WO2005107147A1 - Authentication system, authentication acquisition device, and authentication method - Google Patents

Authentication system, authentication acquisition device, and authentication method Download PDF

Info

Publication number
WO2005107147A1
WO2005107147A1 PCT/JP2004/006222 JP2004006222W WO2005107147A1 WO 2005107147 A1 WO2005107147 A1 WO 2005107147A1 JP 2004006222 W JP2004006222 W JP 2004006222W WO 2005107147 A1 WO2005107147 A1 WO 2005107147A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
data
information
positioning
acquisition device
Prior art date
Application number
PCT/JP2004/006222
Other languages
French (fr)
Japanese (ja)
Inventor
Shinichi Yamada
Yoshihiro Masuyama
Original Assignee
Hitachi, Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi, Ltd. filed Critical Hitachi, Ltd.
Priority to PCT/JP2004/006222 priority Critical patent/WO2005107147A1/en
Priority to PCT/JP2005/008247 priority patent/WO2005107148A1/en
Publication of WO2005107147A1 publication Critical patent/WO2005107147A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/00127Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture
    • H04N1/00204Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a digital computer or a digital computer system, e.g. an internet server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/00127Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture
    • H04N1/00204Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a digital computer or a digital computer system, e.g. an internet server
    • H04N1/00244Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a digital computer or a digital computer system, e.g. an internet server with a server, e.g. an internet server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/00127Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture
    • H04N1/00323Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a measuring, monitoring or signaling apparatus, e.g. for transmitting measured information to a central location
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3212Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to a job, e.g. communication, capture or filing of an image
    • H04N2201/3215Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to a job, e.g. communication, capture or filing of an image of a time or duration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3253Position information, e.g. geographical position at time of capture, GPS data

Definitions

  • the present invention relates to an authentication system, an authentication acquisition device, and an authentication method for authenticating position information and time information obtained by electronic position measurement means such as GPS and delivering the information to various applications.
  • position and time information is obtained from GPS, and these are transmitted to the center, and the location and time data at which the center is copy-guarded are transmitted to the electronic device that requested it.
  • Technology Japanese Patent Laid-Open No. 2001-335357
  • generates position information and time information for specifying the input point adds it to the input data as authentication information, and transmits it to the certificate authority.
  • Japanese Patent Laid-Open Publication No. 2001-106632 Japanese Patent Laid-Open Publication No. 2001-106632
  • the first problem of the present invention is that the authentication between the center authentication device and the on-site authentication acquisition terminal is suitable.
  • An object of the present invention is to provide an authentication system, an authentication acquisition device, and an authentication method that facilitate location confirmation on site by distributing the load.
  • a second object of the present invention is to provide an authentication system and an authentication acquisition device that maintain the authenticity of an image captured by a digital camera or the like and realize consistent security from shooting to recording. Is to provide. Disclosure of the invention
  • an authentication system includes: an authentication acquisition device, comprising: a current position data of a positioning target received from electronic position positioning means such as a GPS; At times, it generates data integrating the authentication encryption key received from the authentication device.
  • the integrated data is transmitted to an authentication device connected via a network, and the authentication device authenticates the location information and the time information using the authentication encryption key, and the authentication acquisition device that has issued the authentication request.
  • the authentication acquisition device including the imaging device generates a drive timing signal of the image sensor synchronized with the current time, and the drive timing signal includes the authentication encryption key information transmitted from the authentication device, and the position measurement means.
  • the security marking signal is generated by superimposing the acquired current position information of the positioning target. Then, the image information output from the imaging device is recorded on the write-once recording medium as encrypted information including security marking information. This makes it possible to maintain the authenticity of images captured by digital cameras, etc., and realize consistent security from photography to recording.
  • FIG. 1 is a diagram cited for explaining the location authentication method of the present invention and its use subject. It is.
  • FIG. 2 is an operation sequence diagram cited for explaining the overall operation of the authentication system of the present invention.
  • FIG. 3 is a flowchart showing the operation of the authentication acquisition device of the present invention.
  • FIG. 4 is a flowchart showing the operation of the authentication system of the present invention.
  • FIG. 5 is a block diagram showing the internal configuration of the authentication acquisition device of the present invention in a functionally developed manner.
  • FIG. 6 is a block diagram showing the internal configuration of the authentication system of the present invention by developing its functions.
  • FIG. 7 is a diagram conceptually showing an application example of the authentication obtaining apparatus of the present invention.
  • FIG. 8 is a block diagram showing an internal configuration of the image intrinsic processing unit shown in FIG.
  • FIG. 9 is a flowchart showing the operation of the image intrinsic processing section shown in FIG.
  • FIG. 10 is a block diagram in which a part related to the color correction processing is extracted and shown in the image intrinsic processing section shown in FIG.
  • FIG. 1 is a diagram cited for explaining a location authentication method of the present invention and its use subject.
  • reference numeral 1 denotes a GPS satellite, which measures the distance based on the principle of triangulation by receiving radio waves emitted from three or more GPS satellites 1, and obtains current position information including latitude, longitude, and altitude as well as a standard. Used as an electronic positioning means to measure time. In addition, as the electronic positioning means, other methods such as those using FM (Frequency Modulation) radio waves can be used.
  • FM Frequency Modulation
  • Reference numeral 2 denotes an authentication requester
  • reference numeral 3 denotes a location authentication service provider, which owns and manages an authentication acquisition terminal 20 as an authentication acquisition device and an authentication server 30 as an authentication device, respectively.
  • Authentication 4 The acquiring terminal 20 and the authentication server 30 are connected via a network (not shown).
  • the authentication acquiring terminal 20 receives the GPS data (latitude, longitude, altitude, time) by the built-in GPS receiver and issues a request for acquiring the authentication encryption key of the received GPS data to the authentication server 30. I do.
  • the authentication server 30 issues authentication encryption key information to the requested authentication acquisition terminal 20.
  • the authentication acquisition terminal 20 integrates the GPS data and the authentication encryption key information. It generates pandle data and issues an authentication request to the authentication server 30.
  • the authentication server 30 transmits the result of the authentication to the authentication acquiring terminal 20.
  • the authentication acquiring terminal 20 delivers the authentication data to the application. In this way, an appropriate load distribution can be performed between the authentication acquisition terminal 20 and the authentication server 30. Therefore, the authentication requester 2 can obtain a quick response result at the site, and The load on server 30 is reduced.
  • the details will be described below.
  • FIG. 2 is an operation sequence diagram cited for explaining the overall operation of the authentication system of the present invention.
  • an operation sequence between the GPS satellite 1, the authentication acquisition terminal 20 and the authentication server 30 is shown.
  • the certified terminal 20 receives a radio wave from the GPS satellite 1 and performs a positioning process (S21: correct the arrow in FIG. 2).
  • the radio wave from the GPS satellite 1 is also delivered to the authentication server 30, and the same processing is performed in the authentication server 30 (S22).
  • the authentication acquisition terminal 20 issues a timestamp request to the authentication server 30 (S23), and the authentication server 30 receiving the request sends a timestamp for synchronization (S2). Four ) .
  • the authentication acquisition terminal 20 Before and after receiving the time stamp, the authentication acquisition terminal 20 issues an authentication encryption key acquisition request to the authentication server 30 (S25), and determines the positioning data, the time stamp, and the received authentication key. Issue the certification request by panning the information (S26, S27). Subsequently, the authentication result is transmitted from the authentication server 30 and the terminal 20 obtains the authentication data. Data to the application.
  • FIG. 3 is a flowchart showing the flow of the operation in the authentication acquisition terminal 20 in that case.
  • the authentication terminal 20 first captures the radio wave of the GPS satellite 1 (S31), executes positioning processing, and obtains the current position information of the authentication terminal 20 consisting of latitude, longitude, and altitude. Get (S32). Then, it receives a time stamp for synchronization from the authentication server 30 and transmits a request for issuing an authentication encryption key (S33, S34). Subsequently, the system waits for the issuance of the authentication encryption key from the authentication server 30 (S35), generates the received authentication encryption key, and the pandora data of the positioning data and the time stamp, and transmits it to the authentication server 30 ( S36). Then, it waits for the authentication server 30 to send authentication data, and passes the result to the application (S37, S38).
  • terminal processing in the authentication acquisition terminal 20 is mainly performed, so that location confirmation on the site is facilitated.
  • RFID Radio Frequency Identification
  • FIG. 4 is a flowchart showing the flow of operation when the processing load is shared mainly by the authentication server.
