JP2011234335A - Signature generating device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a signature generating device to solve such problem as inability to determine whether data without a signature was caused by a removal of a signature data due to an alteration or signature generating device setting in the case when the signature generating device allows a setting for whether or not to generate a signature.SOLUTION: A plurality of data are serially acquired and a signature data is generated for the acquired data. When a signature-generating device is controlled not to generate the signature data, the number of acquired data is counted. When the signature-generating device is switched from a non-signature-data-generating state to a signature-data-generating state, the signature data is generated in accordance with the acquired data and a counter value thereof.

Description

  The present invention relates to a signature generation device that digitally signs a video (image) taken by an imaging device such as a surveillance camera and transmits / records it via a network, and more particularly to applying a digital signature technique to a plurality of divided video data. The present invention relates to a signature generation device to be used.

  Conventionally, video surveillance systems have been installed in public facilities such as hotels, buildings, convenience stores, financial institutions, dams and roads for the purpose of crime prevention and accident prevention. In the video surveillance system, the surveillance target is photographed by an imaging device such as a camera, and the photographed video is transmitted to a monitoring center such as a management office or a security room, and the supervisor monitors the video for the purpose and necessity. Depending on the situation, a warning or warning is given, or the video is recorded or saved.

  In recent years, in the field of such a video surveillance system, a network type video surveillance system has been spreading. In a network-type video surveillance system, surveillance camera video is digitized, and video is transmitted through an IP network represented by the Internet for monitoring.

  In the network-type video surveillance system that is currently mainstream, live video is distributed via a network from a video transmission device connected to a surveillance camera to a video reception device. This system is a system suitable for a monitoring mode in which a resident supervisor always watches the distributed video (and audio) and responds according to the situation when a problem occurs.

  On the other hand, as video monitoring, in addition to the “live type monitoring” which mainly focuses on the live video monitoring as described above, “recording and saving the monitoring video and viewing the recorded video retroactively when a problem occurs” There is also a monitoring form of “record type monitoring”, and there is a customer need for such “record type monitoring” mainly in financial institutions and shops.

  In the network-type video surveillance system, it is possible to use a “storage / delivery server” that can meet such a need for “record-type surveillance”.

  Also, in order to improve the evidence of video, the spread of networked video surveillance system with signature that makes it possible to detect falsification of video data flowing on the network and recorded video data by digitally signing the video data Is progressing.

  FIG. 5 shows a configuration example of a video distribution system that can be used as such a network type video monitoring system. 5 includes a network medium 901, a video generation apparatus 902, a video transmission apparatus 903, a video reception apparatus 904, video display apparatuses 905A and 905B, a storage / delivery server 906, a recording medium 907, a removable medium 908, a signature verification. An apparatus 909 and a signature generation apparatus 910 are included.

  The network medium 901 is, for example, a network cable, a wireless LAN, a public line, etc., and has a role of transmitting transmitted data. This also includes network devices such as routers and hubs. The video transmission device 903, the video reception device 904, the storage / delivery server 906, and the signature generation device 910 are connected to the network medium 901 so that they can communicate with each other.

  The video generation device 902 is a video generation device having an image sensor such as a camera, for example, and has a role of generating video data by converting input light into an electrical signal.

  The video transmission device 903 is, for example, an encoder device that includes an interface for receiving video data from the video generation device 902, an image codec, a network interface, and the like, and inputs video from the video generation device 902 into a form suitable for network transmission. It has the role of converting and transmitting to the signature generation apparatus 910 via the network medium 901. Specifically, for example, when an input video from the video generation device 902 is an analog video signal, the video is converted into digital video data, or a compression process is performed according to the transmission band of the network medium 901. The video generation device 902 and the video transmission device 903 may be combined as one device.

  The video reception device 904 is a decoder device that incorporates, for example, a network interface, an image codec, an interface for outputting video to the video display device 905A, an interface to a removable medium 908, and the like from the storage / delivery server via the network medium 901. The received video data is received, converted into a form that can be displayed by the video display device 905A, and output. For example, when the video display device 905A is a television monitor, conversion to an analog video signal is performed, and when the received video data is compressed video data, the video codec is expanded using an image codec. Processing such as processing is performed.

  The video receiving device 904 receives the signed video from the storage / delivery server 906 and stores the received signature information and video data in the removable medium 908 in a manner that can be verified by the signature verification device 909. This storage process may be performed by a user operating the video reception device 904 or automatically by software in the video reception device 904.

  The video display devices 905A and 905B are video display devices having projection elements such as a television monitor, a computer CRT (Cathode Ray Tube), and a liquid crystal monitor, for example, and have a role of displaying an image by changing an electrical signal to light.

  The video reception device 904 also includes an operation interface for instructing the storage / delivery server 906 to perform playback, such as playback or fast-forward. This operation interface may be, for example, a GUI (Graphical User Interface) on a computer screen or a control panel terminal connected to the video reception device 904.

  The video receiving device 904 and the video display device 905A may be combined as one device. For example, a form in which the video receiver 904 is built in a television monitor, a form of a computer connected to a CRT, a form of a mobile terminal device such as a mobile phone provided with a display device, and the like can be given.

  The storage / delivery server 906 is, for example, a computer with a built-in network interface and an interface to a recording medium 907, and video data or a signed video transmitted from the video transmission device 903 or the signature generation device 910 via the network medium 901. The role of receiving the data and recording it in the connected recording medium 907 and taking out the video data requested from the recording medium 907 or the signed video data in response to the video distribution request from the video receiving device 904, etc. And has a role of distributing to the video receiving apparatus 904 via the network.

  The recording medium 907 is a medium for recording video data such as a hard disk or a disk array, for example. The storage / delivery server 906 is a dedicated storage system such as a SCSI (Small Computer System Interface), an ATA (AT Attachment), or a Fiber Channel. It is connected by an interface or an interface using an IP network such as a SAN (Storage Area Network) or NAS (Network Attached Storage).

  The removable media 908 is, for example, a combination of optical media such as DVD-RAM, MO, and CD-RW and a drive, or a hard disk mounted in a removable case, USB (Universal Serial Bus), and a removable interface such as IEEE1394. Is a medium having a role of storing video data. The removable media 908 is connected to the video reception device 904 or the signature verification device 909 with, for example, a dedicated interface such as SCSI, ATA, or Fiber Channel, or an interface using an IP network such as SAN or NAS, USB, It is connected by a detachable interface or the like even during energization of IEEE 1394 or the like.

