JP2005197808A - Image signature device and method thereof - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image signature device and a method thereof capable of changing a method or the like of an electronic signature in response to a user's request, thereby performing more flexible falsification determination. <P>SOLUTION: The image signature method according to one aspect has a step (S502) of selecting a presenting destination of an image, a step (S503) of selecting an image to be presented from a memory, a step (S508) of determining whether or not the image to be presented is not modified from a time point when the selected image to be presented is firstly stored in the memory, and a step (S512) of adding an electronic signature to the image to be presented on the basis of a signature algorithm corresponding to the presenting destination if it is judged that the image to be presented is not modified from the time point when the image to be presented firstly stored in the memory. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an image signature apparatus and method, and more particularly to an image signature apparatus and method having an image falsification preventing function.

  For example, Japanese Patent Application Laid-Open No. 11-308564 (Patent Document 1) and Japanese Patent Application Laid-Open No. 2001-078070 (Patent Document 2) are known as conventional techniques related to falsification prevention of images taken with a digital camera. These documents disclose a technique for adding falsification detection data (message authentication code) or an electronic signature to an image using an encryption key provided in the camera. In order to confirm that the image has not been tampered with, the decryption key corresponding to the encryption key provided in the camera is used to decrypt the tampering detection data or electronic signature, and the obtained hash value (message The hash value calculated from the digest and the image is compared.

Japanese Patent Laid-Open No. 11-308564 JP 2001-0778070 A

  The above-described prior art has the following problems.

  In other words, since the decryption key corresponding to the encryption key provided in the camera is used to confirm that the image is uncorrected, the user has to know about the encryption of the camera in order to handle this. did not become. What the user needs to know needs to know not only the key but also the encryption algorithm and the hash algorithm for obtaining the hash value.

  However, for the reason that the camera manufacturer does not want to disclose the information related to encryption and for the convenience of the user, the camera manufacturer provides a falsification judgment system, and the falsification judgment system uses the decryption key and encryption. By managing the algorithm and the hash algorithm, it has been usual to allow tampering determination without showing the user details about encryption.

  In this way, tampering determination is possible, but from the user's perspective, it is impossible to know the certainty of tampering determination and the strength of the encryption, so there is no doubt about the guarantee of the originality, resulting in dissatisfaction. obtain.

  In addition, even if each camera manufacturer has disclosed details about encryption, even if it is possible to construct a falsification judgment system on the user side, the authority to determine the details is on the camera manufacturer side. There is also an inconvenience that the tampering determination system must be corrected on the user side if it is changed.

  Furthermore, for the convenience of manufacturing, the keys and encryption algorithms built into the camera are fixed and cannot be changed. Even if the user wishes to adopt an encryption method with the required encryption strength, However, this cannot be realized by the conventional method. That is, the conventional technology lacks flexibility in constructing a falsification determination system.

  Furthermore, the conventional camera signature method only supports one method, and does not change the signature method according to the recipient of the signed image.

  The present invention has been made to solve the above-described problems, and its object is to make it possible to change the electronic signature method and the like in response to a user's request, thereby making a more flexible tampering determination. It is an object of the present invention to provide an image signature apparatus and method capable of performing the above.

  An image signature device according to an aspect of the present invention includes an image storage unit that stores an input image, a presentation destination selection unit that selects a presentation destination of the image, and an image selection unit that selects an image to be presented from the image storage unit. Determining means for determining whether or not the image to be presented selected by the image selecting means is uncorrected from the time when the image is first stored in the image storage means; and A signature unit that adds an electronic signature to the image to be presented by a signature algorithm according to the presentation destination when it is determined that the image is uncorrected from the time when the image is first stored in the image storage unit It is characterized by that.

  An image signature apparatus according to another aspect of the present invention includes: a first signature unit that adds an electronic signature to an input image using a first signature algorithm that cannot be changed according to a user instruction; Image storage means for storing an image to which an electronic signature is added by a signature means, presentation destination selection means for selecting an image presentation destination, image selection means for selecting an image to be presented from the image storage means, and the image A determination unit that determines whether or not the image to be presented selected by the selection unit is uncorrected from the time when the image is first stored in the image storage unit; and the image to be presented by the determination unit is the image When it is determined that there is no correction from the time when it is first stored in the storage means, the second signature algorithm corresponding to the presentation destination adds a digital signature to the image to be presented. And having a signature means.

  Still another aspect of the present invention relates to an image signature method, an image storage step for storing an input image in a memory, a presentation destination selection step for selecting a presentation destination of the image, and an image to be presented is selected from the memory. An image selection step, a determination step of determining whether or not the image of the presentation target selected by the image selection step is uncorrected from the time when the image was first stored in the memory, and the presentation target by the determination step A signature step of adding an electronic signature to the image to be presented by a signature algorithm corresponding to the presentation destination when it is determined that the image is uncorrected from the time when the image is first stored in the memory. Features.

  An image signature method according to still another aspect of the present invention includes a first signature step of adding an electronic signature to an input image using a first signature algorithm that cannot be changed according to a user instruction; An image storage step for storing in the memory the image to which the electronic signature is added in the signature step, a presentation destination selection step for selecting a presentation destination of the image, an image selection step for selecting an image to be presented from the memory, A determination step for determining whether or not the image to be presented selected by the image selection step is uncorrected from the time when the image is first stored in the memory; and the image to be presented is stored in the memory by the determination step. When it is determined that there is no correction from the time when it is first stored, the image to be presented by the second signature algorithm corresponding to the presentation destination And having a second signature step of adding an electronic signature.

