Image decryption device and method
The present invention relates to a method of encrypting an image, a method of decrypting an encrypted image, and a decryption device. More in particular, the present invention relates to a method of encrypting an image consisting of image elements, a method of decrypting an image consisting of image elements, as well as a decryption device for decrypting an encrypted image displayed on a display device so as to provide a decrypted image.
It is well known to encrypt an image in order to prevent the image being recognized or to prevent its contents being read by unauthorized persons. One technique of encrypting an image is disclosed in, for example, European Patent Application EP 0260 815. This technique, also known as visual cryptography, employs two patterns, each of which cannot be recognized individually, which are overlaid to produce a recognizable image. To this end, the original image is transformed into two randomized parts or patterns, neither of which contains any perceptible image information. One of these patterns is printed on a transparency or displayed on an at least partially transparent display to allow the patterns to be combined in the eye of the viewer.
This transformation of the original image, however, typically causes the number of image elements, also known as picture elements (pixels), to increase while the resolution decreases. Typically the encrypted image contains two times or, when the aspect ratio of the image is to be maintained, four times as many image elements as the original image. In addition, it is very difficult to encrypt and decrypt color images using this known technique.
It is therefore an object of the present invention to overcome at least some of these disadvantages of the above-referenced European Patent Application and to provide a method of encrypting an image which preserves the resolution of the image without substantially increasing the number of picture elements.
It is another object of the present invention to provide a method of decrypting an image which allows a simple decryption of encrypted images while substantially preserving their resolution.
It is a further object of the present invention to provide a device for decrypting an encrypted image which allows a simple decryption of encrypted images while substantially preserving their resolution.
Accordingly, the present invention provides a method of encrypting an image consisting of image elements, the method comprising the step of:
• permuting the image elements so as to provide a encrypted image. By permuting the image elements (pixels) of the original image an encrypted (or encoded) image is obtained which cannot be recognized. The encrypted image may have exactly the same number of image elements as the original image, so an increase in the number of image elements is avoided.
The present invention also provides a method of decrypting an encrypted image consisting of image elements, the method comprising the steps of:
• displaying the encrypted image on a display device, and
• positioning near the display device a decryption device capable of sensing the displayed image elements and permuting the sensed image elements so as to provide a decrypted image. By first permuting the image elements to obtain the encrypted image and later inversely permuting the encrypted image to obtain the decrypted image, a decrypted image may be obtained which is identical to the original image. As a consequence, there is no loss of resolution. The methods of the present invention further allow the encryption and decryption of color images, for example by using the liquid crystal display techniques described in European Patent Application serial number 02078660.4 (attorney docket PHNL020804).
The said permutation of the image elements may be a "pure" permutation, that is, a rearrangement or transposition of the individual image elements in different locations within the image, the transposition preferably being random or pseudo-random. The (initial) permutation and the inverse permutation may be identical but will be different in most embodiments.
In an advantageous embodiment the step of permuting involves using two or more image elements of the first (original or encrypted respectively) image to produce a single image element of the second (encrypted or decrypted respectively) image. That is, the image values (e.g. "1" for black and "0" for white) of for example four image elements of the
original image may be combined to produced a single encrypted image value (e.g. "1", "0" or "0.8"). Similarly, the image values of for example four image elements of the encrypted image may be combined to produced a single decrypted image value. This combining may involve adding, subtracting, averaging or other operations. The original image values maybe adjacent or may be taken from image elements scattered over the original image. This combining should be entirely or substantially reversible so as to allow decryption.
In another advantageous embodiment the step of permuting involves using a group (i.e. two or more) image elements of the first (e.g. encrypted) image to produce a group (i.e. two or more) image elements of the second (e.g. decrypted) image. In particular, the step of permuting may involve cryptographically processing a group of image elements of the first image to produce a group of image elements of the second image. Again, the image elements of a group need not be adjacent.
The present invention further provides a decryption device for decrypting an encrypted image displayed on a display device so as to provide a decrypted image, the decryption device comprising:
• sensing means for sensing the displayed image elements,
• permuting means for permuting the sensed image elements, and
• display means for displaying the permuted image element so as to provide a decrypted image. The device of the present invention allows encrypted images to be readily decrypted.
