JP4565427B2 - Image processing apparatus, authentication apparatus, program and system thereof - Google Patents

Description

  The present invention relates to an image processing apparatus and an authentication apparatus that embed a digital watermark in data to be printed to prevent tampering.

There is a need to prevent information leakage and falsification of documents due to unauthorized copying of corporate information and personal information. As countermeasures for preventing information leakage and the like, there are a digital watermark technique for specifying a document creator and a falsification prevention technique for specifying whether or not a document has been falsified.
Patent Document 1 discloses a method of dividing and embedding a plurality of two-dimensional barcodes in a document.
However, if all of the divided data is not properly extracted, it is not specified whether the content of the document has been tampered with.

Patent Document 2 discloses a method of dividing image data into a plurality of regions having different features and embedding a digital watermark corresponding to the image features of each region.
Patent Document 3 discloses a method for determining whether a document is an original or a duplicate by embedding a plurality of types of documents in a document by changing the embedding strength.
Patent Document 4 discloses a method for preventing counterfeiting off-line and on-line by embedding a barcode and a digital watermark in a document and embedding them in a document and comparing them with the original document.
However, all of these techniques are vulnerable to cutting and pasting, and there are cases where authentication can be performed only with the embedded portion.

JP2003-36763A JP 2003-298830 A JP 2004-7463 A JP 2003-319170 A

  The present invention has been made based on the above-described background, and provides an image processing apparatus and an authentication apparatus that authenticate the creator of a document and the presence / absence of falsification of a printed paper document such as a certificate offline. The purpose is to do.

In order to achieve the above object, an image processing apparatus according to the present invention includes a hash value generation unit that generates a hash value based on the content of a document included in document data including a plurality of pages, and the hash value generation unit. A hash value dividing unit that divides the hash value generated by the method into a plurality of hash values, and data including the hash value generated by the hash value generating unit and data relating to a creator of the document, An electronic signature data generation unit that generates a plurality of falsification prevention data by encoding data including each of a plurality of hash values divided by the hash value division unit and data related to the creation date and time of the document to generate a plurality of falsification prevention data a data generating means, the electronic signature data generated by the digital signature data generating means, the document Synthesizing at least one page of the plurality of pages included in the chromatography data, a plurality of tamper-proof data generated by the alteration prevention data generating means for synthesizing the plurality of pages included in the document data synthesizing means And have.

Preferably, the electronic signature data generation unit encodes the hash value generated by the hash value generation unit using a secret key,
  The tampering prevention data generation means encodes the hash value generated by the hash value generation means using a secret key,
  The synthesizing unit includes a tamper-proof data generated by the tamper-proof data generating unit, a public key corresponding to a secret key used by the electronic signature data generating unit, and a secret key used by the tamper-proof data generating unit. And the document data as a print pattern.

Preferably, the synthesizing unit corresponds to the plurality of falsification prevention data generated by the falsification prevention data generation unit as a print pattern together with the page number of the corresponding page among the plurality of pages included in the document data. To the page you want.

Authentication apparatus according to the present invention is a receiving unit that receives the document data composed of a plurality of pages, at least one page of the plurality of pages included in the document data, the contents of the documents included in the document data Receiving means including electronic signature data including a hash value generated based on the plurality of pages, wherein each of the plurality of pages included in the document data includes a plurality of falsification prevention data including each of the plurality of hash values obtained by dividing the hash value And electronic signature data decrypting means for decrypting electronic signature data included in at least one of a plurality of pages included in the document data received by the receiving means, and document data received by the receiving means alteration of decoding a plurality of tamper-proof data contained in each of the plurality of pages included in the It has a stop data decoding means, and the hash value contained in the decoding result by the electronic signature data decoding means, and comparing means for comparing the plurality of hash values included in the decoded result of the alteration prevention data decoding means .

Preferably, there is further provided public key extraction means for extracting a digital key data included in the document data and a public key for decrypting the falsification prevention data from the falsification prevention data included in the document data received by the reception means. The electronic signature data decrypting means decrypts the electronic signature data included in the document data received by the accepting means using the public key extracted by the public key extracting means, and the falsification preventing data decryption The converting means decrypts the falsification preventing data included in the document data received by the receiving means using the public key extracted by the public key extracting means.

An image processing program according to the present invention includes, in an image processing apparatus including a computer, a hash value generation step for generating a hash value based on the content of a document included in document data including a plurality of pages, and the generated hash A hash value dividing step of dividing a value into a plurality of hash values; and an electronic signature data generating step of generating electronic signature data by encoding data including the generated hash value and data relating to a creator of the document; Each of the plurality of divided hash values and data including data related to the creation date and time of the document are encoded to generate a plurality of falsification prevention data, and the generated electronic signature data includes the falsification prevention data generation step. Composite to at least one of the multiple pages included in the document data A plurality of tamper-proof data the generated, to execute a combining step of combining the plurality of pages included in the document data to the computer of the image processing apparatus.

An authentication program according to the present invention is a receiving means for receiving document data consisting of a plurality of pages in an authentication apparatus including a computer, and at least one of the plurality of pages included in the document data is the document data Including digital signature data including a hash value generated based on the content of the document included in the document, wherein the plurality of pages included in the document data includes a plurality of alterations including each of the plurality of hash values obtained by dividing the hash value A reception step including each of the prevention data , a digital signature data decoding step for decoding the digital signature data included in at least one of the plurality of pages included in the received document data, and the received document multiple of tamper-proof de contained in each of a plurality of pages that are included in the data Comparing the alteration prevention data decoding step of decoding the data, and the hash value contained in the decoded result of the digital signature data decoding step, a plurality of hash values included in the decoded result in the alteration prevention data decoding step The comparison step is executed by the computer of the authentication device.

A system according to the present invention is a system including an image processing device that processes document data and an authentication device that authenticates document data processed by the image processing device, and the image processing device includes a plurality of image processing devices. Hash value generating means for generating a hash value based on the content of the document included in the document data consisting of the pages, and a hash value dividing means for dividing the hash value generated by the hash value generating means into a plurality of hash values And encoding the data including the hash value generated by the hash value generation means and the data relating to the creator of the document, and generating the electronic signature data, and the hash value dividing means a plurality of hash values, respectively, and the data containing data about date of creation of the document by encoding a plurality of modified And alteration prevention data generating means for generating a prevention data N, the electronic signature data generated by the digital signature data generating means combines at least one page of the plurality of pages included in the document data, the tamperproof And a synthesizing unit that synthesizes a plurality of falsification prevention data generated by the data generating unit with each of a plurality of pages included in the document data, and the authentication device includes a plurality of pages from the image processing device. a receiving unit that receives the document data including the digital signature data and the alteration prevention data, electronic for decoding the electronic signature data is included in at least one page of the plurality of pages included in the document data received by said receiving means Signature data decrypting means and document data received by the accepting means And alteration prevention data decoding means for decoding a plurality of tamper-proof data contained in each of a plurality of pages that the hash value included in the decoding result by the electronic signature data decoding means, by the alteration prevention data decoding means Comparing means for comparing a plurality of hash values included in the decryption result.