  The signature verification device 909 is a decoder device that incorporates, for example, an image codec, an interface for outputting video to the video display device 905B, an interface to the removable media 908, and the like, and the signed video data recorded in the removable media 908 is received. The video display device 905B plays a role of converting to a displayable form and outputting it. For example, when the video display device 905B is a television monitor, conversion processing to an analog video signal is performed. In addition, signature verification processing is performed on a signature associated with video data using a predetermined verification key. If the video data is compressed video data, an expansion process is performed using an image codec. The signature verification device 909 and the video display device 905B may be combined as one device. Alternatively, the signature verification device 909 and the video reception device 904 may be combined as one device.

  The signature generation device 910 is a device having a built-in network interface, for example, and generates the signature data of the video data received from the video transmission device 903 and transmits it to the storage / delivery server 906 via the network medium 901. The signature generation apparatus 910 may be configured to simultaneously process video data from a plurality of video transmission apparatuses 903 and generate signature data.

  The signature generation device 910 and the video transmission device 903 may be combined as a single device. The signature generation device 910 and the storage / delivery server 906 may be combined as a single device. Further, a configuration in which three devices, that is, the signature generation device 910, the video transmission device 903, and the storage / delivery server 906, are combined as one device may be employed.

  Further, FIG. 5 shows a case where each device is one, but a plurality of these devices can be connected to each other. Further, the storage / delivery server 906 simultaneously receives and records a plurality of different video data transmitted from the plurality of signature generation apparatuses 910, and further performs parallel recording on the plurality of video reception apparatuses 904. A plurality of arbitrary video data can be distributed simultaneously.

  Here, data called a key is necessary for the signature generation of the video data in the signature generation apparatus 910 and the signature verification of the video data in the video reception apparatus 904 and the signature verification apparatus 909. Here, in signature generation and signature verification, a scheme such as a keyed-hashing for message authentication code (HMAC) that applies a common key cryptosystem using the same key for generation and verification may be used. A scheme such as a digital signature applying a public key cryptosystem using a different key may be used.

  A feature of video data in the field of video surveillance systems as described above is that the amount of data is large. As a result, the video data may be extracted and stored for the purpose of saving the network bandwidth or the capacity of the recording device. In this case, it is necessary to process 30 different video data per second. The number of processes per unit time increases.

  The signature method described in Patent Document 1 can arbitrarily extract and save a plurality of data when the video data is extracted and stored in this manner, and suppresses the processing load for generating a signature per video. Making it possible.

JP 2009-182864 A

  By the way, the signature process is a process with a very high load compared to other processes such as video reception and distribution. For this reason, the signature generation apparatus 910 may not generate a signature depending on settings in order to avoid an increase in processing load due to the signature. In particular, when the signature generation apparatus 910 is combined with the video transmission apparatus 903 or the storage / delivery server 906, the signature generation setting may be turned off to avoid an increase in processing load due to the signature.

  Further, the signature verification apparatus 909 determines whether the video data has been tampered with. Here, even when the signature generation setting of the signature generation apparatus 910 is on, when the signature is not given to the video data, there is a high possibility that someone is falsifying the video data maliciously. So, immediately, a more sophisticated survey (such as a survey of people who were able to access the data) is needed. On the other hand, if the signature generation setting of the signature generation device 910 is turned off, if the signature is not given to the video data, whether or not the video data that does not need to be verified by the signature verification device 909 is erroneously verified. The signature generation setting of the signature generation device 910 may be turned off by mistake. Therefore, first, a countermeasure (for example, a change to turn on the signature generation setting) should be taken.

  However, the conventional signature method typified by Patent Document 1 has a problem that when the video data is not signed, it cannot be distinguished for which reason the video data is not signed.

  FIG. 6 is a diagram showing an example of video data signed by a conventional signature method and an example of falsification thereof.

Data 91 shown in FIG. 6A is an example of signed video data in the conventional signature scheme. In data 91, M _i (i = 1 to 11, the same applies hereinafter) represents video data, and S _i represents signature data. Here, the signature generation setting in the signature generation apparatus 910 is the signature off for the video data M _{1 to} M ₃ , the signature on for M _{4 to} M ₈ , and the signature off for M _{9 to} M ₁₁ . Further, data 92 shown in FIG. 6A is an example of falsification of signed video data in the conventional signature method. In the data 92, after tampered video data M ₇ to M _'7, the signature data S ₇ has been deleted. Here, when the signature verification apparatus 909 verifies the data 92, the video data M _{1 to} M ₃ and M _{9 to} M ₁₁ to which the signature data is not assigned because the signature generation setting is off, It cannot be distinguished from the video data M ′ ₇ in which the signature data is deleted after being tampered with.

  The present invention provides a video signature method that enables the signature verification apparatus 909 to acquire the signature generation setting state of the signature generation apparatus 910 in a reliable manner, and a more appropriate countermeasure can be taken after verification by the signature verification apparatus 909. An object is to provide a video signature system that can be used.

  In order to solve the above problems, the present invention controls data acquisition means for continuously acquiring a plurality of data and whether or not signature data is generated for the acquisition data acquired by the data acquisition means. A state in which signature data is not generated in the control means, a count means for counting the number of acquired data, and the control means when the control means is controlled to not generate signature data. Signature data generation means for generating signature data based on the acquired data and the counter value counted by the counting means when the control to the state for generating the signature data is performed. We propose a signature generation device characterized by this.

  That is, in the signature generation apparatus of the present invention, signature data is generated including a counter value of data for which signature data is not generated. Therefore, even if the signature data is not attached to the data that is subject to signature verification, the signature setting is turned off in the signature generation device, so the signature data is not attached, or the data is falsified. It is possible to determine whether signature data is not given. Further, since the counter value is also signed with the acquired data, it is possible to detect tampering of the counter value.

  As described above, according to the present invention, it is possible to determine whether or not signature data has been assigned because the data has been tampered even when signature data has not been assigned to the data to be verified. is there.