  According to the present invention, it is possible to change an electronic signature method or the like according to a user's request, thereby providing an image signature apparatus and method capable of performing flexible tampering determination.

  DESCRIPTION OF EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings. In the following description, “signature” simply means “electronic signature”.

  FIG. 1 is a block diagram showing the configuration of the image signature system according to this embodiment.

  In the figure, reference numeral 101 denotes a digital camera as an image signature apparatus to which the present invention is applied.

  Reference numeral 102 denotes an application as a first server device that receives the signature application 105 and the image receiver information 114 related to the image receiver from the image receiver that finally receives the image, accumulates them, and transmits them to the digital camera 101. It is a server.

  103 receives the image recipient's public key 106 from the image recipient, the encryption algorithm 107 for performing encryption using the public key 106, the hash algorithm 108, and the image recipient information 114, and stores these And a public key server as a second server device that transmits to the digital camera 101.

  Reference numeral 104 denotes an image recipient client that receives the signed image data 109 from the digital camera 101, and transmits the signature application 105 and the image recipient information 114 to the application server 102, as well as a public key 106 and an encryption algorithm 107. The hash algorithm 108 and the image recipient information 114 are transmitted to the public key server 103.

  The image recipient client 104 has a private key 110 corresponding to the public key 106. That is, data encrypted with the public key 106 can be decrypted with the private key 110.

  As for the encryption algorithm 107 and the hash algorithm 108, a program for realizing the algorithm itself may be communicated, but a standard algorithm is usually used for general encryption processing. Information may be communicated, such as the common name of the algorithm. You can tell what to do with each other using just the common name. Hereinafter, the encryption algorithm 107 and the hash algorithm 108 are described regardless of which one is communicated.

  As for the encryption algorithm 107 and the hash algorithm 108, when the programs themselves are communicated and received by the digital camera 101, these programs may be called when performing encryption and hash value calculation. When only the information related to the algorithm is sent to the digital camera 101, it is assumed that the digital camera 101 has a program (not shown) that implements the algorithm and can execute this program.

  Further, the encryption algorithm 107 and the hash algorithm 108 do not necessarily have to be sent from the image recipient client 104 to the digital camera 101. As will be described later, if these are not sent, the digital camera 101 can use a default algorithm.

  The digital camera 101 has a common key 111. Since data can be encrypted and decrypted by using only this one key, the word “common” is used. There is no relationship regarding the encryption and decryption of data performed by the common key 111, the public key 106, and the private key 110. For example, data encrypted with the public key 106 cannot be decrypted with the common key 111.

  The digital camera 101 also has an encryption algorithm 112 and a hash algorithm 113 for performing encryption using the common key 111 as defaults. The encryption algorithm 112 and the hash algorithm 113 exist in the digital camera 101 in the form of an executable program. The common key 111, the encryption algorithm 112, and the hash algorithm 113 are built in the digital camera, and preferably cannot be changed according to an operator's instruction.

  FIG. 2 is a block diagram showing the internal configuration of the digital camera 101 in this embodiment.

  In the figure, a digital camera 101 includes a central control device (hereinafter referred to as “CPU”) 201 that controls the entire digital camera 101, a ROM 202 that stores various operation programs in a readable manner, and temporary values during program operation. RAM 203 used for storage, timer 204 for measuring various times, display 205 for displaying various setting menus and images, microphone 206 used for voice recording, speaker 207 used for voice output, various operation buttons 208, captured image files and various types FlashROM 209, which is a non-volatile memory for storing setting data files, network I / F 210 as an interface for connecting to the outside of digital camera 101, a charge coupled device (hereinafter referred to as an electrical signal) that replaces light collected through a lens (not shown). , CD and referred) includes a 211, are connected to each other by a bus.

  The FlashROM 209 may be built in the digital camera 101 or may be mounted on a memory card that can be inserted from the outside.

  Further, the storage location of the image data captured by the digital camera 101 may be the RAM 203 in addition to the Flash ROM 209, or a storage medium such as a hard disk (not shown). In the following examples, only the FlashROM 209 will be mentioned as a typical image data storage location.

  Also, the signature application 105, public key 106, encryption algorithm 107, and hash algorithm 108 received by the digital camera 101 from the outside in FIG. 1 are stored in the RAM 203, Flash ROM 209, or a storage medium such as a hard disk (not shown). Good.

  A common key 111, an encryption algorithm 112, and a hash algorithm 113 included in the digital camera 101 of FIG. 1 are stored in the ROM 202. It cannot be read from the outside.

  In FIG. 2, the network I / F 210 is used as a means for the digital camera 101 to communicate some data with the outside, but a removable memory card can also be used. In that case, for example, the flash ROM 209 is a detachable memory card, and after data is written to the memory card externally and then attached to the digital camera 101 again, the data written externally is stored in the digital camera 101. It is possible to capture inside. Conversely, it is naturally possible to take the data written by the digital camera 101 to the outside.

  That is, the signed image data 109, the signature application 105, the public key 106, the encryption algorithm 107, and the hash algorithm 108 shown in FIG. 1 can communicate with the outside using a memory card in addition to the network I / F 210. Is possible.

