himage(i) about digital picture data, individual hash values, and time information is calculated, and a digital signature Simage is calculated and is stored, and log information of time information and position information is stored.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information authentication apparatus for authenticating data and a digital camera using the same, and more particularly, to improving the proof power as evidence of data by securing the objectivity of data. And a digital camera using the same.

[0002]

2. Description of the Related Art In recent years, in the United States and other countries, digital images taken with a digital camera as well as photographs taken with a normal camera have been recognized as evidence of a trial. However, digital data such as digital images are generally relatively easy to falsify, and there is a problem that the proof of evidence is insufficient.

Conventionally, there is a vehicle control event data authentication apparatus disclosed in Japanese Patent Application Laid-Open No. H11-115831, for example, as a technique related to a technique for improving proof power as evidence of digital data. This records a control event, such as a series of driving operations performed by the driver before, during or after the occurrence of the vehicle accident, and is coupled to receive the control event information, and is connected to the first time-out. A microcontroller for adding the stamp and the vehicle identification number VIN to the control event information to provide first information, and outputting the first information to the memory in a time overlap manner; and a microcontroller and a microprocessor,
A memory for storing the first information and the second information in a time overlapping manner, coupled to the memory and the plurality of transducers to determine whether received collision data is different from previous collision data; And a microprocessor that generates the second information by adding the second time stamp and the VIN to the received collision data.

[0004]

However, in the above-described conventional vehicle control event data authentication device, a time stamp is generated based on a value obtained from an internal timer and added to control event information. , The value of the internal timer may be changed by the user, or the value of the internal timer may be shifted due to aging, etc., and the proof power as evidence of the control event information is insufficient. There was a problem.

[0005] Also, the control event information recorded by the microcontroller is "signed" by the microcontroller, that is, to ensure that the recorded control event information was generated during operation of a particular vehicle. For this reason, a time stamp and a predetermined identification value are included, but since this “signature” is internally generated and added independently, it lacks objectivity and is also used as evidence. Proof is insufficient.

In addition, a personal ID and a vehicle identification number VI
Since N is stored in the memory as it is, it may be falsified by the user, which also has insufficient proof as evidence. On the other hand, the need to improve the proof power as evidence of data is not limited to justice, but can be considered in the following cases.

For example, when performing an examination at a hospital or the like, it is conceivable to record data that proves when and where the examination was performed. Such data is important data for the patient. Therefore, it is desirable that anyone has no falsification and has objectivity. Therefore, in this case, it is necessary to improve the proof power as evidence of the data.

[0008] For example, when a package is delivered by a courier service or the like, it is conceivable to record data for certifying when and by what route and when the package was delivered. Since the data is necessary when the package is lost or damaged in the process, it is desired that the data is not altered by anyone and has objectivity. Therefore, in this case, it is necessary to improve the proof power as evidence of the data.

[0009] In other cases, when a photograph of an accident site or a scoop photo of an entertainer is taken, the photographer, the date of photography or the location of the photograph is proved, the survey data is recorded by an academic survey or the like, the telephone or fax. For example, when an order for a product or service is received, when the order content is specified with the other party, when composing music, etc., the date when the copyright is generated is proved.

Accordingly, the present invention has been made in view of such unresolved problems of the prior art, and has been made to improve the proof power as evidence of data by securing the objectivity of data. An object of the present invention is to provide an information authentication device suitable for improvement and a digital camera using the same.

[0011]

According to a first aspect of the present invention, there is provided an information authentication apparatus for performing data authentication, comprising: data input means for inputting data; A plurality of pieces of authentication information for authenticating that data has been input by the data input unit are generated, and individual authentication codes are calculated by individually performing authentication code calculation processing on authentication information selected from the authentication information, and at least An authentication identifier calculating means for calculating a total authentication identifier for the calculated individual authentication identifier and the input data, and an authentication information storage means for storing the individual authentication identifier and the total authentication identification identifier calculated by the authentication identifier calculating means.

According to the first aspect of the present invention, when data is input by the data input means, the authentication identifier calculating means:
Generate authentication information such as time information, position information, owner information, etc., and individually perform authentication code calculation processing on the authentication information selected from the authentication information, for example, position information, owner information, etc., and perform individual authentication such as a hash value. An identifier is calculated, a total authentication identifier is calculated for the calculated individual authentication identifier and the input data, and this is stored in the authentication information storage means. Here, the authentication information storage means may be built in the information authentication device, or may use an external storage device.

According to a second aspect of the present invention, there is provided an information authentication apparatus for performing data authentication, comprising: a data input means for inputting data; and an authentication means for inputting data by the data input means. Authentication identifier calculating means for generating a plurality of pieces of authentication information for performing authentication, calculating a total authentication identifier by including the previous authentication information in the authentication information and the input data, and an individual authentication identifier calculated by the authentication identifier calculating means. And an authentication information storage means for storing a comprehensive authentication identifier.

According to the second aspect of the present invention, the authentication identifier calculating means generates the total authentication identifier by including the previous total authentication identifier in the authentication information and the input data. Therefore, by forming a chain of the authentication identifier, The function of preventing tampering of input data can be further improved. Furthermore, the information authentication device according to claim 3 of the present invention, in the invention according to claim 1 or 2, further includes an electronic signature generation unit that obtains an electronic signature based on the comprehensive identifier calculated by the authentication identifier calculation unit. The authentication information storage means is configured to store the authentication identifier calculated by the authentication identifier calculation means and the electronic signature created by the electronic signature creation means.

According to the third aspect of the present invention, since the digital signature creation means obtains the digital signature based on the comprehensive authentication identifier calculated by the authentication identifier calculation means, the input data and the information authentication device can be identified by verifying the digital signature. Becomes possible. Furthermore, in the information authentication device according to claim 4 of the present invention, in the invention according to any one of claims 1 to 3, the electronic signature generation unit is configured to perform the operation based on the total authentication identifier calculated by the authentication identifier calculation unit. An individual electronic signature generating means for obtaining an electronic signature, and an authentication identifier calculating process by repeatedly performing an authentication identifier calculating process for each predetermined number of individual electronic signatures for a plurality of input data generated by the individual electronic signature generating means, thereby obtaining a total authentication identifier by an authentication identifier tree. And a total electronic signature generating means for obtaining an electronic signature for the total authentication identifier calculated by the general authentication identifier calculating means.

In the invention according to claim 4, when the individual digital signature generating means individually generates a digital signature for a plurality of input data, the plurality of digital signatures are grouped by a predetermined number to calculate an authentication identifier. By repeating the process, a total authentication identifier based on the authentication identifier tree is calculated,
Since the integrated electronic signature is obtained by the integrated electronic signature generation means for the calculated integrated authentication identifier, the integrated electronic signature is transmitted to, for example, a time stamp generating organization to obtain the time stamp, thereby obtaining the time stamp for a plurality of input data simultaneously. be able to.

Further, the information authentication apparatus according to claim 5 of the present invention is the information authentication apparatus according to claim 3 or 4, wherein the transmitting means for transmitting the electronic signature generated by the electronic signature generating means to a time stamp generating organization. It is characterized by having. In the invention according to claim 5, the transmitting means includes:
Since the digital signature generated by the digital signature generating means is transmitted to the certificate authority, the input data can be authenticated reliably.

