JP2007325038A - Image processing apparatus, and method thereof - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To eliminate the need of a connection part of an external device or an encryption key generator for generating an encryption key. <P>SOLUTION: An image data generating unit 12' generates image data. A verification data generating unit 13' generates image-specific data (verification data) from the image data generated by the image data generating unit 12'. An image data encrypting unit 14' encrypts image data using the specific key as an encryption key. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to image processing that performs image data encryption and falsification detection.

  There are image processing apparatuses that can detect falsification of image data for the purpose of protecting the image data. In this alteration detection, image-specific data (hereinafter referred to as “verification data”) is generated from image data (for example, a hash value is generated using a one-way function) and added to the image data. Then, the verification side generates data unique to the image data again from the image data, compares with the verification data added to the image data, and determines that there is no falsification if they match, and that there is falsification if they do not match.

  In addition to falsification detection, when it is desired to keep image data secret, the image data is encrypted using an encryption key. In this case, an encryption key is generated after the verification data is generated, and the image data is encrypted using the encryption key. The encryption key generation method is, for example, a method of inputting a password or an encryption key from an external device as shown in Patent Document 1, and a random number generator is used at the time of encryption as shown in Non-Patent Document 1. There are known methods for generating and generating keys based on random numbers.

  FIG. 1 is a block diagram showing a configuration example of an image processing apparatus 11 that realizes the above-described alteration detection and encryption.

  The image data generation unit 12 generates image data. The verification data generation unit 13 generates verification data necessary for detecting falsification of image data. The image data encryption unit 14 encrypts the image data to which the verification data is added. The encryption key generation unit 15 generates an encryption key necessary for encrypting the image data. An encryption key generator that generates an encryption key from an external device or a random number is applicable as the encryption key generation unit 15.

  The configuration shown in FIG. 1 requires an external device and an encryption key generator as the encryption key generation unit 15 in addition to the image data generation unit 12, the verification data generation unit 13, and the image data encryption unit 14. In the case of the image processing apparatus 11 with a limited space, it may be difficult to mount a connection unit or an encryption key generator for connecting an external apparatus.

  FIG. 2 is a diagram illustrating a structure example of a general encrypted image file. The encrypted image file includes encrypted image data, verification data, and an encryption key used for encrypting the image data.

  The structure of the encrypted image file shown in FIG. 2 needs to include the encryption key used for encryption in addition to the encrypted image data and the verification data, and the amount of data increases as the encryption key is added.

Japanese Unexamined Patent Publication No. 7-327029 Yamamoto, Iwamura, Matsumoto, Imai “Practical Cryptography Using a Square Pseudorandom Number Generator and Block Cipher” IEICE Technical Report ISEC93-29, 1993-08

  An object of the present invention is to eliminate the need for a connection unit of an external device or an encryption key generator for generating an encryption key.

  Another object of the present invention is to simplify the structure of an encrypted image file and suppress an increase in the amount of data.

  The present invention has the following configuration as one means for achieving the above object.

  The image processing according to the present invention generates image data, generates unique data unique to the image from the generated image data, encrypts the image data using the unique data as an encryption key, and generates the encrypted data The unique data is added to the encrypted image data.

  Further, the image data is generated, unique data unique to the image is generated from the generated image data, the image data is encrypted using the unique data as an encryption key, and the encrypted image data generated by the encryption and An identifier for associating the unique data is added to the encrypted image data and the unique data.

  Further, the encrypted image data is acquired, the additional data added to the encrypted image data is separated, the encrypted image data is decrypted using the additional data as a decryption key, and the image data obtained by the decryption is used. It is characterized in that tampering of the image data is detected by generating unique data unique to the image and comparing it with the additional data.

  Further, the encrypted image data is obtained, the identifier added to the encrypted image data is separated, the decryption data corresponding to the identifier is obtained from the server device via the network, and the decryption data is decrypted by the decryption key. And detecting the falsification of the image data by decrypting the encrypted image data, generating unique data specific to the image from the image data obtained by the decryption, and comparing the data with the decryption data. Features.

  According to the present invention, it is possible to eliminate the need for an external device connection unit and an encryption key generator for generating an encryption key.