  According to the image processing apparatus and the authentication apparatus of the present invention, it is possible to authenticate the creator of a document and the presence / absence of falsification of a printed paper document such as a certificate offline.

First, in order to help understanding of the present invention, an outline of the first embodiment according to the present invention will be described.
1A and 1B are diagrams illustrating an embedding process and an authentication process for digital watermarks and digital check data. FIG. 1A illustrates an embedding process, and FIG. 1B illustrates an authentication process.
As illustrated in FIG. 1A, the image processing apparatus according to the present invention generates a hash value by a predetermined hash function based on the content of a document (print data), and generates the generated hash value at least two. Embed in your document using one of the two methods. Specifically, the image processing apparatus generates a digital watermark and digital check data from the hash value and embeds them in the document.

  The digital watermark verifies the creator or publisher of the document. The digital watermark includes electronic signature information indicating who created the document, and a hash value generated based on the document. The digital signature information and the hash value are encoded with a secret key and embedded in the digital watermark.

  The digital check data is a print pattern that is printed on the entire background of the document to be printed, and proves that the document has not been tampered with. Also, the digital check data proves the document creation date and time, issuance date and the like. The digital check data includes time stamp information indicating a document creation date and time, and a hash value that is the same as the hash value included in the digital watermark. The time stamp information and the hash value are tampering prevention data, encoded with a secret key, and embedded in the digital check data. Further, when the digital check data is printed on the document, when the document is copied, the hidden characters may appear on the copied paper.

  As illustrated in FIG. 1B, at the time of authentication, the electronic signature information is extracted from the digital watermark, the extracted electronic signature information is decrypted using the public key, and the first hash value is extracted. Further, the time stamp information (falsification preventing data) is extracted from the digital check data, the extracted time stamp information is decrypted using the public key, and the second hash value is extracted. The first hash value and the second hash value are compared, and if the hash values are the same, it is proved that the document creator and the like have not been tampered with. In this way, the authenticity of the document is guaranteed.

A hardware configuration of the image processing apparatus 2 and the authentication apparatus 3 according to the first embodiment of the present invention will be described.
FIG. 2 is a diagram illustrating a hardware configuration of the image processing apparatus 2 and the authentication apparatus 3 to which the image processing method and the authentication method according to the present invention are applied, centering on the control apparatus 20.
As illustrated in FIG. 2, the image processing apparatus 2 includes a control device 20 including a CPU 202 and a memory 204, a communication device 22, a recording device 24 such as an HDD / CD device, an LCD display device or a CRT display device, a keyboard, The printer includes a user interface device (UI device) 26 including a touch panel and the like, a printing unit 12 that prints a document under the control of the control device 20, and a scanner unit 14 that reads the printed document.

  The image processing device 2 and the authentication device 3 are, for example, general-purpose computers in which an image processing program 4 and an authentication program 5 described later are installed. The image processing apparatus 2 performs predetermined image processing on the print data, embeds a digital watermark and digital check data, and prints via the printing unit 12. The authentication device 3 acquires image data optically read by the scanner unit 14 of the printer device 10 or acquires image data from the communication device 22 via a network (not shown) to perform document authentication processing. .

FIG. 3 is a diagram showing a functional configuration of the image processing program 4 which is executed by the control device 20 and realizes the image processing method according to the present invention.
As illustrated in FIG. 3, the image processing program 4 includes a print data reception unit 400, a hash value generation unit 402, and an embedding unit 40. The embedding unit 40 includes an electronic signature generation unit 404 (first encoding unit), a time stamp generation unit 408 (second encoding unit), and an image data generation unit 42. The image data generation unit 42 includes an electronic watermark. A generation unit 406, a print pattern generation unit 410, and a synthesis unit 412 are included.
Note that all or part of the functions of the image processing program 4 may be realized by hardware such as an ASIC provided in the printer apparatus 10. The following programs can be similarly realized.

  In the image processing program 4, the print data receiving unit 400 receives print output data via the communication device 22 or the recording device 24, and outputs it to the hash value generating unit 402 and the combining unit 412 of the embedding unit 40. The print output data includes, for example, data relating to the contents of the document, such as the creator of the document, creation date and time, predetermined items, and amounts relating to these items.

  The hash value generation unit 402 generates a hash value using a predetermined hash function based on the content of the document included in the print output data input from the print data reception unit 400, and the electronic signature generation unit of the embedding unit 40 The generated hash value is output to 404 and the time stamp generation unit 408. Here, the hash value may be a fixed length or a variable length, for example, 20 bytes.

  The embedding unit 40 embeds the hash value input from the hash value generation unit 402 in the print output data input from the print data reception unit 400 using at least two methods. More specifically, the embedding unit 40 encodes data including data relating to the hash value and the creator of the document, generates electronic signature information (electronic signature data), and stores data relating to the hash value and the creation date and time of the document. The included data is encoded to generate time stamp information (falsification preventing data), and the generated data is combined with the print output data to generate image data.

  In the embedding unit 40, the electronic signature generation unit 404 encodes data including the hash value input from the hash value generation unit 402 and data relating to the creator of the document using a secret key, and the encoded electronic signature information. Is output to the digital watermark generation unit 406 of the image data generation unit 42. The electronic signature information may include an issuer instead of the document creator.

  The time stamp generation unit 408 encodes data including the hash value input from the hash value generation unit 402 and data related to the creation date of the document using a secret key, and generates the encoded time stamp information as image data generation. This is output to the print pattern generation unit 410 of the unit 42. The time stamp information may include the issue date and time or the encoded date and time instead of the document creation date and time. The time stamp generation unit 408 may use the same secret key as the secret key used by the electronic signature generation unit 404 or may use a different secret key.

  In the embedding unit 40, the image data generation unit 42 generates a digital watermark based on the digital signature information input from the digital signature generation unit 404, and based on the time stamp information input from the time stamp generation unit 408, Digital check data (print pattern) is generated, and the generated digital watermark and digital check data are combined with print output data to generate image data.

  In the image data generation unit 42, the digital watermark generation unit 406 generates a digital watermark based on the digital signature information input from the digital signature generation unit 404 and outputs the digital watermark to the synthesis unit 412. The digital watermark is an image that is displayed superimposed on the print output data and the digital check data generated by the print pattern generation unit 410. The digital watermark may be an image pattern that is not visible to humans, and is embedded in an image such as a seal stamped on an official document, a company logo mark, an officer's payment stamp, or the like.