According to a sixth aspect of the present invention, in the information authentication apparatus according to any one of the first to fifth aspects, the authentication identifier calculating means includes a hash value calculated by performing a hash function process on the authentication information. Is set as an authentication identifier. In the invention according to claim 6, since the hash value is calculated by performing the hash function processing on the authentication information, falsification can be easily detected, and the entirety including the authentication information and the input data can be detected. The reliability as evidence can be ensured only by obtaining a time stamp for the total hash value calculated by performing the hash function processing.

Further, an information authentication device according to claim 7 of the present invention is the information authentication device according to any one of claims 1 to 6,
The authentication identifier calculating means includes a first time information generating means that cannot be changed by a user and a second time information generating means that can be changed by a user, and generates first and second time information. The time information generated by the means is set as authentication information.

In the invention according to claim 7, the time information is separately generated by the first time information generating means which cannot be changed by the user and the second time information generating means which can be changed by the user. This makes it possible to detect artificial alteration of the time from the time difference between the two. Here, as the time information generating means, in addition to the means for generating time information, a stopwatch mechanism for starting time counting from the use start time can also be applied. By remembering the time,
Time conversion can be performed.

Further, the information authentication apparatus according to claim 8 of the present invention is the information authentication apparatus according to any one of claims 1 to 7,
The authentication identifier calculating means has a position measuring means for measuring a current position, and generates position information for specifying a point at which data is input by the data input means, based on the position measured by the position measuring means. In addition, the apparatus is characterized in that the generated position information is processed by a hash function to calculate a hash value.

According to the eighth aspect of the present invention, since the current position information measured by the current position measuring means such as the global positioning system (GPS) can be included in the authentication information, the input position of the input data can be accurately determined. Can be identified. According to a ninth aspect of the present invention, in the information authentication device according to any one of the first to sixth aspects, the authentication identifier calculating means includes a time information generating means for generating time information and a current position measuring means. It is characterized in that it has a position measuring means for storing the time information and the current position information as log information so that the input order of the input data and the input of the input data in the authentication device can be confirmed. .

According to the ninth aspect of the present invention, by storing the time information and the log information of the current position information, the input order of the input data and the input of the input data in the information authentication device can be confirmed. Falsification of data or authentication information can be detected. Still further, according to a tenth aspect of the present invention, in the information authentication apparatus according to any one of the first to ninth aspects, the authentication identifier calculating means has an owner information input means for generating owner information. The present invention is characterized in that a hash value is calculated by performing a hash function process on the owner information input by the owner information input means, and the hash value is added to the input data as authentication information.

According to the tenth aspect of the present invention, the owner information input means inputs the owner name and owner information such as a memo such as photographing data when the input data is digital image data. Since the hash value is calculated by performing the hash function processing on the information, it is possible to specify information on the input data at the time of verification. Further, claim 1 according to the present invention.
1. The information authentication device according to claim 1, wherein the authentication identifier calculation unit is connected to a first storage unit having a physical copy protection mechanism, and the first storage unit is connected to the first storage unit. A tamper-resistant device having an arithmetic processing means for performing a hash function arithmetic processing, storing the input data in a second storage means having no physical copy protection function, and storing the input data in a second storage When storing in the means,
By supplying the input data to the arithmetic processing means of the tamper-resistant device, a hash value is calculated together with the authentication information,
It is characterized in that the calculated hash value is stored in the first storage means.

In the invention according to claim 11, the hash value of the authentication information is calculated by the tamper-resistant device, and the total hash value for all of the calculated hash value, other authentication information, and the input data is calculated and calculated. Hash value,
The first having the physical copy protection function for the total hash value
By storing the input data in the second storage unit having no physical copy protection function,
The hash value stored in the tamper-resistant device is constant irrespective of the size of the input data, and the storage capacity of the first storage unit can be suppressed.

Further, in the information authentication apparatus according to claim 12 of the present invention, in the invention according to claim 11, the tamper-resistant apparatus stores time information as log information in the first storage means. It is characterized by being. According to the twelfth aspect of the present invention, the time information is stored in the first storage device as the log information, so that the input order of the input data can be specified from the log information. Time information that is correct and time information that cannot be corrected by the user or time information that can be corrected by the user and the global positioning system (GP)
By using the two pieces of the time information of S), the falsification of the time information is more reliably prevented.

Further, according to a thirteenth aspect of the present invention, in the information authentication apparatus according to the eleventh aspect, the tamper-resistant device includes a first storage unit that stores time information and position information as log information. Is stored. According to the thirteenth aspect, the time information and the position information are stored as log information in the first storage means, so that the input order of the input data can be more reliably specified from the log information.

Further, in the information authentication apparatus according to the present invention, the tamper-resistant apparatus may log the time information, the position information and the hash value of the previous entry. It is characterized in that the information is stored in the first storage means as information. In the invention according to claim 14, claims 12 and 1
In addition to the effect of (3), the hash value of the previous entry is also stored as log information, so that a hash chain based on the log information entry can be formed. Can be guaranteed, and at the time of verification, the continuity of entries is also verified. Therefore, it is possible to prevent an unauthorized entry from being hidden.

According to a fifteenth aspect of the present invention, in the information authentication apparatus according to any one of the eleventh to fourteenth aspects, the tamper-resistant device has a limited storage capacity of the first storage device. In this case, the information to be stored is digitally signed and output to the outside. In the invention according to claim 15, when the storage capacity of the first storage device provided in the tamper-resistant device is limited, log information other than the electronic signature and the time stamp,
By applying a digital signature to information to be stored such as a hash value and outputting the digital signature to the outside, it is possible to prove that the information is correct generated in the tamper-resistant device.

Further, a digital camera using the information authentication device according to claim 16 of the present invention has a configuration provided with the information authentication device according to any one of claims 1 to 15 using digital photograph data as input data. . As described above, by providing the information authentication device in the digital camera, it is possible to significantly improve the evidential ability of the photographed digital image information.

[0031]

Embodiments of the present invention will be described below with reference to the drawings. FIGS. 1 to 5 are diagrams showing an embodiment in which the information authentication device according to the present invention is applied to a digital camera. First, the configuration of an information authentication system to which an information authentication device and a certificate authority according to the present invention are applied will be described with reference to FIG. FIG. 1 is a block diagram showing the configuration of the information authentication system.

As shown in FIG. 1, this information authentication system includes a digital camera 100 constituting an information authentication apparatus, a time stamp generating institution 200 for certifying that digital data was present at a specific time, and a digital camera 100. In addition to registering a public key corresponding to a secret key when performing an electronic signature in the above, communication is possible with a public key authentication organization 300 that issues an electronic signature to the public key via a network.

The digital camera 100 normally has, for example, a time stamp generating organization 200 and a public key authentication organization 3
It is configured so that it is not connected to 00 and is connected to the time stamp generating institution 200 only when obtaining a time stamp, and is similarly connected to the authentication institution 300 only when registering a public key. To facilitate understanding of the invention,
Although only one digital camera 100 is shown, in practice, a plurality of different digital cameras can communicate with the time stamp generating organization 200 and the public key authentication organization 300.