  In addition, the structure of the encrypted image file can be simplified and an increase in the data amount can be suppressed.

  Hereinafter, image processing according to an embodiment of the present invention will be described in detail with reference to the drawings.

[System configuration]
FIG. 3 is a block diagram illustrating a configuration example of the image processing system according to the embodiment.

  The image processing apparatus 101 is an apparatus that generates and encrypts image data. A digital camera, a digital video camera, a scanner, an electronic device having a camera unit, and the like can be applied.

  The data processing device 102 is a device that decrypts the encrypted image data generated by the image processing device 101, detects falsification of the image data, and displays an image, and is applicable to a small device having a CPU, a memory, and the like.

[Configuration of image processing apparatus]
FIG. 4 is a block diagram illustrating a configuration example of the image processing apparatus 101.

  The image generation unit 201 generates image data. The image specific data generation unit 202 generates data specific to the image from the image data generated by the image generation unit 201. The image data encryption unit 203 generates encrypted image data. The image unique data conversion unit 204 converts the image unique data generated by the image unique data generation unit 202 using the secret information held by the secret information holding unit 205. The secret information holding unit 205 holds secret information S (initial value or key) necessary for conversion of the image unique data. The adding unit 206 adds the converted value of the image unique data to the encrypted image data. The recording unit 207 records the encrypted image file including the encrypted image data and the converted value of the image unique data in a memory in the image processing apparatus 101 or a removable memory that can be attached to and detached from the image processing apparatus 101.

  FIG. 5 is a diagram showing a concept of image data encryption processing by the image processing apparatus 101. A series of processes from encrypting image data I using a hash value H to generating an encrypted image file E ′ (I) Show the flow.

Image generation unit The image generation unit 201 has an optical sensor such as a charge coupled device (CCD) or a CMOS sensor. When an image generation is instructed, the image generation unit 201 captures a subject and processes the electrical signal output of the optical sensor. The image data I is generated.

Image Specific Data Generation Unit The image specific data is data uniquely obtained from the image data I. For example, as shown in FIG. 5, the image unique data generation unit 202 generates a hash value H as image unique data by an operation using a one-way function. A one-way function is a function that is easy to obtain y from x at y = h (x), but it is difficult to obtain x from y. For example, functions such as MD5 (message digest 5) and SHA-1 (secure hash algorithm 1) are known.

Image data encryption unit The image data encryption unit 203 uses the image unique data generated by the image unique data generation unit 202 as an encryption key, encrypts the image data I generated by the image generation unit 201 by a predetermined encryption method, Outputs encrypted image data E (I). For example, as shown in FIG. 5, the image data I is encrypted using a common key encryption method using the hash value H obtained from the image data I as an encryption key.

  The common key encryption method is a method in which common information is used as a key, the key is secretly shared between the encryption side and the decryption side, and data is converted using the key. For example, DES (data encryption standard) and AES (advanced encryption standard) are known.

  Here, when the data length HL of the hash value H obtained from the image data I is different from the key length KL necessary for encryption, the following processing is performed.

  For example, when MD5 is used for the one-way function, the data length HL of the hash value H is 128 bits. On the other hand, if the encryption method is triple DES, the key length KL required as an encryption key is 168 bits. In this case (KL> HL), as shown in FIG. 6A, the hash value H is repeatedly used to compensate for the insufficient key length KL. In addition to repeating, a method of padding a fixed value (for example, “1”) for an insufficient amount, or by causing the image processing apparatus 101 to hold device-specific data in advance and supplementing the insufficient amount using the device-specific data. A method etc. are applicable.

  When the encryption method is DES, the required key length KL is 64 bits (more precisely, 56 bits). In this case (KL <HL), as shown in FIG. 6B, for example, bits necessary for the key length KL from the MSB of the hash value H are used. Further, as shown in FIG. 6C, the bits of the hash value H may be selected at random for the key length KL.

  The key expansion or reduction algorithm (hereinafter referred to as “key processing method”) is also used by the data processing apparatus 102.