The print pattern generation unit 410 generates digital check data based on the time stamp information input from the time stamp generation unit 408 and outputs the digital check data to the synthesis unit 412. The digital check data is an image of a print pattern that is printed on the entire background of the document. The print pattern generation unit 410 generates digital check data by embedding an image pattern that is not visible to humans in the print pattern image. Note that the color, density, and pattern of the original print pattern may be selected in advance by the user.
Further, the print pattern generation unit 410 converts the public key corresponding to the secret key used by the electronic signature generation unit 404 and the public key corresponding to the secret key used by the time stamp generation unit 408 into digital check data. Embed. When the two public keys are the same, the print pattern generation unit 410 need only embed one public key.

The synthesizing unit 412 synthesizes the digital check data generated by the print pattern generation unit 410 with the entire background of the document of the print output data, and the digital watermark generation unit 406 generates a part of the document of the print output data. The digital watermark is synthesized, image data is generated, and output to the printing unit 12 of the printer device 10.
The printing unit 12 prints the image data input from the combining unit 412 on a recording sheet.

FIG. 4 is a flowchart showing image processing (S10) by the image processing program 4.
As shown in FIG. 4, in step 100 (S <b> 100), when the print data receiving unit 400 receives print output data such as an official document, the print data receiving unit 400 outputs it to the hash value generating unit 402 and the combining unit 412.
In step 102 (S102), the hash value generation unit 402 generates a hash value using a predetermined hash function based on the print output data input from the print data reception unit 400, and the electronic signature generation unit 404 and The data is output to the time stamp generation unit 408.

In step 104 (S104), the electronic signature generation unit 404 generates encoded electronic signature information based on the hash value input from the hash value generation unit 402, and outputs the encoded electronic signature information to the digital watermark generation unit 406. To do.
In step 106 (S106), the digital watermark generation unit 406 generates a digital watermark based on the digital signature information input from the digital signature generation unit 404, and outputs the digital watermark to the synthesis unit 412.

In step 108 (S108), the time stamp generation unit 408 generates encoded time stamp information based on the hash value input from the hash value generation unit 402, and outputs the generated time stamp information to the print pattern generation unit 410. To do.
In step 110 (S110), the print pattern generation unit 410 generates digital check data based on the time stamp information input from the time stamp generation unit 408. Further, the print pattern generation unit 410 converts the public key corresponding to the secret key used by the electronic signature generation unit 404 and the public key corresponding to the secret key used by the time stamp generation unit 408 into digital check data. Embed. The print pattern generation unit 410 outputs the digital check data in which these public keys are embedded to the synthesis unit 412.

  In step 112 (S112), the synthesizer 412 synthesizes the digital check data with the entire background of the document of the print output data, synthesizes the digital watermark with a part of the document of the print output data, and prints the generated image data. Output to the unit 12. The image data is printed on a recording sheet and output by the printing unit 12 of the printer device 10.

FIG. 5 is a diagram showing a functional configuration of the authentication program 5 which is executed by the control device 20 and realizes the authentication method according to the present invention.
As shown in FIG. 5, the authentication program 5 includes a read data receiving unit 500, a first decryption unit 50-1, a second decryption unit 50-2, and a hash value comparison unit 510. The first decryption unit 50-1 includes an electronic signature extraction unit 502 and an electronic signature decryption unit 504, and the second decryption unit 50-2 includes a time stamp extraction unit 506 and a time stamp decryption unit 508.

  In the authentication program 5, the read data receiving unit 500 receives read data via the scanner unit 14 of the printer device 10, the communication device 22, or the recording device 24, and the first decryption unit 50-1 and the second decryption unit 50-1. It outputs to the decoding part 50-2. The read data is an image such as a public document such as a certificate. Digital check data is printed on the entire background of the image, and a digital watermark is printed on a part of the image. The digital watermark includes electronic signature information, and the digital check data includes time stamp information.

The first decryption unit 50-1 decrypts the electronic signature information included in the digital watermark of the read data input from the read data reception unit 500, extracts a hash value, and sends the hash value comparison unit 510 to the hash value comparison unit 510. Output.
The second decryption unit 50-2 decrypts the time stamp information included in the digital check data of the read data input from the read data reception unit 500, extracts the hash value, and sends the hash value comparison unit 510 to the hash value comparison unit 510. Output.

In the first decryption unit 50-1, the digital signature extraction unit 502 extracts digital signature information from a digital watermark printed on at least a part of the read image, and sends it to the digital signature decryption unit 504. On the other hand, the extracted electronic signature information is output.
The electronic signature decryption unit 504 decrypts the digital signature data input from the electronic signature extraction unit 502 using the public key, extracts a hash value, and extracts the hash value to the hash value comparison unit 510. Is output. This public key is a public key extracted from the digital check data by a time stamp extraction unit 506 described later.

In the second decoding unit 50-2, the time stamp extraction unit 506 extracts time stamp information from the digital check data printed on the entire background of the read image, and sends the time stamp information to the time stamp decoding unit 508. , Output the extracted time stamp information. The time stamp extraction unit 506 extracts time stamp information from arbitrary digital check data among a plurality of digital check data printed on the background of the image.
Further, the time stamp extraction unit 506 generates a public key corresponding to the secret key used for encoding the electronic signature information and a public key corresponding to the secret key used for encoding the time stamp information from the digital check data. And extract. If the electronic signature information and the time stamp information are encoded with the same secret key, the time stamp extraction unit 506 extracts one public key corresponding to the secret key.

  The time stamp decryption unit 508 uses the public key extracted by the time stamp extraction unit 506 to decrypt the time stamp information input from the time stamp extraction unit 506, extract a hash value, and a hash value comparison unit 510. Output the extracted hash value.

  The hash value comparison unit 510 has a hash value input from the electronic signature decryption unit 504 of the first decryption unit 50-1 and a hash value input from the time stamp decryption unit 508 of the second decryption unit 50-2. The values are compared to determine whether these hash values are the same. If the hash values are the same, the hash value comparison unit 510 identifies the creator of the document and determines that the document has not been tampered with. If the hash values are not the same, the hash value comparison unit 510 determines that the creator of the document is not appropriate or that the document has been tampered with. The hash value comparison unit 510 outputs the determination result as an authentication result.