  • the authentication server 30 first receives an authentication encryption key acquisition request from the authentication acquisition terminal 20 (S41). As a result, the authentication server 30 generates continuous encryption matrix data (authentication encryption key information) for authentication synchronized with the time stamp, and transmits it to the requested authentication acquisition terminal 20 (S42).
  • the simple positioning result is confirmed by comparing it with the data (S45).
  • the confirmation is performed by adding authentication password information generated by a specific function to the positioning data obtained by calculating the following arithmetic expression (positioning equation), and encrypting based on the authentication and authentication encryption key information. This is performed by comparing the calculated positioning data with the positioning calculation result obtained by decoding (back calculation) using the shared function.
  • i (i l, 2 , 3, 4): satellites used for positioning, Xi, satellite position of Y have Z already known, X u, Y u, Z u: unknown receiver position, Ri: Known Pseudo distance (real distance between satellite and GPS receiver calculated from received signal, clock error, propagation delay, Includes transmitter noise. Among them, satellite clock error and propagation delay are corrected before solving), C Bu : receiver clock error.
  • the authentication server 30 since the authentication server 30 performs the positioning calculation, the burden on the authentication acquisition terminal 20 is reduced, and the authentication data is archived in the authentication server 30. Is difficult.
  • the communication between the authentication acquisition terminal 20 and the authentication server 30 is performed using a secure communication platform using a time synchronization encryption key.
  • one of the acquired data includes data that can be reversibly proved to be true. Must be included.
  • the received normal GPS signal has not been proved to be the only true signal reversibly, and therefore, in the embodiment of the present invention, the true GPS signal is reversibly true from the authentication server 30.
  • the authentication encryption key information that can be proved as a signal is passed to the authentication acquisition terminal 20. However, this alone does not prove that all the received GPS signals are receiving true signals, so that all signals received at the true position are decrypted and immediately transferred to the authentication server 30. It verifies rationality such as back calculation and check to ensure its authenticity.
  • the authentication encryption key information which is an authentication signal
  • an array authentication encryption matrix data
  • the functions involved in the rationality verification are not fixed, and it is necessary to take into account that both the authentication server 30 and the authentication terminal 20 dynamically change in synchronization.
  • Fig. 5 shows the above-mentioned authentication acquisition terminal
  • Fig. 6 shows the internal configuration of the authentication server. It is the block diagram opened and shown.
  • the authentication acquisition terminal 20 includes a GPS data acquisition unit 21, an authentication signal key reception unit 22, a bundle data generation unit 23, and a location authentication result reception unit 24.
  • the GPS data acquisition unit 21 acquires the current position data and time data of the positioning target from the GPS satellite 1 and supplies them to the pandle data generation unit 23.
  • the bundle data generation unit 23 is supplied with the authentication encryption key information transmitted from the authentication server 30 via the authentication encryption key reception unit 22. Here, a bundle integrating these data is provided. Generates data (positioning data + time stamp + authentication encryption key information) and starts the position authentication result receiver 24.
  • the authentication server 30 obtains the above-mentioned pandle data from the authentication acquiring terminal 20 and authenticates the position information and the time information using the authentication encryption key information (continuous encryption matrix data for authentication) generated by itself. And sends it to the requested authentication terminal 20.
  • the location authentication result receiving unit 24 receives the result of the location authentication from the authentication server 30 and delivers the result to the application.
  • the authentication server 30 includes a GPS data acquisition unit 31, an authentication request reception unit 32, a simple positioning result reception unit 33, an authentication encryption key generation transmission unit 34, and a positioning processing unit 3. 5, an authentication archive 36, and an authentication result transmitting unit 37.
  • the GPS data acquisition unit 31 acquires the current position data and time data of the positioning target from the GPS satellite 1 and supplies them to the positioning processing unit 35.
  • the output from the simplified positioning result receiving unit 33 and the output from the authentication encryption key generation transmitting unit 34 are supplied to the positioning processing unit 35.
  • the simple positioning result receiving unit 3 3 receives the result of the simple positioning calculation (based on GPS data, time data, and authentication encryption key information) generated by the authentication acquisition terminal 20, and generates the authentication encryption key generation transmission unit 3. 4 generates authentication encryption key information synchronized with the current time based on the time data received from the GPS satellite 1 when the authentication request is received from the authentication acquisition terminal 20 via the authentication request receiving unit 32. .
  • the positioning processing unit 35 performs the authentication issued simultaneously with the authentication request from the authentication acquisition terminal 20. JP2004 / 006222
  • the current position data of the positioning target captured via the GPS data capturing unit 31 is authenticated using the authentication encryption key information generated earlier, and transmitted from the authentication acquisition terminal 20. Check the result of simple positioning. Then, the result is recorded in the authentication archive 36 constituted by a write-once type recording medium, and is transmitted to the requesting authentication terminal 20 via the authentication result transmitting unit 37 to reply.
  • FIG. 7 shows a conceptual diagram of an operation when the authentication system of the present invention is applied to an imaging device (for example, a digital camera).
  • an imaging device for example, a digital camera
  • the digital camera 40 operates as the authentication acquisition terminal 20 of the present invention.
  • the digital camera 40 is connected to the authentication server 30 of the location / location authentication service company 3 via the communication module 49.
  • video / data storage and time authentication are also performed.
  • the digital camera 40 includes a positioning input (including a differential input by FM radio waves) obtained from the 0-3 satellite 1 via the 0S receiver 41, a azimuth gyro 4 2 , Input of direction by geomagnetic sensor 43, input of ambient environment data by environment sensor 44 such as temperature, barometric pressure and humidity, input of operator ID confirmation part 45 by input of biological information such as fingerprint, and input of tag reader part 46 It is provided as a device.
  • a large double circle below the operator ID confirmation section 45 is a cradle for the operator ID confirmation section 45 such as a fingerprint sensor. (... Correct the position of reference numeral 45 in Fig. 7.)
  • These input data are provided to the control center CPU 47 (here, the image intrinsic processing unit) and processed.
  • the photographing data is encrypted in association with the input data and recorded on a write-once recording medium 48 (hereinafter referred to as an encrypted recording medium) built in the digital camera 40. Also, it is similarly recorded on the write-once recording medium 36 (authentication archive) of the authentication server 30.
  • a write-once recording medium 48 hereinafter referred to as an encrypted recording medium
  • the captured video data be tamper-proof after the optical-Z electrical conversion of the image sensor (hereinafter referred to as an image sensor).
  • the communication line to be connected shall have high security.
  • the center's authentication archive 36 must have necessary access control and have a falsification prevention function and a physical protection function.
  • Fig. 8 shows an example of the configuration of the image authenticity processing unit that is essential to secure the authenticity of the video and store the authenticable video.
  • Fig. 9 is a flowchart showing the processing procedure.
  • reference numeral 472 denotes an image sensor unit configured by a CCD (Charge Coupled Device) or the like, which is driven by a timing signal generated by the image sensor drive timing unit 471 ( S91).
  • the security marking generation unit 483 includes the authentication code key information generated by the authentication server 30 fetched through the authentication encryption key reception unit 476, and the external signal reception unit 473, A security marking signal is generated by superimposing the time information and the current position information, which are obtained via the synchronization time receiving section 474 and the position authentication processing section 475, to the security marking processing section 485.
  • Supply S92
  • the security marking processing section 485 is also supplied with the above-described drive timing signal and the image sensor output signal input via the A / D processing section 482, where the security marking signal is supplied. And the output buffer 4 8 4 as video generation basic data The signal is supplied to the camera signal processing unit 489 via (S93).
  • the camera signal processing unit 489 processes the video generation basic data as a camera input signal, and generates and outputs video encrypted data including a security marking signal.
  • the encrypted video data is transmitted in real time to the authentication archive (write-once recording medium 36) of the authentication server 30 via the secure line 487 and recorded.
  • the synchronization time stamp (synchronization time receiving unit 474), positioning position data (position authentication processing unit 475), ambient environment sensor data (various sensors 441, 442), operator ID (operator ID)
  • the ID receiving unit 477) may be linked and recorded.
  • the above-mentioned signals, the synchronization time stamp signal (synchronization time receiving section 474), the positioning position signal (position authentication processing section 475), the ambient environment sensor data (various sensors 441 and 442), the operator ID data (operation The user ID receiving section 477) is recorded on the encrypted recording medium 48 together with the video signal at the time of receiving all (S94).
  • the processing for making it impossible to falsify after the light / electric signal conversion timing by the image sensor has been described. However, it is in a stage before the light / electric signal conversion such as exposure adjustment.
  • the timing of starting mechanical or electrical shutters that limit optical input must be considered as well.
