JP2020010399A - Signature generation device, signature verification device, signature generation method and signature verification method - Google Patents

Abstract

To provide a signature generation device that can guarantee relevancy among plural data.SOLUTION: A signature generation device has a data achieving part for achieving plural data containing first data which are mutually associated with one another, and a signature generator for generating first signature data for the first data and the relevancy information based on the first data, the relevancy information representing the correlation among the plural data and a signature key.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a signature generation device that signs digital data, a signature verification device that verifies signed digital data, a signature generation method, and a signature verification method.

  2. Description of the Related Art Conventionally, a digital signature technology for attaching digital data with signature data to assure that the digital data has not been tampered with has already been known (for example, see Non-Patent Document 1).

Eiji Okamoto, "Introduction to Cryptography", Kyoritsu Shuppan, September 15, 2005, 2nd edition, 4th print, p. 155-p. 160

  Conventional digital signatures have difficulty in guaranteeing relevance between a plurality of data.

  The present invention has been made in view of the above circumstances, and provides a signature generation device, a signature verification device, a signature generation method, and a signature verification method that can guarantee the association between a plurality of data.

  A signature generation device according to the present invention includes a data acquisition unit that acquires a plurality of data including mutually related first data, a correlation between the first data acquired by the data acquisition unit, and a correlation between the plurality of data. A signature generation unit configured to generate the first data and first signature data for the correlation information based on the correlation information indicating the relationship and the signature key.

  The signature verifying apparatus of the present invention is configured to perform a signature process on a plurality of data including mutually related first data and correlation information indicating a correlation between the first data and the plurality of data. A data obtaining unit that obtains the first signature data, a signature decryption unit that decrypts the first signature data using a verification key, and a relevancy between the plurality of data based on the correlation information. And a relevancy determining unit for determining the presence or absence.

  A signature generation method according to the present invention is a signature generation method in a signature generation device, wherein a step of acquiring a plurality of pieces of data including mutually related first data, a step of acquiring the plurality of pieces of data, Generating the first data and first signature data for the correlation information based on the correlation information indicating the correlation between the data and the signature key.

  A signature verification method according to the present invention is a signature verification method in a signature verification device, and shows a plurality of data including first data and a correlation between the first data and the plurality of data. Obtaining first signature data that has been subjected to signature processing with respect to the correlation information; decrypting the first signature data using a verification key; Determining whether there is a relationship between the data.

  According to the present invention, the association between a plurality of data can be guaranteed.

FIG. 1 is a schematic diagram illustrating a schematic configuration example of a signature processing system according to a first embodiment. FIG. 2 is a schematic diagram illustrating an example of a file structure of synthesized data according to the first embodiment. FIG. 2 is a block diagram illustrating a hardware configuration of a camera according to the first embodiment. FIG. 2 is a block diagram illustrating a functional configuration example of a camera according to the first embodiment. FIG. 2 is a block diagram illustrating an example of a hardware configuration of a PC according to the first embodiment. FIG. 2 is a block diagram illustrating a functional configuration of a PC according to the first embodiment. (A), (B) Schematic diagram showing an example of a file structure of synthesized data generated by a camera according to the first embodiment. (A), (B), (C) is a schematic diagram for explaining the relevance of image data in composite data having various file structures in the first embodiment 5 is a flowchart illustrating an example of a signature operation procedure by the camera according to the first embodiment. 5 is a flowchart illustrating an example of a preparatory operation procedure performed by the PC according to the first embodiment. 5 is a flowchart illustrating an example of a verification operation procedure performed by a PC according to the first embodiment. Schematic diagram for explaining the relevance of image data in a modified example FIG. 2 is a schematic diagram illustrating a functional configuration example of a camera according to a second embodiment. 9 is a flowchart illustrating an example of a signature operation procedure performed by a camera according to the second embodiment. (A), (B) Schematic diagram for explaining relevance of image data in composite data having various file structures in the second embodiment FIG. 4 is a schematic diagram illustrating a functional configuration example of a camera according to a third embodiment. Schematic diagram for explaining the relevance of image data in the third embodiment FIG. 14 is a schematic diagram illustrating a functional configuration example of a camera according to a fourth embodiment. Schematic diagram for explaining the relevance of image data in the fourth embodiment

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(History of obtaining one mode of the present invention)
For example, a site photograph taken by a digital still camera may be adopted as evidence in a court. However, since a photograph taken by a digital still camera is digital image data, there is a possibility that the data is intentionally falsified or one of a plurality of continuous photographs is extracted and deleted. For this reason, it has been pointed out that digital image data has poor evidence capacity in court.

  In the conventional digital signature technology, for example, when signature data is generated for each piece of digital image data for a plurality of pieces of digital image data, it can be proved that each piece of digital image data has not been tampered with. However, when one or a plurality of pieces of image data is extracted from a plurality of pieces of digital image data that are continuously captured, it is difficult to recognize the extraction. That is, it is difficult to guarantee the relevance between a plurality of pieces of image data.

  Hereinafter, a signature generation device, a signature verification device, a signature generation method, and a signature verification method that can guarantee the association between a plurality of data will be described.

  The signature generation device according to the following embodiment is applied to, for example, a digital still camera (hereinafter, also simply referred to as a camera) that generates digital image data (hereinafter, also referred to as image data). In addition, the signature verification device of the following embodiment is applied to, for example, a personal computer (PC).

  In the following embodiments, partially erasing image data is referred to as “alteration”, and erasing image data itself is referred to as “erasing”. The “image” includes, for example, a moving image (for example, a video) and a still image (for example, a photograph). Further, the digital signature is also simply referred to as “signature”.

(1st Embodiment)
FIG. 1 is a schematic diagram illustrating a schematic configuration example of a signature processing system 10 according to the first embodiment. The signature processing system 10 includes a camera 20 and a PC 50. The camera 20 and the PC 50 do not particularly have a communication unit, and data is transferred between them via a recording medium, for example. The camera 20 and the PC 50 may be connected directly via a communication cable or via a communication network.

  In the signature processing system 10, for example, the composite data FG including image data captured by the camera 20 and signature data for the image data is read into the PC 50. The PC 50 verifies the signature data included in the composite data FG, for example, and displays the verification result on the monitor 53.

  The camera 20 includes, for example, an image data generation function 20z that captures an image of a subject and generates captured image data, and a signature function 20y that encrypts data including image data with the secret key KSE of the camera 20 and generates signature data. And The camera 20 is, for example, a terminal, and is an example of a signature generation device.

  The PC 50 has, for example, a public key acquisition function 50z for acquiring a public key KPE of the camera 20, a signature decryption function 50y for decrypting signature data with the public key KPE, and a signature verification function 50x. The signature verification function 50x has a function of determining whether or not image data has been falsified and whether or not there is a relationship (for example, continuity) between a plurality of image data, based on the decrypted data. In the present embodiment and the following embodiments, the presence or absence of continuity is mainly exemplified as the presence or absence of association.