It is a figure which shows the structural example of a video signature system. 4 is a flowchart of a signature generation method in the signature generation apparatus 100. 2 is a diagram illustrating an example of video data signed by a signature generation device 100 and an example of falsification thereof. FIG. 4 is a flowchart of a signature verification method in the signature verification apparatus 200. It is a figure which shows the structural example of the conventional video delivery system (network type video surveillance system). It is a figure which shows the example of the video data signed by the conventional signature system, and its tampering example. It is a figure showing the relationship between a series of images | videos and the 1st signature in the conventional network type | mold video surveillance system with a signature. It is a figure showing the relationship between a series of images | videos and the 2nd signature in the conventional network type | mold video surveillance system with a signature. It is a figure explaining the signature process of the 1st time in the signature generation method of the present invention. It is a figure explaining the signature process of the 2nd time in the signature generation method of this invention. It is a figure explaining the signature process of the 1st time in the signature generation method of the present invention. It is a figure explaining the signature process of the 2nd time in the signature generation method of this invention. It is a figure explaining the pre-process of the verification process in the signature verification method of this invention. It is a figure explaining the verification process in the signature verification method of this invention. It is a flowchart of the signature verification method of this invention.

  Embodiments of the present invention will be described below with reference to the drawings. In the drawings referred to in the following description, the same parts as those in the other drawings are denoted by the same reference numerals.

(Configuration of video signature system)
FIG. 1 is a diagram illustrating a configuration example of a video signature system according to the present embodiment. The video signature system 1 according to the present embodiment includes a signature generation device 100 and a signature verification device 200. The signature generation device 100 is a device that generates a signature for video data. The signature verification device 200 is a device that verifies the signature data generated by the signature generation device 100. The signature generation device 100 and the signature verification device 200 can be used as a signature generation device 910 and a signature verification device 909, respectively, in a conventional video distribution system (network type video monitoring system) as shown in FIG.

  The signature generation apparatus 100 and the signature verification apparatus 200 described below are a general computer such as a CPU (Central Processing Unit), a memory such as a RAM (Random Access Memory), a storage device such as a hard disk, and a network interface (not shown). This is realized by a configuration similar to that of the above. The function of each component of the signature generation device 100 and the signature verification device 200 is, for example, when the CPU of each device reads and executes a program stored in a hard disk or the like, or, for example, an FPGA (Field Programmable Gate) This function is realized by custom design of sequencer logic in (Array). Each data such as video data and signature data is data stored in a hard disk or RAM of each device.

(Configuration of signature generator)
The signature generation apparatus 100 includes a data acquisition unit 101, a control unit 102, a count unit 103, a signature data generation unit 104, and a transmission unit 105.

  The data acquisition unit 101 acquires a plurality of data continuously. The “plurality of data” is data constituting content, for example, specifically, data constituting video, audio, etc., text format data constituting communication log, and the like. In the present embodiment, the “plurality of data” is video data constituting a video. Further, “continuously acquiring a plurality of data” corresponds to, for example, sequentially receiving a series of data constituting video content or the like.

  “Acquisition of data” is mainly assumed to be obtained by receiving data from an external device through communication. However, there is a case where data is acquired from another configuration in the signature generation device 100. It is possible. For example, there may be a case where data stored in a hard disk or the like is read out and acquired, or a case where data is read out from a recording medium or the like.

  Specifically, the data acquisition unit 101 receives, for example, data constituting a video or the like via a network interface, and stores the received data in a storage device such as a RAM.

  The control unit 102 controls whether to generate signature data for each data acquired by the data acquisition unit 101. Specifically, for example, the control unit 102 determines whether to perform control according to setting data stored in advance in the storage device of the signature generation device 100, or to generate signature data from the user of the signature generation device 100. By accepting the input of the setting change, control is performed according to the setting contents.

  Specifically, for example, the control unit 102 controls whether or not to generate signature data by changing the value of a variable on the RAM that indicates whether or not to generate signature data. In addition, the signature data generation unit 104 described later determines whether or not to generate signature data by reading the variables on the RAM.

  The count unit 103 counts the number of acquired data acquired in the data acquiring unit 101 when the control unit 102 is controlled to not generate signature data. Specifically, for example, every time data is received via the network interface, the count unit 103 counts up (increases) the value of a variable on the RAM indicating the count number.

  The signature data generation unit 104, when the control unit 102 performs control from a state where signature data is not generated to a state where signature data is generated, the acquired data acquired by the data acquisition unit 101, and Signature data is generated based on the counter value counted by the counting unit 103.

  In addition, the signature data generation unit 104 is, for example, data that is acquired by the data acquisition unit 101 is data that constitutes content such as video, and data that is acquired by the data acquisition unit 101 is finally acquired among data that constitutes content. Even in the case of video data to be processed, signature data is generated based on the data acquired by the data acquisition unit 101 and the counter value counted by the count unit 103.

  Specifically, the signature data generation unit 104 generates signature data by reading out data constituting a video or the like stored in a RAM or the like and a variable value indicating a counter value, and generates the generated signature data. Is stored in RAM or the like.

  In this embodiment, control is performed so as to generate signature data, and control from a state where signature data is not generated to a state where signature data is generated is not performed. In this case (when the signature generation setting is not changed), the signature data is generated only for the acquired data (video data).

  When the signature data is generated by the signature data generation unit 104, the transmission unit 105 transmits the acquisition data acquired by the data acquisition unit 101, the counter value of the acquisition data, and the signature data to the signature verification apparatus 200. . When signature data is generated only from the acquired data in the signature data generation unit 104, only the acquired data and the signature data are transmitted to the signature verification apparatus 200. When signature data is not generated by the signature data generation unit 104, only video data is transmitted to the signature verification apparatus 200.

  Specifically, the transmission unit 105 reads, for example, the acquisition data stored in the RAM or the like, the signature data, and the variable value indicating the counter value stored in the RAM as necessary, The signature is transmitted to the signature verification apparatus 200 via the network interface.

(Configuration of signature verification device)
The signature verification apparatus 200 includes a signature data acquisition unit 201 and a verification unit 202.

  The signature data acquisition unit 201 generates signature data in the signature data generation unit 104 and acquires the acquisition data, counter value, and signature data transmitted from the transmission unit 105. Specifically, for example, the signature data acquisition unit 201 receives the acquired data, the counter value, and the signature data via the network interface, and stores the received acquired data or the like in a hard disk, a RAM, or the like.

  The verification unit 202 verifies the signature based on the acquired data, counter value, and signature data acquired by the signature data acquisition unit 201. Specifically, for example, the verification unit 202 reads video data, a counter value, and signature data from a hard disk or the like, executes signature data verification processing, and stores the execution result in a RAM or the like.