  • an image sensor unit 472 such as a CCD (optical / electrical conversion element).
  • CCD optical / electrical conversion element
  • the present invention can be applied to a shutter using an ON / OFF conversion of an optical / electrical conversion element and a mechanical or electronic shutter, and the timing can be appropriately set.
  • the time can be set in consideration of the shutter speed (moving speed of the slit, etc.).
  • the optical input is processed by a duplex system using a half mirror or the like, and individually registered in the encrypted recording media 48 (data storage archive) at the same time.
  • a mutual error difference correction process capable of reproducing a corrected color based on the same criterion can be performed on the transmitting and receiving sides (S97).
  • FIG. 10 is a diagram cited for the purpose of general description of the mutual error difference correction processing.
  • the photographing subsystem 100 and the display subsystem 200 are exemplified. I have.
  • FIG. 10 blocks denoted by the same reference numerals as those in FIG. 8 are the same as those shown in FIG.
  • the color information transmitted and received via the network is expressed slightly differently due to the color expression error of each display device.
  • the color is included by minimizing the error on the transmitting and receiving man-machine interfaces at both ends of the system, although it is not true color. It is intended for data distribution.
  • a standard color template (TP) is prepared, and each standard color component of the captured image generated by the standard template color data generation unit 501 is generated and output.
  • the standard color difference processing unit 502 is used to determine the color components of the captured image and the respective The difference from the quasi-color component is calculated, an input color data correction signal is generated, and the input color data correction signal is transmitted to the display-side subsystem 200 together with the captured video signal.
  • the display-side subsystem 200 performs calculations for excluding the received input color data correction signal (difference signal) as an error signal at the time of reproduction, and displays the result.
  • the authentication acquisition device is configured such that the current position data and the time data of the positioning target received from the electronic position positioning device such as the GPS, and the authentication encryption code received from the authentication device when the authentication request is issued. Generates data that integrates a key and sends this integrated data to an authentication device connected via a network, and the authentication device authenticates location information and time information using an authentication encryption key. This is a response to the authentication acquisition device that issued the authentication request, which provides an authentication system that distributes the load between the authentication server at the center and the authentication acquisition device at the site, and facilitates location confirmation at the site. can do.
  • the authentication acquisition device including the imaging device generates a drive timing signal of the image sensor synchronized with the current time, and the drive timing signal includes the authentication encryption key information transmitted from the authentication device and the position measurement means.
  • a security marking signal is generated by superimposing the acquired current position information of the positioning target, and the image information output from the imaging device is recorded on a write-once recording medium as encrypted information including the security marking information.
  • a difference from each standard color component prepared in advance is calculated, and transmitted to the display subsystem together with the captured image signal as an input color data correction signal, At the time of reproduction, the display side subsystem must perform processing to exclude the received input color data correction signal as an error signal. This guarantees the trueness of color. As described above, it is possible to realize a secure security from photographing to recording.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Position Fixing By Use Of Radio Waves (AREA)
  • Studio Devices (AREA)

Abstract

An authentication system includes: an authentication acquisition device (digital camera (40)) for acquiring the current position data on the object-to-be-positioned received from electronic positioning means and the time data and generating unified data made from these data and an authentication encryption key received from an authentication device (authentication server (30)) when an authentication request is issued; and the authentication device (authentication server (30)) for acquiring the unified data from the authentication acquisition device (digital camera (40)) and performing authentication of the position information and the time information by using the authentication encryption key.

Description

明 細 書  Specification
認証システムおよび認証取得装置ならぴに認証方法 技術分野  Authentication system and certification acquisition device
本発明は、 G P S等、 電子的な位置測位手段によって得られる位置情報や時刻 情報を認証して各種アプリケーションに引き渡す、 認証システムおよび認証取得 装置ならびに認証方法に関する。 背景技術  The present invention relates to an authentication system, an authentication acquisition device, and an authentication method for authenticating position information and time information obtained by electronic position measurement means such as GPS and delivering the information to various applications. Background art
所在位置確認の対象となる物体等の現在位置を G P S (Global Positioning System) 等、 電子的な位置測位手段を介して取得し、 そのデータを公的に認証す る技術について、 従来から多数提案され、 出願されている。  There have been many proposals for technologies to acquire the current position of an object or the like whose location is to be confirmed via electronic positioning means such as GPS (Global Positioning System) and to publicly authenticate the data. , Has been filed.
例えば、 デジタルカメラやパソコン等の可搬性電子機器に関し、 G P Sから位 置と時刻情報を得、 これらをセンタへ送信し、 センタがコピーガードされた場所 と時間データを要求のあった電子機器へ送信する技術 (特開 2 0 0 1 - 3 3 5 3 7号公報) 、 入力した地点を特定する位置情報と時間情報を生成し、 認証情報と して入力データに付加すると共に、 認証局へ送信してデジタル署名を付加する技 術 (特開 2 0 0 1 - 1 0 0 6 3 2号公報) が知られている。  For example, for portable electronic devices such as digital cameras and personal computers, position and time information is obtained from GPS, and these are transmitted to the center, and the location and time data at which the center is copy-guarded are transmitted to the electronic device that requested it. Technology (Japanese Patent Laid-Open No. 2001-335357), generates position information and time information for specifying the input point, adds it to the input data as authentication information, and transmits it to the certificate authority. (Japanese Patent Laid-Open Publication No. 2001-106632) is known.
いずれもデータの客観性を確保することにより、 交通事故等の際の保険請求を はじめ、 警察、 消防等の現場検証に広く実施可能であり、 証拠としての証明力を 向上させるための手段として大きな効果が得られる。 しかしながら、 いずれも認 証局等のセンタ処理が中心であるため、 センタ負荷が大きく、 このため、 現場で の所在確認に時間を要していた。 また、 デジタルカメラによって撮影されたデジ タル画像は改竄が容易であり、 その保管の仕方によっては証拠能力に疑問が残り、 依然として客観性に乏しいものであった。  In each case, by ensuring the objectivity of the data, it can be widely applied to insurance claims in the event of a traffic accident, as well as on-site inspections of police and fire departments, etc., and is a great means for improving the proof power as evidence. The effect is obtained. However, in each case, the central processing of a certification authority or the like is the center, so the load on the center is large, and it takes time to confirm the location on site. In addition, digital images captured by digital cameras were easily tampered with, and the evidential ability remained questionable depending on how they were stored, and remained poorly objective.
従って本発明の第 1の課題は、 センタの認証装置と現場の認証取得端末間で適 当に負荷分散することにより、 現場での所在確認を容易とした、 認証システムお よび認証取得装置ならびに認証方法を提供することにある。 また、 本発明の第 2 の課題は、 デジタルカメラ等により撮影された画像についてもその真性を維持し、 撮影から記録まで一貫したセキュリティを実現する、 認証システムおよび認証取 得装置ならぴに認証方法を提供することにある。 発明の開示 Therefore, the first problem of the present invention is that the authentication between the center authentication device and the on-site authentication acquisition terminal is suitable. An object of the present invention is to provide an authentication system, an authentication acquisition device, and an authentication method that facilitate location confirmation on site by distributing the load. Further, a second object of the present invention is to provide an authentication system and an authentication acquisition device that maintain the authenticity of an image captured by a digital camera or the like and realize consistent security from shooting to recording. Is to provide. Disclosure of the invention
前記した課題を解決するために、 本発明の認証システムは、 認証取得装置が、 G P S等の電子的な位置測位手段から受信した測位対象の現在位置データ、 およ ぴ時刻データと、 認証要求発行時に認証装置から受信した認証暗号鍵とを一体化 したデータを生成する。 そしてこの一体化したデータを、 ネットワークを介して 接続される認証装置へ送信し、 認証装置が認証暗号化鍵を用 、て位置情報と時刻 情報の認証を行い、 認証要求のあつた認証取得装置へ返信する。  In order to solve the above-mentioned problems, an authentication system according to the present invention includes: an authentication acquisition device, comprising: a current position data of a positioning target received from electronic position positioning means such as a GPS; At times, it generates data integrating the authentication encryption key received from the authentication device. The integrated data is transmitted to an authentication device connected via a network, and the authentication device authenticates the location information and the time information using the authentication encryption key, and the authentication acquisition device that has issued the authentication request. Reply to
このことにより、 センタの認証サーバと現場の認証取得装置間で負荷が分散さ れ、 現場での所在確認を容易とした認証システムを提供することができる。  This makes it possible to provide an authentication system in which the load is distributed between the authentication server at the center and the authentication acquisition device at the site, and the location at the site can be easily confirmed.