FIG. 6 is a flowchart showing the authentication process (S20) by the authentication program 5.
As shown in FIG. 6, in step 200 (S200), the read data receiving unit 500 of the authentication program 5 reads the read data of the image printed with the digital watermark and the digital check data via the scanner unit 14 of the printer device 10. Is output to the electronic signature extraction unit 502 of the first decryption unit 50-1 and the time stamp extraction unit 506 of the second decryption unit 50-2.
In step 202 (S202), the digital signature extraction unit 502 extracts the digital signature information from the digital watermark printed on a part of the image of the read data input from the read data reception unit 500, and decrypts the digital signature. Output to the unit 504.

  In step 204 (S204), the time stamp extracting unit 506 extracts time stamp information from any of a plurality of digital check data printed on the background of the read data image input from the read data receiving unit 500. Is output to the time stamp decoding unit 508. Further, the time stamp extraction unit 506 extracts a public key corresponding to the secret key used for encoding the electronic signature information from the digital check data, and outputs the public key to the electronic signature decryption unit 504. Similarly, the time stamp extraction unit 506 extracts a public key corresponding to the secret key used for encoding the time stamp information, and outputs the public key to the time stamp decoding unit 508.

In step 206 (S206), the digital signature decryption unit 504 decrypts the digital signature data input from the digital signature extraction unit 502 using the public key extracted by the time stamp extraction unit 506, and extracts a hash value. Is output to the hash value comparison unit 510.
In step 208 (S208), the time stamp decrypting unit 508 uses the public key extracted by the time stamp extracting unit 506 to decrypt the time stamp information input from the time stamp extracting unit 506 and extract a hash value. Is output to the hash value comparison unit 510.

  In step 210 (S210), the hash value comparison unit 510 compares the hash value input from the digital signature decryption unit 504 with the hash value input from the time stamp decryption unit 508, and these hash values are the same. It is determined whether or not. The determination result is displayed on the UI device 26 or the like of the authentication device 3, and the user confirms the authentication result.

As described above, the image processing apparatus 2 according to the present embodiment generates a hash value based on document data, and embeds this hash value in the document data using at least two methods. Documents that can guarantee Further, since the image processing apparatus 2 generates electronic signature information based on the hash value and embeds it in the document data, it is possible to create a document that can authenticate offline who created or issued the document.
Since the image processing apparatus 2 generates digital check data (print pattern) based on the hash value and embeds it in the document data, it is possible to create a document that can be authenticated offline whether or not the document has been tampered with. Further, since the image processing apparatus 2 prints the digital check data on the entire background of the document, it is possible to create a document that can be authenticated even when the document is partially cut and pasted. Further, since the image processing apparatus 2 generates digital check data including time stamp information (time information), it is possible to create a document that can authenticate the time when the document was created offline.
Further, the image processing apparatus 2 encodes the electronic signature information including the hash value and the time stamp information using the secret key, and generates digital check data including the public key corresponding to these secret keys. Thus, it is possible to create a document that can guarantee the authenticity of the document offline.

The authentication device 3 according to the present embodiment receives image data including digital check data and a digital watermark synthesized with the digital check data, decodes data included in the digital watermark, and decodes data included in the digital check data. Since these decryption results are compared, the authenticity of the document can be authenticated offline. Further, since the authentication device 3 extracts the electronic signature information from the digital watermark included in the image data, it can authenticate who created or issued the document offline.
Since the authentication device 3 extracts falsification prevention data such as time stamp information from the digital check data included in the image data, it can authenticate whether or not the document has been falsified offline. Further, since the authentication device 3 extracts the falsification prevention data from any of a plurality of digital check data printed on the entire background of the document, the document is falsified even for a partially cut and pasted document. It can be authenticated whether or not.
Further, the authentication device 3 extracts a public key for decrypting the data included in the digital watermark and the data included in the print pattern from the digital check data included in the image data, and uses these public keys to Since the data included in the data and the data included in the digital check data are decrypted, the authenticity of the document can be authenticated more effectively offline.

Next, an image processing apparatus 2 and an authentication apparatus 3 according to the second embodiment of the present invention will be described.
FIG. 7 is a diagram for explaining the embedding process performed by the image processing apparatus 2 and the authentication process performed by the authentication apparatus 3 according to the present embodiment, and FIG. 7A illustrates the embedding process. (B) illustrates the authentication process.
As illustrated in FIG. 7A, the image processing apparatus 2 generates a hash value based on print output data of a document including a plurality of pages, and authenticates the digital watermark printed on at least one of the pages. The target is different from the image processing apparatus 2 according to the first embodiment in that the number information of the document is embedded in addition to the hash value, and the hash value is embedded in the digital check data printed on the background of all pages.
Further, as illustrated in FIG. 7B, the authentication device 3 extracts the hash value and the number information from the digital watermark printed on at least one page, and the digital check data of all pages indicated by the number information. It differs from the authentication apparatus 3 according to the first embodiment in that a hash value is extracted from each of them, and each of these hash values is compared with each other to authenticate the document.

FIG. 8 is a diagram showing a functional configuration of the image processing program 6 for realizing the image processing method according to the present embodiment.
As illustrated in FIG. 8, the image processing program 6 includes a print data reception unit 400, a hash value generation unit 602, and an embedding unit 40. The embedding unit 40 includes an electronic signature generation unit 604, a time stamp generation unit 408, and an image data generation unit 42. The image data generation unit 42 includes an electronic watermark generation unit 606, a print pattern generation unit 410, and a synthesis unit 612. 8 that are substantially the same as those shown in FIG. 3 are denoted by the same reference numerals.

  In the image processing program 6, the hash value generation unit 602 uses a predetermined hash function to perform hashing based on the contents of all pages of a document of a plurality of pages included in the print output data input from the print data reception unit 400. Generate a value. The hash value generation unit 602 outputs the generated hash value and the number information to the electronic signature generation unit 404, and outputs the generated hash value to the time stamp generation unit 408.

The electronic signature generation unit 604 encodes the hash value input from the hash value generation unit 602, the data related to the creator of the document, and the data including the number information of the document using the secret key, and the encoded electronic signature Information is output to the digital watermark generation unit 606. Note that the number information may be output to the digital watermark generation unit 606 without being encoded.
The digital watermark generation unit 606 generates a digital watermark based on the digital signature information including the number information input from the digital signature generation unit 604 and outputs the digital watermark to the synthesis unit 612. When the number information is not included in the digital signature information, the digital watermark generation unit 606 embeds the digital signature information and the number information in the digital watermark.

  The synthesizing unit 612 synthesizes the digital check data generated by the print pattern generation unit 410 with the entire background of all pages of the print output data, and at least one page of the print output data (for example, the first page). Are combined with the digital watermark including the number information generated by the digital watermark generation unit 606 to generate image data and output it to the printing unit 12 of the printer apparatus 10.