(Operation of signature generator)
A signature generation method in the signature generation apparatus 100 according to the present embodiment will be described with reference to FIGS.

  FIG. 2 is a flowchart of a signature generation method in the signature generation apparatus 100.

  First, in the initialization step S101, initial values of various parameters are set and memory is secured. Specifically, for example, the value of the counter of the signature-off video data (hereinafter referred to as “counter X”) for counting the video data for which the signature generation setting is off is set to “0”.

  Next, in the video receiving step S102, the data acquisition unit 101 receives video data from, for example, the video transmission device 903 in FIG. 5 and holds it in the memory.

  Next, in the end determination step S103, it is determined whether or not the video data received in the video reception step S102 is the end of a series of video data. If the result of this determination is that the video data is at the end of a series of video data, the process branches to video counter signing step S108B; otherwise, the process branches to setting-on-change determination step S104.

  In the setting-on change determination step S104, for example, it is determined whether or not there is a change from the setting off to the setting on for the signature generation setting based on the user setting or the like. As a result of this determination, if there is a change from setting off to setting on, the process branches to video counter signing step S108A, and if there is no change from setting off to setting on, the process branches to setting off determination step S105.

  In setting off determination step S105, it is determined whether the current signature generation setting is setting on or setting off. As a result of the determination, if the signature generation setting is set off, the process branches to the counter addition step S106, and if the setting is on, the process branches to the video signature step S107.

  In the counter addition step S106, the counter 103 increments the value of the counter X by “1”.

  In the video signature step S107, the signature data generation unit 104 signs only the video data and generates signature data.

  On the other hand, in the video counter signature step S108A, the signature data generation unit 104 combines the video data and the value of the counter X to generate signature data.

  Next, in the counter initialization step S109, the value of the counter X is initialized to “0”.

  In distribution step S110A, only video data is transferred from counter addition step S106, and video data and signature data are transferred from counter initialization step S109 when transferred from video signature step S107. In the transmission unit 105, the video data, the value of the counter X, and the signature data are distributed to the storage / delivery server 906.

  In the end determination step S103, the processing in the video counter signature step S108B and the distribution step S110B, which are the next steps when the video data received in the video reception step S102 is the end of a series of video data, Since it is the same as the processing in the signature step S108A and the distribution step S110A, the description is omitted.

  In end processing step S111, processing related to the end of processing in the signature generation apparatus 100, such as memory release, is performed.

(Specific example of signature generation)
FIG. 3A is an example of video data signed by the signature generation apparatus 100 of this embodiment. The video data M ₁ ~M ₁₁ is a series of video data constituting one image, for example.

For example, in the video data 11 of FIG. 3A, there are three video data when the signature is off, that is, video data M _{1 to} M ₃ . Therefore, the counter value C ₄ (the value of the counter X) of the signature off video data signed together with the video data M ₄ that is the head of the signature on period is “3”.

Also, the period of the video data M _{4 to} M ₈ is in a signature-on state, and signature data S _{4 to} S ₈ are added thereto, respectively. Signature data S ₄ is a signature data and the video data M ₄ and the counter value C ₄ is generated are combined, the signature data S ₅ to S ₈ are each generated from only the video data M ₅ ~M ₈ Signature data.

The period of the video data M _{9 to} M ₁₁ is in the signature off state, but since the video data M ₁₁ is the last data in the series of video data, it is signed together with the counter value C ₁₁ even in the signature off state. signature data S ₁₁ is applied. Here, the counter value C ₁₁ is “2” (the value counted by the reception of the video data M ₉ and M ₁₀ ) (operation of the signature verification apparatus).
Next, a signature verification method in the signature verification apparatus 200 according to the present embodiment will be described with reference to FIGS.

  FIG. 4 is a flowchart of a signature verification method in the signature verification apparatus 200.

  First, in initialization step S201, setting of initial values of various parameters, securing of memory, and the like are performed. Specifically, for example, the value of the number n of the video to be verified is initialized to “0”.

  Next, in video number n addition step S202, “1” is added to video number n to be verified.

Next, in the video reading step S203, the signature data acquisition unit 201 reads the video data _Mn to be verified. In addition, also the counter value C _n of the signature data S _n and signature off video data being applied to the video data M _n is read if present.

Next, the signature value existence determination step S204, whether the signature data S _n exists is determined. If there signature data S _n is branched into the counter presence determination step S206, the signature data S _n is to be present, the process branches to result information hold storage step S205. The result information is a storage area provided on a memory such as a RAM, and is a storage area provided corresponding to the video number n.

  In the result information hold storage step S205, a value indicating that the result determination is temporarily “held” is stored in the nth of the result information area provided for each video number n.

In the counter presence determination step S206, it is determined whether or not the counter value C _n exists. If there is the counter value C _n, and branched to the video counter signature verification step S211, if there is the counter value C _n, the process branches to video signature verification step S207.

The video signature verification step S207, the verification unit 202, a signature verification with the video data M _n verified from the signature data S _n takes place.

  Next, in the verification success determination step S208, if the verification result in the video signature verification step S207 is “successful”, the process branches to the result information success storage step S210A, and if it is not “successful”, the result information falsification storage step S209A. Branch to

  In the result information falsification storing step S209A, a value indicating that the verification result is “falsification” is stored in the nth of the result information area provided for each video number n.

  In the result information success storage step S210A, a value indicating that the verification result is “successful” is stored in the nth of the result information area provided for each video number n.

On the other hand, the video counter signature verification step S211, the video data M _n to be verified, and the counter value C _n of the signature off the video data, the signature verification is performed from the signature data S _n.

  Next, in the verification success determination step S212, the verification result of the video counter signature verification step S211 is determined. If the verification is successful, the process branches to the result information success storage step S210B, and if the verification fails, the result information falsification storage step S209B. Branch to

  Note that the processing in the result information falsification storage step S209B is the same as the processing in the result information falsification storage step S209A, and a description thereof will be omitted. Further, the process in the result information success storage step S210B is the same as the process in the result information success storage step S210A, and thus the description thereof is omitted.

  Next, in the hold result information signature off storage step S213, if the (n-counter value) number to the (n-1) number of the result information are values indicating "hold", the result information is set to "sign off". A process of rewriting to the indicated value is performed.

  Next, in video end determination step S214, it is determined whether the video data to be verified is video data at the end of a series of videos. If it is the end video data, the process branches to the pending all result information falsification storing step S215. If it is not the end video data, the process returns to the video number n addition step S202.