Furthermore, the device of the present invention allows a secure decryption of the encrypted image, even when the display device is not trusted. It is noted that the device of the present invention is not only suitable for carrying out the decryption method of the present invention, but may also advantageously be used to carry out the decryption of images which were encrypted using the Prior Art methods of image encryption ("classic visual cryptography") discussed above. In the latter case the device of the present invention preferably permutes groups of four image elements.
A preferred embodiment of the device of the present invention is arranged such that: • the sensing means comprise sensor elements arranged in a first face of the device,
• the display means comprise display elements arranged in a second face of the device, and/or
• the permuting means comprise connection means for providing electrical and/or optical connections between the sensor elements and the display elements.
By providing appropriate electrical or optical connections between the sensor elements which sense the encrypted image on the one hand and the display elements on the other hand, the encrypted image is permuted and the decrypted image can be displayed. The number of image elements of the decrypted image is preferably equal to the number of image elements of the original image. By using electrical or optical connections producing an appropriate image transformation, such as a permutation of the image elements, the quality of the image may be maintained.
In a first embodiment, the connection means comprise hard wired electrical connections or glue-logic. This allows the decryption device of the present invention to permute the image elements. Such a decryption technique is relatively simple. Optical fibers directly connecting each sensor element with a display element may be used in an optical alternative embodiment.
In a second embodiment, the connection means comprise a processor for cryptographically processing image data provided by the sensor elements. In both embodiments, the connection means may comprise a display driver.
Such a display driver may also be used for effecting an appropriate image transformation, in which case a separate processor may be omitted.
Preferably, the decryption device of the present invention is substantially non- transparent. This causes the decryption device to shield the encrypted image, thus avoiding any undesired interference between the encrypted image and the image displayed on the decryption device. It is noted that this is in contrast with the arrangements according to the Prior Art in which is required for the "decryption device" to be at least partially transparent. It will be understood, however, that the device may be made transparent, for example to carry out Prior Art decryption methods. Preferably, the first and second faces of the decryption device are arranged substantially back-to-back. However, other arrangements are also possible, including arrangements in which the sensor elements and the display elements are accommodated in separate housings.
Advantageously, the first face may be provided with at least one lens. Either a single lens may be provided for sensor elements, or each sensor element (or group of sensor elements) is provided with an individual lens. It will be understood that the focusing of a lens may improve the sensing capabilities of the device. In one embodiment, the decryption device of the present invention may be accommodated in a video camera, thus using the camera's lens.
In a very advantageous embodiment, the display elements comprise organic LED elements, preferably active matrix organic LED elements.
It is noted that the device of the present invention can also be used to encrypt an image. In such an application, a camera may be used to record the image displayed by the device, or the device may be provided with a suitable output port.
The present invention additionally provides a system for decrypting an encrypted image, the system comprising a display device for displaying the encrypted image, and a decryption device as defined above for providing a decrypted image.
The present invention will further be explained below with reference to exemplary embodiments illustrated in the accompanying drawings, in which:
Fig. 1 schematically shows a method of encrypting and decrypting images according to the present invention. Fig. 2 schematically shows, in perspective, a system employing a device according to the present invention.
Fig. 3 schematically shows, in a cross-sectional view, a first embodiment of a device according to the present invention.
Fig. 4 schematically shows, in a cross-sectional view, a second embodiment of a device according to the present invention.
Fig. 5 schematically shows, in a cross-sectional view, a third embodiment of a device according to the present invention.
Fig. 6 schematically shows a preferred embodiment of a sensor element and a display element for use in a device according to the present invention. Fig. 7 schematically shows a system in which the present invention may be utilized.
As illustrated by the example of Fig. 1, the present invention pertains to a process involving a first step I, in which an original (digital) image A is encrypted to produce an encrypted image B, a second step II, in which the encrypted image B is transmitted by any suitable means (e.g. electronically via a cable, a satellite link or on a physical carrier such as a CD or floppy disc), and a third step III in which the transmitted encrypted image B is decrypted, resulting in a decrypted image C.
As schematically shown in Fig. 1, each image A, B, C consists of a number of image elements or pixels 10 (twenty pixels per image are shown in the example of Fig. 1, although actual images will have a significantly greater number of image elements). The encryption may be carried out by permuting the image elements 10, the decryption being carried out by an inverse permutation. Assuming pixels ranging from (1, 1) (top left hand corner) to (4, 5) (bottom right hand corner), a permutation may be carried out as follows:
(1, 1) => (2,5)
(2, 1) => (1, 3)
(3, 1) => (4, 2)
(4, 5) => (2, 1)
The resulting image B will be unrecognizable provided the permutations are sufficiently random.