FIG. 9 is a flowchart showing image processing (S30) by the image processing program 6. Of the processes shown in FIG. 9, processes that are substantially the same as the processes (S <b> 10) shown in FIG. 4 are denoted by the same reference numerals.
As illustrated in FIG. 9, in the process of S <b> 100, when the print data receiving unit 400 receives print output data such as a multi-page official document, the print data receiving unit 400 outputs the print data to the hash value generating unit 402 and the combining unit 612.
In step 302 (S302), the hash value generation unit 602 generates a hash value using a predetermined hash function based on the contents of all pages of the print output data input from the print data reception unit 400, and outputs the electronic value. The generated hash value and the number information are output to the signature generation unit 404, and the generated hash value is output to the time stamp generation unit 408.

In step 304 (S304), the digital signature generation unit 604 generates encoded digital signature information based on the hash value input from the hash value generation unit 602 and the number of documents information, and generates a digital watermark. The data is output to the unit 606.
In step 306 (S306), the digital watermark generation unit 606 generates a digital watermark based on the digital signature information including the number information input from the digital signature generation unit 604, and outputs the digital watermark to the synthesis unit 612. .

In the processing of S108 and S110, digital check data is generated based on the hash value and output to the synthesis unit 612.
In step 312 (S312), the synthesis unit 612 synthesizes the digital check data with the entire background of all pages of the print output data, and the digital watermark generation unit 606 generates at least a part of one page of the print output data. The digital watermark including the number information is synthesized and the generated image data is output to the printing unit 12. The image data is printed on a recording sheet and output by the printing unit 12 of the printer device 10.

FIG. 10 is a diagram showing a functional configuration of the authentication program 7 for realizing the authentication method according to the present embodiment.
As illustrated in FIG. 10, the authentication program 7 includes a read data receiving unit 500, a first decryption unit 70-1, a second decryption unit 70-2, and a hash value comparison unit 710. The first decryption unit 70-1 includes an electronic signature extraction unit 702 and an electronic signature decryption unit 704, and the second decryption unit 70-2 includes a time stamp extraction unit 706 and a time stamp decryption unit 708. 10 that are substantially the same as those shown in FIG. 5 are denoted by the same reference numerals.

  The electronic signature extraction unit 702 extracts electronic signature information including the number information from the electronic watermark printed on at least one of the read images of the plurality of pages, and sends it to the electronic signature decryption unit 704. On the other hand, the extracted electronic signature information is output. When the digital watermark is printed on a plurality of pages, the digital signature extraction unit 702 may extract the digital signature information from the digital watermarks of the plurality of pages, or the extracted digital signature information Any electronic signature information may be output. When the digital signature information does not include the number information and the digital watermark includes the digital signature information and the number information, the digital signature extraction unit 702 extracts the digital signature information and the number information from the digital watermark. And output to the electronic signature decryption unit 704.

  The electronic signature decryption unit 704 decrypts the electronic signature information input from the electronic signature extraction unit 702 using the public key extracted by the time stamp extraction unit 706 described later, and extracts the hash value and the number information. The extracted hash value and number information are output to the hash value comparison unit 710. When the electronic signature information and the number information are input from the electronic signature extraction unit 702, the electronic signature decryption unit 704 decrypts the electronic signature information and extracts a hash value.

  The time stamp extraction unit 706 extracts time stamp information from the digital check data printed on the entire background of each of the read images of the plurality of pages, and extracts the time stamp information to the time stamp decoding unit 708. Output multiple time stamp information. The time stamp extraction unit 706 extracts time stamp information from arbitrary digital check data among a plurality of digital check data printed on the entire background in each page. Further, the time stamp extraction unit 706 generates a public key corresponding to the secret key used for encoding the electronic signature information and a public key corresponding to the secret key used for encoding each time stamp information from the digital check data. Extract the key.

  The time stamp decryption unit 708 uses the public key extracted by the time stamp extraction unit 706 to decrypt each of the time stamp information input from the time stamp extraction unit 706 to extract a plurality of hash values, and the hash value A plurality of extracted hash values are output to the comparison unit 710.

  The hash value comparison unit 710 determines whether or not the number of hash values input from the time stamp decoding unit 708 is the same as the number based on the number information input from the electronic signature decoding unit 704. . When the number of hash values and the number of hash values are the same, the hash value comparison unit 710 has the same hash value input from the electronic signature decryption unit 704 and each hash value input from the time stamp decryption unit 708. It is determined whether or not. If these hash values are the same, the hash value comparison unit 710 identifies the creator of the document, determines that the document has not been tampered with, and outputs the result as an authentication result. The hash value comparison unit 710 outputs that the document is not authenticated when the number and the number of hash values are not the same and when the hash values are not the same.

FIG. 11 is a flowchart showing the authentication process (S40) by the authentication program 7. Of the processes shown in FIG. 11, processes that are substantially the same as the processes (S <b> 20) shown in FIG. 6 are denoted by the same reference numerals.
As shown in FIG. 11, in the process of S200, the read data receiving unit 500 of the authentication program 7 receives the read data and outputs it to the electronic signature extraction unit 702 and the time stamp extraction unit 706.
In step 402 (S402), the digital signature extraction unit 702 obtains the number information from the digital watermark printed on at least one of the plurality of pages of the read data input from the read data reception unit 500. Is extracted and output to the electronic signature decryption unit 704.

  In step 404 (S404), the time stamp extraction unit 706 uses any one of a plurality of digital check data printed on the entire background in each of a plurality of pages of read data input from the read data receiving unit 500. Arbitrary time stamp information is extracted, and the time stamp information extracted from each page is output to the time stamp decoding unit 708. Further, the time stamp extraction unit 706 extracts a public key corresponding to the secret key used for encoding the electronic signature information from the digital check data, outputs the public key to the electronic signature decryption unit 704, and outputs the time stamp information. The public key corresponding to the secret key used for encoding is extracted and output to the time stamp decoding unit 708.

In step 406 (S406), the electronic signature decryption unit 704 decrypts the electronic signature information input from the electronic signature extraction unit 702 using the extracted public key, extracts the hash value and the number information, and extracts the hash value. Output to the value comparison unit 710.
In step 408 (S408), the time stamp decryption unit 708 decrypts each of the time stamp information input from the time stamp extraction unit 706 using the public key extracted by the time stamp extraction unit 706 to generate a plurality of hash values. Are extracted and output to the hash value comparison unit 710.

  In step 410 (S410), the hash value comparison unit 710 determines whether or not the number of sheets input from the digital signature decryption unit 704 is the same as the number of hash values input from the time stamp decryption unit 708. . If they are the same, the hash value comparison unit 710 further determines whether the hash value input from the electronic signature decryption unit 704 and the hash value input from the time stamp decryption unit 708 are the same. judge. The determination result is displayed on the UI device 26 or the like of the authentication device 3, and the user confirms the authentication result.