また、 撮像装置を含む認証取得装置が、 現在時刻に同期した撮像素子の駆動タ ィミング信号を生成し、 当該駆動タイミング信号に、 認証装置から送信される認 証暗号鍵情報、 ならびに位置測位手段から取得した測位対象の現在位置情報を重 畳してセキュリティマーキング信号を生成する。 そして、 撮像装置から出力され る画像情報を、 セキュリティマーキング情報を含む暗号化情報として追記型記録 媒体に記録する。 このことにより、 デジタルカメラ等により撮影された画像につ いてもその真性を維持し、 撮影から記録まで一貫したセキュリティを実現するこ とができる。 図面の簡単な説明  Also, the authentication acquisition device including the imaging device generates a drive timing signal of the image sensor synchronized with the current time, and the drive timing signal includes the authentication encryption key information transmitted from the authentication device, and the position measurement means. The security marking signal is generated by superimposing the acquired current position information of the positioning target. Then, the image information output from the imaging device is recorded on the write-once recording medium as encrypted information including security marking information. This makes it possible to maintain the authenticity of images captured by digital cameras, etc., and realize consistent security from photography to recording. Brief Description of Drawings
第 1図は、 本発明の位置認証方法とその利用主体を説明するために引用した図 である。 FIG. 1 is a diagram cited for explaining the location authentication method of the present invention and its use subject. It is.
第 2図は、 本発明の認証システムの全体動作を説明するために引用した動作シ 一ケンス図である。  FIG. 2 is an operation sequence diagram cited for explaining the overall operation of the authentication system of the present invention.
第 3図は、 本発明の認証取得装置の動作を示すフローチヤ一トである。  FIG. 3 is a flowchart showing the operation of the authentication acquisition device of the present invention.
第 4図は、 本発明の認証システムの動作を示すフローチヤ一トである。  FIG. 4 is a flowchart showing the operation of the authentication system of the present invention.
第 5図は、 本発明の認証取得装置の内部構成を機能展開して示したプロック図 である。  FIG. 5 is a block diagram showing the internal configuration of the authentication acquisition device of the present invention in a functionally developed manner.
第 6図は、 本発明の認証システムの内部構成を機能展開して示したプロック図 である。  FIG. 6 is a block diagram showing the internal configuration of the authentication system of the present invention by developing its functions.
第 7図は、 本発明の認証取得装置の応用例を概念的に示した図である。  FIG. 7 is a diagram conceptually showing an application example of the authentication obtaining apparatus of the present invention.
第 8図は、 第 7図に示す画像真性処理部の内部構成を示すプロック図である。 第 9図は、 第 8図に示す画像真性処理部の動作を示すフローチヤ一トである。 第 1 0図は、 第 8図に示す画像真性処理部のうち、 色捕正処理に係わる部分を 抽出して示したプロック図である。  FIG. 8 is a block diagram showing an internal configuration of the image intrinsic processing unit shown in FIG. FIG. 9 is a flowchart showing the operation of the image intrinsic processing section shown in FIG. FIG. 10 is a block diagram in which a part related to the color correction processing is extracted and shown in the image intrinsic processing section shown in FIG.
発明を実施するための最良の形態 BEST MODE FOR CARRYING OUT THE INVENTION
以下、 本発明の実施形態について図面を参照しながら詳細に説明する。 第 1図 は、 本発明の位置認証方法とその利用主体を説明するために引用した図である。 第 1図において、 符号 1は G P S衛星であり、 3以上の G P S衛星 1から発せ られる電波を受信することにより三角測量の原理で距離を測定し、 緯度、 経度、 高度からなる現在位置情報ならびに標準時間を測定する電子的な測位手段として 用いられる。 なお、 電子的な測位手段としては、 他に、 F M (Frequency Modulation) 電波によるもの等で代替可能である。 また、 符号 2は認証要求者、 符号 3は所在位置認証サービス事業者であり、 それぞれ、 認証取得装置としての 認証取得端末 2 0、 認証装置としての認証サーバ 3 0を所持管理している。 認証 4 取得端末 2 0と認証サーバ 3 0とは、 図示せぬネットワークを介して接続されて いる。 Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram cited for explaining a location authentication method of the present invention and its use subject. In Fig. 1, reference numeral 1 denotes a GPS satellite, which measures the distance based on the principle of triangulation by receiving radio waves emitted from three or more GPS satellites 1, and obtains current position information including latitude, longitude, and altitude as well as a standard. Used as an electronic positioning means to measure time. In addition, as the electronic positioning means, other methods such as those using FM (Frequency Modulation) radio waves can be used. Reference numeral 2 denotes an authentication requester, and reference numeral 3 denotes a location authentication service provider, which owns and manages an authentication acquisition terminal 20 as an authentication acquisition device and an authentication server 30 as an authentication device, respectively. Authentication 4 The acquiring terminal 20 and the authentication server 30 are connected via a network (not shown).
前記したシステム構成において概略動作の流れを説明すれば以下のようになる。 すなわち、 認証取得端末 2 0は、 内蔵の G P Sレシーパにより G P Sデータ (緯 度、 経度、 高度、 時間) を受信すると共に、 認証サーバ 3 0に対して受信した G P Sデータの認証暗号鍵取得要求を発行する。 これを受けた認証サーバ 3 0は、 要求のあつた認証取得端末 2 0に対して認証暗号鍵情報を発行し、 認証取得端末 2 0は、 G P Sデータとこの認証暗号鍵情報とを一体化したパンドルデータを生 成して認証サーバ 3 0に対して認証要求を発行する。 認証サーバ 3 0は、 認証し た結果を認証取得端末 2 0に送信し、 これを受けた認証取得端末 2 0は、 認証デ ータのアプリケーションへの引渡しを行う。 このように、 認証取得端末 2 0と認 証サーバ 3 0との間で適度な負荷分散を行うことができ、 このため、 認証要求者 2は現場で迅速な回答結果を得ることができ、 認証サーバ 3 0の負担軽減がはか れる。 以下に詳細な説明を行う。  The general operation flow of the above system configuration will be described below. That is, the authentication acquiring terminal 20 receives the GPS data (latitude, longitude, altitude, time) by the built-in GPS receiver and issues a request for acquiring the authentication encryption key of the received GPS data to the authentication server 30. I do. Upon receiving this, the authentication server 30 issues authentication encryption key information to the requested authentication acquisition terminal 20. The authentication acquisition terminal 20 integrates the GPS data and the authentication encryption key information. It generates pandle data and issues an authentication request to the authentication server 30. The authentication server 30 transmits the result of the authentication to the authentication acquiring terminal 20. Upon receiving the result, the authentication acquiring terminal 20 delivers the authentication data to the application. In this way, an appropriate load distribution can be performed between the authentication acquisition terminal 20 and the authentication server 30. Therefore, the authentication requester 2 can obtain a quick response result at the site, and The load on server 30 is reduced. The details will be described below.
第 2図は、 本発明の認証システムの全体動作を説明するために引用した動作シ 一ケンス図である。 ここでは、 G P S衛星 1と認証取得端末 2 0と認証サーバ 3 0間の動作シーケンスが示されている。 まず、 認証取得端末 2 0は、 G P S衛星 1から電波を受信し、 測位処理を実施する (S 2 1…第 2図の矢印を修正します。 ) 。 なお、 G P S衛星 1からの電波は、 認証サーバ 3 0にも届けられ、 認証サーバ 3 0においても同様の処理が行なわれる (S 2 2 ) 。 続いて、 認証取得端末 2 0は、 認証サーバ 3 0にタイムスタンプの要求を発行し (S 2 3 ) 、 これを受信した認 証サーバ 3 0は、 同期用のタイムスタンプを送信する (S 2 4 ) 。 このタイムス タンプ受信と前後して認証取得端末 2 0は、 認証サーバ 3 0に対して認証暗号鍵 取得要求を発行しており (S 2 5 ) 、 測位データとタイムスタンプならびに受信 した認証喑号鍵情報をパンドルして認証要求を発行する (S 2 6、 S 2 7 ) 。 続 いて認証サーバ 3 0から認証結果が送信され、 認証取得端末 2 0は、 その認証デ ータをアプリケーションへ引き渡す。 FIG. 2 is an operation sequence diagram cited for explaining the overall operation of the authentication system of the present invention. Here, an operation sequence between the GPS satellite 1, the authentication acquisition terminal 20 and the authentication server 30 is shown. First, the certified terminal 20 receives a radio wave from the GPS satellite 1 and performs a positioning process (S21: correct the arrow in FIG. 2). The radio wave from the GPS satellite 1 is also delivered to the authentication server 30, and the same processing is performed in the authentication server 30 (S22). Subsequently, the authentication acquisition terminal 20 issues a timestamp request to the authentication server 30 (S23), and the authentication server 30 receiving the request sends a timestamp for synchronization (S2). Four ) . Before and after receiving the time stamp, the authentication acquisition terminal 20 issues an authentication encryption key acquisition request to the authentication server 30 (S25), and determines the positioning data, the time stamp, and the received authentication key. Issue the certification request by panning the information (S26, S27). Subsequently, the authentication result is transmitted from the authentication server 30 and the terminal 20 obtains the authentication data. Data to the application.