The digital camera 100 includes an image pickup section 10 as data input means for outputting image data picked up by an image pickup element such as a CCD element as digital image data, and user name, photographing condition (shutter speed, aperture, etc.) data. A personal information input device 12 for inputting personal information such as a note and a memo, a personal information storage device 14 for storing the input personal information,
A device information storage device 16 that stores device information that is information unique to the digital camera 100, and a communication device 18 that communicates with the time stamp generating organization 200 via a network.
A data storage device 20 for storing digital image data, an output terminal 22 for outputting digital data to the outside, and a device for authenticating that digital data has been captured by the digital camera 10. A tamper-resistant device 24 configured as, for example, an IC card having a built-in power supply as an authentication identifier calculation unit for calculating an authentication identifier is provided.

The personal information input device 12 has an input key, an ID assigned to each user who uses the digital camera 100, personal identification information such as a password or a fingerprint corresponding to the ID, and a personal computer. It is configured to allow input of owner information such as shooting conditions and memos.
The personal information storage device 14 stores encrypted personal information obtained by encrypting an ID assigned to each user who uses the digital camera 100 and a password corresponding to the ID. Here, the ID and the password are, for example, encrypted with a secret key of the digital camera.

The device information storage device 16 stores encrypted device information obtained by encrypting device information (for example, a device unique number) which is information unique to the digital camera 100. Here, the device information is, for example, encrypted with a secret key of a digital camera. The communication device 18
Using short-range wireless communication terminals, mobile phones, PHS, etc.,
The base station located closest to the current location is specified, connected to a network via a general public network by radio, and digital data is transmitted to the time stamp generating organization 200 via the network.

Next, the configuration of the tamper-resistant device 24 will be described in detail. The tamper-resistant device 24 is provided with a first time information generating device 26 as first time information generating means that is unable to adjust the time by an owner who measures time and generates time information; A second time information generating device 28 as second time information generating means capable of adjusting the time by the owner generating the position, a position measuring device 30 as position measuring means for measuring the position, and measuring the surrounding environmental state to a plurality of sensors S ₁ to S _n, the user authentication device 32 by collating the personal information of the personal information and the personal information storage unit 14 entered in the personal information input device 12 performs authentication of the user, the use When the authorized user is authenticated by the user authentication device 32, the imaging unit 10, the personal information storage device 14, the device information storage device 16, the first time information generation device 26, and the second time information generation Device 28 and position measurement Is constituted by the information processing apparatus 34 that processes input data input from the location 30.

Here, the tamper-resistant device 24 is disposed in an airtight package in which an inert gas is sealed. When the package is opened, the inert gas is scattered, and the inside of the storage device is oxidized and the stored contents are lost. It is preferable that the storage information be read out or the storage content cannot be read from the viewpoint of preventing the falsification of the storage information. The position measurement device 30 is configured by a global positioning system (GPS) that receives a radio wave from a satellite and measures the current position, and outputs latitude information N and longitude information W and satellite time information T to the information processing device 34. I do.

The sensors S _{1 to} S _n measure, for example, ambient temperature, humidity, atmospheric pressure, gas concentration, wind speed, altitude, sound volume, or light amount as ambient environmental conditions. Known sensors can be used as sensors for measuring these physical quantities. When there is a user authentication request from the information processing device 34, the user authentication device 32 inputs the ID and the personal identification information with the personal information input device 12 and transmits the encrypted personal information from the personal information storage device 14. It is configured to read out and decode this, and determine whether or not the input ID and personal identification information matches the decrypted ID and personal identification information. As a result of the determination, if it is determined that they match, the user authentication data indicating that the user is a valid user is output to the information processing device 34,
If it is determined that they do not match, the user authentication data indicating that the user is an unauthorized user is sent to the information processing device 34.
Output to

Next, the configuration of the information processing apparatus 34 will be described with reference to FIG. FIG. 2 is a block diagram illustrating a configuration of the information processing device 34. As shown in FIG. 2, the information processing device 34 includes digital image data input from the imaging unit 10, owner information stored in the personal information storage device 14, and device information stored in the device information storage device 16. ,
A control processing unit 36 to which the time information generated by the first time information generating device 26 and the second time information generating device 28, the time information output from the position measuring device 30, and the latitude / longitude information are input; An arithmetic processing unit 38 that performs a hash function process as an authentication code calculation process on the information input to the control processing unit 36 to calculate a hash value as an authentication identifier.
And the calculation result of the calculation processing unit 38,
The storage device 40 stores a secret key necessary for a digital signature and a public key corresponding to the secret key, and further has a physical copy protection mechanism that stores an arithmetic processing program to be executed by the arithmetic processing unit 38.

Then, the arithmetic processing section 38 executes an authentication identifier arithmetic processing shown in FIG. This authentication identifier calculation process is started when a shooting mode for capturing an image of a subject with the digital camera 100 is set. First, in step S1, a user authentication request is output to the user authentication device 32. Next, the process proceeds to step S2, where it is determined whether or not the user authentication data input from the user authentication device 32 indicates that the user is a valid user. Then, the power of the digital camera 100 is forcibly shut off, and the process is terminated. If the user is a valid user, the process proceeds to step S4.

In step S4, it is determined whether or not digital image data has been input from the imaging unit 10 via the control processing unit 36. If digital image data has not been input, the process waits until the digital image data is input. When the image data is input, the process proceeds to step S5.
In this step S5, the input digital image data is encrypted or signed if necessary and stored in the data storage unit 20, and then the process proceeds to step S6, where the user name UN and the memo of the photographing data are recorded. After reading the owner information composed of the MMs and encrypting them or storing them with a digital signature in the data storage device 20 as necessary, the process proceeds to step S7.

In this step S7, the user name UN and
The additional information MM such as shooting conditions and memos is converted to a predetermined hash function.
To the hash value H_P1(= H
(UN, MM)), and then goes to step S8.
Hash value H calculated_P1Is stored in the storage device 40
To step S9. In this step S9,
Latitude information N and longitude information measured by the position measurement device 30
W and read them into the data storage device 20 as needed.
And store it with an electronic signature.
The process proceeds to step S10, where the latitude information N and the longitude information W are predetermined.
Hash function processing to assign to the hash function of
Hash value H of _P2(= H (N, W)) and then
Proceeding to step S11, the calculated hash value H_P2To
The process proceeds to step S12 after being stored in the storage device 40.
You.

In this step S12, the first time information
Generator 26, second time information generator 28, position measurement
Each time information t, t ', T of the device 30 and the environment sensor S₁
~ S _nRead the environmental state information E detected in
Encrypt the environmental status information E if necessary or use a digital signature
Name and store it in the data storage device 20, and then
The process proceeds to step S13, where the hash value H_P1, H_P2, Time information
t, t ', T, environmental state information E and previous total hash
Value H_imageDigital image data using (i-1) as authentication information
Digital image data with authentication information added to I
A hash function that substitutes I for a given hash function
C to be processed and represented by the following equation (1) as a general identifier
Hash value H that composes the hash chain_image(i)
Is calculated, and then the process proceeds to step S14, where the total
Shu value H_imageAfter storing (i) in the storage device 40,
The process proceeds to Step S15. Here, the authentication information is
In order to add the authentication information to the digital image data I,
Add to digital image data I as briminal information
You. H_image(i) = h [H_P1, H_P2, I, t, t ', T, E, H_image(i-1)] (1) In step S15, device information is stored in the device information storage device 16.
Report ID_cameraIs read, and then the process proceeds to step S16.
And the total hash value H_image(i) and device information ID
_cameraTo the secret key stored in the storage device 40.
Use digital signature S_image(= SIG_tr(H_image
(i), ID_camera), Tr: Tamper-resistant device)
Then, the process proceeds to step S17, and the created digital signature
Name S_imageIs stored in the storage device 40, and then Step S1
Move to 8.