● Image unique data conversion unit If the image unique data which is the encryption key is handled as it is, anyone can decrypt the encrypted image data E (I). Of course, it is also necessary to encrypt the image specific data. As shown in FIG. 5, the image unique data conversion unit 204 uses the secret information S held by the secret information holding unit 205 as an encryption key, and converts the hash value H, which is image unique data, into a converted value HT by a common key encryption method. Convert. Of course, not only the common key cryptosystem but various cryptosystems such as a public key cryptosystem can be applied.

Secret Information Holding Unit The secret information holding unit 205 holds secret information S (initial value or key) necessary when the image unique data conversion unit 204 converts the image unique data. The secret information S may be set when the image processing apparatus 101 is manufactured, for example. It is desirable that the secret information holding unit 205 is designed so that it does not output the secret information S other than the image unique data conversion unit 204, and the secret information S cannot be obtained even by unauthorized analysis from the outside.

Addition Unit The addition unit 206 adds the conversion value HT to the encrypted image data E (I) and outputs the encrypted image file E ′ (I) as shown in FIG. The addition position of the conversion value HT may be added to the footer part of the encrypted image file after the encrypted image data E (I), or may be added to the header part of the encrypted image file.

Recording unit The recording unit 207 records the encrypted image file E ′ (I) in a memory or a removable memory in the image processing apparatus 101. In addition, the encrypted image file E ′ (I) can be transmitted to the data processing device 102 or the computer device remote from the image processing device 101 by using a wireless function. Then, the encrypted image file E ′ (I) may be stored in a hard disk of a computer device.

[Encryption of image data]
FIG. 7 is a flowchart showing an example of image data encryption processing executed by the image processing apparatus 101.

  First, the image generation unit 201 that has received an imaging command from an interface (not shown) generates image data I and supplies the image data I to the image specific data generation unit 202 and the image data encryption unit 203 (S301).

  The image unique data generation unit 202 generates image unique data (hash value H) from the image data I using a one-way function, and supplies the hash value H to the image data encryption unit 203 and the image unique data conversion unit 204. (S302).

  The image data encryption unit 203 encrypts the image data I using the hash value H, and supplies the encrypted image data E (I) to the addition unit 206 (S303).

  The image unique data conversion unit 204 converts the hash value H using the secret information S held by the secret information holding unit 205, and supplies the converted value HT to the adding unit 206 (S304).

  The adding unit 206 adds the conversion value HT to the encrypted image data E (I), and supplies it to the recording unit 207 as an encrypted image file E ′ (I) (S305).

  The recording unit 207 holds the encrypted image file E ′ (I) in the memory (S306).

[Data processor configuration]
FIG. 8 is a block diagram illustrating a configuration example of the data processing apparatus 102.

  The encrypted image file acquisition unit 401 acquires the encrypted image file E ′ (I). The image unique data reverse conversion unit 402 uses the secret information S held by the secret information holding unit 403 to convert the converted value HT added to the encrypted image file E ′ (I) acquired by the encrypted image file acquisition unit 401. Is converted back to image specific data. The secret information holding unit 403 holds secret information S (initial value or key) necessary for converting the conversion value HT into the original image unique data. The image data decrypting unit 404 decrypts the encrypted image data E (I) using the image unique data, and obtains image data I. The verification unit 405 detects falsification of the decoded image data I. The display unit 406 displays the image data I and the result of falsification detection (hereinafter referred to as “verification result”).

  FIG. 9 is a diagram showing a concept of a series of processes for decrypting the encrypted image data E (I) and detecting falsification of the image data I.

Encrypted image file acquisition unit The encrypted image file acquisition unit 401 acquires the encrypted image file E ′ (I) from the memory 400 such as a memory in the image processing apparatus 101 or a removable memory. In addition, the encrypted image file E ′ (I) may be received from the image processing apparatus 101 or the computer device separated from the data processing apparatus 102 by using a wireless function. Then, the encrypted image data E (I) and the converted value HT are separated from the acquired encrypted image file E ′ (I).