When the inverse permutation is carried out in step III, e.g. (2, 1) => (4, 5), the original image is restored and the decrypted image C will be identical to the original image
A. In case of any transmission errors in step II, there maybe discrepancies between images A and C.
A system according to the present invention which is shown merely by way of non-limiting example in Fig. 2 comprises a display terminal 2 and a decryption device 1. The display terminal 2 may be a computer terminal, television set or a similar device capable of showing images. The display terminal 2 may for example have a CRT (Cathode Ray Tube) display or an LCD display. In the cryptographic sense the display terminal 2 is an untrusted terminal.
The display terminal 2 displays an image B. As this image is encrypted, it cannot be recognized and is therefore apparently meaningless. This is symbolically shown by the question mark. In accordance with the present invention a decryption device 1 is used which is capable of sensing the encrypted image B and transforming it into a decrypted image C (shown to be the number 9 in the example of Fig. 1). As will further be explained below, the decryption device 1 of the present invention has two faces, one of which is placed in front of the display device 2 in order to be able to sense the encrypted image B, and the other one of which is provided with display elements for displaying the decrypted image. In the cryptographic sense the decryption device 1 is a trusted terminal.
The device 1 of the present invention shown merely by way of non-limiting example in Fig. 3 comprises a first face 11 provided with sensor elements 21 for sensing the
encrypted image and a second face 12 provided with display elements 22 for displaying the decrypted image. The direction in which light representing the image travels is indicated by arrows.
The sensor elements 21 may be constituted by photo-diodes or other elements capable of transforming light into an electrical signal. These sensor elements may be embedded in the image elements. The display elements 22 may be LEDs (Light Emitting Diodes), for example organic LEDs (OLEDs). It has been found that so-called Active Matrix Organic LEDs (AM-OLEDs) are particularly suitable.
The decryption device 1 of the present invention further comprises connection means 13 for providing electrical or optical connections between the sensor elements 21 and the display elements 22. The connection means 13 are arranged in such a way that the display elements 22 together display the decrypted image (C in Figs. 1 and 2). In other words, the connection means 13 cause the encrypted image to be decrypted.
In the exemplary embodiment of Fig. 3 the connection means 13 consist of hard wired connections which may be constituted by actual wires, a printed circuit board, so- called glue logic, optical fibers or other means. The decryption scheme employed is fixed and may consist of a simple permutation of the picture elements. That is, each sensor element 21 may be connected to a single display element 22 having a different relative location (a small percentage of the display elements 22 could be allowed to have the same relative positions as their corresponding sensor elements 21).
A display driver 24 may optionally be present. Such a display driver, however, is in the embodiment of Fig. 3 not involved in the decryption process.
It is noted that the display of the decryption device 1 is preferably non- transparent and that the only image visible is the image produced by the display elements 22. In its preferred embodiments the decryption device of the present invention does not produce a partial image as in the prior art where two partial images were combined to produce a single decrypted image. Instead, the device of the present invention preferably produces the entire decrypted image while masking the encrypted image.
In the embodiment of Fig. 4 the hard wired connections between the sensor elements 21 and the display elements 22 are replaced with a processor unit 23 which is capable of performing a permutation, a combined permutation and combination, or a cryptographic algorithm such as RSA, DES or a similar algorithm. In this embodiment, therefore, all sensor elements 21 and display elements 22 are connected to the processor unit 23 which may contain a microprocessor or a dedicated cryptographic integrated circuit. In
addition to cryptographic processing the processor unit could be capable of signal processing for the purpose of enhancing the contrast and/or color of the decrypted image. Alternatively, the display driver 24 could be arranged for performing the decryption.
To prevent any fraudulent use of the device it is preferably arranged such that any cryptographic information, such as keys, cannot be obtained from outside the device. For the same reason, any firmware updates of, for example, the display driver should be either impossible or only allowed under strict security conditions.
An alternative embodiment is shown in Fig. 5 where lenses 25 are positioned so as to focus any incident light upon the sensor elements 21. Instead of a plurality of lenses 25 as shown in Fig. 5, a single, larger lens could be used.