  Further, the communication method of the network I / F 210 may be any method that is normally used, and may be any type such as wired, wireless, or the like.

  Next, a method for adding a signature to an image and a method for performing falsification determination of an image with a signature will be described with reference to FIG.

  First, a method for adding a signature to an image will be described.

  Assume that image data is stored in the FlashROM 209. The format of the image data will be described by taking an example having an image header such as JPEG or TIFF. A method of embedding a signature in an image image as described in JP-A-2001-78070 (Patent Document 2) If so, a format without an image header may be used.

  The CPU 201 reads out this image data and uses a predetermined hash algorithm (108 or 113) to hash the image portion data (image image data) in the image data or the entire image data including the image image data and the image header. Calculate the value (message digest, MD).

  Next, the CPU 201 calculates a message authentication code (MAC) from the MD using the encryption key (public key 106 or common key 111) and the encryption algorithm (107 or 112).

  As a result of the calculation, the CPU 201 embeds the obtained MAC at a predetermined position in the image header.

  As described above, the signature is added to the image.

  As can be seen from the above description, the common key 111, the encryption algorithm 112, and the hash algorithm 113 built in the digital camera 101 can be used as a tool used for signature, and further, the digital camera It is also possible to use the public key 106, the encryption algorithm 107, and the hash algorithm 108 supplied to the digital camera 101 from the outside of the 101. When the digital camera 101 performs signature and decryption of the signature, instead of using the common key 111, the encryption algorithm 112, and the hash algorithm 113 built in the digital camera 101, a public key and a private key (not shown) are used. Encryption algorithms that use them, and hash algorithms may be used. If neither the public key nor the private key is disclosed to the outside, the same effect as using the common key can be obtained. However, generally speaking, the encryption method using the common key is faster.

  Next, a method for performing falsification determination on a signed image will be described.

  First, a signed image stored in the FlashROM 209 is read, and then the CPU 201 extracts the MAC. In FIG. 3, it is assumed that the MAC is embedded in the image header of the signed image, and the CPU 201 knows how the MAC is embedded from the format of the signed image.

  Next, the CPU 201 acquires the MD from the MAC by decoding. Of course, the decryption key used in this case must be paired with the key used when the MAC is calculated from the MD described above. When the common key 111 is used when calculating the MAC from the MD, the common key 111 is also used when calculating the MD from the MAC. When the public key 106 is used when calculating the MAC from the MD, the private key 110 is used when calculating the MD from the MAC. Strictly speaking, since the CPU 201 cannot use the private key 110 of the image recipient client 104, the CPU 201 can encrypt and decrypt it when the common key 111 is used. The image recipient client 104 can decrypt and verify the signature provided by the CPU 201 using the public key 106. The procedure similar to that described here is also performed when the image recipient client 104 makes a falsification determination on a signed image.

  It should be noted that the CPU 201 and the image recipient client 104 that perform decryption can also appropriately select a decryption algorithm used for decryption (which is also paired with the encryption algorithm used at the time of signature). To do.

  The encryption algorithm 112 possessed by the digital camera 101 is an encryption algorithm in a broad sense, and includes this decryption algorithm in addition to the encryption algorithm used at the time of signing.

  The MD obtained in this way is compared with the MD obtained from the image data in the same procedure as the above-mentioned signature. If they match as a result of the comparison, it can be determined that the image has not been tampered with.

  Next, image shooting processing in the digital camera 101 will be described with reference to the flowchart of FIG.

  First, the user of the digital camera 101 performs shooting (step S401). At this time, the image data of the photographed image is stored in the RAM 203.

  Next, the CPU 201 determines whether or not camera information, for example, the camera manufacturer name, the manufacturing serial number of the digital camera 101, or the like is included in the image header (step S402). This determination is made based on a predetermined flag stored on the RAM 203. This flag can be updated by user settings. The camera information is included in the image header in order to clearly indicate with which camera the image was captured. It is not essential information because tampering can be determined without this information, but it is not necessary information, but if there is camera information, it is possible to track which camera the image was taken, so the photographer looks at the tampered image, It becomes easy to determine whether or not tampering has occurred, and as a result, it is more effective in preventing tampering.

  When the process proceeds to Y in step S402, the CPU 201 enters camera information in the image header (step S403).

  Next, the CPU 201 signs the image using the common key 111 (step S404). The signing method is the method described in FIG.

  The signed image (still on the RAM 203) obtained in this way is written and stored in the FlashROM 209 (step S405).

  As described above, the digital camera 101 according to the present embodiment reads an image with a signature using a common key inside the camera as described above from the FlashROM 209, and finally uses a signature method according to a partner who presents the signed image. It is possible to perform a process of attaching a signature. The image data with signature thus obtained can be transmitted to the client of the other party via the network I / F 210 or can be returned to the Flash ROM 209. When the FlashROM 209 is configured to be detachable, the signed image data can be attached to the client of the other party instead of transmitting the signed image data via the network I / F 210. There is a benefit of returning data to FlashROM 209.

  In the following, first, a process of adding a signature to an image that has been signed using a common key using a signature method according to the other party to be presented and storing it in the FlashROM 209 will be described with reference to the flowchart of FIG. To do. Processing for transmitting the signed image data to the other client via the network I / F 210 will be described later with reference to the flowchart of FIG.