Image Specific Data Inverse Conversion Unit The image specific data reverse conversion unit 402 converts the conversion value HT into image specific data using the secret information S held by the secret information holding unit 403. Note that the data processing apparatus 102 needs to know in advance the conversion algorithm of image specific data performed by the image processing apparatus 101. For example, in the case of the conversion value HT obtained by encrypting the hash value H using the common key encryption method, the image processing apparatus 101 decrypts the conversion value HT into the original hash value H as shown in FIG.

Secret Information Holding Unit The secret information holding unit 403 holds the secret information S necessary for converting the conversion value HT into the original image unique data. When the common encryption key method is used, the secret information S held by the secret information holding unit 403 is the same data as the secret information S held by the secret information holding unit 205. When using public key cryptography, the secret information S held by the secret information holding unit 403 and the secret information S held by the secret information holding unit 205 are a pair of a public key and a secret key, for example. Further, it is desirable that the secret information holding unit 403 is designed so that it does not output the secret information S other than the image unique data reverse conversion unit 402, and the secret information S cannot be obtained even by unauthorized analysis from the outside.

Image data decryption unit The image data decryption unit 404 decrypts the encrypted image data E (I) using the image unique data, and obtains image data I. For example, as shown in FIG. 9, when the image unique data has a hash value H and the image processing apparatus 101 performs encryption by the common key encryption method, the hash value H is used to decrypt the encrypted image data E (I). To do. If the data length HL of the hash value H is different from the key length KL required for decryption, a key is obtained from the hash value H by the above-described key processing method. At this time, since the data cannot be correctly decrypted unless the key processing method of the image processing apparatus 101 is used, the data processing apparatus 102 needs to know the key processing method performed by the image processing apparatus 101 in advance.

Verification unit The verification unit 405 detects falsification of the decrypted image data I. Therefore, as shown in FIG. 9, the image unique data is generated again from the decoded image data I using the one-way function used by the image processing apparatus 101. Then, the generated hash value H2 and the hash value H output from the image unique data inverse transform unit 402 are compared, and if they match, it is determined that there is no falsification, and if they do not match, it is determined that there is falsification.

Display unit The display unit 406 displays the image of the decoded image data I and the verification result.

[Decoding image data]
FIG. 10 is a flowchart illustrating an example of image data decoding processing executed by the data processing apparatus 102.

  The encrypted image file acquisition unit 401 acquires the encrypted image file E ′ (I) from the memory 400, separates the converted value HT from the encrypted image file E ′ (I), and transfers it to the image unique data inverse conversion unit 402. Supply. Also, the encrypted image data E (I) is separated and supplied to the image data decrypting unit 404 (S501).

  The image unique data reverse conversion unit 402 performs reverse conversion of the converted value HT to the hash value H using the secret information S held by the secret information holding unit 403, and supplies the hash value H to the image data decoding unit 404 and the verification unit 405. (S502).

  The image data decryption unit 404 decrypts the encrypted image data E (I) using the hash value H, and supplies the image data I to the verification unit 405 (S503).

  The verification unit 405 generates a hash value H2 from the image data I using a one-way function, and compares the hash value H with the hash value H to detect falsification of the image data I. Then, the image data I and the verification result are supplied to the display unit 406 (S504).

  The display unit 406 displays the image data I and the verification result (S505). If the image data I has been falsified, a message indicating that “the image data has been falsified”, “the image data is not original”, or the like is displayed. If the image data I has not been falsified, a message indicating that “the image data has not been falsified”, “the image data is original”, or the like is displayed.

  In this way, the image data is transformed and used as an encryption key. In other words, an encryption key for image data is generated using a processing unit that generates verification data. As a result, the connection unit of the external device and the encryption key generator are not required, and the configuration for encrypting the image data and the configuration of the encrypted image file can be simplified.

  FIG. 11 is a block diagram showing a configuration for realizing falsification detection and encryption of the image processing apparatus 101 by the same expression as FIG.

  The image data generation unit 12 ′ corresponds to the image generation unit 201 that generates image data. The verification data generation unit 13 ′ corresponds to an image specific data generation unit 202 and an image specific data conversion unit 204 that generate verification data necessary for falsification detection. The image data encryption unit 14 ′ corresponds to the image data encryption unit 203 that encrypts image data. The image unique data generated by the verification data generation unit 13 ′ is also used as an encryption key. Therefore, the verification data generation unit 13 ′ also serves as the encryption key generation unit 15 shown in FIG.

