JP2005229265A - Image encryption system and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To make the disclosure/nondisclosure of personal information controllable in units of individuals. <P>SOLUTION: A sensor 1 transmits a preference 8 including an encryption key used for encrypting an image concerning a user to a center server 3 in association with a personal image and a background image. The center server 3 encrypts the personal image received from the sensor 1 using the encryption key of the preference 8. A browsing PC 4 decrypts the encrypted personal image acquired from the center server 3 using a decryption key set by a visitor and restores the original image from the decrypted personal image and the background image acquired from the center server 3. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an image encryption system and an image encryption method.

  In recent years, a new computer network called ubiquitous computing and a new service system using the network have been actively studied. For example, a sensor monitoring system is known as one of such new service systems. In a sensor monitoring system, a plurality of sensors such as video cameras are connected via a network, and information acquired by each sensor is collected and processed, for example, an image of a place where an unspecified number of people interact with each other. It is possible to realize services such as locating the person's whereabouts.

Thus, in order to provide a service that handles the information of an unspecified number of persons, protecting personal privacy is an important issue. For example, it is necessary to control access to the acquired information by encryption or the like so that only those who have the authority to browse can view it. As an image encryption technique for the purpose of conventional security measures, for example, the one described in Patent Document 1 is known. In the technique disclosed in Patent Document 1, when an encrypted image is received in the encrypted image communication terminal, the received encrypted image is stored in an image memory, and information on the image memory storing the encrypted image is stored in the image memory. The implied information for decryption is recorded and displayed, and the encrypted image stored in the image memory is decrypted when the key information associated with the implied information is input.
Japanese Patent No. 3381591

  However, in the conventional image encryption technology described above, restoration of the encrypted image is performed in a lump, so that a person with viewing authority restores the image to restore an unspecified number of persons included in one image. There is a problem that information is disclosed and privacy protection cannot be realized on an individual basis.

  The present invention has been made in consideration of such circumstances, and an object of the present invention is to provide an image encryption system and an image encryption method capable of controlling disclosure / non-disclosure of personal information in units of individuals. is there.

  In order to solve the above problems, an image encryption system according to the present invention includes a plurality of sensors connected to a sensor network, an image processing apparatus that performs data communication with the sensors via the sensor network, and communication. An image encryption system comprising a browsing terminal that performs data communication with the image processing apparatus via a network, wherein the sensor relates to the user from an imaging unit that captures an image and a user's portable terminal. A preference acquisition means for acquiring a preference including an encryption key used for image encryption; and an image is extracted from the captured image in units of persons included in the captured image, and the person image and other backgrounds are extracted. Image hierarchization means for hierarchizing captured images with images, and a pre-set for associating a preference acquired from the mobile terminal with the person image The image processing apparatus includes: an encryption unit that encrypts a person image received from the sensor using an encryption key included in the preference received from the sensor; and Storage means for associating and storing the background image received from the image and the encrypted person image that is a set of hierarchies of the background image, and the browsing terminal receives a set of hierarchies from the image processing apparatus. Obtained from the image processing apparatus, browsing image acquisition means for acquiring the encrypted person image and background image, decryption means for decrypting the acquired encrypted person image using a decryption key set by the viewer, and The image processing apparatus includes a restoration unit that restores an original image from a background image and the decoded human image.

  In the image encryption system according to the present invention, the preference includes a disclosure policy regarding the privacy of the user, and the image processing apparatus is based on a disclosure policy included in the preference received from the sensor. A dummy image creating unit configured to create a dummy image of the person image received from the sensor; storing the created dummy image in the storage unit in association with the encrypted person image; and Instead of the person image that has failed, the corresponding dummy image is used to restore the original image.

  In the image encryption system according to the present invention, the dummy image creating means creates an image obtained by blurring a person image received from the sensor.