In this step S18, the aforementioned step S
In step S9, the time information t generated by the first time information generating device 26, the time information t 'generated by the second time information generating device 28, and the time information T of the position measuring device 30 read in step 12 are read. After the read latitude information N and longitude information W are stored in the log information storage area of the storage device 40 as log information, the process proceeds to step S19.

In this step S19, it is determined whether or not a time stamp is requested to the time stamp generating organization 200. If no time stamp is requested, the process jumps to step S23 described later, and if a time stamp is requested, step S20 is performed. To step S1
7 through digital signatures S _image communication device 18 that stores the transition from sending to the time stamp generating agencies 200 to step S21 in.

In this step S21, the time stamp
Time stamp SIG from the generating organization 200_TSA(S
_image, T_T) Is received, and the time
Wait until it receives this when it is not
When the time stamp is received, the process proceeds to step S22.
To the received timestamp SIG_TSA(S
_{imag e}, T_T) Is stored in the storage device 40 and then the step
The flow shifts to S23, where the shooting mode of the digital camera ends.
To determine whether the shooting mode has been
Returns to step S1 and ends the shooting mode.
Ends the authentication identifier calculation processing.

In the process shown in FIG.
The processing in S23 corresponds to the authentication identifier calculating means, of which the processing in step S16 corresponds to the electronic signature generating means, and the processing in steps S19 and S20 and the transmitting device 18 correspond to the transmitting means. In addition, when there is a digital image data output request, the arithmetic processing unit 38 outputs the digital image data stored in the data storage device 20 and the hash value H _P1 stored in the storage device 40 of the information processing device 34. , H _P2 or the data on which they are derived, time information t, t ', T, environment information E, total hash value H
_image (i), digital signature S _image , time stamp S
IG _TSA (H _image (i), T _T ) is output to the output terminal 22.

Next, returning to FIG.
The configuration of the seki 200 will be described. Timestamp generator 2
00 is connected to the digital camera 100 as shown in FIG.
Communication device 50 that communicates over the network
Time information T_TA time information generating device 52 for generating
Digital signature S from digital camera 100 at device 50
_imageIs received, the time information T at the time of reception is received._T
Is acquired from the time information generating device 52, and the digital signature S
_imageAnd time information T_TTime stamp generator
Digital signature SIG using private key of Seki 200
_TSA(S_image, T _T) As timestamp
And the generated time stamp SIG_TSA(S_{im age}, T
_T) In the own device information device ID_cameraThe
Register as DEX. Or a pair in a hash chain
And periodically update the value of the hash chain
Publish in newspapers. And the time stamp SIG_TSA
(S_{imag e}, T_T) To the digital camera 100
You.

Here, the data communication between the digital camera 100 and the time stamp generating organization 200 uses a public key encryption method to encrypt transmission data with individual secret keys and transmit the data. It is preferable to use the public key to decrypt the received data. Next, the operation of the above embodiment will be described.

When the digital camera 100 is sold, the tamper-resistant device 24 and a public key for signature verification are sold as a set. The owner who purchased the digital camera 100
When capturing digital image data that requires evidential ability, the tamper-resistant device 24 is attached to the digital camera 100 to capture an image of a subject. In order to capture a digital image with the digital camera 100 equipped with the tamper-resistant device 24, the user first turns on the digital camera 100 and inputs the ID and personal identification information to the personal information input device 12.
Enter from.

Here, assuming that the user has input valid ID and personal identification information, the tamper-resistant device 24 uses the user authentication device 32 to transmit the personal information storage device 14.
From which encrypted personal information is read and decrypted,
Since the ID and the personal identification information input from the personal information input device 12 and the decrypted ID and the personal identification information match, the user authentication data indicating that the user is valid is transmitted to the information processing device 34. Is output to In the information processing device 34, when the user authentication data indicating that the user is a valid user is input, the user is authenticated as a valid user through steps S1 and S2, and the imaging unit 10 captures a digital image. It is possible.

In this state, when the user captures a digital image with the imaging unit 10, the information processing device 34
Since digital image data is input from 0, the digital image data is stored in the data storage device 20 (step S).
5) Then, the owner information such as the user name UN and the memo MM such as the photographing condition input by the personal information input device 12 is stored in the data storage device 20 by encrypting or adding a digital signature to the data. The user information is substituted into a predetermined hash function to calculate a hash value H _P1 (step S7), and the calculated hash value H _P1 is stored in the storage device 40 (step S8).

Next, the latitude information N and the longitude information W representing the current position measured by the position measuring device 30 are read (step S9), and the read latitude information N and the longitude information W are substituted into a predetermined hash function. The hash value H _P2 is calculated (step S10), and the calculated hash value H _P2 is stored in the storage device 40 (step S11). Then, the first time information generator 26, the second time information generating apparatus 28 and the position measuring device 30 from the time information t, together with read-free t 'and T, for example, measured by the sensor S ₁ to S _n, ambient Is read, and at least the environment information E is encrypted or stored in the data storage device 20 with a digital signature (step S12). ), Hash values H _P1 , H _P2 , time information t, t ′,
T, the total hash value H _image of environmental status information E and the last time
By adding (i-1) and substituting it into a predetermined hash function, a total hash value H _image (i) is calculated (step S
13) The calculated total hash value H _image (i) is stored in the storage device 40 (step S14).

As described above, the total hash value H _image (i)
Is calculated, a hash value is calculated by adding the total hash value H _image (i-1) calculated at the time of capturing the previous digital image, so that the imaging unit 1 of the digital camera 100 is obtained.
Since a hash chain is formed according to the imaging order of digital image data captured at 0, a time stamp is requested to the time stamp generating organization 200 at the time of capturing the desired digital image data, as described later. It becomes impossible to replace previous digital image data with other digital image data.

Further, regarding the owner information and the photographing position information,
Hash value H_P1And H_P2To calculate
The hash value H when verifying the digital signature._P1And H
_P2Information can be disclosed individually for each, that is, both information is disclosed
If not, hash value H _P1Or H_P2Only publish
To disclose either owner information or shooting location information
In that case, one of the owner information and the shooting location information is disclosed,
Publish the other as a hash value. Here, the owner information
If the shooting conditions are to be disclosed individually,
Calculate hash values for each and store them
Is desirable.

Next, a digital signature S _image is generated using the secret key stored in the storage device 40 for the total hash value H _image (i) and the device information ID _camera (step S16), and the generated digital signature is generated. The S _image is stored in the storage device 40 (Step S17). afterwards,
Time information t generated by the first time information generation device 26;
Time information t 'generated by the second time information generating device 28
And time information T of the position measuring device 30 and the position measuring device 3
The latitude information N and the longitude information W measured at 0 are stored in the storage device 40 as log information.

Therefore, even in a situation where there is no interaction with the outside based on the log information stored in the storage device 40, the time information can be relied on as long as tamper resistance can be guaranteed. That is, since the first time generation device 26 is configured so as not to be corrected by the user, even if the time accuracy is poor, it is possible to estimate the delay time or the advance time with respect to the accurate time after the fact to some extent, Based on the time information t generated by the first time generating device 28, it becomes possible to discover an artificial time operation in a court or the like.