  First, the user of the digital camera 101 selects a signature function from a number of functions through means such as menu selection (step S501).

  After selecting the signature function, the user finally selects a partner to present the signed image (step S502). The reason why this step is necessary is to change the signature method later according to the other party.

  Next, the CPU 201 determines whether or not the selected partner is stored as an image receiver on the RAM 203 (step S514). Although details will be described later, a list of image recipients exists in the RAM 203 as shown in FIG. If there is no selected partner in the list, it is displayed on the display 205 that there is no signature means corresponding to the partner (step S515), and the process ends. If there is a selected partner in the list, the user next selects an image to be signed (step S503).

  When the selection is completed, the CPU 201 reads the selected image from the flash ROM 209 and places it on the RAM 203 (step S504).

  Next, the CPU 201 determines whether the image is signed with the common key 111 (step S505). This is determined because not all images stored in the FlashROM 209 are signed. If the image is used only for oneself and it is not necessary to prevent falsification, there is no need to sign at the time of shooting as shown in FIG.

  If it is not signed, a message that no correction can be guaranteed is displayed on the display 205 (step S507), and the process ends without signing the image.

  If it is signed, as shown in FIG. 3, the signature in the image is decrypted with the common key 111 (step S506).

  Then, the CPU 201 compares the MD obtained by decoding with the MD calculated from the image to determine whether the image remains unmodified (step S508).

  If it is determined that the MDs do not match and the image has been corrected, the fact that the image has been corrected is displayed (step S510), and the process ends without signing the image.

  If the CPU 201 determines that the image is unmodified, the CPU 201 next determines whether or not the signature made with the common key 111 should be deleted from the image (step S509). This determination is made based on a predetermined flag. The user of the digital camera 101 may be allowed to set this flag.

  If it is determined that the signature should be deleted, the signature part (MAC) performed with the common key 111 is deleted from the image (step S511).

  Since it is sufficient to use a signature to be given later for tampering determination, it is not necessary to leave a signature made with the common key 111. However, since the subsequent signature is performed using the public key 106, the CPU 201 cannot decrypt the signature. Therefore, if the CPU 201 performs tampering determination or decryption on this image again later, it is preferable to leave the signature made with the common key 111 attached to the image.

  Next, the CPU 201 executes a signature on the image using the public key 106 (step S512). Details of this procedure will be described later.

  If the signature (MAC2) made with the public key 106 is added while the signature (MAC1) made with the common key 111 is left in the image, two signatures are given to the image.

  There is no problem in decrypting the signature made with the public key 106 if it is decrypted as usual. The problem is that since the signature made with the public key 106 is added after the signature with the common key 111, this may be determined to be falsification of the image.

  In order to solve this problem, the encryption target performed with the common key 111 and the encryption target performed with the public key 106 are set to the MD calculated for the image image data in FIG. For example, the CPU 201 knows the MAC2 area to be assigned, and the MD is calculated by excluding that area.

  After completing the signature in step S512, the signed image is stored in the FlashROM 209 and the process ends (step S513).

  Next, details of the signature function execution procedure shown in step S512 will be described with reference to the flowchart of FIG.

  First, the CPU 201 determines whether or not the signature function is performed by the signature application 105 (step S601). The signature function is a method performed by the signature application 105 received by the digital camera 101 from the application server 102, and all of the public key 106, the encryption algorithm 107, and the hash algorithm 108 received by the digital camera 101 from the public key server 103, or There are two types of methods that use that part (however, the public key 106 is essential).

  Note that even if the signature application 105 is used, only the details of the public key 106, the encryption algorithm 107, and the hash algorithm 108 are not seen from the CPU 201, and the signature application 105 itself holds these information and programs. ing.

  In step S601, the CPU 201 determines whether or not the signature function is performed by the signature application 105. The signature application is sent to the partner to whom the image to which the signature is attached is presented, that is, the partner selected in step S502. Whether 105 is stored in the RAM 203 is checked.

  Here, FIG. 8 shows an example of a table stored on the RAM 203 in which the digital camera 101 presents an image presentation partner and a signature unit. Here, the partner is an image receiver in the image receiver client 104, for example, and the partner information is the image receiver information 114.

  In the same figure, four parties A, B, C, and D are stored as counterparts, and signature means are stored in a form associated with each of them. As signature means, a signature application 105, a public key 106, an encryption algorithm 107, and a hash algorithm 108 are stored.

  The signing applications A and B indicate different signing applications 105. The digital camera 101 receives the signature application A from the image receiver client 104A (not shown, corresponding to the partner A) through the application server 102. Similarly, the signature application B is received from the image receiver client 104B (not shown, corresponding to the partner B). When the CPU 201 receives the signature application 105, the CPU 201 also receives partner information (the partner information may be obtained in an exchange according to a predetermined protocol with the application server 102 or embedded in the signature application 105. The partner information obtained in this way and the signature application 105 are stored in association with each other.

  On the other hand, regarding the other party C and the other party D, the digital camera 101 obtains information from the public key server 103. As shown by the public key C and the public key D, these keys are different. For partner D, public key 106D, encryption algorithm 107, and hash algorithm 108 are stored, but for partner C, only public key 106C is stored. This indicates that only the public key 106C has been received from the partner C (although directly from the public key server 103). When signing to the other party C, for example, the encryption algorithm 112 and the hash algorithm 113 which are defaults are used as the encryption algorithm and the hash algorithm.