以下に具体的な実施形態について説明するが、 本発明の認証システムによれば、 処理負荷を認証取得端末 2 0に負担させる方法と、 認証サーバ 3 0に負担させる 方法の二通りある。 まず、 前者から説明する。 第 3図に、 その場合の認証取得端 末 2 0における動作の流れがフローチヤ一トで示されている。  Specific embodiments will be described below. According to the authentication system of the present invention, there are two methods, a method of causing the authentication acquisition terminal 20 to bear the processing load and a method of causing the authentication server 30 to bear the processing load. First, the former will be explained. FIG. 3 is a flowchart showing the flow of the operation in the authentication acquisition terminal 20 in that case.
(第 1の実施形態)  (First Embodiment)
第 3図において、 認証取得端末 2 0は、 最初に G P S衛星 1の電波を取り込み ( S 3 1 ) 、 測位処理を実行して、 緯度、 経度、 高度から成る認証取得端末 2 0 の現在位置情報を入手する (S 3 2 ) 。 そして、 認証サーバ 3 0から同期を取る ためのタイムスタンプを受信して認証暗号鍵の発行要求を送信する (S 3 3、 S 3 4 ) 。 続いて、 認証サーバ 3 0から認証暗号鍵の発行を待ち (S 3 5 ) 、 当該 受信した認証暗号鍵と、 測位データおよびタイムスタンプとのパンドルデータを 生成し、 認証サーバ 3 0へ送信する (S 3 6 ) 。 続いて、 認証サーバ 3 0からの 認証データの送信を待ち、 結果をアプリケーションへ引き渡す (S 3 7、 S 3 8 ) 。  In FIG. 3, the authentication terminal 20 first captures the radio wave of the GPS satellite 1 (S31), executes positioning processing, and obtains the current position information of the authentication terminal 20 consisting of latitude, longitude, and altitude. Get (S32). Then, it receives a time stamp for synchronization from the authentication server 30 and transmits a request for issuing an authentication encryption key (S33, S34). Subsequently, the system waits for the issuance of the authentication encryption key from the authentication server 30 (S35), generates the received authentication encryption key, and the pandora data of the positioning data and the time stamp, and transmits it to the authentication server 30 ( S36). Then, it waits for the authentication server 30 to send authentication data, and passes the result to the application (S37, S38).
前記した本実施形態によれば、 認証取得端末 2 0での端末処理が中心となるた め、 現場での所在確認が容易になる。 なお、 アプリケーションとして、 前記した 事故等の保険請求、 警察、 消防等の現場検証のほかに、 R F I D (Radio Frequency Identification) タグと組み合わせることによる危険物や貴重品の物流 トラッキング等が考えられる。  According to the above-described present embodiment, terminal processing in the authentication acquisition terminal 20 is mainly performed, so that location confirmation on the site is facilitated. As applications, in addition to the aforementioned insurance claims for accidents, police inspections, firefighting and other on-site inspections, logistics tracking of dangerous goods and valuables by combining with RFID (Radio Frequency Identification) tags can be considered.
具体的に、 危険物、 毒物、 可燃物、 放射性物質、 爆発物、 刀剣、 銃、 火気、 爆 薬、 汚染物質等に関する製造保管、 使用、 搬送に関する公的監督管理は、 現在複 数の法律と官公庁に跨り、また、 様式は個々に異なっており、 データ収蔵の形態も 異なっており、 一元管理がなされていない。 また、 現在における所在把握の方法 の多くは、 届出や報告書によるものであり、 電子化されておらず、 また、 リアル タイムにその所在が把握されていない。 このため、 例えば、 これら危険物、 ある 6 いはその容器に脱着不能な I Dタグを組み込み、 前記した測位認証管理と組み合 わせることで、 これらの所在位置データを取得し、 収蔵し、 求めに応じて認証デ ータとして提供することができる。 物的防護建屋に保管された危険物に関しても 同様、 RF I Dタグとの連携をはかり、 室内外で測位管理することによる輸送を 含む移動管理も可能である。 このことにより、 平時は勿論のこと、 大規模災害発 生時における危険物の所在の把握、 および所在位置に関する報告を自動的、 かつ、 正確に把握できる。 Specifically, public supervision and management of manufacturing, storage, use, and transport of dangerous goods, poisons, combustibles, radioactive materials, explosives, swords, guns, fire, explosives, and contaminants are currently covered by several laws and regulations. It covers government offices, has different formats, has different data storage formats, and is not centrally managed. In addition, many of the methods for determining whereabouts are currently based on reports and reports, are not digitized, and their locations are not known in real time. So, for example, these dangerous goods are 6 Incorporate a non-removable ID tag into the container and combine it with the above-mentioned positioning authentication management to acquire and store these location data, and provide it as authentication data when requested. be able to. Similarly, with regard to dangerous goods stored in the physical protection building, it is possible to cooperate with the RF ID tag and to perform mobility management including transport by positioning management indoors and outdoors. This makes it possible to automatically and accurately grasp the location of dangerous goods and report on the location of the hazardous material in the event of a large-scale disaster, as well as during normal times.
(第 2の実施形態)  (Second embodiment)
第 4図に、 認証サーバを中心に処理負荷を分担させる場合の動作の流れがフロ 一チャートで示されている。  FIG. 4 is a flowchart showing the flow of operation when the processing load is shared mainly by the authentication server.
第 4図において、 認証サーバ 30は、 まず、 認証取得端末 20から認証暗号鍵 取得要求を受信する (S 41) 。 このことにより、 認証サーバ 30は、 タイムス タンプに同期した認証用の連続暗号行列データ (認証暗号鍵情報) を生成し、 要 求のあつた認証取得端末 20へ送信する ( S 42 ) 。  In FIG. 4, the authentication server 30 first receives an authentication encryption key acquisition request from the authentication acquisition terminal 20 (S41). As a result, the authentication server 30 generates continuous encryption matrix data (authentication encryption key information) for authentication synchronized with the time stamp, and transmits it to the requested authentication acquisition terminal 20 (S42).
そして、 認証取得端末要求時刻データ、 ならびに認証取得端末 20による簡易 測位結果データを取り込み (S 43、 S 44) 、 自身が GP S衛星 1から取得し た信号に基づき測位演算を行って得られる測位データと比較して簡易測位結果の 確認を行う (S 45) 。 なお、 確認は、 以下に示す演算式 (測位方程式) を求め て得られる測位データに対し、 特定の関数によって生成される認証暗証鍵情報を 付加し、 当該認、証暗号鍵情報に基づき暗号化された測位演算データを、 共有する 関数を用いて復号化 (逆算) して得られる測位演算結果との比較により行われる。  Then, it captures the certification acquisition terminal request time data and the simplified positioning result data from the certification acquisition terminal 20 (S43, S44), and performs positioning calculation based on the signal obtained from the GPS satellite 1 by itself. The simple positioning result is confirmed by comparing it with the data (S45). The confirmation is performed by adding authentication password information generated by a specific function to the positioning data obtained by calculating the following arithmetic expression (positioning equation), and encrypting based on the authentication and authentication encryption key information. This is performed by comparing the calculated positioning data with the positioning calculation result obtained by decoding (back calculation) using the shared function.
[測位方程式]  [Positioning equation]
(Xi - Xu) 2+ (Y「YU) 2+ (Z ;-Zu) 2= (Ri - CBu) 2 (Xi-X u ) 2 + (Y `` Y U ) 2 + (Z ; -Z u ) 2 = (Ri-C Bu ) 2
但し、 i ( i = l, 2, 3, 4) :測位に使用する衛星、 Xi、 Yい Z 既 知の衛星位置、 Xu、 Yu、 Zu :未知の受信機位置、 Ri :既知の擬似距離 (受信 信号から計算される衛星—GP Sレシーバ間の実距離、 時計誤差、 伝播遅延、 受 信機雑音を含む。 このうち、 衛星時計誤差と伝播遅延は解く前に補正される) 、 C B u:受信機時計誤差。 However, i (i = l, 2 , 3, 4): satellites used for positioning, Xi, satellite position of Y have Z already known, X u, Y u, Z u: unknown receiver position, Ri: Known Pseudo distance (real distance between satellite and GPS receiver calculated from received signal, clock error, propagation delay, Includes transmitter noise. Among them, satellite clock error and propagation delay are corrected before solving), C Bu : receiver clock error.