  In the pending all result information falsification storing step S215, if there is a value indicating “pending” among all the result information, a process of rewriting the result information to a value indicating “tamper” is performed.

  Finally, in the result display end processing step S216, the information stored in the area of the number of the result information that matches the number n of the video data is read, and for each video data, three types of verification results “success”. “Falsification” or “signature off” is displayed on the display or the like of the signature verification apparatus 200. Also, processing related to the end of processing in the signature verification apparatus 200, such as memory release, is performed.

(Specific example of signature verification)
Hereinafter, a specific example of signature verification in the signature verification apparatus 200 according to the present embodiment will be described.

For example, it is assumed that the signature verification of the video data 11 that has been signed by the signature generation apparatus 100 in FIG. In this case, the video data M ₁ , M ₂ , M ₃ , M ₉ , and M ₁₀ are signatures off and no signature data is given. Therefore, in the result information hold storage step S205 described above, a value indicating that the verification result determination is temporarily set to “hold” is stored in the result information corresponding to each video data.

Further, the video data M ₄ is verified in the video counter signature verification step S211, but since “3” is stored in the counter value C ₄ , the video data M up to three before the video data M ₄ is stored. It can be seen that ₁ , M ₂ and M ₃ were signed off. Therefore, in the hold result information signature off storage step S213, a value indicating “signature off” is stored in the result information of the video data M ₁ , M ₂ , M ₃ . The same applies to the video data M ₉ and M ₁₀ .

As described above, the result information of each video data stores a value indicating either “success” or “signature off”. That is, in the result display end processing step S216, the result of either “success” or “signature off” is displayed and output for the video data M _{1 to} M ₁₁ , so the verifier who operates the signature verification apparatus 200 Thus, it can be confirmed that the video data to which the signature data is not attached has not been falsified. As a result, the verifier states that “the signature verification range in the signature verification apparatus 200 should have been the video data M ₄ to M ₈ , but the video data M ₁ to M ₁₁ is erroneously set. It may be checked whether or not there is an error in setting a range for executing signature generation in the signature generation apparatus 100.

Further, the video data 12 in FIG. 3A is an example in which the video data signed by the signature generation apparatus 100 of the present embodiment is intentionally falsified. In this example, on the video data M ₇ video data M _'7 has been tampered, the signature data S ₇ has been deleted.

In such a case, when the signature verification is performed by the signature verification apparatus 200, the video data M ₁ , M ₂ , M ₃ , M ′ ₇ , M ₉ and M ₁₀ are stored in the result information hold storage step S205 described above. In each result information, a value indicating that the determination of the verification result is temporarily “held” is stored. In the result information of the video data M ₁ , M ₂ , M ₃ , M ₉ , and M ₁₀ , as described above, a value indicating “signature off” is stored in the stored result information in step S 213.

On the other hand, for the video data M ′ ₇ , after the value indicating “pending” is stored in the result information, the value indicating “tampering” is stored in the result information in all pending result information falsification storing step S 215. . As a result, the video data M ′ ₇ and the video data M ₁ , M ₂ , M ₃ , M ₉ and M ₁₀ can be distinguished.

Further, the video data 13 in FIG. 3B is an example in which the video data signed by the signature generation apparatus 100 of the present embodiment is intentionally falsified. In this example, the video data M ₇ is altered to M ′ ₇ and the signature data S ₇ is deleted. Further, a counter value C ′ ₈ is added to the video data M ₈ . It is assumed that “1” is set in the counter value C ′ ₈ in order to pretend that “there is one video data controlled to turn off the signature (video data M ′ ₇ )”.

In this case, in the signature verification apparatus 200 of this embodiment, signature verification is performed from the video data M ₈ , the counter value C ′ _8, and the signature data S ₈ in the video counter signature verification step S 211. However, in the signature generating apparatus 100, the signature data S ₈ because it is generated based on the video data M _8, verification of the signature in the video counter signature verification step S211 fails. That is, in the verification success determination step S212, it is determined that the verification has failed, so the hold result information signature off storage step S213 is not executed. As a result, the result information of the video data M ′ ₇ contains all the pending result information falsification. In storage step S215, a value indicating “tamper” is stored. Thereby, it is possible to distinguish the video data M ₁ , M ₂ , M ₃ , M ₉ , M _{10 in} which the value indicating “signature off” is stored in the result information from the falsified video data M ′ ₇ . Also, in the result information of the video data M ′ ₈ , a value indicating “tampering” is stored when it is determined that the verification has failed in the verification success determination step S 212.

Further, the video data 14 in FIG. 3C is an example in which the video data signed by the signature generation apparatus 100 of the present embodiment is intentionally falsified. In this example, the video data M ₇ is tampered M _'7, the counter value C _4, C ₁₁ and the signature data S ₄ ~S _8, S ₁₁ are removed.

In the signature verification apparatus 200, if such a falsification is made, a value indicating “falsification” is stored in all the result information of all the video data M _{1 to} M _{11 in} the pending all result information falsification storing step S215. . As a result, there is no distinction between the altered video data M ′ ₇ and the video data M ₁ , M ₂ , M ₃ , M ₉ , and M ₁₀ that are “signature off” in the signature generation apparatus 100. In this case, there is no operational problem even if a more detailed investigation is performed on the assumption that a series of video data has been intentionally “falsified” as a whole.

(Other embodiments)
In the above embodiment, the case where the signature is performed on the video data has been described. However, the data on which the signature is performed is not video data but other data such as audio data and text data such as a log. May be.

  Further, in the above embodiment, when the signature generation apparatus 100 generates signature data, the value of the acquired data counter (counter X) is signed together with the acquired data acquired by the data acquisition unit 101. However, the signature data may be generated only from the acquired data, and the counter value may be transmitted to the signature verification apparatus 200 in association with the acquired data and the signature data without signing. In this case, in the signature verification apparatus 200, in the video counter signature verification step S211, verification of the signature data is performed based on the acquired data.

(Appendix)
As described above, as is clear from the detailed description of the embodiments according to the present invention, part or all of the above-described embodiments can be described as the following supplementary notes. However, the following supplementary notes are merely examples of the present invention, and it goes without saying that the present invention is not limited to such cases.