  As a result of the determination by the signature verification function 50x, the monitor unit 53 displays “OK” when the image data is not falsified and the continuity is ensured, and displays “NG” when there is tampering or the continuity is not ensured. Is displayed.

  FIG. 2 is a schematic diagram illustrating an example of the file structure of the composite data FG. FIG. 2 shows combined data FGA and FGB including two continuous images as combined data FG.

  The composite data FGA includes an image data section GA0, a first metadata section GA1, and a second metadata section GA2. The image data section GA0 includes the image data GA. The second metadata section GA2 includes the signature data SA.

  The composite data FGB includes an image data section GB0, a first metadata section GB1, and a second metadata section GB2. The image data portion GB0 includes image data GB. The first metadata section GB1 includes a hash value HA ″ ″ calculated for the image data GA of the image data section GA0. The second metadata section GB2 includes the signature data SB.

  The hash value HA ″ ″ is a hash value calculated for the image data GA of the image data section GA0 and the first metadata section GA1 (hash value of the image data GA and the first metadata section GA1). It may be.

  Note that a hash value calculated or calculated for “A” is also described as a hash value of “A”.

  Correlation information is stored in the first metadata section GB1. This correlation information indicates a correlation (relevance) between a plurality of data (for example, between image data GA and GB). In the present embodiment, the hash value of the image data GA is exemplified as the correlation information.

Next, a configuration example of the camera 20 will be described.
FIG. 3 is a block diagram illustrating a hardware configuration example of the camera 20.

The camera 20 captures an image, combines the captured image data with the signature data, and generates combined data. The camera 20 includes, for example, a CPU (Central Processing).
It has a Unit / RAM (Random Access Memory) unit 21, an HDD (Hard Disk Drive) unit 22, and an ASIC (Application Specific Integrated Circuit) unit 23.

  When the camera 20 communicates with the PC 50 via the communication network and transmits the synthesized data, the camera 20 includes a MAC (Media Access Control) / PHY (Physical layer) unit (not shown) for controlling data transfer of the communication network. May be provided.

  The CPU / RAM unit 21 includes, for example, a CPU and a RAM, and includes an ID (Identification) generation unit 31, a signature processing unit 32, and a data synthesis unit 33.

  Each time image data is generated, the ID generation unit 31 generates a serial number (ID number) associated with the image data so that the value is counted up in image data units. In the present embodiment, the ID generation unit 31 is not used, but is used in a modified example described later. The ID generation unit 31 is an example of an identification information generation unit.

  The signature processing unit 32 includes a hash calculation unit 34 and an encryption processing unit 39, and generates signature data by encrypting a hash value of data.

  The hash calculation unit 34 derives (eg, calculates) a hash value using a hash function (eg, SHA (Secure Hash Algorithm), MD5 (Message Digest 5)) as a one-way function. The encryption processing unit 39 encrypts data including image data with the secret key KSE. The hash calculation unit 34 is an example of a one-way function derivation unit.

  The data synthesizing unit 33 synthesizes the image data generated by the image data generating unit 42 and the signature data generated by the signature processing unit 32 to generate synthesized data.

  The HDD unit 22 includes, for example, an ID storage unit 35, a signature key storage unit 36, a combined data storage unit 37, and a hash data storage unit 38. Here, the HDD is exemplified, but a storage medium other than the HDD (for example, SSD (Solid State Drive) or flash memory) may be used.

  The ID storage unit 35 stores, for example, an ID number (previous ID number) associated with previously captured image data, which is identification information of a frame. To update. Note that, like the ID generation unit 31, in the present embodiment, the ID storage unit 35 is not used, but is used in a modified example described later.

  The signature key storage unit 36 stores, for example, a secret key (an example of a signature key) used in a public key cryptosystem (for example, RSA (Rivest Shamir Adleman)). Note that the encryption process may be performed by, for example, a common key encryption method. In this case, the signature key storage unit 36 stores a common key (an example of a signature key).

  The synthetic data storage unit 37 stores, for example, synthetic data obtained by synthesizing the image data generated by the image data generating unit 42 and the signature data generated by the signature processing unit 32.

  The hash data storage unit 38 stores, for example, the hash value calculated by the hash calculation unit 34.

  The ASIC unit 23 includes, for example, an imaging unit 41 and an image data generation unit 42. The image data generation unit 42 is an example of a data acquisition unit.

  Upon receiving the image capturing instruction, the image capturing section 41 captures an image of the subject and outputs an image signal thereof. The imaging unit 41 is configured to include, for example, a charge coupled device (CCD) or a complementary metal oxide semiconductor (CMOS).

Upon receiving an image signal from the imaging unit 41, the image data generation unit 42 generates image data and attaches additional data to the image data. The additional data includes, for example, GPS (Global)
Position information and a time stamp (date and time information) based on the Positioning System are included. Note that the additional data need not be attached.

  FIG. 4 is a block diagram illustrating a functional configuration example of the camera 20. Here, data in which additional data is added to image data is also handled as image data.

  The camera 20 includes a signature processing unit 32, a data combining unit 33, a signature key storage unit 36, a combined data storage unit 37, a hash data storage unit 38, an imaging unit 41, and an image data generation unit 42.

  The hash data storage unit 38 stores, for example, the hash values of the image data calculated by the hash calculation unit 34 in chronological order. The number of hash values of image data stored in time series in the hash data storage unit 38 may be any value. When the number of hash values of the image data is two or more, relevance of the image data is obtained as shown in FIG. 8 described later.

  The signature processing unit 32 has the hash calculation unit 34 and the encryption processing unit 39 as described above. The signature processing unit 32 is an example of a signature generation unit.

  The hash calculation unit 34 calculates a hash value of the image data generated by the image data generation unit 42 and the previous hash value stored in the hash data storage unit 38 using a hash function. The hash calculator 34 stores the calculated hash value in the hash data storage 38 as the current hash value.

  The encryption processing unit 39 encrypts the current hash value with the secret key KSE stored in the signature key storage unit 36 to generate signature data.

  The data synthesizing unit 33 synthesizes the generated signature data and the image data generated by the image data generating unit 42 into synthesized data, and stores the synthesized data in the synthesized data storage unit 37.

Next, a configuration example of the PC 50 will be described.
FIG. 5 is a block diagram illustrating a hardware configuration example of the PC 50.

  The PC 50 verifies the image data combined with the signature data. The PC 50 has, for example, a CPU / RAM unit 51, an HDD unit 52, and a monitor unit 53. When the PC 50 communicates with the camera 20 via the communication network and receives the combined data, the PC 50 may include a MAC / PHY unit (not shown) for controlling data transfer of the communication network.

  The CPU / RAM unit 51 includes, for example, a CPU and a RAM, and includes a data reading unit 61, a hash calculation unit 62, a signature decryption unit 63, a signature data verification unit 64, a determination unit 65, and a result output unit 66.