Thereafter, it is determined whether or not a time stamp request is made in step S19. If the time stamp request is not made, the flow directly proceeds to step S23 to determine whether or not the shooting mode has been terminated. Is continued, the process returns to the step S4, and when the photographing mode is ended, the authentication identifier calculating process is ended. On the other hand, if the determination result in step S19 indicates that a time stamp request is made, the device information ID _camera stored in the storage device 40 and the current digital signature S _image are encrypted in the storage device 40 of the tamper-resistant device 24. A transmission packet in which the encrypted digital signature S _image is encrypted using the stored secret key, and the encrypted digital signature S _image has the transmission source address as the unique address of the digital camera 100 and the transmission destination address as the address of the time stamp generating organization 200. To the time stamp generating organization 200 via the communication device 18.

In the time stamp generating organization 200, the encrypted device information ID _camera and digital signature S _image
Is received, the transmission source is specified from the transmission source address, it is determined whether or not the digital camera 100 is registered. If the digital camera 100 is registered, the public key of the digital camera 100 is selected. and, using the selected public key, decrypts the device information ID _camera and a digital signature S _image, whether apparatus information ID _camera matches the device information ID _camera stored in the device information storage device 54 judgment, when they match, the digital signature S _image and the time information T _T generated by the time information generating device 56 using the private key of the time stamp generating agencies 200 digital signature SIG _TSA (S _image, T _T) to generate a time stamp, its database generated timestamp SIG _TSA (S _image, a T _T) the device information ID _camera as an index And registers to scan, through the communication device 50 to the digital camera 100.

In the digital camera 100, a time stamp
Time stamp SIG from the_TSA(S
_image, T_T) Is received, the tamper-resistant device 2
4 in the storage device 40 of the information processing device 34
You. In this manner, the data recording of the digital camera 100 is performed.
The digital image data captured in the storage device 20 is sequentially stored.
As well as individual hatches corresponding to each digital image data.
Shu value H_P1, H_P2, Total hash value H_image(i)
Tal Signature S_image(= SIG_tr(H_image(i), ID
_camera) And time stamp SIG_TSA(S_{im age}, T
_T) Is stored in the storage device 40 of the tamper-resistant device 24.
You.

When the digital camera 100 is changed from the photographing mode to the reproducing mode, the digital image data stored in the data storage device 20 is output to a liquid crystal display (not shown), and the digital image data is stored in the liquid crystal display. indicate. When the reproduction mode is changed to the data output mode, the digital image data stored in the data storage device 20 includes the individual hash values H _P1 and H _P2 corresponding to the digital image data and the total hash value H _image (i). , Digital signature S _image (= SIG _tr (H
_image (i), ID _camera ), and time stamp SIG _TSA (S _image , T _T ) if a time stamp is obtained.
Authentication information including the digital image information can be sequentially output to the output terminal 22 from the top digital image information. It can be read and stored in a storage medium such as a hard disk or a magneto-optical disk.

As described above, the subject is imaged by the digital camera 100, and the digital image data is stored in the data storage device 2.
0, and the authentication information is stored in the storage device 40 of the tamper-resistant device 24, so that the digital camera 100 selects the data output mode when submitting digital image data as evidence in a court or the like. The digital image data and the individual hash values H _P1 and H _P2 stored in the data storage device 20 and the storage device 40 of the tamper-resistant device 24, the total hash value H _image (i), the digital signature S _image (= SIG _tr (H _image (i), I
D _camera ), and when the time stamp is obtained, the authentication information including the time stamp SIG _TSA (S _image , T _T ) is sequentially read and output from the output terminal 22 to a predetermined verification device.

This verification device verifies digital image data based on the input digital image data and authentication information. That is, the digital signature S _image (= SI
By verifying G _tr (H _image (i), ID _camera ), the tamper-resistant device 24 can be specified, and the digital camera 100 can be specified.

The total hash value H_image(i) is the last time
Total hash value H of_imagehash chain containing (i-1)
All digital image data
No need to request a timestamp from the
The total hash value H at the time_{imag e}(i) digital signature S
_imageTo the timestamp generating organization 200
Stamp SIG_TSA(S_image, T_TTo get
Falsify earlier digital image data and authentication information
It becomes impossible to perform
You can conduct.

Further, with respect to the imaging time, the position measurement device 30 obtains time information T from the global positioning system (GPS).
If the time information T is obtained, accurate time certification can be performed with the time information T. If the position measurement device 30 cannot receive radio waves from satellites and cannot obtain the time information T, At least time information t generated by the first time information generation device 26 whose time cannot be corrected and time information t ′ generated by the second time information generation device 28 corrected by the user to an accurate time are stored. The second time information generating device 2
8 enables accurate time information t 'to be provided. At this time, when the deviation between the time information t 'and the time information t generated by the first time information generator 26 whose time cannot be corrected is within the range of the error predicted in advance, the time information t' It can be determined that the time is appropriate. In the verification of the time, when the time stamp SIG _TSA (S _image , T _T ) at the time stamp authority 200 has been obtained, more reliable verification can be performed.

Further, as for the photographing location, since the individual hash values H _P1 and H _P2 and the total hash value H _image (i) include the latitude information N and the longitude information W, these are verified. , Latitude and longitude can be specified, and the shooting location can be specified. Thus, in addition to the total hash value H _image (i), the individual hash values H _P1 , H
By using _P2 , when verifying a signature in a trial or the like, it becomes possible to hide other data even when some data must be disclosed. That is,
For example, if the photographing location of the digital image data has to be proved by verifying the signature, only the position information N and W need to be disclosed as raw data. That is, the digital signature S _image is [ _HP1 , _HP2 , I, t, t ', T,
E, H _image (i-1)], position information N, W, and a public key can be verified, and the position information N, W can be used to calculate the digital signature S _image by a one-way digital signature or hash function. It can be proved that it is used.

Moreover, the total hash value H_image(i)
Total hash value H at the time of previous imaging_{im age}including (i-1)
By calculating the hash value, the hash chain can be configured.
The total hash value H_imageAfter generating (i)
It becomes impossible to falsify digital image data.
Further, if the digital camera 100 is used illegally,
In case, enter the owner ID and personal identification information into personal information
Since it is not possible to input accurately from the device 12, FIG.
Step S2 to Step S3 of the authentication identifier calculation process of
And the power of the digital camera 100 is shut off forcibly
The use of unauthorized users other than the owner.
Can be stopped.

When an unauthorized user who has illegally acquired the digital camera 100 removes the tamper-resistant device 24, the digital image data of the subject captured by the imaging unit 10 cannot be stored in the data storage device 20. You can,
Authentication information such as a hash value cannot be generated and transmitted to the timestamp generating organization 200, and the digital image data captured cannot be certified. However, by generating a hash value of the captured digital image data and transmitting the hash value to the time stamp generating organization 200 to obtain the time stamp, it is possible to guarantee that the digital image data was present at that time. it can.

As described above, the digital camera 100 is
Even if the tamper device 24 is removed, the tamper-resistant
The fact that the time stamp was issued before the sex was broken
If present, in the database of the time stamp generation organization 200
Stored device information ID _cameraDigital image taken from
Camera 100 can be proved. In addition,
An unauthorized user who has illegally acquired the
Destroy the par device 24, take out the storage device 40,
Algorithms for secret key and hash function operations and digital signatures
If you try to steal the tamper
Inert gas leaks out of the package when the package is broken
As a result, the storage device 40 is oxidized,
The loss of the stored contents causes the secret key and hash
Unauthorized acquisition of mathematical algorithms or digital signature algorithms
Can be reliably prevented.