(Appendix 1)
Data acquisition means for continuously acquiring a plurality of data;
Control means for controlling whether or not to generate signature data for the acquisition data acquired by the data acquisition means;
If the control means is controlled to not generate signature data, the counting means for counting the number of the acquired data;
In the control means, when control is performed from a state where signature data is not generated to a state where signature data is generated, based on the acquired data and the counter value counted by the counting means, Signature data generation means for generating signature data;
A signature generation apparatus comprising:

(Appendix 2)
The plurality of data is data constituting content,
The signature data generating means
In the control means, in addition to the case where control is performed from a state where signature data is not generated to a state where signature data is generated, the acquired data is the last of a plurality of data constituting the content. 2. The signature generation apparatus according to appendix 1, wherein signature data is generated based on the acquired data and the counter value counted by the counting unit even when the data is acquired.

  According to this configuration, even when signature data is not attached to the data to be verified, the signature generation is turned off because the signature setting is turned off in the signature generation apparatus. Thus, it can be determined whether signature data is not given.

(Appendix 3)
A video signature system comprising: the signature generation device according to attachment 1 or attachment 2; and a signature verification device that verifies signature data generated by the signature generation device,
The signature verification device includes:
Signature data acquisition means for acquiring the signature data generated by the signature data generation means, the counter value, and the signature data from the signature generation device;
Verification means for verifying a signature based on the acquired data acquired in the signature data acquisition means, the counter value, and the signature data;
A video signature system comprising:

(Appendix 4)
A signature generation method that is executed in a signature generation apparatus that sets whether to generate signature data for acquired data,
A data acquisition step for continuously acquiring a plurality of data (for example, step S102 in FIG. 2);
A detection step (for example, step S104 in FIG. 2) for detecting a setting change as to whether or not to generate signature data for the acquisition data acquired in the data acquisition step;
If the signature generation device is set not to generate signature data, a counting step (for example, step S106 in FIG. 2) for counting the number of acquired data;
In the detection step, when a setting change from a state where signature data is not generated to a state where signature data is generated is detected, a signature is generated based on the acquired data and the counter value counted in the counting step. A signature data generation step for generating data (for example, step S108A in FIG. 2);
A signature generation method characterized by comprising:

  That is, in the signature generation method of the present invention, signature data is generated including a counter value of data for which signature data is not generated. Therefore, even if the signature data is not attached to the data that is subject to signature verification, the signature setting is turned off in the signature generation device, so the signature data is not attached, or the data is falsified. It is possible to determine whether signature data is not given. Further, since the counter value is also signed with the acquired data, it is possible to detect tampering of the counter value.

(Other signature generation methods / signature verification methods)
Hereinafter, other signature generation methods and signature verification methods will be described. In the following description, it is assumed that an RSA-PSS (Probabilistic Signature Scheme) method, which is a kind of digital signature technology, is used.

  First, a signature generation method in a conventional networked video surveillance system with a signature will be described with reference to FIG. The example described below is a case where signature processing is performed on a series of videos composed of a plurality of video data, and one hash value is based on a hash value calculated from each video data. This is a conventional example where the signature value is calculated from this one hash value.

  FIG. 7 is a diagram showing the relationship between a series of videos and the first signature in a conventional networked video surveillance system with a signature. Here, as an example, a case is described where the number n of video data to be processed at the time of one signature generation in the signature generation device 910 is four.

In FIG. 7, M _{1 to} M ₄ are video data to be processed at the time of signature generation, and are video data obtained by dividing one video. h _{0,1 to} h _0,4 are hash values obtained by inputting M _{1 to} M ₄ to the hash function h, respectively. h _1,1 is a hash value obtained by inputting the result of concatenating h _0,1 and h _0,2 to the hash function h. The same applies to h _1,2 and h _2,1 . The signature generation engine 801 calculates a signature value σ _{1 (1)} from h _2,1 and the secret key. The signature value σ _{1 (1)} generated from the video data M _{1 to} M ₄ is distributed from the signature generation device 910 to the video reception device 904 via the storage / delivery server 906. Further, it is distributed from the video reception device 904 to the signature verification device 909. In order to be able to verify video data stored arbitrarily extracted, each hash value may be distributed in the same manner as video data and a signature as necessary.

Here, processing when the video data M _{1 to} M ₄ stored in the storage / delivery server 906 is transmitted again to the signature generation apparatus 910 to be signed will be described. FIG. 8 is a diagram showing a relationship between a series of videos and a second signature in a conventional networked video surveillance system with a signature.

The signature generation device 910 first verifies using the data M _{1 to} M ₄ itself, the signature σ _{1 (1),} and the public key. If the verification is successful, as shown in FIG. 8, as in the first signature, hash values h _{0,1 to} h _0,4 are calculated, and h _1,1 , h _1,2 , h _2,1 are further calculated. The signature value σ _{1 (2)} is calculated by inputting h _2,1 and the secret key to the signature generation engine 801. Here, if the video data M _{1 to} M ₄ are not tampered with, the hash values h _{0,1 to} h _0,4 and h _1,1 , h _1,2 , h _2,1 are shown in FIG. This is exactly the same value as the first hash value. The secret key may be the same as the first time, may be the same key length, or may be different. Here, in the signature generation method that is generally considered to be highly secure, the first signature value σ _{1 (1)} and the second signature value σ _{1 (2)} are random numbers even if the same secret key is used. Depending on the value.

  By the way, the signature process is a process with a very high load compared to other processes. Therefore, when signature generation processing is simply performed for each video, the number of videos that can be handled by the signature generation device 910 becomes very small. Therefore, the signature generation apparatus 910 reduces the processing load for generating a signature for each video by using a method of signing a plurality of videos collectively as described in Patent Document 1, and can sign many video data. Generation is realized.

  Here, there is a case where it is necessary to sign the signed video data again periodically or every certain event. In such a case, a new signature is generally performed after verifying an existing signature value. In this procedure, first, a hash value is calculated from video data, and verification is performed from the calculated hash value, a verification key, and a signature value. If the verification is normally performed, a new signature value is generated from the calculated hash value and the signature key. In general, in this procedure, the generation of signature values is overwhelmingly large. Therefore, when re-signing the same signed video data, there is almost no demerit in verifying the existing signature value, but there is an advantage that tampering can be detected immediately at that point.

  On the other hand, in the method described in Patent Document 1, the amount of signature value generation processing per data is small. Further, since the processing amount for calculating the hash value is generally proportional to the data size, in the case of video data having a large data size, this processing amount is at a level that cannot be ignored.