  When the digital camera 101 tries to send the signed image data 109 to the partner C (image receiver client 104C) and uses the default algorithm for the signature, the image reception indicates which encryption algorithm or hash algorithm is used. The image recipient client 104C is notified by a method of embedding in the signed image data 109 to be sent to the recipient client 104C or a method using a predetermined protocol with the image recipient client 104C. Alternatively, the system shown in FIG. 1 is constructed after obtaining an understanding between the digital camera 101 and the image receiver client 104C so that the image receiver client 104C knows the default algorithm used by the digital camera 101 from the beginning. May be.

  In the example of FIG. 8, what happens to the determination in step S601 is “Yes” because the signature application 105 is stored for the partner A and the partner B. On the contrary, regarding partner C and partner D, No.

  If it is determined as N in step S601, the CPU 201 next reads out the public key 106 from the table of FIG. 8 according to the selected partner and uses it (to be stored exactly as it is used. Actually use it). This is done in later step S612.) (Step S604).

  Next, the CPU 201 determines whether or not the encryption algorithm 107 is provided from the selected partner (step S606). If provided, the encryption algorithm 107 is used (step S607). If not provided, the aforementioned default encryption algorithm is used (step S608).

  Next, the CPU 201 determines whether or not the hash algorithm 108 is provided from the selected partner (step S609). If provided, the hash algorithm 108 is used (step S610). If not provided, the above-described default hash algorithm is used (step S611).

  Then, the CPU 201 signs the image using the public key 106, the encryption algorithm 107, and the hash algorithm 108 selected in the above procedure (step S612), and the process ends.

  If the CPU 201 determines in step S601 that the signature function is to be performed by the signature application 105, the image data is transferred to the signature application 105, and the signature application 105 is executed to perform the signature (step S603), and the process ends. Here, the content of the processing performed by the signature application 105 is the same processing as described in FIG. 3 and step S612.

  The signature application 105 is executed by the CPU 201, but the format of the application is not limited as long as the application can be executed by the CPU 201. It may be in the form of a native binary that can be executed by the CPU 201, or may be in the form of an intermediate code such as a Java application (Java is a trademark or registered trademark of Sun Microsystems, Inc. in the United States and other countries). The script format to be executed may be used.

  Now, what has been described with reference to FIG. 5 is the procedure for storing the signed image in the storage medium again. As described above, in the case where the FlashROM 209 is configured to be detachable, it is assumed that the FlashROM 209 is removed and attached to the image recipient client. On the other hand, the flowchart of FIG. 7 shows a mode in which a signed image is transmitted via the network I / F 210. Note that the image recipient client 104 that has received the image with the signature makes a falsification determination on the image.

  Hereinafter, the flowchart of FIG. 7 will be described.

  First, the user of the digital camera 101 selects a transmission function from a number of functions through means such as menu selection (step S701).

  After selecting the transmission function, the user finally selects a partner to which the signed image is transmitted (step S702). The reason why this step is necessary is to change the signature method later according to the other party.

  Next, the CPU 201 determines whether or not the selected partner is stored as an image receiver on the RAM 203 (step S719). If there is no selected partner in the list of image recipients existing on the RAM 203, a message indicating that there is no signature means corresponding to the partner is displayed on the display 205 (step S720). Then, the image is transmitted to the other party without a signature (step S707), and the process ends. If there is a selected partner in the list, the user next selects an image to be signed (step S703).

  When the selection is completed, the CPU 201 reads the selected image from the flash ROM 209 and places it on the RAM 203 (step S704).

  Next, the CPU 201 determines whether or not the image is signed with the common key 111 (step S708). This is determined because not all images stored in the FlashROM 209 are signed. If the image is used only for oneself and it is not necessary to prevent falsification, there is no need to sign at the time of shooting as shown in FIG.

  If it is not signed, a message that no correction can be guaranteed is displayed on the display 205 (step S710), the image is transmitted to the other party without a signature (step S707), and the process ends. If it is signed, as shown in FIG. 3, the signature in the image is decrypted with the common key 111 (step S709).

  Then, the CPU 201 determines whether the image remains unmodified by comparing the MD obtained by decoding with the MD calculated from the image (step S711).

  When it is determined that the MD does not match and the image is corrected, the fact that the image is corrected is displayed (step S713), and the image is transmitted to the other party without a signature (step S707). finish.

  If the CPU 201 determines that the image is unmodified, the CPU 201 next determines whether or not the signature made with the common key 111 should be deleted from the image (step S712). This determination is made based on a predetermined flag. The user of the digital camera 101 may be allowed to set this flag.

  If it is determined that the signature should be deleted, the signature part (MAC) performed with the common key 111 is deleted from the image (step S714).

  Since it is sufficient to use a signature to be given later for tampering determination, it is not necessary to leave a signature made with the common key 111. However, since the subsequent signature is performed using the public key 106, the CPU 201 cannot decrypt the signature. Therefore, if the CPU 201 performs tampering determination or decryption on this image again later, it is preferable to leave the signature made with the common key 111 attached to the image.