Further, when the digital camera 100 is stolen, the authorized owner notifies the public key certification organization 300 of the theft and stops adding the digital signature to the public key. The validity of the digital camera 100 is no longer recognized, and the unauthorized user
By analyzing or illegally acquiring D and personal identification information, the authentication identifier calculation process of FIG. 3 is executed to execute individual hash values H _p1 , H _P2 , total hash value H _image (i), digital signature S _image and Even if the time stamp is obtained improperly, the digital signature of the public key certification authority 300 is not added to the subsequent public key.
0 cannot be authenticated, and it is not possible to prove which digital camera the digital image data was taken.

Further, when a subject is imaged by the imaging unit 10 of the digital camera 100 and digital image data is input to the information processing device 34, a radio wave from a satellite is received by the position measuring device 30 in a building or the like. When it is impossible to output the latitude information N, the longitude information W, and the time information T, when generating the total hash value H _image (i), the fields of the latitude information N, the longitude information W, and the time information T are used. A value is not entered, and the photographing position cannot be specified.

However, when digital image data is input by taking an image with the imaging unit 10 within a short time either before or after that, latitude information N, longitude information W, and time information T are input from the position measuring device 30. In such a case, position information can be predicted from these pieces of information. As for the time information T, the time information t and t 'are generated by the first time information generating device 26 and the second time information generating device 28, as described above. By generating the _image (i), the time can be specified.

Further, in a building or the like in which a radio wave from a satellite cannot be received, the user intentionally gives the digital camera 100 the same radio wave as a radio wave from a satellite on which an incorrect time has been placed. In this case, the first time information generator 26 and the second time information generator 28 generate the incorrect latitude information N, longitude information W, and time information T from the tamper-resistant device 24. Time information t,
Since the log information of t ′ and T and the latitude information N and the longitude information W are stored in the storage device 40, by analyzing this log information, the time information T, the latitude information N and the longitude information W can be arbitrarily determined. It is possible to find out of order and detect fraud accurately.

That is, as shown in Table 1 below, the log information is generated by the first time information generating device 26 and cannot be corrected by the user. In the case of the time information T by the system (GPS), the time information t that cannot be corrected is 1 for the entry A in which the digital image data is first captured and input.
2:05:00, and the time information T is 12:00:
00, the time information t of the subsequent entry B is 12:06:00, and the time information T becomes an empty field because radio waves from the satellite cannot be received,
For the subsequent entry C, the time information t is 12: 0.
7:00, and when the time information T is 12:01:58, the empty field of the entry B becomes the time information T of the entry A and the entry C based on the time information t.
Is predicted to be the average of 12:00:59.

[0076]

[Table 1]

Further, time information, latitude information N, longitude information W, and the total hash value H _image (i) at the time of the previous digital image data entry are also recorded as log information. Once formed, at least the context of log information entries is guaranteed by the unidirectionality of the hash chain. In addition, since the continuity of the entry must be verified at the time of verification, the user cannot hide the unauthorized entry, and the effect of preventing tampering can be more reliably exerted.

Furthermore, the owner can manually correct the time information t 'which can be corrected, or when the time information T or the time radio wave from the position measuring device 30 is received,
Automatic correction may be performed according to the received time information T. In the above-described embodiment, a case has been described in which the storage contents of the storage device 40 are lost by oxidation when the tamper-resistant device 24 is opened, but the present invention is not limited to this. When an attempt is made to analyze a program by unauthorized access to the device 34, the information processing device 34 automatically detects the unauthorized access, and the program stored in the storage device 40, the secret key,
The authentication information may be automatically erased. Alternatively, various sensors may be arranged in the package, and the program, the secret key, and the authentication information stored in the storage device 40 may be stored when the package is detected to be opened. You may make it erase automatically.

Further, in the above-described embodiment, the case where the hash value, the digital signature, the time stamp, the log information, and the like are stored in the storage device 40 provided in the tamper-resistant device 24 has been described. However, the present invention is not limited to this. If the tamper-resistant device 24 is downsized, the hash value, digital signature, time stamp, and log information may be encrypted or digitally signed as necessary and stored in the external data storage device 20. Alternatively, the storage device 40 may have a ROM configuration that stores the minimum necessary information such as a secret key and a processing program. In this case, it is preferable to store a hash value, log information, and the like stored externally with a digital signature in order to improve the authenticity.

[0080] Further, in the above embodiment has described the case of adding the total hash value H _image (i) General hash value H _image at the time of the previous entry when calculating the (i-1), limited to In this case, the hash chain may not be created. In this case, since verification by the hash chain is impossible, the hash chain is not collected every time a plurality of digital image data is shot or after the end of the shooting. It is necessary to request a time stamp for each digital image data.

In this case, it is impractical to request a time stamp for each digital image data. Therefore, individual digital signatures S _j (j = 1, 2,..., 8) are generated by individual digital signature generation means for a plurality of, for example, eight pieces of digital image data for which a time stamp is requested,
The following hash (authentication identifier) tree is constructed based on these individual digital signatures _Sj .

H _j = h (S _j ) (j = 1,..., 8) H _A = h (H ₁ , H ₂ ), H _B = h (H ₃ , H ₄ ), H _C = h ( H ₅ , H ₆ ), H _D = h (H ₇ , H ₈ ) Hα = h (H _A , H _B ), Hβ = h (H _C , H _D ) H _ALL = h (Hα, Hβ) in further performs digital signature comprehensive electronic signature means total hash value H _ALL, requesting a time stamp for the digital signature. By this operation, time stamps are simultaneously issued for all eight digital signatures _Sj , although not strictly, for each of them, and the authenticity of these digital image data can be given.

As described above, when the hash tree is adopted, for example, when the binary tree hash is as described above, one of the cases where there are 2 ^N pieces of digital image data
In order to prove the photographing order of the images, the corresponding digital image data, the total hash value H _ALL and N hash values may be stored, and the number of stored data can be greatly reduced.

That is, as shown in FIG.
(2^Four) Digital image data D₁~ D ₁₆Exists
In this case, one digital image data D_FourOnly proof day
If you want to save the digital image data
D_Four, Total hash value H_ALLAnd digital image data
D_FourAnd digital image data D_FiveHash value h of
_Five, The hash value ha of the other party at the higher level,
The hash value hb of the other party in the higher rank,
4 hash values of the other party's hash value hc
The digital image data D_FourCan be proved
You. The number of digital image data is 2^NWhen not an individual
Has 2^NInsert dummy data so that
What is necessary is just to carry out the calculation of the shear value.

Further, in the above embodiment, the time stamp generating institution 200 generates a digital signature for the hash value and the time information of the user, and uses the digital signature as a time stamp.
Although the description has been given of the case where the (Mapple Protocol) method is adopted, the present invention is not limited to this. Link information for associating hash values of a plurality of users with each other is generated, and each time stamp is generated by all A linking protocol (Linking Protocol) generated so as to bequest to the time stamp of the time stamp, and link information at a certain time are generated from the hash value sent at that time or the link information immediately before the time, and this link information is periodically generated. Linear Linking Protocol (Linear Linking)
An arbitrary protocol such as a (Protocol) method can be adopted.