  Therefore, the present invention described below has a relatively small amount of re-signature processing in such a case, even if there are a plurality of continuous data such as video data and each data size is large. It is an object of the present invention to provide a video signature system that can be used.

  Further, the present invention described below is a video signature system that can reduce the amount of re-signature processing relatively, but the amount of verification processing increases. The purpose is to provide a system.

  Note that the video signature system described below can be configured from devices such as a signature generation device and a signature verification device as in FIG. 5, but the detailed configuration of the signature generation device and the signature verification device is not shown.

[Signature generation method: Example 1]
A first embodiment of the signature generation method of the present invention will be described below.

The first signature processing in the signature generation apparatus will be described with reference to FIG. In FIG. 9, since C ₁ and h _{3,1 (1)} are the same as those in FIG. Here, C ₁ is a data string including a value that can be identified and ordered for each signature, such as information representing the number of times of signature, time, or up and down of authority. In the following description, C ₁ is described as the number of signatures (a numerical value “1” because it represents the first number of signatures).

In FIG. 9, when C ₁ and h _2,1 are concatenated and input to the hash function h, a hash value h _{3,1 (1)} is obtained. The signature generation engine 301 calculates the signature value σ _{1 (1)} from the hash value h _{3,1 (1)} and the secret key, as in FIG. Here, in this example, the hash value h _2,1 and the counter value (number of signatures) C ₁ which are calculated values during the first signature processing are used as the video data M _{1 to} M ₄ and the first signature. Stored together with the value σ _{1 (1) in the} accumulation and delivery server.

Next, the second signature process will be described with reference to FIG. When the video data M _{1 to} M ₄ are again signed by the signature generation device, the storage / delivery server transmits the hash value h _2,1 and the signature count C ₁ to the signature generation device. In the signature generation apparatus, hash value h _{3,1 (2)} is obtained by concatenating C ₂ (numerical value “2” because it represents the number of signatures for the second time) and h _2,1 and inputting them into hash function h. For C _1, C ₂ representing the signature number is different, h _{3,1 (2)} of h _{3, 1 (1)} and 10 of FIG. 9 is a different value. The signature generation engine 301 calculates the signature value σ _{1 (2)} from the hash value h _{3,1 (2)} and the secret key, as in FIG. Since the hash value h _2,1 has already been saved at the first time, this time, the signature generation apparatus transmits the signature value σ _{1 (2)} to the storage / delivery server to save only C ₂ and the signature value σ _{1 (2)} .
For the third and subsequent signatures, the value of C is incremented and the same processing is performed.

In this way, it is possible to perform the second and subsequent signatures without performing a large amount of processing in which M _{1 to} M ₄ are input to the hash function h and h _0,1 to h _0,4 are calculated. ing.

  Note that the signature generation method described above is executed by a signature generation apparatus (not shown).

[Signature generation method: Example 2]
A second embodiment of the signature generation method of the present invention will be described below.

The first signature processing in the signature generation apparatus will be described with reference to FIG. 11, the hash processing and the processing of the signature generation engine 301 are the same as those in FIG. Here, only one hash value h _2,1 is stored in FIG. 9, but in this embodiment, h _0, which is a value obtained by inputting the video data M _{1 to} M ₄ to the hash function _. Save _{1 to} h _0,4 .

Next, the second signature process will be described with reference to FIG. Here, a case will be described in which the video data M _{1 to} M ₄ are not signed again for the second time, but M _{2 to} M ₅ are signed. Here the video data M ₅ is an image data subsequent to the M _4, the video data is signed separately from the M ₁ ~M _4. The storage / delivery server transmits the hash values h _{0,2 to} h _0,5 and the counter value (number of signatures) C ₁ to the signature generation apparatus. Here, the hash values h _0,5 are values obtained by inputting the video data M ₅ to the hash function, and are stored in the storage / delivery server like the other hash values.

In the signature generation device, the result of concatenating h _0,2 and h _0,3 is input to the hash function h to calculate the hash value h _{1,1 (2)} , and h _0,4 and h _0,5 are concatenated. The result is input to the hash function h to calculate the hash value h _{1,2 (2)} . Next, the result of concatenating h _{1,1 (2)} and h _{1,2 (2)} is input to the hash function h to calculate the hash value h _{2,1 (2)} . Next, when C ₂ (numerical value “2” because it represents the number of signatures for the second time) and h _{2,1 (2)} are concatenated and input to the hash function h, a hash value h _{3,1 (2)} is obtained.

Here, since C ₁ and C ₂ representing the number of signatures are different, h _1,1 , h _1,2 , h _2,1 , h _{3,1 (1)} in FIG. 11 and h _{1,1 ( 2)} , h _{1,2 (2)} , h _{2,1 (2)} , h _{3,1 (2)} are different values. The signature generation engine 301 calculates the signature value σ _{1 (2)} from the hash value h _{3,1 (2)} and the secret key, as in FIG. Since the hash values h _{0,2 to} h _0,5 have already been saved at the _first time, this time, only the signature value σ _{1 (2)} is sent from the signature generation device to the storage / delivery server. Since the hash values h _{0,2 to} h _0,5 have already been saved at the first time, this time, the signature generation device sends it to the storage and distribution server to save only C ₂ and the signature value σ _{1 (2).} The In the third and subsequent times, the value of C is counted up and the same processing is performed.

Compared to the first embodiment, the second embodiment requires extra processing to calculate hash values h _{1,1 (2)} , h _{1,2 (2)} , h _{2,1 (2)} The processing amount for calculating the hash value is proportional to the data size. For example, when the hash function h is SHA-256, only a hash process with 512 bits of data (concatenated 256 bits and 256 bits) as input is added three times, so the amount of processing required for this extra processing is Very small. On the other hand, in the first embodiment, the first signature and the second signature can be applied only when the same video data is to be signed. However, in the second embodiment, there is no such limitation and the first signature. The video data different from the signature can be the target of the second signature.

  Note that the signature generation method described above is executed by a signature generation apparatus (not shown).

[Signature verification method]
Next, the signature verification method of the present invention will be described below.

  As described above, when the previous signature is not verified at the second and subsequent signatures as in the present invention, it is usually necessary to verify all the signatures. Here, a signature verification method for reducing the number of verifications will be described.