  FIG. 12 is a diagram illustrating a structure example of the encrypted image file according to the first embodiment. The encrypted image file includes encrypted image data and a conversion value (verification data / encryption key). Therefore, the structure is simplified and the amount of data can be reduced compared to the encrypted image file shown in FIG.

  The information processing according to the second embodiment of the present invention will be described below. Note that the same reference numerals in the second embodiment denote the same parts as in the first embodiment, and a detailed description thereof will be omitted.

  In the first embodiment, the conversion value HT is added to the encrypted image data. However, the conversion value HT is securely transmitted to the server, and the conversion value HT is acquired from the server when the encrypted image data is decrypted. You can also.

[System configuration]
FIG. 13 is a block diagram illustrating a configuration example of the image processing system according to the second embodiment. In addition to the image processing apparatus 101 and the data processing apparatus 102, a server 103 exists via the network 104.

  The server 103 is a device that holds the conversion value HT with an identifier generated by the image processing device 101, and transmits the conversion value HT with an identifier to the data processing device 102 in response to a request. An information processing device such as a personal computer applies Is possible.

[Configuration of image processing apparatus]
FIG. 14 is a block diagram illustrating a configuration example of the image processing apparatus 101.

  The association unit 208 adds a unique identifier N indicating the association between the encrypted image data E (I) and the converted value to the encrypted image data E (I) and the converted value HT. The communication unit 209 securely transmits the conversion value HT with an identifier to the server 103.

  FIG. 15 is a diagram showing a concept of image data encryption processing by the image processing apparatus 101. The image data I is encrypted using a hash value H, a converted value HT with an identifier is transmitted, and an encrypted image file E ′ ( A series of flow until generating I) is shown.

Association section The association section 208 associates the encrypted image data E (I) with the converted value HT. Then, a unique identifier N indicating the association is added to the encrypted image data E (I) and the converted value HT. Then, an encrypted image file E ′ (I) with an identifier and a conversion value HT are output.

  The identifier N is composed of the shooting date / time of the image data I, the camera ID, the assigned number at the time of association, and the like. For example, the form is “20050909-1234-0001”. The addition position of the identifier N may be added as a header before the conversion value HT as shown in FIG. 15, but may be added as a footer.

Communication unit The communication unit 209 transmits the conversion value HT with an identifier to the server 103. The communication unit 209 and the server 103 use cryptographic communication as a method of communicating securely. For example, SSL (secure socket layer) communication combining security techniques such as public key encryption, private key encryption, digital signature, and hash function can be applied. Note that the communication unit 209 holds the address information of the server 103 that is the destination of the conversion value HT with an identifier and information necessary for performing secure communication.

[Image data encryption]
FIG. 16 is a flowchart illustrating an example of image data encryption processing executed by the image processing apparatus 101 according to the second embodiment. Since the processing from steps S301 to S304 is the same as that in the first embodiment, detailed description thereof is omitted.

  The associating unit 208 associates the encrypted image data E (I) with the converted value HT, adds a unique identifier N indicating the association to the encrypted image file E ′ (I) and the converted value HT, and stores it in the recording unit 207. Supply (S307).

  The recording unit 207 holds the encrypted image file E ′ (I) with identifier in the memory and transmits the converted value HT with identifier to the server 103 (S308).

[Data processor configuration]
FIG. 17 is a block diagram illustrating a configuration example of the data processing apparatus 102 according to the second embodiment.

  The encrypted image file acquisition unit 401 acquires the encrypted image file E ′ (I), separates the identifier N, and supplies it to the conversion value acquisition unit 407. The conversion value acquisition unit 407 acquires the conversion value HT corresponding to the identifier N from the server 103. The verification unit 405 detects falsification of the decoded image data I and adds the verification data V to the image data I. The display unit 406 displays the image data I and the verification result.

  FIG. 18 is a diagram showing a concept of a series of processes for decrypting encrypted image data E (I), detecting falsification of image data I, and adding verification data V.