The opto-electrical circuit 6 shown by way of non-limiting example in Fig. 6 is particularly suitable for use in a device 1 of the present invention. The photo diode 7 constitutes a sensor element 21 of Figs. 3 and 4, while OLED 8 corresponds with a display element 22 of Figs. 3 and 4. Upon the receipt of light from the encrypted image (B in Figs. 1 and 2) photo diode 7 inputs its signal into the crypto block (i.e. connection means 13 and/or cryptographic processor 23) which may in turn produce an output signal which is input to selection transistor Tseι. A selection signal from the display driver (24 in Figs. 3 and 4) controls transistor Tseι, which in turn controls driver transistor Tdrv- Capacitor Cs maintains the gate signal to driver transistor Tdrv which, in the embodiment shown, drives an OLED (Organic LED). Using the circuit 6 a very simple and efficient decryption device 1 can be obtained.
Fig. 7 schematically shows a system utilizing the invention, comprising a server 3 and several clients 2a, 2b, 2c. While the clients 2a-2c are embodied here as a laptop computer 2a, a palmtop computer 2b and a mobile phone 2c, they can in fact be realized as any kind of device, as long as the device is able to interactively communicate with the server 3 and is able to render graphical images on a display screen, such as an LCD screen. The communication can take place over a wire, such as is the case with the laptop 2a, or wirelessly like with the palmtop computer 2b and the mobile phone 2c. A network such as the Internet or a telephone network could interconnect the server 3 and any of the clients 2a- 2c. The server 3 generates an image representing a message that needs to be communicated to the operator of the client 2a. The image will be encrypted before transmission. The graphical message can of course comprise any type of information that one could want to transmit securely and privately to another party. For example, a customer's bank balance could be communicated this way, as shown in Fig. 7 as graphical message 5. Other examples include
private e-mail messages, a new PIN (Personal Identification Number) code or password to be provided to the operator of client device 2a.
A particularly advantageous application is to securely allow the composition of a message by the operator of client 2a. In this embodiment, the server generates an image 4 which represents a plurality of input means such as keys on a keyboard. Each input means represents an input word that can be used in the message that will be composed by the user. In addition to, or instead of keys, the input means could also be checkboxes, selection lists, sliders or other elements typically used in user interfaces to facilitate user input. This application is discussed in more detail below. The server 3 encrypts the images 4, 5 as a sequence of encrypted (or encoded) information units. This encoded sequence is then transmitted to one of the client devices 2a- 2c. Such transmissions are straightforward to implement and will not be elaborated upon here. Note that it is not necessary to protect this transmission by e.g. encrypting the encoded sequence or setting up a secure authenticated channel before transmitting it. Because of the process used to choose the elements of the sequence, it is impossible for an eavesdropper to recover the images 4, 5 by using only the encoded sequence.
Also shown in Fig. 7 is a device 1 of the present invention which is used here as a personal decryption device. The device shown has a display section 15 for displaying an image and an keypad section 16 for entering data. This device 1 is personal to a user and is to used to decrypt encrypted or encoded messages sent by the server 3 to any of the clients 2a- 2c. To add extra security, entering a password or Personal Identification Number (PIN) could be required upon activation of the decryption device 1. The device 1 could also be provided with a fingerprint reader, or be equipped to recognize a voice command uttered by its rightful owner, in order to provide access security. It will be understood that the invention can be used in various other systems other than the one shown in Fig. 7.
In addition to or instead of cryptographic processing the processor unit of the device 1 of the present invention could be capable of checking a message authentication code (MAC) in the encrypted image. In this case it could be envisaged that the "encrypted" image A is not encrypted in the true sense of the word but is provided with a MAC instead. This would allow the device of the present invention to be used as a verification device for testing the authenticity of an image.
As will be clear from the above description, the present invention is based upon the insight that a permutation of picture elements, or a similar image transformation, may be used to reversibly encrypt images while preserving their resolution as well as the
number of pixels. The present invention is also based upon the further insight that a trusted image decryption device is capable of providing a secure decryption of encrypted images displayed on an untrusted terminal.
It is noted that any terms used in this documents should not be construed so as limit the scope of the present invention. In particular, the words "comprise(s)" and
"comprising" are not meant to exclude any elements not specifically stated. Single (circuit) elements maybe substituted with multiple (circuit) elements or with their equivalents.
Accordingly, it will be understood by those skilled in the art that the present invention is not limited to the embodiments illustrated above and that many modifications and additions may be made without departing from the scope of the invention as defined in the appending claims.