As described above, the image processing apparatus 2 according to the present embodiment generates a hash value based on document data including a plurality of pages, generates a digital watermark based on the generated hash value, and generates document data. Since it is embedded in at least one included page and digital check data is generated based on the generated hash value and embedded in each page included in the document data, the authenticity of the document including multiple pages is guaranteed offline. Can be created.
In addition, the authentication device 3 according to the present embodiment receives image data including digital check data of a plurality of pages and a digital watermark combined with at least one page, decrypts the data included in the digital watermark, and performs digital check. The data included in each data is decrypted, and the hash value extracted from the digital watermark is compared with each hash value extracted from the digital check data, so it is confirmed that a predetermined number is included The authenticity of the document can be verified offline. Further, the authentication device 3 authenticates the document by determining whether or not the number of hash values extracted from the digital check data is the same as the number information extracted from the digital watermark. Well, it can authenticate documents.

Next, an image processing apparatus 2 and an authentication apparatus 3 according to the third embodiment of the present invention will be described.
FIG. 12 is a diagram illustrating the embedding process performed by the image processing apparatus 2 and the authentication process performed by the authentication apparatus 3 according to the present embodiment. FIG. 12A illustrates the embedding process. (B) illustrates the authentication process.
As illustrated in FIG. 12A, the image processing apparatus 2 according to the present embodiment generates a hash value based on print data of a document including a plurality of pages, and uses the generated hash value as the number of documents. The image processing apparatus 2 is different from the image processing apparatus 2 according to the second embodiment in that the divided hash values are separately embedded in the digital check data of each page.
Further, as illustrated in FIG. 7B, the authentication device 3 according to the present embodiment extracts a hash value from the digital check data of each page, and generates a hash value generated by synthesizing these hash values. Is different from the authentication apparatus 3 according to the second embodiment in that the document is authenticated by comparing the hash value extracted from the digital watermark.

FIG. 13 is a diagram showing a functional configuration of the image processing program 8 for realizing the image processing method according to the present embodiment.
As illustrated in FIG. 13, the image processing program 8 includes a print data reception unit 400, a hash value generation unit 602, a hash value division unit 800, and an embedding unit 40. The embedding unit 40 includes an electronic signature generation unit 604, a time stamp generation unit 408, and an image data generation unit 42. The image data generation unit 42 includes an electronic watermark generation unit 606, a print pattern generation unit 410, and a synthesis unit 812. Of the components shown in FIG. 13, components that are substantially the same as those shown in FIG. 8 are given the same reference numerals.

In the image processing program 8, the hash value generation unit 602 outputs the generated hash value to the hash value division unit 800.
The hash value division unit 800 divides the hash value input from the hash value generation unit 602 according to the number of documents of the print output data, and outputs each of the divided hash values to the time stamp generation unit 408. To do. For example, when the hash value generation unit 602 generates a 20-byte hash value based on the content of a document consisting of 4 pages, the hash value division unit 800 divides the generated hash value to generate 5 bytes. Four hash values are generated.

The time stamp generation unit 408 generates time stamp information based on each of the divided hash values, and the print pattern generation unit 410 generates digital restraint data from each of the generated time stamp information, and the synthesis unit 812 Output for.
The combining unit 812 combines the digital check data corresponding to each page on the entire background of each page of the print output data, and adds the number of copies to at least a part of one page (for example, the first page) of the print output data. A digital watermark including information is synthesized, image data is generated, and output to the printing unit 12 of the printer device 10.

FIG. 14 is a flowchart showing image processing (S50) by the image processing program 8. Of the processes shown in FIG. 14, processes that are substantially the same as the processes (S30) shown in FIG. 9 are denoted by the same reference numerals.
As illustrated in FIG. 14, when the print data reception unit 400 receives print output data such as a plurality of pages of documents in the process of S100, a hash value is generated in the processes of S302 to S306, and the hash value and the number of sheets The information is embedded in the digital watermark, and the digital watermark is generated.

In step 500 (S500), the hash value dividing unit 800 divides the hash value input from the hash value generating unit 602 according to the number of documents of the print output data, and each of the divided hash values is time stamped. The data is output to the generation unit 408.
In step 508 (S508), the time stamp generation unit 408 generates a plurality of encoded time stamp information based on each hash value, and outputs the generated time stamp information to the print pattern generation unit 410.
In step 510 (S510), the print pattern generation unit 410 generates a plurality of digital check data based on each time stamp information input from the time stamp generation unit 408. Further, the print pattern generation unit 410 embeds a predetermined public key in these digital check data, and outputs it to the synthesis unit 812.

  In step 512 (S512), the composition unit 812 composes digital check data corresponding to each page on the entire background of each page of the print output data, and prints the number information on at least a part of one page of the print output data. And the generated image data is output to the printing unit 12. The image data is printed on a recording sheet and output by the printing unit 12 of the printer device 10.

FIG. 15 is a diagram showing a functional configuration of the authentication program 9 for realizing the authentication method according to the present embodiment.
As shown in FIG. 15, the authentication program 9 includes a read data receiving unit 500, a first decryption unit 70-1, a second decryption unit 70-2, a hash value composition unit 900, and a hash value comparison unit 910. Including. 15 that are substantially the same as those shown in FIG. 10 are denoted by the same reference numerals.
The hash value synthesis unit 900 synthesizes the hash values input from the time stamp decoding unit 708 to generate one hash value. The hash value synthesis unit 900 outputs the synthesized hash value to the hash value comparison unit 910.

  The hash value comparison unit 910 determines whether or not the hash value input from the hash value combining unit 900 is generated by combining the same number of hash values as the number of sheets input from the electronic signature decryption unit 704, and If so, it is further determined whether or not the hash value input from the electronic signature decryption unit 704 is the same as the hash value input from the hash value synthesis unit 900. If these hash values are the same, the hash value comparison unit 910 identifies the creator of the document, determines that the document has not been tampered with, and outputs the result as an authentication result.

FIG. 16 is a flowchart showing the authentication process (S60) by the authentication program 9. Of the processes shown in FIG. 16, processes that are substantially the same as the processes (S <b> 40) shown in FIG. 11 are given the same reference numerals.
As illustrated in FIG. 16, in the processes of S200 to S408, the read data receiving unit 500 of the authentication program 9 receives the read data and extracts one hash value from the digital watermark printed on the image of the read data. Is done. This hash value is output to the hash value comparison unit 910. A hash value is extracted from each of the digital check data printed on the entire background of the plurality of pages of the read data. These hash values are output from the time stamp decoding unit 708 to the hash value synthesis unit 900.