Conversion value acquisition unit The conversion value acquisition unit 407 transmits the identifier N added to the encrypted image file E ′ (I) to the server 103, acquires the conversion value HT corresponding to the identifier N from the server 103, and acquires it. The converted value HT is supplied to the image unique data inverse conversion unit 402.

Verification unit The verification unit 405 detects falsification of the decrypted image data I. Therefore, as shown in FIG. 18, the image unique data is generated again from the decoded image data I using the one-way function used by the image processing apparatus 101. Then, the generated hash value H2 and the hash value H output from the image unique data inverse transform unit 402 are compared, and if they match, it is determined that there is no falsification, and if they do not match, it is determined that there is falsification. If there is no tampering, verification data V is generated and added to the image data I using the hash value H2 and the secret information VS held by the verification unit 405 itself.

  The verification data V is a message authentication code (MAC). The MAC is data for verifying integrity (not tampered) with digital data by a common key cryptosystem, and is generally used as data for detecting tampering. Of course, a digital signature may be used instead of the MAC. The digital signature is encrypted signature data added to the digital data in order to guarantee the validity of the digital data. It is generally used as data for verifying the creator of digital data and detecting falsification by applying public key cryptography.

[Decoding image data]
FIG. 19 is a flowchart illustrating an example of image data decoding processing executed by the data processing apparatus 102. Since the processing in steps S501 to S503 and S505 is the same as that in the first embodiment, detailed description thereof is omitted.

  The conversion value acquisition unit 407 transmits the identifier N separated from the encrypted image file E ′ (I) by the encrypted image file acquisition unit 401 to the server 103, and acquires the conversion value HT corresponding to the identifier N from the server 103. (S506).

  The verification unit 405 generates a hash value H2 from the image data I using a one-way function, and compares the hash value H with the hash value H to detect falsification of the image data I (S507). If there is no falsification, verification data V is generated and added to the image data I (S508).

  As described above, the image processing apparatus 101 securely transmits the conversion value HT with an identifier to the server 103, and causes the server 103 to store the conversion value HT with an identifier. When decrypting the encrypted image data E (I), the data processing device 102 uses the identifier N added to the encrypted image data E (I) to convert the converted value HT associated with the encrypted image data E (I). Is acquired from the server 103.

[Other embodiments]
Note that the present invention can be applied to a system including a plurality of devices (for example, a host computer, an interface device, a reader, and a printer), and a device (for example, a copying machine and a facsimile device) including a single device. You may apply to.

  Another object of the present invention is to supply a storage medium (recording medium) that records software for realizing the functions of the above-described embodiments to a system or apparatus, and a computer (CPU or MPU) of the system or apparatus executes the software. Is also achieved. In this case, the software itself read from the storage medium realizes the functions of the above-described embodiments, and the storage medium storing the software constitutes the present invention.

  In addition, the above functions are not only realized by the execution of the software, but an operating system (OS) running on a computer performs part or all of the actual processing according to the instructions of the software, and thereby the above functions This includes the case where is realized.

  In addition, the software is written in a function expansion card or unit memory connected to the computer, and the CPU of the card or unit performs part or all of the actual processing according to instructions of the software, thereby This includes the case where is realized.

  When the present invention is applied to the storage medium, the storage medium stores software corresponding to the flowchart described above.

A block diagram showing a configuration example of an image processing apparatus for realizing falsification detection and encryption, A diagram showing an example of the structure of a general encrypted image file. A block diagram showing a configuration example of an image processing system of an embodiment, Block diagram showing a configuration example of an image processing device, The figure which shows the concept of the encryption process of the image data by an image processing apparatus, The figure explaining the key processing method when the data length and key length of a hash value differ, The figure explaining the key processing method when the data length and key length of a hash value differ, The figure explaining the key processing method when the data length and key length of a hash value differ, The flowchart which shows an example of the encryption process of the image data which an image processing apparatus performs, A block diagram showing a configuration example of a data processing device, A diagram showing a concept of a series of processes for decrypting encrypted image data and detecting falsification of the image data, It is a flowchart which shows an example of the decoding process of the image data which a data processing part performs. FIG. 2 is a block diagram showing a configuration for realizing falsification detection and encryption of an image processing apparatus by the same expression as FIG. The figure which shows the example of a structure of the encryption image file of Example 1. Block diagram showing a configuration example of an image processing system of Example 2, Block diagram showing a configuration example of an image processing device, The figure which shows the concept of the encryption process of the image data by an image processing apparatus, The flowchart which shows an example of the encryption process of the image data which an image processing apparatus performs, A block diagram showing a configuration example of a data processing device, A diagram showing a concept of a series of processes for decrypting encrypted image data, detecting falsification of image data, and adding verification data; It is a flowchart which shows an example of the decoding process of the image data which a data processing part performs.