Further, in the above-described embodiment, a case has been described in which the time stamp generated by the time information generating device 56 is included in the time stamp by the time stamp generating institution 200. However, the present invention is not limited to this. Alternatively, a time stamp in a format not including time information may be issued. In the above embodiment,
The case where the position information is obtained using the global positioning system (GPS) has been described. However, the present invention is not limited to this. By providing a time signal radio receiving function for receiving the time signal radio, and receiving the time signal radio, Time information may be obtained, or a mobile phone function or a PHS function may be added to obtain location information of a ground station that can be communicated with the mobile phone function or the PHS function. The telephone function and the PHS function may be used when the global positioning system cannot measure the position. In this case, by transmitting position information data with a digital signature from a ground station or the like that transmits position information, the authentication function can be further improved.

Further, in the above embodiment, the present invention
Has been described as applied to digital cameras,
Not limited to this, requires other authentication
Personal computer that outputs digital data, C
The present invention can be applied to any information processing device such as AD.
it can. Furthermore, in the above embodiment, the overall
Brush value H_imageDo not calculate the hash value when calculating (i).
Time information t, t ', T and environmental information E
The case where the threshold value is calculated has been described, but is not limited to this.
Time information t, t 'and T, environmental information
After calculating the hash value for the report E, the total hash
Value H_image(i) may be calculated. In this case,
Publishes time information t, t 'and T and environmental information E
If you don't want to
There is an advantage that it is not necessary to disclose information. And c
Time information t, t ', T that does not calculate the
Digital signature S for information E_{im age}When to create
And the total hash value H_imageAppend to (i)
You may do so.

S _image = SIG _tr (H _image (i), t,
t ', T, E) Furthermore, in the above embodiment, immediately after the digital camera 100 is purchased, the public key is
However, the present invention is not limited to this. If a public key is registered at a desired point in time, it is possible to certify digital image data captured after that point in time. Of the digital image data of the digital signature S using the secret key in the tamper-resistant device 24.
_{If the image} is generated, it can be proved that the image has been captured by the digital camera 100.

Further, in the above embodiment, the case where the two time information generating devices 26 and 28 are provided in the tamper-resistant device 24 has been described. However, the present invention is not limited to this, and it is impossible for the user to make corrections. The first time information generating device 26 may be replaced with a stopwatch mechanism that measures the time from the start of use, instead of generating time information, or a software counter that counts clock pulses at predetermined intervals. A function may be provided, and time information can be converted by storing the use start time.

Further, in the above-described embodiment, a case has been described in which a hash value by a hash function operation is applied as an authentication identifier. However, the present invention is not limited to this, and a function capable of obtaining a value equivalent to another hash value is obtained. The authentication identifier may be calculated by a calculation, and a so-called MA for signing a hash value with a secret key (common key) may be used.
C (Message Authentication Code), a digital signature in which a hash value is signed with a public key, and an authenticator such as a so-called message recovery type digital signature in which the entire data is signed with a public key without using a hash function. Can be applied.

Further, in the above-described embodiment, the digital image data photographed by the digital camera 100 and the personal information and position information relating thereto are stored in the tamper-resistant device 2.
4, the authentication is described, but the present invention is not limited to this. Digital image data input via a storage medium such as a flash memory or a connection cable such as a USB cable attached to the digital camera 100 is tamper-resistant. The device 24 can also provide a digital signature. In this case, it is necessary to distinguish between digital image data directly photographed by the digital camera 100 and digital image data inputted from the outside. This can be achieved by automatically or manually adding data type information for determining whether the image data is digital image data read from a computer.

When a digital signature is attached to the externally read digital image data, the personal signature key of the user who has read the externally read digital image data is read into the tamper-resistant device 24, and only the personal signature key is read. And a digital signature using the secret key of the digital camera 100 is avoided.
It is desirable to prevent forgery of digital image data photographed in the above.

At this time, reading of the personal signature key is performed by IC
A personal signature key is stored in an ID card composed of a card, and the ID card is read by an IC card reader provided in the digital camera 100, or the signature key is read from a storage medium storing the personal signature key. You may do so.

[0094]

As described above, according to the first aspect of the present invention, when data is input by the data input means,
The authentication identifier calculation means generates authentication information such as time information, position information, and owner information, and performs authentication code calculation processing individually for the authentication information selected from the authentication information, for example, the position information and the owner information. An individual authentication identifier such as a hash value is calculated, and a total authentication identifier is calculated for at least the calculated individual authentication identifier and input data, and this is stored in the authentication information storage means. The effect is obtained that the authentication information of the individual authentication identifier can be individually disclosed.

According to the second aspect of the present invention, the authentication identifier calculating means generates the comprehensive authentication identifier by including the previous comprehensive authentication identifier in the authentication information and the input data.
By forming a chain of authentication identifiers, it is possible to further improve the function of preventing tampering of input data, and it is not necessary to always obtain a time stamp when obtaining a time stamp. The effect is obtained that the previous input data cannot be falsified.

According to the third aspect of the present invention, the digital signature creation means obtains the digital signature based on the total authentication identifier calculated by the authentication identifier calculation means, so that the input data and the information authentication can be performed by verifying the digital signature. The effect that the device can be specified is obtained. Furthermore,
According to the invention according to claim 4, when an individual digital signature is generated by the individual digital signature generation means individually for a plurality of input data, the plurality of electronic signatures are grouped by a predetermined number to perform an authentication identifier calculation process. By repeating what you do,
Since the total electronic signature is calculated by the authentication identifier tree and the total electronic signature is obtained by the general electronic signature generation means for the calculated general authentication identifier, the total electronic signature is transmitted to, for example, a time stamp generating organization to obtain the time stamp. , It is possible to obtain a time stamp for a plurality of input data at the same time.

Further, according to the fifth aspect of the present invention, since the transmitting means transmits the electronic signature generated by the electronic signature generating means to the certificate authority, the input data can be authenticated more reliably. The effect is obtained. Furthermore, according to the invention according to claim 6, since the hash value is calculated by performing the hash function processing on the authentication information, it is possible to easily detect the tampering, and to obtain the authentication information and the input data. By simply applying an electronic signature to the total hash value calculated by performing the entire hash function processing including the above and obtaining a time stamp, the effect of ensuring the reliability as evidence can be obtained.

According to the seventh aspect of the present invention, the time information is individually generated by the first time generating means which cannot be changed by the user and the second time generating means which can be changed by the user. By doing so, it is possible to obtain an effect that artificial alteration of the time can be detected from the time difference between the two. Furthermore, according to the invention of claim 8, since the current position information measured by the current position measuring means such as the global positioning system (GPS) can be included in the authentication information, the input position of the input data can be accurately determined. The effect of being able to specify is obtained.

According to the ninth aspect of the present invention, by storing the time information and the log information of the current position information, it is possible to confirm the input order of the input data and the input of the input data in the information authentication device. Thus, the tampering of the input data and the authentication information can be detected. Still further, according to the tenth aspect of the present invention, the owner information input means inputs owner information such as a memo such as a photographing condition when the input data is digital image data. Since the hash value is calculated by performing the hash function processing on the user information, it is possible to obtain an effect that information on input data can be specified at the time of verification.