続いて前記と同様の認証処理を実行し (S 4 6 ) 、 結果を追記型の記録媒体か ら成る認証アーカイブ 3 6に記録し (S 4 7 ) 、 同時に要求のあった認証取得端 末 2 0へ結果を送信する (S 4 8 ) 。  Subsequently, the same authentication processing as described above is executed (S46), and the result is recorded in an authentication archive 36 composed of a write-once recording medium (S47), and at the same time, the authentication acquisition terminal 2 which has been requested. The result is transmitted to 0 (S48).
本発明実施形態によれば、 認証サーバ 3 0が測位計算を行う分、 認証取得端末 2 0にかかる負担が軽減され、 また、 認証サーバ 3 0に認証データがアーカイブ されるため、 外部での改竄が困難であるといった効果が生じる。 なお、 認証取得 端末 2 0と認証サーバ 3 0間の通信は、 時刻同期化暗号鍵を用いたセキュア通信 プラットフォームを利用して行われる。  According to the embodiment of the present invention, since the authentication server 30 performs the positioning calculation, the burden on the authentication acquisition terminal 20 is reduced, and the authentication data is archived in the authentication server 30. Is difficult. The communication between the authentication acquisition terminal 20 and the authentication server 30 is performed using a secure communication platform using a time synchronization encryption key.
なお、 前記した本発明実施形態において、 真なる測定位置で真なる測位データ を取得したことを認証するためには、 取得したデータそのものの一つに可逆的に 真であることを証明できるデータが含まれている必要がある。 しかしながら、 受 信した通常の G P S信号には、 可逆的に唯一の真なる信号であるという証明がな されておらず、 このため、 本発明実施形態では、 認証サーバ 3 0から可逆的に真 なる信号であることが証明できる認証暗号鍵情報を認証取得端末 2 0に渡してい る。 但し、 これだけでは、 受信した G P S信号が全て真なる信号を受信している ことの証明にはならないため、 真なる位置で受信した全ての信号を復号化して認 証サーバ 3 0へ即時転送し、 逆算や検算等合理性を検証して真性を確保している。 また、 認証用信号である認証暗号鍵情報に時系列的な真性判定可能な配列 (認証 用の暗号行列データ) を持たせることや、 付与のための通信方法の中に認証位置 の合理性を検証できるような通過ルートの確認機能を付与する等の配慮も必要に なる。 更に、 合理性検証にかかわる関数については一定のものではなく、 認証サ ーバ 3 0や認証取得端末 2 0の双方で同期して動的に変化させる等の配慮も必要 である。  In the above-described embodiment of the present invention, in order to authenticate that true positioning data has been acquired at a true measurement position, one of the acquired data includes data that can be reversibly proved to be true. Must be included. However, the received normal GPS signal has not been proved to be the only true signal reversibly, and therefore, in the embodiment of the present invention, the true GPS signal is reversibly true from the authentication server 30. The authentication encryption key information that can be proved as a signal is passed to the authentication acquisition terminal 20. However, this alone does not prove that all the received GPS signals are receiving true signals, so that all signals received at the true position are decrypted and immediately transferred to the authentication server 30. It verifies rationality such as back calculation and check to ensure its authenticity. In addition, the authentication encryption key information, which is an authentication signal, is provided with an array (authentication encryption matrix data) that can determine the authenticity of the authentication in a time-series manner. Consideration must be given to providing a function to confirm the passage route that can be verified. Furthermore, the functions involved in the rationality verification are not fixed, and it is necessary to take into account that both the authentication server 30 and the authentication terminal 20 dynamically change in synchronization.
第 5図は、 前記した認証取得端末、 第 6図は、 認証サーバの内部構成を機能展 開して示したブロック図である。 Fig. 5 shows the above-mentioned authentication acquisition terminal, and Fig. 6 shows the internal configuration of the authentication server. It is the block diagram opened and shown.
第 5図において、 認証取得端末 2 0は、 G P Sデータ取込み部 2 1と、 認証喑 号鍵受信部 2 2と、 バンドルデータ生成部 2 3と、 位置認証結果受信部 2 4で構 成される。 G P Sデータ取込み部 2 1は、 G P S衛星 1から測位対象の現在位置 データ、 および時刻データを取り込み、 パンドルデータ生成部 2 3へ供給する。 バンドルデータ生成部 2 3には、 他に、 認証サーバ 3 0から送信される認証暗号 鍵情報が認証暗号鍵受信部 2 2を介して供給されており、 ここで、 これらデータ を一体化したバンドルデータ (測位データ +タイムスタンプ +認証暗号鍵情報) を生成し、 位置認証結果受信部 2 4を起動する。  In FIG. 5, the authentication acquisition terminal 20 includes a GPS data acquisition unit 21, an authentication signal key reception unit 22, a bundle data generation unit 23, and a location authentication result reception unit 24. . The GPS data acquisition unit 21 acquires the current position data and time data of the positioning target from the GPS satellite 1 and supplies them to the pandle data generation unit 23. The bundle data generation unit 23 is supplied with the authentication encryption key information transmitted from the authentication server 30 via the authentication encryption key reception unit 22. Here, a bundle integrating these data is provided. Generates data (positioning data + time stamp + authentication encryption key information) and starts the position authentication result receiver 24.
一方、 認証サーバ 3 0は、 認証取得端末 2 0から前記したパンドルデータを取 得し、 自身が生成した認証暗号化鍵情報 (認証用連続暗号行列データ) を用いて 位置情報と時刻情報の認証を行い、 要求のあった認証取得端末 2 0へ送信する。 位置認証結果受信部 2 4は、 認証サーバ 3 0から位置認証の結果を受信してアブ リケーシヨンへ引き渡す。  On the other hand, the authentication server 30 obtains the above-mentioned pandle data from the authentication acquiring terminal 20 and authenticates the position information and the time information using the authentication encryption key information (continuous encryption matrix data for authentication) generated by itself. And sends it to the requested authentication terminal 20. The location authentication result receiving unit 24 receives the result of the location authentication from the authentication server 30 and delivers the result to the application.
第 6図において、 認証サーバ 3 0は、 G P Sデータ取込み部 3 1と、 認証要求 受信部 3 2と、 簡易測位結果受信部 3 3と、 認証暗号鍵生成送信部 3 4と、 測位 処理部 3 5と、 認証アーカイブ 3 6と、 認証結果送信部 3 7で構成される。  In FIG. 6, the authentication server 30 includes a GPS data acquisition unit 31, an authentication request reception unit 32, a simple positioning result reception unit 33, an authentication encryption key generation transmission unit 34, and a positioning processing unit 3. 5, an authentication archive 36, and an authentication result transmitting unit 37.
G P Sデータ取込み部 3 1は、 G P S衛星 1から測位対象の現在位置データ、 および時刻データを取り込み、 測位処理部 3 5へ供給する。 測位処理部 3 5へは、 他に、 簡易測位結果受信部 3 3からの出力、 ならびに認証暗号鍵生成送信部 3 4 からの出力が供給されている。 簡易測位結果受信部 3 3は、 認証取得端末 2 0に より生成される簡易測位演算 (G P Sデータ、 時刻データ、 認証暗号鍵情報に基 づく) の結果を受信し、 認証暗号鍵生成送信部 3 4は、 認証取得端末 2 0から認 証要求を、 認証要求受信部 3 2を介して受信したときに G P S衛星 1から受信し た時刻データに基づく現在時刻に同期した認証暗号鍵情報を生成する。  The GPS data acquisition unit 31 acquires the current position data and time data of the positioning target from the GPS satellite 1 and supplies them to the positioning processing unit 35. In addition, the output from the simplified positioning result receiving unit 33 and the output from the authentication encryption key generation transmitting unit 34 are supplied to the positioning processing unit 35. The simple positioning result receiving unit 3 3 receives the result of the simple positioning calculation (based on GPS data, time data, and authentication encryption key information) generated by the authentication acquisition terminal 20, and generates the authentication encryption key generation transmission unit 3. 4 generates authentication encryption key information synchronized with the current time based on the time data received from the GPS satellite 1 when the authentication request is received from the authentication acquisition terminal 20 via the authentication request receiving unit 32. .