  The data reading unit 61 acquires the synthetic data and the public key KPE of the camera 20 from the camera 20 via a storage medium, an interface such as a USB (Universal Serial Bus), or a communication network. The data reading unit 61 is an example of a data acquisition unit.

  The hash calculator 62 derives (eg, calculates) a hash value using, for example, a hash function (eg, SHA, MD5) as a one-way function.

  The signature decrypting unit 63 decrypts the signature data with a public key (an example of a verification key), and obtains a hash value of data including image data.

  The signature data verification unit 64, for example, compares the hash value calculated by the hash calculation unit 62 with the hash value decrypted by the signature decryption unit 63 to verify the signature data, as described later.

  For example, when the hash value calculated by the hash calculation unit 62 is equal to the hash value decrypted by the signature decryption unit 63, the determination unit 65 uses the hash value of the second metadata unit to include the hash value in the composite data. The continuity of the image data to be read is determined. The determination unit 65 is an example of a relevancy determination unit.

  The result output unit 66 outputs, for example, the determination result of the determination unit 65 to the monitor unit 53.

  The monitor 53 has a display 73 for displaying the result of the determination. The monitor unit 53 may be included in the PC 50, or may be provided separately from the PC 50.

  The HDD unit 52 has a verification key storage unit 71, for example. Here, the HDD is exemplified, but a storage medium other than the HDD (eg, SSD, flash memory) may be used.

  The verification key storage unit 71 stores, for example, a public key KPE (an example of a verification key) used in a public key cryptosystem. Note that the encryption process may be performed by, for example, a common key encryption method. In this case, the verification key storage unit 71 stores a common key (an example of a verification key).

  The public key KPE stored in the verification key storage unit 71 may be obtained from the camera 20, may be obtained from an image embedded in the image data, or may be registered in the PC 50 in advance. Note that the decryption process may be performed by, for example, a decryption method corresponding to the common key encryption method. In this case, the common key is stored.

FIG. 6 is a block diagram illustrating a functional configuration example of the PC 50.
The PC 50 includes a data reading unit 61, a hash calculation unit 62, a signature decryption unit 63, a verification key storage unit 71, a signature data verification unit 64, a determination unit 65, and a result output unit 66. The PC 50 may include a display unit 73.

  The data reading section 61 reads, for example, continuous synthetic data FGA and FGB from the camera 20. The data reading unit 61 acquires the public key of the camera 20 and stores the public key in the verification key storage unit 71.

  Here, the composite data FGA includes, for example, an image data section GA0, a first metadata section GA1, and a second metadata section GA2, as shown in FIG. Similarly, the composite data FGB includes, for example, an image data portion GB0, a first metadata portion GB1, and a second metadata portion GB2.

  As shown in FIG. 2, for example, the image data GA of the image data section GA0 and the hash value HA '' '' of the first metadata section GA1 are stored in the first metadata section GB1.

  Similarly, the first metadata section GA1 stores, for example, the hash value of the image data of the previous image data section and the data of the first metadata section. This hash calculation is performed by the camera 20, for example.

  The hash calculation unit 62 calculates a hash value HA ′ for the image data GA and the first metadata unit GA1 of the image data unit GA0 read by the data reading unit 61 using a hash function.

  Similarly, the hash calculator 62 calculates a hash value HB ′ for the image data GB of the image data GB0 and the first metadata GB1 read by the data reader 61 using a hash function.

  The signature decrypting section 63 decrypts the signature data SA stored in the second metadata section GA2 of the combined data FGA read by the data reading section 61, and outputs the image data GA of the image data section GA0 and the first metadata section GA1. Is obtained.

  Similarly, the signature decrypting section 63 decrypts the signature data SB stored in the second metadata section GB2 of the combined data FGB read by the data reading section 61, and combines the image data GB of the image data section GB0 with the first metadata. The hash value HB ″ of the data part GB1 is obtained.

  The signature data verification unit 64 compares the hash values HA ′ and HB ′ calculated by the hash calculation unit 62 with the hash values HA ″ and HB ″ obtained by the signature decryption unit 63, respectively. If HA ′ ≠ HA ″ or HB ′ ≠ HB ″, the signature data verification unit 64 determines that the verification of the image data GA and GB has failed, and outputs the determination result to the result output unit 66. The result output unit 66 causes the display unit 73 of the monitor unit 53 to display “NG” (NG display) indicating that the verification result has failed.

  Here, the failure of the verification of the image data means that the image data generated by the camera 20 as the signature generation device and the image data obtained by the PC 50 as the signature verification device are determined to be different. means. Therefore, the signature data verification unit 64 can determine that the image data in the camera 20 and the image data in the PC 50 do not match, and that the image data has been falsified.

  On the other hand, when HA ′ = HA ″ and HB ′ = HB ″, the signature data verification unit 64 outputs the comparison result to the determination unit 65.

  The determination unit 65 obtains a hash value HA ″ ″ of the image data GA included in the first metadata unit GB1 of the combined data FGB read by the data reading unit 61. The determination unit 65 compares the hash value HA ′ ″ with the above-described hash value HA ′ (= HA ″).

  When HA ′ ≠ HA ′ ″, the determination unit 65 determines that the continuity of the image data GA and GB has not been obtained and the verification of the image data has failed, and outputs the determination result to the result output unit 66. I do. The result output unit 66 causes the display unit 73 of the monitor unit 53 to display “NG” (NG display) indicating that the verification result has failed.

  On the other hand, when HA ′ = HA ″ ″, the determination unit 65 determines that the continuity of the image data GA and GB has been ensured and the image data has been successfully verified, and outputs the determination result to the result output unit 66. Output. The result output unit 66 causes the display unit 73 of the monitor unit 53 to display “OK” (OK display) indicating that the verification result is successful.

  In this manner, the PC 50 can verify that the image data GA and GB are correct, that is, that the image data GA has not been tampered with for each image data, because HA ′ = HA ″ and HB ′ = HB ″. Further, since HA ′ = HA ″ ″, the PC 50 can guarantee the continuity of the image data GA and GB using the correlation information on the image data GA included in the composite data FGB including the image data GB.

Next, an example of a file structure of the synthesized data will be described.
In addition to the file structure of the combined data shown in FIG. 2, for example, the following file structure of the combined data is given.

  FIGS. 7A and 7B are schematic diagrams illustrating an example of the file structure of the composite data generated by the camera 20. FIG.

  FIG. 7A shows an Exif (exchangeable image file format) format in which the image data section and the metadata section are configured as one file. In the Exif format, for example, the metadata section contains signature data, and the image data section contains image data. Additional data may be combined with the signature data. Additional data may be combined with the image data. The additional data includes, for example, information on the image capturing location and date of the image data. Use of the Exif format can facilitate data management.

  FIG. 7B is an example in which the image data and the signature data are configured by different files. Also in this case, additional data may be combined with the image data or the signature data.