  An image encryption method according to the present invention includes a plurality of sensors connected to a sensor network, an image processing device that performs data communication with the sensors via the sensor network, and the image processing device via a communication network. An image encryption method in an image encryption system comprising a browsing terminal for data communication between the sensor and the sensor used to capture an image and to encrypt an image related to the user from the user's mobile terminal The process of obtaining a preference including the encryption key to be extracted, and extracting an image from the captured image in units of persons included in the captured image, and layering the captured image into this person image and other background images A step of associating a preference acquired from the portable terminal with the person image and transmitting the image to the image processing device; A process of encrypting a person image received from the sensor using an encryption key included in the preference received from the sensor, a background image received from the sensor, and a hierarchy of the background image A process of associating and storing the encrypted person image in a storage unit, and a process in which the browsing terminal acquires a layered set of encrypted person images and a background image from the image processing device, A process of decrypting the acquired encrypted person image using a decryption key set by a viewer, and a process of restoring the original image from the background image acquired from the image processing device and the decrypted person image It is characterized by including.

  In the image encryption method according to the present invention, the preference includes a disclosure policy regarding the privacy of the user, and the image processing apparatus is based on the disclosure policy included in the preference received from the sensor, The process of creating a dummy image of the person image received from the sensor, the process of storing the created dummy image in association with the encrypted person image in the storage means, and the browsing terminal fail in the decryption The method further includes a step of using the dummy image instead of the person image to restore the original image.

  In the image encryption method according to the present invention, the dummy image is an image obtained by blurring a person image received from the sensor.

  According to the present invention, each person image in the captured image is encrypted using the respective encryption key. Therefore, when browsing the image, the encryption key corresponding to the decryption key possessed by the viewer is used. Only the encrypted person image is restored, and no other person images are restored. Thereby, it is possible to control disclosure / non-disclosure of personal information in units of individuals.

  In addition, a dummy image of the person image corresponding to the privacy policy of the user is displayed instead of the person image that is not restored. it can.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing a configuration of a sensor monitoring system to which an image encryption system according to an embodiment of the present invention is applied. In FIG. 1, a sensor monitoring system includes a plurality of sensors 1, a sensor network 2 that is a communication network to which the sensors 1 are connected, and a center server 3 (image processing) connected to the sensor network 2 and a communication network 5 such as the Internet. Device) and a browsing terminal (for example, a personal computer; PC) 4 that accesses the center server 3 via the communication network 5.

  Further, the user 6 has a mobile terminal having a wireless communication function for wirelessly communicating with the sensor 1 and a position information acquisition function for acquiring position information indicating the current position. In the example of FIG. 1, the mobile phone terminal 7 is provided. The mobile phone terminal 7 has a wireless communication function for wirelessly communicating with the sensor 1, for example, a short-range wireless communication function such as Bluetooth, in addition to the wireless communication function for mobile phones. Further, as a position information acquisition function, for example, a GPS (Global Positioning System) function for obtaining absolute coordinates is provided. Alternatively, it has a function of exchanging relative coordinates between the sensor 1 and each mobile phone terminal 7 by Bluetooth. The relative coordinates are, for example, information on the azimuth and distance of the second terminal viewed from the first terminal.

  The sensor 1 has an imaging device such as a video camera and takes an image. The sensor 1 also has a wireless communication function (for example, Bluetooth) for wireless communication with the mobile phone terminal 7, and transmits / receives data to / from the mobile phone terminal 7. Thereby, the sensor 1 acquires the preference 8 of the user 6 from the mobile phone terminal 7.

  The preference 8 is a data file including a disclosure policy regarding the privacy of the individual user 6, for example, information such as a security level and a public key used for encrypting an image related to the user 6. In this preference 8, information stored by the user 6 is defined and stored in the mobile phone terminal 7.

  Further, the sensor 1 extracts from the captured image an image of each person included in the captured image, and obtains from the mobile phone terminal 7 a function of layering the captured image into the person image and other background images. A function of associating the preference 8 with a person image is provided. The sensor 1 accesses the center server 3 via the sensor network 2 and transmits / receives data. As a result, the sensor 1 transmits data such as images and preferences 8 to the center server 3.