  In step 600 (S600), the hash value synthesis unit 900 synthesizes the input hash values to generate one hash value, and outputs the synthesized hash value to the hash value comparison unit 910. .

  In step 610 (S610), the hash value comparison unit 910 generates the hash value input from the hash value combination unit 900 by combining the same number of hash values as the number of sheets input from the digital signature decryption unit 704. If so, it is further determined whether or not the hash value input from the digital signature decryption unit 704 and the hash value input from the hash value synthesis unit 900 are the same. To do. The determination result is displayed on the UI device 26 or the like of the authentication device 3, and the user confirms the authentication result.

As described above, the image processing apparatus 2 according to the present embodiment generates a hash value based on document data including a plurality of pages, generates a digital watermark based on the generated hash value, and generates document data. Embedded in at least one page included, and further, the generated hash value is divided, digital check data is generated based on each of the divided hash values, and embedded in each page included in the document data. A document that can guarantee the authenticity of a document including pages more strictly and offline can be created.
In addition, the authentication device 3 according to the present embodiment receives image data including digital check data of a plurality of pages and a digital watermark combined with at least one page, decrypts the data included in the digital watermark, and performs digital check. The data included in each data is decrypted, the hash values extracted from the digital check data are combined, and the hash value extracted from the digital watermark is compared with the combined hash value, so a predetermined number is included It is possible to verify the authenticity of the document offline after confirming that any page of the document has not been removed.

Next, an image processing apparatus 2 and an authentication apparatus 3 according to the fourth embodiment of the present invention will be described.
FIG. 17 is a diagram for explaining the embedding process performed by the image processing apparatus 2 and the authentication process performed by the authentication apparatus 3 according to the present embodiment, and FIG. 17A illustrates the embedding process. (B) illustrates the authentication process.
As illustrated in FIG. 17A, the image processing apparatus 2 according to the present embodiment embeds the page number of each page in the digital check data of the corresponding page in addition to the divided hash value. This is different from the image processing apparatus 2 according to the third embodiment.
Further, as illustrated in FIG. 17B, the authentication device 3 according to the present embodiment extracts the hash value and the page number from the digital check data of each page, and extracts the hash value and the page number in addition to the hash value. The page number is also used for authentication, which is different from the authentication device 3 according to the third embodiment.

The image processing method according to the present embodiment is realized by a program having substantially the same configuration as that of the image processing program 8 (FIG. 13).
In the image processing program 8, the time stamp generation unit 408 outputs the page number together with the time stamp information to the print pattern generation unit 410.
The print pattern generation unit 410 embeds the time stamp information and the page number in the digital check data of the corresponding page, and outputs the digital check data corresponding to each page to the combining unit 812.

The authentication method according to the present embodiment is realized by a program having substantially the same configuration as that of the authentication program 9 (FIG. 15).
In the authentication program 9, the time stamp extraction unit 706 obtains time stamp information and a page number corresponding to each page from the digital check data printed on the entire background of each page of the read images. Extracted and output to the time stamp decoding unit 708.
The extracted page number is input to the hash value comparison unit 910 via the time stamp decoding unit 708 and the hash value synthesis unit 900.
The hash value comparison unit 910 determines whether or not the hash values extracted from the respective pages are extracted according to the page number order, and proves the page order of the document.

As described above, the image processing apparatus 2 according to the present embodiment embeds each divided hash value in the corresponding page together with the page number of the corresponding page. Therefore, in the document including a plurality of pages, the page order It is possible to create a document that can guarantee the authenticity of the offline.
Further, the authentication device 3 according to the present embodiment receives image data including digital check data of a plurality of pages including page numbers (page order information), decodes data included in each digital check data, and outputs each page. Since the page numbers corresponding to are extracted and the plurality of page numbers are compared with each other, the authenticity of the page order can be verified offline in a document including a plurality of pages.

FIGS. 1A and 1B are diagrams for explaining a digital watermark and digital check data embedding process performed by the image processing apparatus 2 according to the first embodiment and an authentication process performed by the authentication apparatus 3. FIG. The process is illustrated, and FIG. 1B illustrates the authentication process. 2 is a diagram illustrating a hardware configuration of an image processing apparatus 2 and an authentication apparatus 3 to which an image processing method and an authentication method according to the present invention are applied, centering on a control apparatus 20. FIG. It is a figure which shows the function structure of the image processing program 4 which implement | achieves the image processing method concerning 1st Embodiment. It is a flowchart which shows the image processing (S10) by the image processing program 4. It is a figure which shows the function structure of the authentication program 5 which implement | achieves the authentication method concerning 1st Embodiment. It is a flowchart which shows an authentication process (S20) by the authentication program 5. FIG. 7A is a diagram for explaining an embedding process performed by the image processing apparatus 2 according to the second embodiment and an authentication process performed by the authentication apparatus 3. FIG. 7A illustrates the embedding process, and FIG. ) Illustrates the authentication process. It is a figure which shows the function structure of the image processing program 6 which implement | achieves the image processing method concerning 2nd Embodiment. It is a flowchart which shows the image processing (S30) by the image processing program 6. FIG. It is a figure which shows the function structure of the authentication program 7 which implement | achieves the authentication method concerning 2nd Embodiment. It is a flowchart which shows the authentication process (S40) by the authentication program 7. FIG. 12A is a diagram illustrating an embedding process performed by the image processing apparatus 2 according to the third embodiment and an authentication process performed by the authentication apparatus 3. FIG. 12A illustrates the embedding process, and FIG. ) Illustrates the authentication process. It is a figure which shows the function structure of the image processing program 8 which implement | achieves the image processing method concerning 3rd Embodiment. It is a flowchart which shows the image processing (S50) by the image processing program 8. FIG. It is a figure which shows the function structure of the authentication program 9 which implement | achieves the authentication method concerning 3rd Embodiment. It is a flowchart which shows the authentication process (S60) by the authentication program 9. FIGS. 17A and 17B are diagrams illustrating an embedding process performed by the image processing apparatus 2 and an authentication process performed by the authentication apparatus 3 according to the fourth embodiment. FIG. 17A illustrates the embedding process, and FIG. ) Illustrates the authentication process.