  FIGS. 8A to 8C are schematic diagrams for explaining the relevance of image data in composite data having various file structures.

  In FIG. 8A, the signature data SB of the composite data FGB is calculated by using a hash function for the image data GB and the hash value HA of the previous image data GA using a hash function, and this hash value is used as a signature. It is generated by performing encryption using a secret key (signature key) stored in the key storage unit 36.

  That is, since the signature data is generated using the correlation information (here, the hash value of the image data) based on the past image data, the continuity (relevance) of the image data can be determined by the signature verification. Note that the file structure shown in FIG. 8A is the same as the file structure shown in FIG.

  FIG. 8B exemplifies a case in which three pieces of combined data are continuous in time series and a hash value of each past (pre-last) image data is used as correlation information. The signature data SC included in the third composite data FGC includes the image data GC included in the current composite data FGC, the hash value HA of the image data GA two times before, the hash value HB of the previous image data GB, Generated based on

  Specifically, the signature processing unit 32 calculates a hash value for the image data GC, the hash value HA, and the hash value HB using a hash function, and encrypts the hash value using a signature key. Generates the signature data SC. In FIG. 8B, the signature is generated at the time of acquiring the current data.

  Therefore, since the signature data is generated using a plurality of past image data of the image data to be verified, continuity with the plurality of past image data can be guaranteed. In addition, by increasing the number of associated image data, it is possible to confirm the omission of image data in the associated range, and to improve the continuity assurance capability.

  FIG. 8C exemplifies a case where, as in FIG. 8B, three pieces of combined data are continuous in chronological order, and the hash values of the image data obtained last time and the next time are used as the correlation information. The signature data SB of the composite data FGB is generated based on the image data GB, the hash value HA of the previous image data GA, and the hash value HC of the next image data GC.

  Specifically, the signature processing unit 32 calculates a hash value using a hash function for the image data GB, the hash value HA, and the hash value HC, and encrypts the hash value using the signature key. Generates signature data SB. In FIG. 8C, signature generation is performed at the next data acquisition.

  Therefore, since the signature data is generated using the image data before and after the image data to be verified, continuity with the image data before and after can be guaranteed. In addition, by increasing the number of associated image data, it is possible to confirm the omission of image data in the associated range, and to improve the continuity assurance capability.

Next, an operation example of the signature processing system 10 will be described.
FIG. 9 is a flowchart showing an example of a signature operation procedure by the camera 20.

  The image capturing unit 41 waits until an image capturing instruction is received, and upon receiving the image capturing instruction, captures an image of a subject and outputs an image signal thereof (S1). The imaging instruction is received by, for example, an operation unit (such as a button) not shown.

  When the image signal is input from the imaging unit 41, the image data generation unit 42 generates image data to which the additional data is attached (S2).

  The signature processing unit 32 reads the previous hash value from the hash data storage unit 38 (S3).

  The hash calculator 34 calculates the current hash value of the current image data and the previous hash value read from the hash data storage unit 38 in step S3 using a hash function (S4).

  The signature processing unit 32 causes the hash data storage unit 38 to store the current hash value. In addition, the signature processing unit 32 encrypts the hash value with the secret key stored in the signature key storage unit 36 to generate signature data (S5).

  The data synthesizing unit 33 synthesizes the image data generated by the image data generating unit 42 and the signature data generated by the signature processing unit 32 to generate synthesized data, and stores the synthesized data in the synthesized data storage unit 37 ( S6). Thereafter, the camera 20 ends this operation.

  Next, an operation example of the PC 50 will be described. As a preparation for the PC 50, when acquiring a public key for decrypting image data, there are various methods as described above.

  For example, when a public key is embedded in the image data, the PC 50 may perform image processing on the image data to extract the public key. When a public key is stored in advance in the PC 50, for example, in a ROM (Read Only Memory), the PC 50 may read the public key to obtain the public key. When the PC 50 is communicably connected to the camera 20, the PC 50 may receive the public key from the camera 20. Alternatively, the PC 50 may be connected to a specific server device via a communication network, and acquire a public key from this server device.

  FIG. 10 is a flowchart illustrating an example of a preparatory operation procedure performed by the PC 50. FIG. 10 illustrates obtaining a public key via a communication network.

  When a public key is obtained from a server device via a communication network, for example, a cryptographic communication protocol using a public key infrastructure (PKI) is widely used. This encryption communication protocol includes, for example, SSL (Secure Sockets Layer) / TLS (Transport Layer Security). In PKI, mutual devices connected to a network are authenticated using digital certificates issued by trusted certificate authorities.

  The communication unit (not shown) of the PC 50 waits until it is connected via the communication network 40 to a server device (not shown) that has registered the public key KPE (S11).

  When connected to the server device via the communication unit, the data reading unit 61 reads a public key KPE corresponding to the secret key KS held by the camera 20 (S12). Here, the public key is set for each camera, but if the public key differs for each image data, the data reading unit 61 may read the public key corresponding to the image data.

  The verification key storage unit 71 stores the public key read by the data reading unit 61 (S13). Thereafter, the PC 50 ends the public key acquisition operation.

  FIG. 11 is a flowchart illustrating an example of a verification operation procedure performed by the PC 50.

  The data reading unit 61 waits until the synthesized data captured by the camera 20 is input (S21). Here, it is assumed that composite data FGA and FGB including two continuous images are input.

  When the combined data FGA and FGB are read by the data reading section 61, the hash calculation section 62 calculates the image data GA of the image data section GA0 of the combined data FGA and the hash value HA ′ of the first metadata section GA1 (S22). ). Similarly, the hash calculator 62 calculates a hash value HB ′ of the image data GB0 of the composite data FGB and the image data GB of the first metadata GB1 (S22).

  The signature decrypting section 63 decrypts the signature data SA of the second metadata section GA2 of the composite data FGA with the public key KPE to obtain a hash value HA '' (S23). Similarly, the signature decryption unit 63 decrypts the signature data SB of the second metadata part GB2 of the composite data FGB with the public key KPE to obtain a hash value HA ″ (S23).

  The signature data verification unit 64 determines whether the hash value HA ′ is equal to the hash value HA ″ and whether the hash value HB ′ is equal to the hash value HB ″ (S24).

  If the hash value HA ′ is equal to the hash value HA ″ and the hash value HB ′ is equal to the hash value HB ″, the signature data verification unit 64 successfully verifies the validity of each of the composite data FGA and FGB. Judge that you have done. In this case, the determining unit 65 acquires the hash value HA ″ ″ of the first metadata unit GB1 read by the data reading unit 61 (S25).

  The determination unit 65 compares the hash value HA ′ (= HA ″) with the hash value HA ″ ″ (S26).