According to the eleventh aspect of the invention, the hash value of the authentication information is calculated by the tamper-resistant device, and the total hash value for all of the calculated hash value, other authentication information, and the input data is calculated. By storing the calculated hash value and the total hash value in the first storage unit having the physical copy protection function, and storing the input data in the second storage unit not having the physical copy protection function, The hash value stored in the tamper-resistant device is constant irrespective of the size of the input data, and the effect that the storage capacity of the first storage unit can be suppressed can be obtained.

Further, according to the twelfth aspect of the present invention,
Since the time information is stored in the first storage device as the log information, the input order of the input data can be specified from the log information. By using two pieces of time information of possible time information or two pieces of time information that can be corrected by the user and time information of the global positioning system (GPS), it is possible to more reliably prevent tampering of time information. The effect that it can be obtained is obtained.

According to the thirteenth aspect of the present invention, the time information and the position information are stored as log information in the first storage means, so that the input order of the input data can be specified more reliably from the log information. The effect that it can be obtained is obtained. Still further, according to the invention of claim 14, since the hash value of the immediately preceding entry is also stored as log information, a hash chain based on the log information entry can be formed, and the unidirectionality of the hatch chain can be improved. As a result, at least the context of the entries of the log information can be guaranteed, and since the continuity of the entries is also verified at the time of verification, it is possible to prevent an unauthorized entry from being hidden.

According to the fifteenth aspect, when the storage capacity of the first storage device provided in the tamper-resistant device is limited, the information to be stored is digitally signed and output to the outside. Thereby, it is possible to obtain an effect that it can be proved that the generated one is correct in the tamper-resistant device. Further, according to the sixteenth aspect of the present invention, by providing the digital camera with the information authentication device, it is possible to obtain an effect that the evidential ability of the photographed digital image information can be remarkably improved.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating an information authentication system configuration according to an embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration of the information processing apparatus 34 of FIG.

FIG. 3 is a flowchart illustrating an authentication identifier calculation process executed by a calculation processing unit.

FIG. 4 is an explanatory diagram for explaining the number of storages when a hash tree is used;

[Explanation of symbols]

 REFERENCE SIGNS LIST 100 digital camera 200 time stamp generation institution 300 public key authentication institution 10 imaging unit 12 personal information input device 14 personal information storage device 16 device information storage device 18, 50 communication device 20 data storage device 24 tamper-resistant device 26 first time information Generating device 28 Second time information generating device 30 Position measuring device 32 Output terminal 34 Information processing device 36 Control processing unit 38 Arithmetic processing unit 40 Storage device

Continuing on the front page (72) Inventor Kazukuni Furuhara 2-20-33 Osawa, Mitaka-shi, Tokyo 416 The second Musashino dormitory, The University of Tokyo 416 (72) Inventor Hideki Imai 557-44-205F, Shinano-cho, Totsuka-ku, Yokohama-shi, Kanagawa Terms (reference) 5C022 AA13 AC69 AC75 CA00 5J104 AA08 AA09 AA11 AA13 LA01 LA06 NA12

Claims (16)

[Claims] 1. An apparatus for performing data authentication, comprising: data input means for inputting data; and a plurality of authentication information for authenticating that data has been input by the data input means. The authentication information selected among the above is individually processed to calculate an authenticator to calculate an individual authenticator,
An authentication identifier calculating means for calculating a comprehensive authentication identifier for at least the calculated individual authenticator input data, and an authentication information storing means for storing the individual authentication identifier and the comprehensive authentication identifier calculated by the authentication identifier calculating means. Characteristic information authentication device. 2. An apparatus for performing data authentication, comprising: data input means for inputting data; and a plurality of authentication information for authenticating that data has been input by the data input means, wherein the authentication information is generated. An authentication identifier calculating means for calculating a comprehensive authentication identifier by including the previous comprehensive authentication identifier in the input data; and an authentication information storing means for storing the individual authentication identifier and the comprehensive authentication identifier calculated by the authentication identifier calculating means. An information authentication device characterized in that: 3. An electronic signature generating unit for obtaining an electronic signature based on the comprehensive authentication identifier calculated by the authentication identifier calculating unit, wherein the authentication information storage unit stores the authentication identifier calculated by the authentication identifier calculating unit and the electronic signature. The information authentication apparatus according to claim 1, wherein the information authentication apparatus is configured to store the electronic signature generated by the signature generation unit. 4. An electronic signature generating means for obtaining an electronic signature based on a comprehensive authentication identifier calculated by the authentication identifier calculating means, and a plurality of input data generated by the individual electronic signature generating means. A total authentication identifier calculating means for calculating a total authentication identifier based on an authentication identifier tree by repeating the processing of calculating an authentication identifier for each predetermined number of individual electronic signatures, and an electronic authentication identifier calculated by the total authentication identifier calculating means. 4. The information authentication apparatus according to claim 3, further comprising: a general electronic signature generating means for obtaining a signature. 5. The information authentication apparatus according to claim 3, further comprising a transmission unit that transmits an electronic signature generated by the electronic signature generation unit to a time stamp generation organization. 6. The authentication identifier calculation unit according to claim 1, wherein the authentication identifier calculation unit is configured to set a hash value calculated by performing a hash function process on the authentication information as an authentication identifier. Information authentication device as described. 7. The authentication identifier calculating means includes a first time information generating means that cannot be changed by a user and a second time information generating means that can be changed by a user.
7. The information authentication apparatus according to claim 1, wherein the time information generated by the second time information generating means is set as authentication information. 8. The authentication identifier calculating means includes a position measuring means for measuring a current position, and for specifying a point at which data is input by the data input means based on the position measured by the position measuring means. 8. The method according to claim 1, wherein the position information is generated, and the generated position information is processed by a hash function to calculate a hash value.
An information authentication device according to any one of the above. 9. The authentication identifier calculating means includes a time information generating means for generating time information and a position measuring means for measuring a current position, and stores the time information and the current position information as log information, thereby providing an input. 7. The information authentication apparatus according to claim 1, wherein the input order of the data and the input of the input data by the authentication apparatus can be confirmed. 10. The authentication identifier calculating means has an owner information inputting means for generating owner information, and calculates a hash value by performing a hash function process on the owner information input by the owner information inputting means. 10. The information authentication apparatus according to claim 1, wherein the information authentication apparatus is configured to add this to the input data as authentication information. 11. The authentication identifier calculating means includes a first storage means having a physical copy protection mechanism, and an operation processing means connected to the first storage means for performing a hash function operation processing. A tamper-resistant storage device that stores input data in a second storage device that does not have a physical copy protection function; and stores the input data in the second storage device. 11. The system according to claim 1, wherein a hash value is calculated together with the authentication information by supplying the hash value to the arithmetic processing means, and the calculated hash value is stored in the first storage means.
An information authentication device according to any one of the above. 12. The information authentication device according to claim 11, wherein the tamper-resistant device is configured to store time information as log information in a first storage unit. 13. The information authentication device according to claim 11, wherein the tamper-resistant device is configured to store time information and position information as log information in a first storage unit. 14. The tamper-resistant device is configured to store time information, position information, and a hash value of the immediately preceding entry as log information in a first storage unit. 15. The information authentication device according to any one of 11 to 14. 15. The tamper-resistant device is configured to apply an electronic signature to information to be stored and output the information to the outside when the storage capacity of the first storage device is limited. The information authentication device according to any one of claims 11 to 14, wherein: 16. A digital camera comprising the information authentication device according to claim 1, wherein digital photograph data is input data.