  The center server 3 receives data such as images and preferences 8 from each sensor 1. Further, the center server 3 has a function of processing an image according to a security level included in the preference 8, a function of encrypting an image using a public key included in the preference 8, and the like. It also has a database for storing various data.

  The browsing PC 4 acquires the encrypted image from the center server 3 and decrypts the encrypted image. This decryption requires a valid decryption key, that is, a secret key corresponding to the public key used to encrypt the encrypted image to be decrypted. This private key is distributed in advance only to those who have viewing authority. Also, it has a function of restoring the original image from the hierarchized set of images.

Next, the operation of the sensor monitoring system in FIG. 1 will be described.
First, the operation of the sensor 1 will be described with reference to FIG. FIG. 2 is a diagram showing a processing flow of the sensor 1 shown in FIG. First, the sensor 1 captures an image (step S1). Next, the sensor 1 acquires the preference 8 of each user 6 (step S2).

  In this preference acquisition process, first, the sensor 1 wirelessly transmits a preference request signal to the mobile phone terminal 7 in a broadcast format. Each mobile phone terminal 7 that has received this preference request signal wirelessly transmits the preference 8, the electric field strength related to the radio signal received from the sensor 1, and the current position information. The sensor 1 receives the return information from each mobile phone terminal 7.

  Next, the sensor 1 performs image processing such as edge detection on the captured image, thereby extracting an image for each person (step S3). Next, the captured images are classified into those person images and other background images, and the captured images are hierarchized into person images and background images (step S4). By this hierarchization, it is possible to restore the original image by superimposing the person image and the background image.

Next, the sensor 1 associates the preference 8 received from each mobile phone terminal 7 with the person image (step S5). In this preference association processing, first, the sensor 1 specifies the approximate position of each user 6 based on the position information received from each mobile phone terminal 7. Further, the relative distance between the users 6 is calculated based on the electric field strength received from each mobile phone terminal 7. Then, the position of each user 6 is specified by correcting the approximate position of each user 6 based on the relative distance between the users 6. Further, if necessary, the wireless output for the mobile phone terminal 7 is changed, and a request signal set so that an unnecessary terminal does not respond is transmitted again, and the reply of the request signal is received. Increase detection accuracy. Subsequently, the person image of each user 6 is specified by selecting the person image in the captured image corresponding to the position of each user 6 specified in this way. Thereby, the user's 6 preference 8 corresponding to each person image is selected, and the combination of the person image and the preference 8 is created.
In addition, the sensor 1 tracks each user 6 based on characteristics, such as a color of a user's 6 clothing and a body shape, about the combination of the preference 8 and the user 6 who specified once, and the next captured image So that it can be easily identified.

  Next, the sensor 1 transmits data related to the hierarchized captured image to the center server 3 (step S6). This transmission data includes data in which a person image and the preference 8 are combined, a background image, the imaging date and time of the captured image, and sensor identification information of the own sensor 1.

  Next, the operation of the center server 3 will be described with reference to FIG. FIG. 3 is a diagram showing a processing flow of the center server 3 shown in FIG. First, the center server 3 encrypts each person image received from the sensor 1 (step S11). In this person image encryption process, the public key included in the preference 8 combined with the person image to be encrypted is used for encryption of the person image.

  Next, the center server 3 creates a dummy image of each person image (step S12). In this dummy image creation process, first, the security level included in the preference 8 combined with the person image for creating the dummy image is referred to. Then, a dummy image corresponding to this security level is created. For example, if the security level is “strong”, a transparent image is created. The transparent image is such that the image area of the person image is transparent and the background image is transparent as it is. If the security level is “medium”, an image in which the person image is blurred to such an extent that the action of the person is unknown is created. If the security level is “weak”, an image is created in which the person image is blurred to such an extent that the person's action is known but the face shape is unknown.