  When the hash value HA ′ is equal to the hash value HA ″ ″, the determination unit 65 determines that the image data GA and GB are valid and that the continuity of the image data GA and GB is ensured. In this case, the result output unit 66 causes the display unit 73 to display “OK” indicating successful verification (S27). Thereafter, the PC 50 ends this operation.

  On the other hand, if the hash value HA ′ and the hash value HA ″ are different or the hash value HB ′ is different from the hash value HA ″ in S24, the determination unit 65 verifies the validity of the image data GA and GB. Is determined to have failed (falsified).

  If the hash value HA ′ (= HA ″) is different from the hash value HA ″ ″ in S26, the determination unit 65 determines that the continuity of the image data GA and GB has not been ensured.

  If the image data GA and GB are not valid or the continuity of the image data GA and GB is not ensured, the result output unit 66 causes the display unit 73 to display “NG” indicating a verification failure ( S28). Thereafter, the PC 50 ends this operation.

  As described above, the signature processing system 10 can verify each of the plurality of image data and improve the reliability of the continuous image data. As a result, it is possible to ensure that data has not been tampered with or erased, and it is possible to guarantee a correlation between a plurality of image data. Therefore, the evidence of the image data can be improved.

(Modification)
FIG. 12 is a schematic diagram for explaining the relevance of image data in the modification. The hash value HA of the previous image data GA and the current ID number (ID2) are stored in the first metadata portion GB1 of the composite data FGB. The current ID number (ID2) is, for example, a value obtained by counting up by 1 from the previous ID number (ID1). If the relationship (for example, continuity) between the current data and the previous data can be identified, another value is used. May be. The ID number is generated by the ID generation unit 31 for each image data.

  The signature data SB stored in the second metadata section GB2 is generated based on the current image data GB, the hash value HB of the previous image data GA, and the current ID number (ID2). Specifically, the signature processing unit 32 calculates a hash value using the hash function for the image data GB, the hash value HB, and the current ID number, and encrypts the hash value using the signature key. Thus, the signature data SB is generated.

  As described above, in the modified example, since the ID number is included in the first metadata portion, the order in which the images were captured can be quickly confirmed by confirming the ID number. Further, when the ID number is embedded in the image data so as to be visually recognizable by an electronic watermark or the like, the visibility of the ID number is improved, and the user can easily recognize the continuity of the image data. Also, since the signature data is generated using the hash value and the ID number of the previous image data, the evidentiality is improved, and the continuity can be easily and accurately confirmed.

  Further, by linking the ID number and the hash value as the correlation information, it is possible to improve the proof ability of continuity between a plurality of image data. Thus, when image data is taken by a different camera 20 but image data is accidentally linked, the evidentiality can be further improved by considering both the ID and the hash value.

  Although the modification shown in FIG. 12 shows the case where the ID number is used, the previous signature data, the previous image data, or a combination thereof may be used instead of using the ID number. That is, the signature data SB stored in the second metadata section GB2 is one of the image data GB, the hash value HA of the previous image data GA, the current ID number, the previous signature data, and the previous image data. It may be generated based on one or a combination.

  Specifically, the signature processing unit 32 performs a hash function on the image data GB, the hash value HA, and one or a combination of the current ID number, the previous signature data, and the previous image data. May be used to calculate the hash value. The signature processing unit 32 may generate the signature data SB by encrypting the hash value using the signature key.

  As described above, by generating the signature data using one or a combination of the current ID number, the previous signature data, and the previous image data, the PC 50 can verify the signature using a plurality of pieces of correlation information. . Therefore, the PC 50 and the signature processing system 10 can determine the continuity of the plurality of image data with high accuracy, and can ensure the relevance between the plurality of image data.

(Second embodiment)
In the first embodiment, the continuity of the image data is ensured by storing the hash value of the image data in the first metadata unit and using the hash value as the correlation information. The second embodiment exemplifies that continuity of image data is secured by using an ID number without using a hash value.

  FIG. 13 is a block diagram illustrating a functional configuration example of a camera 20A according to the second embodiment. In the signature processing system of the second embodiment, the same components as those of the signature processing system of the first embodiment are denoted by the same reference numerals, and the description thereof is omitted or simplified.

  The camera 20A includes an ID generation unit 31, an ID storage unit 35, an imaging unit 41, an image data generation unit 42, a signature key storage unit 36, a signature processing unit 32A, a data synthesis unit 33, and a synthesized data storage unit 37.

  The camera 20A performs a digital signature by associating the image data captured by the imaging unit 41 with a serial number (ID number). Compared to the first embodiment, the camera 20A does not include the hash calculation unit 34 and the hash data storage unit 38, and has a signature processing unit 32A. Further, an ID generation unit 31 and an ID storage unit 35 which are not used in the first embodiment are used.

  The ID generation unit 31 generates an ID number that is counted up by one from the previous ID number stored in the ID storage unit 35 so as to be a serial number for the current image data, and sends the ID number to the signature processing unit 32A. . The ID generation unit 31 stores the updated ID number in the ID storage unit 35.

  The signature processing unit 32A encrypts the image data sent from the image data generation unit 42 with the ID number generated by the ID generation unit 31 using the secret key stored in the signature key storage unit 36. The processing unit 39 signs by encrypting, and generates signature data.

  The data combining unit 33 combines the image data generated by the image data generating unit 42 and the signature data generated by the signature processing unit 32A to generate composite data. The data combining unit 33 stores the combined data in the combined data storage unit 37.

  FIG. 14 is a flowchart illustrating an example of a signature operation procedure by the camera 20A. In FIG. 14, the same steps as those in FIG. 9 in the first embodiment are denoted by the same step numbers, and description thereof will be omitted or simplified.

  In S2, when the image data generation unit 42 generates the image data or the image data to which the additional data is added, the ID generation unit 31 reads the previous ID number from the ID storage unit 35 (S3A).

  The ID generation unit 31 generates the current ID number by counting up the value 1 to the previous ID number so as to be a serial number in image data units, for example (S4A).

  The ID storage unit 35 updates and stores the ID number generated by the ID generation unit 31 so as to overwrite, for example (S4B).

  The signature processing unit 32A encrypts the image data generated by the image data generation unit 42 and the ID number generated by the ID generation unit 31 with the secret key stored in the signature key storage unit 36, The signature data is generated (S5A). The operation in which the data synthesizing unit 33 synthesizes image data and signature data to generate synthesized data is the same as in the first embodiment.

  On the other hand, although not shown, the PC includes a data reading unit 61, a signature decrypting unit 63, a verification key storage unit 71, and a determining unit 65, similarly to the PC 50 of the first embodiment. The signature decryption unit 63 decrypts the signature data using the public key and reads out the ID number included in the signature data. The determination unit 65 determines whether there is continuity by comparing the ID number with the ID numbers of the preceding and following image data. Also, the validity of the signature data can be verified.

  That is, the PC of this embodiment uses the current ID number correlated with the ID number assigned to the previous image data instead of the hash value of the previous image data correlated with the current image data, and Verify the validity and continuity of the data.