  In this procedure, since the image with the signature is transmitted to the image recipient client 104, it can be determined that the CPU 201 does not decrypt the signature again. However, although not explicitly shown in the sequence of FIG. 7, if there is a possibility that the signed image data 109 is transmitted and stored in the storage medium and the signature is decrypted again (the original image data is signed). For example, when the image data 109 is overwritten and saved with the attached image data 109), the signature made with the common key 111 may be left behind.

  Next, the CPU 201 executes a signature on the image using the public key 106 (step S717). This procedure is as described with reference to FIG.

  After the signature is completed, the signed image data 109 is transmitted to the selected image recipient client 104 through the network I / F 210 (step S718), and the process ends.

  Any means may be used for transmitting the signed image data 109 to the image recipient client 104, regardless of wired, wireless, or communication protocol.

  Next, a procedure when the digital camera 101 immediately downloads the signature application 105 from the application server 102 will be described with reference to the flowchart of FIG.

  First, the CPU 201 of the digital camera 101 accesses the application server 102 using a predetermined protocol via the network I / F 210 (step S901). The application server 102 authenticates access to the digital camera 101 if necessary.

  If downloading of the signature application 105 is permitted by the application server 102, the CPU 201 of the digital camera 101 downloads the signature application 105 through the network I / F 210 (step S902).

  Further, the CPU 201 acquires partner information corresponding to the downloaded signature application 105, that is, image recipient information 114 from the application server 102 (step S903).

  The content of the image recipient information 114 acquired here is not limited as long as it can identify the other party. If only the signed image data 109 is finally stored in the storage medium as shown in FIG. 5, in order to select the partner in step S502, only the name of the partner may be used.

  On the other hand, if the signed image data 109 is finally transmitted to the other party as shown in FIG. 7, if the other party is a computer, the image recipient information 114 is connected to the address (for example, IP address) and the telephone line. Various terminals such as a telephone number for a terminal, a URL (Uniform Resource Locator) for expressing this for a resource on the Internet, and the like may be used, but any of them may be used.

  The CPU 201 stores the signature application 105 in the table shown in FIG. 8 in association with the image recipient information 114 obtained as described above (step S904). At that time, the image recipient information 114 is stored in the partner column of the table of FIG.

  It is also conceivable that a plurality of pieces of image recipient information 114 exist for one image recipient. In this case, a plurality of pieces of image recipient information 114 are stored in the partner column. In that case, it is better to use information with as little change as possible as the key of the opponent column. For example, considering that the two image recipient information 114 of the IP address and the URL are sent, the URL is considered to be less changed, and this is used as a key. Then, when only the IP address is changed, only the IP address information needs to be updated using the URL as a key.

  If the signature application 105 and the image recipient information 114 (assuming that the image recipient information 114 is the same and the signature application 105 is different) are received from the same image recipient client 104 a plurality of times, in the table of FIG. First of all, the method of overwriting the field of the partner to be overwritten with the data received later can be considered. In this method, the signature application 105 can be updated.

  Further, a method of creating a plurality of entries (signature applications 105 are different from each other) pointing to the same image recipient client 104 in the table of FIG. In this method, the signature method can be changed by selecting the signature application 105 to be executed for the same image recipient client 104.

  Up to this point, the image recipient information 114 has been treated as a key in the table of FIG. 8, but this information is not essential. In step S502, if the signature application 105 is selected from the beginning instead of selecting a partner to present an image, the image recipient information 114 is not necessary. In this case, the opponent field does not have to exist in the table of FIG.

  In the sequence of FIG. 7, it seems that selection of the other party is indispensable for the purpose of transmitting the signed image data 109 later. However, the signature application 105 includes a transmission function, and a signature is added to a predetermined place. If the image data 109 is to be transmitted, it is only necessary to select the signature application 105 without selecting the other party.

  In the above description, nothing has been said about encryption when sending the signature application 105, the public key 106, the encryption algorithm 107, and the hash algorithm 108 to the digital camera 101. This is because encryption of such information is unnecessary from the viewpoint of preventing falsification. If a third party falsifies an image to which the digital camera 101 has attached a signature, the image recipient client 104 can always find the falsification by the above-described processing.

  However, care must be taken regarding impersonation. If a third party can know the public key 106, the encryption algorithm 107, and the hash algorithm 108 (if the signing application 105 is considered to contain these pieces of information, only this can be considered), and If it is possible to calculate the MD for which part of the image and know how to embed the MAC, the third party impersonates the digital camera 101 and sends a fake image to the image receiver client 104. Could be possible.

  Accordingly, at least the public key 106 needs to be kept secret from a third party. Note that the encryption algorithm 107 and the hash algorithm 108 need not be kept secret as compared to the public key 106. Hiding these algorithms does not increase the strength of the encryption. The public key 106 has a character “public”. In this case, the public key 106 does not mean to be disclosed to a third party but is a public key 106 in the sense that it is paired with the private key 110.

  In this way, since the public key 106 and the private key 110 are kept secret from a third party, they may be a common key used in a common key cryptosystem. In that case, of course, the encryption algorithm 107 is selected according to the common key encryption method. The common key is not used for signature inside the digital camera and is different from the common key 111.

  Considering the case where the public key 106 is used, in order to conceal this from a third party, the path from the public key 106 to the digital camera 101 sent from the image receiver client 104 must be encrypted. That's fine. For example, a method of sending the public key 106 to the digital camera 101 using SSL (Secure Socket Layer) or using another public key encryption method as described above can be considered. At this time, the encryption algorithm 107 and the hash algorithm 108 may be similarly encrypted.