測位処理部 3 5は、 認証取得端末 2 0からの認証要求と同時に発せられる認証 JP2004/006222 The positioning processing unit 35 performs the authentication issued simultaneously with the authentication request from the authentication acquisition terminal 20. JP2004 / 006222
9 暗号鍵取得要求に基づき、 G P Sデータ取込み部 3 1を介して取り込まれる測位 対象の現在位置データを、 先に生成した認証暗号鍵情報を用いて認証し、 認証取 得端末 2 0から送信される簡易測位の結果を確認する。 そして、 その結果を追記 型の記録媒体で構成される認証アーカイブ 3 6へ記録すると共に、 認証結果送信 部 3 7を介して要求のあった認証取得端末 2 0へ送信して回答する。 9 Based on the encryption key acquisition request, the current position data of the positioning target captured via the GPS data capturing unit 31 is authenticated using the authentication encryption key information generated earlier, and transmitted from the authentication acquisition terminal 20. Check the result of simple positioning. Then, the result is recorded in the authentication archive 36 constituted by a write-once type recording medium, and is transmitted to the requesting authentication terminal 20 via the authentication result transmitting unit 37 to reply.
(第 3の実施形態)  (Third embodiment)
第 7図は、 本発明の認証システムを撮像装置 (例えば、 デジタルカメラ) に応 用した場合の動作概念図を示す。  FIG. 7 shows a conceptual diagram of an operation when the authentication system of the present invention is applied to an imaging device (for example, a digital camera).
ここでは、 デジタルカメラ 4 0が本発明の認証取得端末 2 0として動作する。 デジタルカメラ 4 0は、 通信モジュール 4 9を介して所在 ·位置認証サービス事 業者 3の認証サーバ 3 0に接続される。 ここでは、 前記した所在 ·位置認証の他 に、 映像 ·データ保管、 時刻認証も行われる。  Here, the digital camera 40 operates as the authentication acquisition terminal 20 of the present invention. The digital camera 40 is connected to the authentication server 30 of the location / location authentication service company 3 via the communication module 49. Here, in addition to the location / location authentication described above, video / data storage and time authentication are also performed.
デジタルカメラ 4 0は、 図示せぬカメラ本体部の他に、 0 ? 3衛星1から0 Sレシーバ 4 1を介して得られる測位入力 (F M電波によるデフアレンシャル入 力も含む) 、 方位ジャイロ 4 2、 地磁気センサ 4 3による方位入力、 温度、 気圧、 湿度等、 環境センサ 4 4による周辺環境データ入力、 指紋等の生体情報入力によ る操作者 I D確認部 4 5、 ならびにタグリーダ部 4 6を入力デバィスとして備え ている。 第 7図において、 操作者 I D確認部 4 5の下の大きな 2重丸は、 指紋セ ンサといったいような操作者 I D確認部 4 5の受け台である。 (…第 7図の符号 4 5 の位置を修正します) これら入力データは、 制御中枢となる C P U 4 7 (ここでは、 画像真性処理部) に提供され、 処理される。  In addition to the camera body (not shown), the digital camera 40 includes a positioning input (including a differential input by FM radio waves) obtained from the 0-3 satellite 1 via the 0S receiver 41, a azimuth gyro 4 2 , Input of direction by geomagnetic sensor 43, input of ambient environment data by environment sensor 44 such as temperature, barometric pressure and humidity, input of operator ID confirmation part 45 by input of biological information such as fingerprint, and input of tag reader part 46 It is provided as a device. In FIG. 7, a large double circle below the operator ID confirmation section 45 is a cradle for the operator ID confirmation section 45 such as a fingerprint sensor. (… Correct the position of reference numeral 45 in Fig. 7.) These input data are provided to the control center CPU 47 (here, the image intrinsic processing unit) and processed.
なお、 撮影データは、 これら入力データと関連付けられて暗号化され、 デジタ ルカメラ 4 0に内蔵された追記型の記録媒体 4 8 (以下、 暗号化記録メディア) に記録される。 また、 認証サーバ 3 0の追記型記録媒体 3 6 (認証アーカイブ) にも同様に記録される。  Note that the photographing data is encrypted in association with the input data and recorded on a write-once recording medium 48 (hereinafter referred to as an encrypted recording medium) built in the digital camera 40. Also, it is similarly recorded on the write-once recording medium 36 (authentication archive) of the authentication server 30.
ところで、 現場の状況記録のための写真撮影は、 工事前後、 あるいは交通事故 P T/JP2004/006222 By the way, photography for recording the situation at the site is done before or after PT / JP2004 / 006222
10 等の際の保険請求をはじめ、 警察、 および消防の現場検証等で広く実施されてい る。 ここでは、 これらの映像記録において、 撮影された日時とともに、 撮影され た方向、 場所を同時に真性映像データとして記録し、 収蔵する。 また。 要求に応 じて真性映像データを再現し、 提供するまでの一貫したシステムを提供するもの である。 It is widely used for insurance claims in the case of 10 mag, as well as on-site inspections of police and fire departments. Here, in these video recordings, the shooting date and time, and the shooting direction and location are simultaneously recorded as intrinsic video data and stored. Also. It provides a consistent system from reproducing intrinsic video data to providing it on demand.
このとき、 撮影された映像データは、 撮像素子 (以下、 イメージセンサとレ、 う) の光 Z電気変換以降の処理は改竄不可能なものであることが必須とされ、 映 像データは、 先の入力データと共に、 デジタルカメラ 4 0ならびに認証サーバ 3 At this time, it is essential that the captured video data be tamper-proof after the optical-Z electrical conversion of the image sensor (hereinafter referred to as an image sensor). With digital camera 40 and authentication server 3
0の認証アーカイブ 3 6等の複数の追記型記録媒体に同時に収蔵される。 また、 接続される通信回線については高セキュア性を有するものとする。 更に、 センタ 側の認証アーカイブ 3 6については、 必要な立ち入り管理が行なわれ、 改竄防止 機能、 および物理的防護機能を持つこととする。 Stored in multiple write-once recording media such as 0 certification archives 36 at the same time. Also, the communication line to be connected shall have high security. In addition, the center's authentication archive 36 must have necessary access control and have a falsification prevention function and a physical protection function.
第 8図に、 映像の真性を確保し、 認証可能な映像を保存するために必須となる 画像真性処理部の構成例が、 第 9図に、 その処理手順がフローチャートで示され ている。  Fig. 8 shows an example of the configuration of the image authenticity processing unit that is essential to secure the authenticity of the video and store the authenticable video. Fig. 9 is a flowchart showing the processing procedure.
第 8図において、 符号 4 7 2は、 C C D (Charge Coupled Device) 等により構 成されるイメージセンサ部であり、 イメージセンサ駆動タイミング部 4 7 1によ り生成されるタイミング信号により駆動される (S 9 1 ) 。 また、 セキュリティ マーキング生成部 4 8 3は、 認証暗号鍵受信部 4 7 6を介して取り込まれる認証 サーバ 3 0によつて生成された認証喑号鍵情報、 ならびに、 外部信号受信部 4 7 3、 同期時刻受信部 4 7 4、 位置認証処理部 4 7 5を介して得られる、 それぞれ 時刻情報と現在位置情報を重畳してセキユリティマーキング信号を生成してセキ ユリティマーキング処理部 4 8 5へ供給する (S 9 2 ) 。 セキュリティマーキン グ処理部 4 8 5には、 他に、 前記した駆動タイミング信号、 A/D処理部 4 8 2 を介して入力されるイメージセンサ出力信号が供給されており、 ここでセキユリ ティマーキング信号と合成され、 映像生成基礎データとして出力バッフ 4 8 4を 経由してカメラ信号処理部 489へ供給される (S 93) 。 In FIG. 8, reference numeral 472 denotes an image sensor unit configured by a CCD (Charge Coupled Device) or the like, which is driven by a timing signal generated by the image sensor drive timing unit 471 ( S91). In addition, the security marking generation unit 483 includes the authentication code key information generated by the authentication server 30 fetched through the authentication encryption key reception unit 476, and the external signal reception unit 473, A security marking signal is generated by superimposing the time information and the current position information, which are obtained via the synchronization time receiving section 474 and the position authentication processing section 475, to the security marking processing section 485. Supply (S92). The security marking processing section 485 is also supplied with the above-described drive timing signal and the image sensor output signal input via the A / D processing section 482, where the security marking signal is supplied. And the output buffer 4 8 4 as video generation basic data The signal is supplied to the camera signal processing unit 489 via (S93).