  As described above, in the second embodiment, for example, the continuity (relevance) of the image data can be verified by generating the signature data using the serial ID numbers as the correlation information.

  FIGS. 15A and 15B are schematic diagrams for explaining an example of the relevance of image data in composite data having various file structures.

  FIG. 15A shows a case where the image data GA (GB) of the image data portion GA0 (GB0) and the ID number of the first metadata portion GA1 (GB1) are encrypted with a secret key and the signature data SA ( SB) is shown. As described above, the ID number is a serial number that is a serial number, for example.

  FIG. 15B shows that the ID number is inserted as a watermark or an image into the image data GA (GB) of the image data section GA0 (GB0), the image data GA (GB) is encrypted with a public key, and the signature data SA ( SB) is shown. In this manner, for example, the signature data is generated by using the serial number of the ID number, whereby the relevance of the image data is obtained.

  In the second embodiment, a case has been described in which continuity of image data is secured using an ID number (identification number) without using a hash value as correlation information. Other than this, the signature data or the image data before and after may be used as the correlation information. In this case, similarly to the ID number, the PC may use the signature data or the image data to determine whether the combined data is valid or not.

  In this way, the relevance between a plurality of image data can be easily guaranteed using the ID number as the correlation information.

(Third embodiment)
In the third embodiment, it is assumed that signature data is used as the correlation information without using a hash value.

  FIG. 16 is a block diagram illustrating a configuration example of a camera 20B according to the third embodiment. The camera 20B includes an imaging unit 41, an image data generation unit 42, a signature processing unit 32B, a signature key storage unit 36, a signature data storage unit 38B, a data synthesis unit 33, and a synthesized data storage unit 37.

  In the camera 20B, the same components as those in the cameras 20 and 20A are denoted by the same reference numerals, and the description thereof will be omitted or simplified.

  The signature processing unit 32B stores the image data sent from the image data generation unit 42 and the signature data (previous signature data) stored in the signature data storage unit 38B in the signature key storage unit 36. A signature is generated by encrypting the data using the secret key by the encryption processing unit 39 to generate signature data. The generated signature data (current signature data) is sent to the signature data storage unit 38B.

  The signature data storage unit 38B stores, for example, signature data (current signature data) generated by the signature processing unit 32C.

  FIG. 17 is a schematic diagram for explaining an example of the relevance of image data in composite data having a file structure according to the present embodiment.

  FIG. 17 corresponds to FIG. 8A, FIG. 12, FIG. FIG. 17 is the same as FIG. 8A and the like, except that the signature data SA is stored in the first metadata section GB1 of the composite data FGB. That is, the correlation information is the signature data. The same applies to a case where the correlation information is generated from three or more pieces of combined data.

  In this way, the association between a plurality of image data can be guaranteed using the signature data as the correlation information.

(Fourth embodiment)
In the fourth embodiment, it is assumed that the image data itself is used as the correlation information without using a hash value.

  FIG. 18 is a block diagram illustrating a configuration example of a camera 20B according to the third embodiment. The camera 20C includes an imaging unit 41, an image data generation unit 42, a signature processing unit 32C, a signature key storage unit 36, an image data storage unit 38C, a data synthesis unit 33, and a synthesized data storage unit 37.

  In the camera 20C, the same components as those in the cameras 20, 20A, and 20B are denoted by the same reference numerals, and description thereof will be omitted or simplified.

  The signature processing unit 32C stores the image data sent from the image data generation unit 42 and the image data (previous signature data) stored in the image data storage unit 38C in the signature key storage unit 36. A signature is generated by encrypting the data using the secret key by the encryption processing unit 39 to generate signature data.

  The image data storage unit 38C stores, for example, image data (current image data) generated by the image data generation unit 42.

  FIG. 19 is a schematic diagram illustrating an example of a file structure according to the present embodiment. FIG. 19 corresponds to FIG. 8A, FIG. 12, FIG. 15A, FIG. FIG. 19 is the same as FIG. 8A and the like, except that the image data GA is stored in the first metadata section GB1 of the composite data FGB. That is, the correlation information is the image data itself. The same applies to a case where the correlation information is generated from three or more pieces of combined data.

  In this manner, the relevance between a plurality of image data can be guaranteed using the image data itself as the correlation information.

  As described above, the cameras 20, 20A to 20C of the signature processing system 10 according to the embodiment include the imaging unit 41 and the signature processing units 32, 32A to 32C. The imaging unit 41 acquires a plurality of image data including the first image data related to each other. The signature processing units 32 and 32A to 32C generate the first data and the first signature data for the correlation information based on the first image data, the correlation information indicating the correlation between the plurality of image data, and the signature key. Generate.

  Thereby, the cameras 20, 20A to 20C can generate the signature data so that the PC 50 can check for tampering or erasing (missing, etc.) of the plurality of image data associated with the correlation information. Therefore, the cameras 20, 20A, the PC 50, and the signature processing system can improve the ability to guarantee the relevance (for example, continuity) to the image data.

  Therefore, the cameras 20, 20A to 20C, the PC 50, and the signature processing system 10 can improve the evidential ability without using a one-time expensive storage medium that can be written only once. Further, the cameras 20, 20A to 20C can make the composite data verifiable by the PC 50 irrespective of the type of the storage medium in which the composite data generated by the signature processing is written.

  Therefore, for example, even if the image data is read from the one-time storage medium and falsified, the PC 50 can confirm the falsification of the image data by using the hash value or the like, and can also confirm the presence or absence of relevance of the image data.

  Therefore, the PC 50 may include one or more inconvenient photos from the continuous photos (a plurality of continuous image data) that the owner or the administrator of 20, 20A to 20C has not intentionally altered or deleted. It can be easily assured that a part has not been deleted.

  In addition, the imaging unit 41 may acquire a plurality of data that are continuous in time series. Thereby, the cameras 20, 20A to 20C, and the signature processing system can improve the ability to guarantee relevance to image data.

  Further, the imaging unit 41 may capture the first image data and the second image data. The signature processing units 32 and 32A generate first signature data based on the first image data, correlation information indicating a correlation between the first image data and the second image data, and a signature key. Is also good.

  Thus, for example, when two pieces of image data are continuous, the PC 50 can confirm whether or not there is a relationship between the two pieces of image data by referring to the correlation information.

  Further, the signature processing units 32 and 32A may generate the first signature data based on the hash value of the second image data as the correlation information.

  Accordingly, the camera 20 and the signature processing system can determine whether or not there is a relationship between the first image data and the second image data, using the unique value of the one-way characteristic regarding the image data. Further, the camera 20 can easily generate the correlation information by using the hash value.

  In addition, the cameras 20 and 20A may include an ID generation unit 31 that generates an ID of image data. The signature processing units 32 and 32A may generate the first signature data based on the ID of the first image data as the correlation information.