Explanation of symbols

DESCRIPTION OF SYMBOLS 2 ... Image processing apparatus 10 ... Printer apparatus 12 ... Printing part 14 ... Scanner part 20 ... Control apparatus 202 ... CPU
204 ... Memory 22 ... Communication device 24 ... Recording device 26 ... UI device 3 ... Authentication device 4 ... Image processing program 40 ... Embedding unit 42 ... Image data generating unit 400: Print data reception unit 402: Hash value generation unit 404 ... Digital signature generation unit 406 ... Digital watermark generation unit 408 ... Time stamp generation unit 410 ... Print pattern generation unit 412 ..Synthesis unit 5 ... authentication program 50-1 ... first decryption unit 50-2 ... second decryption unit 500 ... read data reception unit 502 ... electronic signature extraction unit 504: Digital signature decryption unit 506: Time stamp extraction unit 508: Time stamp decryption unit 510 ... Hash value comparison unit 6 ... Image processing program 602 ... Hash value generation unit 604 ... Digital signature generation unit 606 ... Digital watermark generation unit 612 ... Synthesis unit 7 ... Authentication program 70-1 ... First decryption unit 70-2 ... Second decryption 702... Electronic signature extraction unit 704... Electronic signature decryption unit 706... Time stamp extraction unit 708... Time stamp decryption unit 710... Hash value comparison unit 8. ... Hash value dividing unit 812 ... Combining unit 9 ... Authentication program 900 ... Hash value combining unit 910 ... Hash value comparing unit

Claims (8)

A hash value generating means for generating a hash value based on the content of the document included in the document data consisting of a plurality of pages ;
Hash value dividing means for dividing the hash value generated by the hash value generating means into a plurality of hash values;
An electronic signature data generating means for generating electronic signature data by encoding data including the hash value generated by the hash value generating means and data relating to the creator of the document;
Each of a plurality of hash values divided by the hash value dividing unit and data including data related to the creation date and time of the document are encoded to generate a plurality of falsification prevention data,
The electronic signature data generated by the electronic signature data generation unit is combined with at least one page among a plurality of pages included in the document data, and a plurality of tampering prevention data generated by the tampering prevention data generation unit is obtained. An image processing apparatus comprising: a combining unit configured to combine each of a plurality of pages included in the document data . The electronic signature data generation means encodes the hash value generated by the hash value generation means using a secret key,
The tampering prevention data generation means encodes the hash value generated by the hash value generation means using a secret key,
The synthesizing unit includes a tamper-proof data generated by the tamper-proof data generating unit, a public key corresponding to a secret key used by the electronic signature data generating unit, and a secret key used by the tamper-proof data generating unit. The image processing apparatus according to claim 1, wherein the image data is combined with the document data as a print pattern together with a public key corresponding to. The synthesizing unit synthesizes the plurality of falsification prevention data generated by the falsification prevention data generation unit into the corresponding page as a print pattern together with the page number of the corresponding page among the plurality of pages included in the document data. The image processing apparatus according to claim 1 . A receiving means for receiving document data including a plurality of pages, at least one page of the plurality of pages included in the document data, a hash value generated based on the contents of the documents included in the document data A plurality of pages including the electronic signature data, and the plurality of pages included in the document data includes a plurality of falsification prevention data including each of a plurality of hash values obtained by dividing the hash value ;
Electronic signature data decrypting means for decrypting electronic signature data included in at least one of a plurality of pages included in the document data received by the receiving means;
Falsification prevention data decoding means for decoding a plurality of falsification prevention data included in each of a plurality of pages included in the document data received by the reception means;
An authentication apparatus comprising: a comparison unit that compares a hash value included in the decryption result by the electronic signature data decryption unit and a plurality of hash values included in the decryption result by the falsification prevention data decryption unit. Public key extracting means for extracting from the falsification preventing data included in the document data accepted by the accepting means, a public key for decrypting the electronic signature data and the falsification preventing data contained in the document data;
The electronic signature data decrypting means decrypts the electronic signature data included in the document data received by the receiving means using the public key extracted by the public key extracting means,
The authentication according to claim 4 , wherein the falsification preventing data decrypting means decrypts the falsification preventing data included in the document data received by the accepting means using the public key extracted by the public key extracting means. apparatus. In an image processing apparatus including a computer,
A hash value generation step for generating a hash value based on the content of the document included in the document data including a plurality of pages ;
A hash value dividing step of dividing the generated hash value into a plurality of hash values;
An electronic signature data generation step of generating electronic signature data by encoding data including data relating to the generated hash value and the creator of the document;
A tamper-prevention data generation step for encoding a plurality of hash values and data including data related to the creation date and time of the document to generate a plurality of tamper-prevention data;
The generated electronic signature data is combined into at least one page among a plurality of pages included in the document data, and the generated plurality of falsification prevention data is respectively added to the plurality of pages included in the document data. A program for causing a computer of the image processing apparatus to execute a combining step of combining. In an authentication device including a computer,
A receiving means for receiving document data including a plurality of pages, at least one page of the plurality of pages included in the document data, a hash value generated based on the contents of the documents included in the document data A plurality of pages included in the document data including electronic signature data including, a reception step including each of a plurality of falsification prevention data including each of a plurality of hash values obtained by dividing the hash value ;
An electronic signature data decrypting step for decrypting electronic signature data included in at least one of a plurality of pages included in the received document data;
A tampering prevention data decoding step for decoding a plurality of tampering prevention data included in each of a plurality of pages included in the received document data;
Causing the computer of the authentication apparatus to execute a comparison step of comparing the hash value included in the decryption result in the electronic signature data decryption step with a plurality of hash values included in the decryption result in the falsification prevention data decryption step program. A system comprising an image processing device for processing document data and an authentication device for authenticating document data processed by the image processing device,
The image processing apparatus includes:
A hash value generating means for generating a hash value based on the content of the document included in the document data consisting of a plurality of pages ;
Hash value dividing means for dividing the hash value generated by the hash value generating means into a plurality of hash values;
An electronic signature data generating means for generating electronic signature data by encoding data including the hash value generated by the hash value generating means and data relating to the creator of the document;
Each of a plurality of hash values divided by the hash value dividing unit and data including data related to the creation date and time of the document are encoded to generate a plurality of falsification prevention data,
The electronic signature data generated by the electronic signature data generation unit is combined with at least one page among a plurality of pages included in the document data, and a plurality of tampering prevention data generated by the tampering prevention data generation unit is obtained. And combining means for combining each of the plurality of pages included in the document data ,
The authentication device
A receiving unit configured to receive document data including a plurality of pages and including electronic signature data and falsification preventing data from the image processing apparatus;
Electronic signature data decrypting means for decrypting electronic signature data included in at least one of a plurality of pages included in the document data received by the receiving means;
Falsification prevention data decoding means for decoding a plurality of falsification prevention data included in each of a plurality of pages included in the document data received by the reception means;
Comparing means for comparing a hash value included in the decryption result by the electronic signature data decryption means and a plurality of hash values included in the decryption result by the falsification preventing data decryption means.

Images