  Next, the center server 3 associates and stores the hierarchical combination of background images, encrypted person images, and dummy images of the person images in the database (step S13).

  The user 6 can set different contents in the preference 8 according to the place or time. As a result, the public key used for encryption and the creation contents of the dummy image change depending on the installation location or imaging time of the sensor 1 associated with the sensor identification information, so the user can arbitrarily select the information disclosure method can do.

  Next, the operation of the browsing PC 4 will be described with reference to FIG. FIG. 4 is a diagram showing a processing flow of the browsing PC 4 shown in FIG. First, the browsing PC 4 acquires a corresponding background image and encrypted person image from the center server 3 by performing an operation for acquiring an image that the viewer wants to browse (step S21). Next, the viewing PC 4 decrypts the encrypted person image using the decryption key (secret key) set by the viewer (step S22). In this decryption process, only the person image encrypted with the public key that matches the decryption key (secret key) succeeds in decryption, and other encrypted person images fail to decrypt.

  Next, when there is an encrypted person image for which decryption has failed, the browsing PC 4 acquires a dummy image of the encrypted person image for which decryption has failed from the center server 3 (steps S23 and S24). Next, the viewing PC 4 restores the original image by superimposing the decrypted person image and the background image (step S25). In this restoration process, if there is a dummy image, the corresponding dummy image is used instead of the person image that could not be decoded. Next, the browsing PC 4 reproduces the restored image by screen display (step S26). The restored image may be printed out by a printer. Further, it may be recorded in a storage device such as a hard disk.

  Thereby, the viewer can see the captured image of the person within the range of his / her browsing authority, and can obtain personal information such as where the person is currently and what he / she is doing. On the other hand, a person outside the viewing authority range sees a dummy image, and personal privacy is protected. Further, by displaying a blurred image of the person image corresponding to the security level defined by the individual as the dummy image, it is possible to reduce the sense of incongruity during browsing while protecting the privacy of the individual.

  The dummy image may be acquired in advance from the center server 3 together with the background image and the encrypted person image.

  According to the above-described embodiment, each person image in the captured image is encrypted using the encryption key (public key) defined by each user. Only the person image encrypted with the encryption key (public key) corresponding to the decryption key (secret key) possessed by is restored, and other person images are not restored. That is, a person image outside the browsing authority range of the viewer is not restored. This makes it possible to control the disclosure / non-disclosure of personal information in units of individuals and protect personal privacy.

  In addition, a dummy image corresponding to the security level defined by each user, for example, a blurred image of the person image, is displayed instead of the person image that is not restored. Can be reduced.

The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes design changes and the like within a scope not departing from the gist of the present invention.
For example, the image captured by the sensor 1 may be a moving image or a still image.
Also, by using a threshold encryption method, a plurality of decryption keys (secret keys) are created for one encryption key (public key), and the decryption keys (secret keys) are distributed to a plurality of viewers. May be. Thereby, the information of the same person can be shared among a plurality of viewers.

  The sensor network 2 may be a dedicated communication network, a public communication network such as the Internet, or a combination of these communication networks.

  Further, the image processing apparatus and the browsing terminal according to the present invention may be realized by dedicated hardware, or may be configured by a computer system such as a personal computer, and the center server 3 shown in FIG. You may implement | achieve the function by running the program for implement | achieving each function of PC4 for browsing.

  In addition, the sensor monitoring system according to the above-described embodiment can be applied to various service forms. For example, surveillance cameras installed at various locations in the city center and surveillance cameras at each store are connected to a common communication network (sensor network). Using this sensor network, it is possible to provide a service for confirming the safety of family members such as children and the elderly. Thereby, the user can confirm the safety of the family through the captured image of the monitoring camera while staying at home with a browsing terminal such as a PC. When such a service is provided, a person other than the safety confirmation target person is usually shown in the captured image of the surveillance camera. However, according to the sensor monitoring system according to the present embodiment, the information of the person other than the safety confirmation target person is Concealed. Accordingly, it is possible to provide a service that realizes safety confirmation using an image such as a moving image while protecting personal privacy.