  Accordingly, the cameras 20 and 20A and the signature processing system can determine whether or not there is a relationship between the first image data and the second image data using the ID assigned to each image data. In addition, since the cameras 20 and 20A only need to generate IDs, for example, in serial numbers, correlation information can be easily generated.

  Further, the signature processing unit 32B may generate the first signature data based on the second signature data for the second image data as the correlation information.

  As a result, for example, the second signature data generated based on the second image data continuous with the first image data becomes the correlation information, so that the PC 50 makes the first image data and the second image data Can be determined.

  Further, the signature processing unit 32C may generate the first signature data based on the second image data as the correlation information.

  Accordingly, the camera 20C and the signature processing system can use, for example, continuous image data itself as the correlation information, so that the correlation information can be easily obtained and the signature can be easily generated.

  Further, the ID of the first image data may be displayed by the display unit 73 as visible data added to the first data.

  Thus, the cameras 20 and 20A and the signature processing system can improve the visibility of the ID by using a digital watermark or the like in the first image data whose falsification or the relevance with the image data before and after has been investigated. The cameras 20, 20A and the signature processing system can easily handle the correlation information by using visible data. The ID may be written, for example, in an empty format portion of the first image data.

  Further, the cameras 20, 20A to 20C may include a transmission unit (not shown) for transmitting a plurality of image data and the first signature data.

  Thereby, the cameras 20, 20A to 20C can easily transmit the image data and the signature data as the search target of the relevance to the PC 50.

  Further, the PC 50 includes a data reading unit 61, a signature decrypting unit 63, a signature data verifying unit 64, and a determining unit 65. The data reading unit 61 acquires a plurality of image data including first image data related to each other and first signature data. The first signature data is data obtained by performing a signature process on the first image data and correlation information indicating a correlation between the plurality of image data. The signature decrypting unit 63 decrypts the first signature data using the verification key. The determining unit 65 determines the presence or absence of relevance between a plurality of data based on the correlation information.

  Thereby, the PC 50 can confirm tampering or erasing (missing or the like) of the plurality of image data associated with the correlation information. Therefore, the cameras 20, 20A to 20C, the PC 50, and the signature processing system can improve the ability to guarantee the relevance (for example, continuity) to the image data.

  Therefore, the cameras 20, 20A to 20C, the PC 50, and the signature processing system 10 can improve the evidential ability without using a one-time expensive storage medium that can be written only once. Further, the PC 50 can verify the image data regardless of the type of the storage medium in which the composite data generated by performing the signature processing is written.

  Further, for example, even if the image data is read from the one-time storage medium and falsified, the PC 50 can confirm the falsification of the image data by using a hash value or the like, and can also confirm the presence or absence of relevance of the image data.

  Therefore, the PC 50 allows the owner or the administrator of the cameras 20 and 20A, for example, to delete one or one inconvenient photograph from the continuous photographs (a plurality of continuous image data) that have not been falsified or erased intentionally. It can be easily assured that the copy has not been erased.

  Further, the data reading unit 61 may acquire a plurality of data that are continuous in time series. Thereby, the cameras 20, 20A to 20C, the PC 50, and the signature processing system can improve the ability to guarantee the relevance to the image data.

  Further, the data reading section 61 may acquire the first image data and the second image data. The determination unit 65 may determine the presence or absence of relevance between a plurality of pieces of image data based on the hash value of the second image data as the correlation information.

  As a result, a hash value that can be easily derived from the image data and has high security due to one-way characteristics is used as the correlation information. Therefore, the PC 50 can determine whether there is tampering between a plurality of pieces of image data and whether there is any relevance, by reducing the load related to signature verification.

  Further, the PC 50 may include a hash calculator 62 that derives a first hash value (for example, HA ′) that is a hash value of the second image data. The signature decrypting unit 63 may decrypt the first signature data using the verification key to obtain a second hash value (for example, HA ″). The determination unit 65 determines a first hash value, a second hash value, and a third hash value (for example, HA ′ ″) that is a hash value of the second image data included in the first image data. , The presence or absence of a relationship between the first image data and the second image data may be determined.

  Accordingly, the PC 50 can, for example, match the first hash value and the second hash value, thereby allowing the second image data in the cameras 20 and 20A as the signature generating device and the PC 50 as the signature verifying device. Can be confirmed to match the second image data. That is, the PC 50 can confirm that the second image data has not been falsified.

  Further, the PC 50 determines that the first hash value or the second hash value matches the third hash value, and thus, for example, the hash value of the second image data included in the composite data including the first image data. It can be confirmed that the value matches the hash value calculated from the second image data. Therefore, since the coincidence of the same image data (second image data) can be confirmed from the two image data related to each other, the PC 50 can, for example, change the image between the two image data by the owner of the camera 20, 20A. It can be guaranteed that data has not been erased.

  Although various embodiments have been described with reference to the drawings, it goes without saying that the present invention is not limited to such examples. It is obvious that those skilled in the art can conceive various changes or modifications within the scope of the claims, and these naturally belong to the technical scope of the present invention. I understand.

  In the above embodiment, the signature generation device is applied to a digital still camera capable of capturing a still image, but is not limited thereto. For example, the signature generation device may be applied to a video camera such as a monitoring camera capable of capturing a moving image. May be done.

  In addition, the signature generation device includes, for example, a recorder (recording device) that collects audio by a sound collection device (microphone) and records audio data, a PBX (Private Branch Exchange) (private branch exchange) that can record audio, May be applied. In this case, the validity, continuity, and evidence of the voice data can be improved. Further, the signature generation and signature verification of the above embodiment may be applied to data including both audio data and image data.

  In the above-mentioned embodiment, data arranged in time series, such as a plurality of image data continuously imaged by the cameras 20 and 20A, has been exemplified as a plurality of related data. The present invention is not limited to this, and as a plurality of related data, various data (for example, data whose relation to the preceding and succeeding data is determined like a daisy chain, a part of a group of data, and a part of the data are common to other data). Data having a value).

  Also, among the plurality of related data, instead of making all data the target of the related data as in the case of the immediately preceding or succeeding data, for example, every two data in the time series and every three data are arranged. Correlation information of continuous data may be used. In this case, the signature processing system can determine, for example, whether or not the plurality of data are related with a certain interval.

  In addition, even when the data is not a plurality of continuous data, if the user wants to know the relevance of arbitrary data, the camera may, for example, add one of the plurality of data whose relevance is to be inspected to one of the plurality of data. Correlation information based on other data may be embedded. Thereby, the PC 50 can determine the presence or absence of relevance of a plurality of arbitrary data.

  INDUSTRIAL APPLICABILITY The present invention is useful for a signature generation device, a signature verification device, a signature generation method, a signature verification method, and the like that can guarantee the association between a plurality of data.