Claims (15)

Image data generating means for generating image data;
Unique data generating means for generating unique data specific to an image from image data generated by the image data generating means;
Encryption means for encrypting the image data using the unique data as an encryption key;
An image processing apparatus comprising: an adding unit that adds the unique data to the encrypted image data generated by the encryption unit.   2. The image processing apparatus according to claim 1, wherein the adding unit adds a conversion value obtained by converting the unique data using secret information to the encrypted image data. Image data generating means for generating image data;
Unique data generating means for generating unique data specific to an image from image data generated by the image data generating means;
Encryption means for encrypting the image data using the unique data as an encryption key;
An image processing apparatus comprising: an adder that adds an identifier that associates the encrypted image data generated by the encryption unit and the unique data to the encrypted image data and the unique data.   4. The image processing apparatus according to claim 3, wherein the adding unit adds the identifier to a converted value obtained by converting the unique data using secret information.   5. The image processing apparatus according to claim 4, further comprising communication means for transmitting the converted value to which the identifier is added to a server apparatus via a network. Acquisition means for acquiring encrypted image data;
Separating means for separating the additional data added to the encrypted image data;
Decryption means for decrypting the encrypted image data using the additional data as a decryption key;
An image processing apparatus comprising: verification means for detecting falsification of the image data by generating unique data specific to the image from the image data decoded by the decoding means and comparing it with the additional data .   7. The image processing apparatus according to claim 6, wherein the separating unit converts a value obtained by converting the separated additional data using secret information into the additional data for decryption and the verification. Image data acquisition means for acquiring encrypted image data;
Separating means for separating the identifier added to the encrypted image data;
Decryption data acquisition means for acquiring the decryption data corresponding to the identifier from the server device via a network;
Decryption means for decrypting the encrypted image data using the decryption data as a decryption key;
Image processing characterized by comprising verification means for detecting falsification of the image data by generating unique data specific to the image from the image data decoded by the decoding means and comparing it with the decoding data apparatus.   9. The decryption data acquiring unit according to claim 8, wherein a value obtained by converting the decryption data acquired from the server device using secret information is used as the decryption data for the decryption and the verification. Image processing apparatus. Generate image data,
Generate unique data specific to the image from the generated image data,
Using the unique data as an encryption key, encrypting the image data,
An image processing method, wherein the unique data is added to encrypted image data generated by the encryption. Generate image data,
Generate unique data specific to the image from the generated image data,
Using the unique data as an encryption key, encrypting the image data,
An image processing method, wherein an identifier for associating encrypted image data generated by the encryption with the unique data is added to the encrypted image data and the unique data. Get encrypted image data,
Separating the additional data added to the encrypted image data;
Decrypting the encrypted image data using the additional data as a decryption key;
An image processing method comprising: generating unique data specific to an image from image data obtained by the decoding, and comparing the additional data with the additional data to detect tampering of the image data. Get encrypted image data,
Separating an identifier added to the encrypted image data;
Obtaining decryption data corresponding to the identifier from a server device via a network;
Using the decryption data as a decryption key, decrypting the encrypted image data,
An image processing method comprising: generating unique data specific to an image from image data obtained by the decoding, and comparing the decoded data with the decoding data to detect falsification of the image data.   14. A computer program for controlling an image processing device to realize the image processing according to any one of claims 10 to 13.   15. A computer-readable recording medium on which the computer program according to claim 14 is recorded.

Images