First, the preliminary process of the verification process will be described with reference to FIG. FIG. 13 is a diagram for explaining pre-processing when the signature of the signed video data M ₁ is verified. First, a hash value is calculated h _{0, 1} of the video data M _1, calculates a hash value h _{1, 1} but was then ligated and h _{0, 2} which had been separately saved as h _{0, 1,} the following The hash value h _2,1 is calculated by concatenating h _1,1 with h _1,2 stored separately. This pre-processing may be performed once for one video data.

Next, verification processing performed for each signature value will be described with reference to FIG. FIG. 14 is a diagram for explaining processing for outputting a verification result from the hash value and signature value calculated in the pre-processing of the present invention. First, the hash value h _{3,1 (1, ..., p)} is calculated by concatenating the hash value h _2,1 calculated in the pre-processing with the counter value C _{1, ..., p} (p is an integer of 2 or more ₎ . Then, the verification result can be obtained by inputting the h _{2,1 (1,..., P)} and the signature value σ _{1 (1,..., P)} to the signature verification engine 302. Here, 1,..., P represent numbers assigned to a plurality of signatures. For example, h _{3,1 (1,..., P)} means h _{3,1 (1)} , h _{3,1 (2)} ,..., H _{3,1 (p)} . The verification result is a binary value representing “verification success” or “verification failure”.

Next, with reference to FIG. 15, a method for indicating how much “successful verification” has been achieved when a plurality of (three or more) signature values are assigned to the video data M ₁ will be described with reference to FIG. 15. FIG. 15 is a flowchart of verification processing in the case where p signature values (in the present description, p is an integer of 3 or more) of the present invention are given to one video data. Here, the order in which the plurality of signature data σ _{1,..., P} is given is ordered in advance by the counter values C ₁ ,. That is, the p pieces of signature data σ _{1,..., P} and the counter values C ₁ ,.

In FIG. 15, step S301A is a verification process for σ _p , step S301B is a verification process for σ ₁ , step S301C is a verification process for σ _k , and steps S302A, S302B, and S302C are success determinations for σ _p , σ ₁ , and σ _k , respectively. Processing, step S303 is binary search initial value storage processing, step S304 is verification target k calculation processing, step S305 is H update processing, step S306 is L update processing, step S307 is the same determination processing of L and H, and step S308 is Final verification result determination processing, step S309A is all failure output processing, step S309B is all success output processing, step S309C is output processing with a change between σ _k−1 and σ _k , and step S309D is σ _k and σ _{k + The} output process with a change between ₁ and step S310 is an end process.

  In addition, each verification process in step S301A, S301B, and S301C in FIG. 15 performs the process demonstrated in FIG. 14, respectively.

First, in the verification process of σ _p (step S301A), the verification process of σ _p that is the newest signature is performed. Next, in the success determination process (step S302A), it is determined whether the verification result of σ ₁ is “verification success” or “verification failure”. Since it is clear, all failures are branched to output processing (step S309A). In the all failure output process (step S309A), a message indicating that all signature verifications have failed is output to the operator of the signature verification apparatus. If “verification is successful”, the process branches to the verification process of σ ₁ (step S301B).

In the verification process of σ ₁ (step S301B), the verification process of σ ₁ which is the oldest signature is performed. Next, in the success determination process (step S302B), it is determined whether the verification result of σ ₁ is “verification success” or “verification failure”. Since it is clear, all successes are branched to the output process (step S309B). In the all success output process (step S309B), a message indicating that all signature verifications are successful is output to the operator of the signature verification apparatus. If “verification failed”, the process branches to a binary search initial value storage process (step S303).

In the binary search initial value storage process (step S303), “2” is stored in the variable L, and the value of p−1 is stored in the variable H. Next, in the verification target k calculation process (step S304), the value of (L + H) / 2 is stored in k. Next, in the verification process of σ _k (step S301C), the verification process of σ _k is performed. Next, the same determination processing in L and H compare the value of (step S307) the L and H, and branches to the final verification result determining process of the sigma _k if they are identical (step S308), if not identical sigma _k Branches to the success determination process (step S302C).

In the success determination process (step S302C), it is determined whether the verification result of σ _k is “verification success” or “verification failure”. If “verification is successful”, the process branches to the H update process (step S305). If it is “verification failure”, the process branches to the L update process (step S306). In the L update process (step S306), k + 1 is stored in the variable L, and the process returns to the verification target k calculation process (step S304). In the H update process (step S305), k-1 is stored in the variable H, and the process returns to the verification target k calculation process (step S304).

In the final verification result determination process for σ _k (step S308), the same determination as in the success determination process for σ _k (step S302C) is performed. If the verification result for σ _k is “verification successful”, σ _k−1 and σ _{k If} there is a change between _k , the process branches to output processing (step S309C). If the verification result of σ _k is “verification failure”, the process branches between σ _k and σ _{k + 1 to the} output process with change (step S309D).

In the output processing with change between σ _k-1 and σ _k (step S309C), the signature verification device operator is executed after the signature of σ _k-1 is executed until the signature of σ _k is executed. In the meantime, a message indicating that the video data has been changed is output. sigma _k and sigma _{k + 1} between changes have output processing for the operator of the (step S309D) the signature verification apparatus, from signature sigma _k is executed, until the signature sigma _{k + 1} is performed In the meantime, a message indicating that the video data has been changed is output. Finally, in the termination process (step S310), processing necessary for termination, such as releasing the used memory, is performed.

  That is, in the signature verification method described above, since it is not necessary to verify all signature data in principle, signature verification can be performed efficiently with respect to the signature generation method of the present invention.

  Note that the signature verification method described above is executed by a signature verification apparatus (not shown).

DESCRIPTION OF SYMBOLS 100 Signature generator 101 Data acquisition part 102 Control part 103 Count part 104 Signature data generation part 105 Transmission part 200 Signature verification apparatus 201 Signature data acquisition part 202 Verification part 901 Network medium 902 Video generation apparatus 903 Video transmission apparatus 904 Video reception apparatus 905A 905B Video display device 906 Storage / delivery server 907 Recording medium 908 Removable media 909 Signature verification device 910 Signature generation device

Claims (1)

Data acquisition means for continuously acquiring a plurality of data;
Control means for controlling whether or not to generate signature data for the acquisition data acquired by the data acquisition means;
If the control means is controlled to not generate signature data, the counting means for counting the number of the acquired data;
In the control means, when control is performed from a state where signature data is not generated to a state where signature data is generated, based on the acquired data and the counter value counted by the counting means, Signature data generation means for generating signature data;
A signature generation apparatus comprising:

Images