It is a block diagram which shows the structure of the sensor monitoring system to which the image encryption system which concerns on one Embodiment of this invention is applied. It is a figure which shows the processing flow of the sensor 1 shown in FIG. It is a figure which shows the processing flow of the center server 3 shown in FIG. It is a figure which shows the processing flow of PC4 for browsing shown in FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Sensor, 2 ... Sensor network, 3 ... Center server (image processing apparatus), 4 ... PC (browsing terminal), 5 ... Communication network, 8 ... Preferences.

Claims (6)

A plurality of sensors connected to a sensor network, an image processing device that performs data communication with the sensor via the sensor network, and a browsing terminal that performs data communication with the image processing device via a communication network An image encryption system comprising:
The sensor is
An imaging means for capturing an image;
Preference acquisition means for acquiring a preference including an encryption key used for encryption of an image related to the user from a portable terminal of the user;
Image hierarchization means for extracting an image from a captured image in units of persons included in the captured image and hierarchizing the captured image into the person image and a background image other than the person image;
A preference association means for associating the preference acquired from the mobile terminal with the person image;
The image processing apparatus includes:
An encryption means for encrypting the person image received from the sensor using an encryption key included in the preference received from the sensor;
Storage means for storing the background image received from the sensor and the encrypted person image that is a set of hierarchies of the background image in association with each other;
The browsing terminal is
Browsing image acquisition means for acquiring a layered set of encrypted person images and background images from the image processing device;
Decryption means for decrypting the obtained encrypted person image using a decryption key set by a viewer;
An image encryption system comprising: a restoration unit that restores an original image from a background image acquired from the image processing device and the decrypted person image. The preferences include a disclosure policy about the user's privacy,
The image processing apparatus includes dummy image creating means for creating a dummy image of a person image received from the sensor based on a disclosure policy included in a preference received from the sensor, and the created dummy image is stored in the encryption Stored in the storage means in association with the person image,
2. The image encryption system according to claim 1, wherein the browsing terminal uses the corresponding dummy image to restore the original image instead of the person image that has failed in the decryption.   The image encryption system according to claim 2, wherein the dummy image creating unit creates an image obtained by blurring a person image received from the sensor. A plurality of sensors connected to a sensor network, an image processing device that performs data communication with the sensor via the sensor network, and a browsing terminal that performs data communication with the image processing device via a communication network An image encryption method in an image encryption system comprising:
The sensor is
The process of taking an image;
A process of obtaining a preference including an encryption key used for encryption of an image related to the user from the mobile terminal of the user;
A process of extracting an image from the captured image in units of persons included in the captured image, and layering the captured image into this person image and a background image other than this,
A process of associating the preference acquired from the mobile terminal with the person image and transmitting the image to the image processing apparatus;
The image processing apparatus is
Encrypting a person image received from the sensor using an encryption key included in the preference received from the sensor;
Storing the background image received from the sensor and the encrypted person image that is a set of hierarchies of the background image in association with each other in a storage unit;
The browsing terminal is
A process of acquiring a layered set of encrypted person images and background images from the image processing device;
Decrypting the obtained encrypted person image using a decryption key set by a viewer;
Restoring the original image from the background image acquired from the image processing device and the decoded human image;
An image encryption method comprising: The preferences include a disclosure policy about the user's privacy,
The image processing apparatus is
Creating a dummy image of the person image received from the sensor based on a disclosure policy included in the preference received from the sensor;
Storing the created dummy image in association with the encrypted person image in the storage means;
The browsing terminal is
A process of using the dummy image to restore the original image instead of the person image that failed to be decoded;
The image encryption method according to claim 4, further comprising: The image encryption method according to claim 5, wherein the dummy image is an image obtained by blurring a person image received from the sensor.

Images