  Next, a procedure when the digital camera 101 receives the public key 106 from the public key server 103 will be described with reference to the flowchart of FIG.

  First, the CPU 201 of the digital camera 101 accesses the public key server 103 using a predetermined protocol via the network I / F 210 (step S1001). If necessary to acquire the public key 106, the public key server 103 authenticates access to the digital camera 101.

  If downloading of the public key 106 is permitted by the public key server 103, the CPU 201 of the digital camera 101 downloads the public key 106 through the network I / F 210 (step S1002).

  Next, when the encryption algorithm 107 is provided from the public key server 103 (step S1003), the CPU 201 acquires the encryption algorithm 107 from the public key server 103 through the network I / F 210 (step S1004).

  Next, when the hash algorithm 108 is provided from the public key server 103 (step S1005), the CPU 201 acquires the hash algorithm 108 from the public key server 103 through the network I / F 210 (step S1006).

  Further, the CPU 201 acquires the partner information corresponding to the downloaded public key 106, that is, the image recipient information 114 from the public key server 103 (step S1007).

  Finally, the CPU 201 stores the public key 106 obtained in the manner described above and the public key 106 in association with the image recipient information 114, and the encryption algorithm 107 or the hash algorithm 108, if any, in the table shown in FIG. ).

  Next, a procedure for immediately sending an image to the image recipient client 104 after taking an image with the digital camera 101 will be described with reference to a flowchart of FIG.

  First, the user of the digital camera 101 performs shooting (step S1101). At this time, it is assumed that the mode of the digital camera 101 is such that the captured image is immediately transmitted to the image recipient client 104 selected in advance.

  The CPU 201 determines whether the selected partner (image recipient client 104) requires a signature (step S1102). Here, there is a case where it is not necessary to sign even if it is transmitted to the same party, and such a determination is made on the assumption that there is a flag indicating that.

  If the signature is necessary, the CPU 201 determines whether or not the selected partner provides a signing means (step S1103). If the selected partner exists in the table of FIG. 8 and the signing means for that partner is stored, it is considered that the signing means is provided.

  If either of them is N in step S1102 or step S1103, the photographed image is transmitted as it is to the other party (step S1104), and the process ends.

  If the other party has provided a signature means, the CPU 201 puts camera information in the image header (step S1105).

  Then, the CPU 201 executes a signature function (step S1106). This takes the same procedure as described with reference to the sequence of FIG.

  Finally, the CPU 201 transmits the signed image data 109 to the image recipient client 104 (step S1107), and the process ends.

(Other embodiments)
The above-described embodiment has been described on the assumption that the image signature system includes the digital camera 101, the application server 102, the public key server 103, and the image recipient client 104 as shown in FIG. 101 may include both functions of the application server 102 and the public key server 103. That is, the present invention may be applied to a system composed of a plurality of devices, or may be applied to an apparatus composed of a single device.

  In the present invention, a software program that realizes the functions of the above-described embodiments is directly or remotely supplied to a system or apparatus, and the computer of the system or apparatus reads and executes the supplied program code. It is also realized by. In that case, as long as it has the function of a program, the form does not need to be a program.

  Therefore, in order to realize the functional processing of the present invention with a computer, the program code itself installed in the computer and the storage medium storing the program also constitute the present invention. In other words, the claims of the present invention include the computer program itself for realizing the functional processing of the present invention and a storage medium storing the program.

  In this case, the program may be in any form as long as it has a program function, such as an object code, a program executed by an interpreter, or script data supplied to the OS.

  As a storage medium for supplying the program, for example, flexible disk, hard disk, optical disk, magneto-optical disk, MO, CD-ROM, CD-R, CD-RW, magnetic tape, nonvolatile memory card, ROM, DVD (DVD-ROM, DVD-R).

  As another program supply method, a client computer browser is used to connect to an Internet homepage, and the computer program of the present invention itself or a compressed file including an automatic installation function is downloaded from the homepage to a storage medium such as a hard disk. Can also be supplied. It can also be realized by dividing the program code constituting the program of the present invention into a plurality of files and downloading each file from a different homepage. That is, a WWW server that allows a plurality of users to download a program file for realizing the functional processing of the present invention on a computer is also included in the claims of the present invention.

  In addition, the program of the present invention is encrypted, stored in a storage medium such as a CD-ROM, distributed to users, and key information for decryption is downloaded from a homepage via the Internet to users who have cleared predetermined conditions. It is also possible to execute the encrypted program by using the key information and install the program on a computer.

  In addition to the functions of the above-described embodiments being realized by the computer executing the read program, the OS running on the computer based on the instruction of the program is a part of the actual processing. Alternatively, the functions of the above-described embodiment can be realized by performing all of them and performing the processing.

  Furthermore, after the program read from the storage medium is written to a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function expansion board or The CPU or the like provided in the function expansion unit performs part or all of the actual processing, and the functions of the above-described embodiments are realized by the processing.