Reference Signs List 10 signature processing system 20, 20A, 20B, 20C camera 20y signature function 20z image data generation function 21, 51 CPU / RAM unit 22, 52 HDD unit 23 ASIC unit 31 ID generation unit 32, 32A, 32B, 32C signature processing unit 33 Data synthesis unit 34, 62 Hash calculation unit 35 ID storage unit 36 Signature key storage unit 37 Synthetic data storage unit 38 Hash data storage unit 38B Signature data storage unit 38C Image data storage unit 39 Cryptographic processing unit 41 Imaging unit 42 Image data generation unit 50 PC
50x signature verification function 50y signature decryption function 50z public key acquisition function 53 monitor unit 61 data reading unit 63 signature decryption unit 64 signature data verification unit 65 determination unit 66 result output unit 71 verification key storage unit 73 display unit

A signature generation device according to the present invention includes a data acquisition unit configured to acquire a plurality of pieces of data including first data and second data related to each other, and a first value derived from the data including at least the first data. A deriving unit that derives a second value from data including at least the first value and the second data, and a first signature using the first value and the signature key. A signature generation unit that generates data and generates second signature data using the second value and the signature key ; and identifying the first data, the first signature data, and the first data. The first combined data including the information, the second data, the first value and the second signature data, and the identification information of the second data that is continuous with the identification information of the first data. comprising a transmitter for transmitting a second combined data including, a, a

The signature verification device of the present invention includes: first data; first signature data generated using a first value and a signature key derived from at least data including the first data; First synthetic data including the identification information of the first data, second data correlated with the first data, the first value, at least the first value and the second value. A second signature data generated using a second value and a signature key derived from data including data, and identification information of the second data continuous with identification information of the first data. And a data acquisition unit for acquiring the first data from the data including the first data, and deriving the first value from the data including the first value and the second data. a deriving unit that derives a value of 2, using the verification key, the first Decodes the name data obtains the first value, decoding the second signature data and a signature decryption unit for acquiring said second value.

A signature generation method according to the present invention is a signature generation method for a signature generation device, including a step of acquiring a plurality of data including a first data and a second data that are related to each other, and including at least the first data. Storing a first value derived from data in a storage unit; deriving a second value from data including at least the first value and the second data by a processor; Generating a first signature data using the value and the signature key; generating the second signature data using the second value and the signature key ; Transmitting first combined data including first signature data and identification information of the first data; the second data; the first value; and the second signature data And the first Comprising a step of transmitting identification information of the second continuous data identification information over data, a second synthesized data including, a.

A signature verification method according to the present invention is a signature verification method in a signature verification device, wherein the signature verification method is generated using first data, a first value derived from data including at least the first data, and a signature key. Obtaining first combined data including the first signature data and identification information of the first data; second data correlated with the first data; And second signature data generated using a signature value and a second value derived from a second value from data including at least the first value and the second data; and Obtaining second combined data including identification information of the second data continuous with identification information of the first data, and deriving the first value from the data including the first data by a processor And the first Deriving by the processor to the second value from the data including the values and a second data, by using the verification key, the steps of decoding the first signature data to obtain the first value, the verification Decrypting the second signature data using a key to obtain the second value .

Claims (18)

A data acquisition unit that acquires a plurality of data including first data that are related to each other;
A signature generation unit that generates first signature data for the first data and the correlation information based on the first data, the correlation information indicating a correlation between the plurality of data, and a signature key;
A signature generation device comprising: The signature generation device according to claim 1, wherein
The signature generation device, wherein the data acquisition unit acquires the plurality of data that are continuous in time series. The signature generation device according to claim 1 or 2,
The data acquisition unit acquires the first data and the second data,
The signature generation unit generates the first signature data based on the first data, the correlation information indicating a correlation between the first data and the second data, and the signature key. , A signature generation device. The signature generation device according to claim 3, further comprising:
A one-way function deriving unit that derives a hash value of data acquired by the data acquiring unit,
The signature generation device, wherein the signature generation unit generates the first signature data based on a hash value of the second data as the correlation information. The signature generation device according to any one of claims 3 and 4, further comprising:
An identification information generation unit that generates identification information of the data acquired by the data acquisition unit,
The signature generation device, wherein the signature generation unit generates the first signature data based on identification information of the first data as the correlation information. A signature generation device according to any one of claims 3 to 5, wherein
The signature generation device, wherein the signature generation unit generates the first signature data based on second signature data for the second data as the correlation information. A signature generation device according to any one of claims 3 to 6, wherein
The signature generation device, wherein the signature generation unit generates the first signature data based on the second data as the correlation information. The signature generation device according to claim 5, wherein
The signature generation device, wherein the identification information of the first data is displayed as visible data added to the first data by a display device. A signature generation device according to any one of claims 1 to 8,
The signature generation device, wherein the data acquisition unit includes an imaging unit, and acquires image data captured by the imaging unit. The signature generation device according to any one of claims 1 to 9, wherein
The signature generation device, wherein the data acquisition unit includes a sound collection unit, and acquires sound data collected by the sound collection unit. The signature generation device according to any one of claims 1 to 10, further comprising:
A signature generation device, comprising: a transmission unit that transmits the plurality of data and the first signature data. Obtaining a plurality of data including mutually related first data, and first signature data obtained by performing a signature process on the first data and correlation information indicating a correlation between the plurality of data; A data acquisition unit to perform
A signature decryption unit that decrypts the first signature data using a verification key;
Based on the correlation information, a relevance determination unit that determines the presence or absence of relevance between the plurality of data,
Signature verification device comprising: The signature verification device according to claim 12, wherein
The signature verification device, wherein the data acquisition unit acquires the plurality of data that are continuous in time series. The signature verification device according to claim 12 or 13, wherein
The data acquisition unit acquires the first data and the second data,
The signature verification device, wherein the relevance determination unit determines whether there is a relevance between the plurality of data based on a hash value of the second data as the correlation information. The signature verification device according to claim 14, further comprising:
A one-way function deriving unit that derives a first hash value that is a hash value of the second data,
The signature decryption unit decrypts the first signature data using the verification key, obtains a second hash value,
The relevancy determination unit is configured to determine a value based on the first hash value, the second hash value, and a third hash value that is a hash value of the second data included in the first data. A signature verification device that determines whether there is a relationship between the first data and the second data. The signature verification device according to any one of claims 12 to 15, further comprising:
The signature verification device, wherein the data acquisition unit receives the plurality of data and the first signature data. A signature generation method in a signature generation device,
Obtaining a plurality of data, including interrelated first data;
Generating first signature data for the first data and the correlation information based on the first data, the correlation information indicating a correlation between the plurality of data, and a signature key;
Signature generation method comprising: A signature verification method in a signature verification device,
Obtaining a plurality of data including mutually related first data, and first signature data obtained by performing a signature process on the first data and correlation information indicating a correlation between the plurality of data; Steps to
Decrypting the first signature data using a verification key;
Based on the correlation information, determining whether there is a relationship between the plurality of data,
Signature verification method comprising:

Images