It is a block diagram which shows the structure of the image signature system which concerns on embodiment of this invention. It is a block diagram which shows the internal structure of the digital camera in embodiment. It is a figure explaining the method of adding a signature to an image, and the method of performing the falsification determination of the image with a signature. It is a flowchart which shows the image imaging process in the digital camera of embodiment. It is a flowchart which shows the process which attaches a signature further to the image to which the signature was attached using the common key using the signature method according to the other party to show, and memorize | stores this in FlashROM. It is a flowchart which shows the detail of a signature function execution procedure. It is a flowchart which shows the process which attaches a signature further to the image to which the signature was attached using the common key using the signature method according to the other party to show, and transmits this to the other party's client. It is a figure which shows the example of the table which links | relates and memorize | stores an other party (image receiver) and a signature method. It is a flowchart which shows the procedure at the time of a digital camera downloading a signature application from an application server immediately. It is a flowchart which shows the procedure at the time of a digital camera receiving a public key from a public key server. It is the flowchart explaining the procedure which transmits to an image recipient immediately after image | photographing an image with a digital camera.

Claims (12)

Image storage means for storing the input image;
A presentation destination selection means for selecting a presentation destination of the image;
Image selection means for selecting an image to be presented from the image storage means;
A determination unit that determines whether or not the image to be presented selected by the image selection unit is uncorrected from the time when the image is first stored in the image storage unit;
When it is determined that the image to be presented is uncorrected from the time when the image to be presented is first stored in the image storage means by the judging means, an electronic signature is attached to the image to be presented by a signature algorithm corresponding to the presentation destination. A signature means to be added;
An image signature apparatus comprising:   The image signature apparatus according to claim 1, wherein the signature algorithm includes a public key of the presentation destination. A first signature means for adding an electronic signature to the input image by a first signature algorithm that cannot be changed according to a user instruction;
Image storage means for storing an image with an electronic signature added by the first signature means;
A presentation destination selection means for selecting a presentation destination of the image;
Image selection means for selecting an image to be presented from the image storage means;
A determination unit that determines whether or not the image to be presented selected by the image selection unit is uncorrected from the time when the image is first stored in the image storage unit;
When it is determined that the image to be presented is uncorrected from the time when the image to be presented is first stored in the image storage means by the judging means, the image to be presented is displayed by the second signature algorithm corresponding to the presentation destination. A second signing means for adding an electronic signature;
An image signature apparatus comprising: Further comprising receiving means for receiving data for realizing the second signature algorithm from an external device;
The second signature unit adds an electronic signature to the image to be presented based on the second signature algorithm realized by the data received by the receiving unit. The image signature device described.   The receiving unit receives the data from the external device when the determining unit determines that the image to be presented is uncorrected from the time when the image is first stored in the image storing unit. The image signature device according to claim 3.   The image signature apparatus according to claim 4, wherein the data includes a public key. An image storage step for storing the input image in a memory;
A presentation selection step for selecting a presentation destination of the image;
An image selection step of selecting an image to be presented from the memory;
A determination step of determining whether or not the presentation target image selected by the image selection step is uncorrected from the time when the image is first stored in the memory;
When it is determined by the determination step that the image to be presented is uncorrected from the time when the image to be presented is first stored in the memory, an electronic signature is added to the image to be presented by a signature algorithm according to the presentation destination Signing step;
An image signature method characterized by comprising: A first signature step of adding an electronic signature to the input image by a first signature algorithm that cannot be changed according to a user instruction;
An image storage step of storing in a memory the image to which the electronic signature has been added in the first signature step;
A presentation selection step for selecting a presentation destination of the image;
An image selection step of selecting an image to be presented from the memory;
A determination step of determining whether or not the presentation target image selected by the image selection step is uncorrected from the time when the image is first stored in the memory;
When it is determined by the determination step that the image to be presented is uncorrected from the time when the image to be presented is first stored in the memory, the electronic signature is applied to the image to be presented by the second signature algorithm according to the presentation destination. A second signing step of appending
An image signature method characterized by comprising:   A program for executing the image signature method according to claim 7 or 8.   A computer-readable storage medium storing the program according to claim 9. An image signature system comprising: a signature device that adds an electronic signature to an image; and a server device that supplies data for implementing a signature algorithm to the signature device,
The signing device is:
Image storage means for storing the input image;
A presentation destination selection means for selecting a presentation destination of the image;
Image selection means for selecting an image to be presented from the image storage means;
A determination unit that determines whether or not the image to be presented selected by the image selection unit is uncorrected from the time when the image is first stored in the image storage unit;
When it is determined by the determination means that the image to be presented is uncorrected from the time when the image to be presented is first stored in the image storage means, based on a signature algorithm realized by the data provided from the server device Signature means for adding an electronic signature to the image to be presented;
An image signature system comprising: An image signature system comprising: a signature device that adds an electronic signature to an image; and a server device that supplies data for implementing a signature algorithm to the signature device,
The signing device is:
A first signature means for adding an electronic signature to the input image by a first algorithm that cannot be changed according to a user instruction;
Image storage means for storing an image with an electronic signature added by the first signature means;
A presentation destination selection means for selecting a presentation destination of the image;
Image selection means for selecting an image to be presented from the image storage means;
A determination unit that determines whether or not the image to be presented selected by the image selection unit is uncorrected from the time when the image is first stored in the image storage unit;
A second signature algorithm realized by the data provided from the server device when the determination unit determines that the image to be presented is uncorrected from the time when the image to be presented is first stored in the image storage unit; Second signing means for adding an electronic signature to the image to be presented based on
An image signature system comprising:

Images