カメラ信号処理部 489は、 前記映像生成基礎データをカメラ入 信号として 処理を行い、 セキュリティマーキング信号を含む映像暗号化データを生成して出 力する。 この映像暗号化データは、 セキュア回線 487を介して認証サーバ 30 の認証アーカイブ (追記型記録媒体 36) へリアルタイムに伝送され、 記録され る。 このとき、 必要に応じて、 同期時刻スタンプ (同期時刻受信部 474) 、 測 位位置データ (位置認証処理部 475) 、 周囲環境センサデータ (各種センサ 4 41、 442) 、 操作者 ID (操作者 I D受信部 477) をリンクして記録して も良い。 なお、 前記した各信号、 同期時刻スタンプ信号 (同期時刻受信部 47 4) 、 測位位置信号 (位置認証処理部 475) 、 周囲環境センサデータ (各種セ ンサ 441、 442) 、 操作者 I Dデータ (操作者 I D受信部 477 ) は、 全て 受信した時点で映像信号と共に、 暗号化記録メディア 48にも記録される (S 9 4) 。  The camera signal processing unit 489 processes the video generation basic data as a camera input signal, and generates and outputs video encrypted data including a security marking signal. The encrypted video data is transmitted in real time to the authentication archive (write-once recording medium 36) of the authentication server 30 via the secure line 487 and recorded. At this time, if necessary, the synchronization time stamp (synchronization time receiving unit 474), positioning position data (position authentication processing unit 475), ambient environment sensor data (various sensors 441, 442), operator ID (operator ID) The ID receiving unit 477) may be linked and recorded. The above-mentioned signals, the synchronization time stamp signal (synchronization time receiving section 474), the positioning position signal (position authentication processing section 475), the ambient environment sensor data (various sensors 441 and 442), the operator ID data (operation The user ID receiving section 477) is recorded on the encrypted recording medium 48 together with the video signal at the time of receiving all (S94).
このように、 認証情報を同時に異なつた記録媒体へ異なつた形式で記録するこ とにより、 複数記録媒体に跨って異なる形式の映像データを同時に改竄しない限 り目的を持った第三者による故意の改竄は不可能になる。  In this way, by simultaneously recording authentication information in different formats on different recording media, intentional third parties with the purpose can intentionally modify the video data in different formats across multiple recording media at the same time. Tampering becomes impossible.
また、 この映像暗号化データを再生するには (S 95) 、 セキュリティマーキ ング信号によって駆動される復調アルゴリズムを用いて映像以外の付与データを 含む信号から真の映像データを抽出する必要がある (S 96) 。  In addition, in order to reproduce the video encrypted data (S95), it is necessary to extract true video data from a signal including additional data other than video using a demodulation algorithm driven by a security marking signal ( S 96).
なお、 前記した本発明実施形態によれば、 イメージセンサによる光/電気信号 変換タイミング以降を改竄不可能なものとする処理について述べたが、 露光調節 等、 光/電気信号変換の前段階にある光学的な入力を制限する機械式または電気 式シャッターの起動タイミングについても同様に考慮する必要がある。 例えば、 デジタルカメラであっても、 CCD (光/電気変換素子) といったようなィメー ジセンサ部 472の前に光学的な入力を制限 (露光調節) するための機械式また は電子式シャッターが存在するものがある。 これが存在する理由は高速で動く被 写体を撮影する際の光 Z電気変換素子の O N/O F Fによるシャッターよりも、 機械式または電子式シャッターの方が低コストなことや電子的な回路の煩雑さが 解消され、 従来の写真技術的な操作 (絞り Xシャッタースピード X焦点) が可能 であるからといわれている。 このように、 光/電気変換素子の O NZO F Fによ るシャッターの場合でも、 機械式または電子式シャッターの場合でも本発明を適 用でき、 タイミングは適宜設定できるものとする。 なお、 シャッター速度 (スリ ットなどの移動速度) を考慮して、 時刻を設定することもできる。 According to the above-described embodiment of the present invention, the processing for making it impossible to falsify after the light / electric signal conversion timing by the image sensor has been described. However, it is in a stage before the light / electric signal conversion such as exposure adjustment. The timing of starting mechanical or electrical shutters that limit optical input must be considered as well. For example, even in the case of a digital camera, there is a mechanical or electronic shutter for limiting an optical input (exposure adjustment) in front of an image sensor unit 472 such as a CCD (optical / electrical conversion element). There is something. This is because fast moving The mechanical or electronic shutter is lower in cost and the electronic circuitry is less complicated than the shutter by ON / OFF of the optical Z-electric conversion element when shooting a photo object. It is said that it is possible to perform a simple operation (aperture X shutter speed X focus). As described above, the present invention can be applied to a shutter using an ON / OFF conversion of an optical / electrical conversion element and a mechanical or electronic shutter, and the timing can be appropriately set. The time can be set in consideration of the shutter speed (moving speed of the slit, etc.).
また、 より高度なセキュリティ応用力メラにおいては、 光入力をハーフミラー 等により二重系により処理を行い、 個別に暗号化記録メディア 4 8に (データ収 蔵アーカイブ) に同時に登録することが考えられる。 更に、 色彩平準化のために、 送受信側で同じ基準に基づいた補正色彩が再現できる相互誤差差分捕正処理を行 うこともできる (S 9 7 ) 。  In the case of advanced security applications, it is conceivable that the optical input is processed by a duplex system using a half mirror or the like, and individually registered in the encrypted recording media 48 (data storage archive) at the same time. . Further, for color leveling, a mutual error difference correction process capable of reproducing a corrected color based on the same criterion can be performed on the transmitting and receiving sides (S97).
以下、 前記した相互誤差差分捕正処理について説明する。 第 1 0図は、 相互誤 差差分捕正処理を汎用的に説明するために引用した図であり、 送受信側として、 撮影側サブシステム 1 0 0と表示側サブシステム 2 0 0を例示している。  Hereinafter, the above-described mutual error difference correction processing will be described. FIG. 10 is a diagram cited for the purpose of general description of the mutual error difference correction processing. As the transmitting and receiving sides, the photographing subsystem 100 and the display subsystem 200 are exemplified. I have.
撮影側サブシステム 1 0 0に前記したデジタルカメラ 4 0の要部構成が示され ている。 なお、 第 1 0図中、 第 8図と同一番号が付されたブロックは、 第 8図に 示すそれと同じとする。  The main part configuration of the digital camera 40 described above is shown in the photographing subsystem 100. In FIG. 10, blocks denoted by the same reference numerals as those in FIG. 8 are the same as those shown in FIG.
ネットワークを介して送受信される色彩情報は、 個々の表示装置の色彩表現誤 差により、 若干異なって表現される。 ここでは、 ある標準に対して色彩表現誤差 の無いデータをやりとりすることにより、 真なる色彩ではないもののシステムの 両端にある送受信側のマンマシンインタフェース上での誤差を最小とすることで 色彩を含むデータの流通を目的としている。  The color information transmitted and received via the network is expressed slightly differently due to the color expression error of each display device. Here, by exchanging data without color representation error with a certain standard, the color is included by minimizing the error on the transmitting and receiving man-machine interfaces at both ends of the system, although it is not true color. It is intended for data distribution.
具体的に、 標準色彩テンプレート (T P ) を用意し、 標準テンプレート色彩デ ータ生成部 5 0 1により生成された撮影画像のそれぞれの標準色成分について生 成出力する。 標準色彩差分処理部 5 0 2は、 撮影画像の色成分と、 それぞれの標 準色成分との差分を演算し、 入力色彩データ補正信号を生成し、 撮影された映像 信号と共に表示側サブシステム 2 0 0へ送信する。 表示側サブシステム 2 0 0で は、 再現時、 受信した入力色彩データ補正信号 (差分信号) を誤差信号として除 外するための演算を行い、 表示する。 このことにより、 真なる色彩ではないもの の、 システムの両端にある送受信側のマンマシンインタフェース上での色彩誤差 を最小とすることができる。 ' Specifically, a standard color template (TP) is prepared, and each standard color component of the captured image generated by the standard template color data generation unit 501 is generated and output. The standard color difference processing unit 502 is used to determine the color components of the captured image and the respective The difference from the quasi-color component is calculated, an input color data correction signal is generated, and the input color data correction signal is transmitted to the display-side subsystem 200 together with the captured video signal. The display-side subsystem 200 performs calculations for excluding the received input color data correction signal (difference signal) as an error signal at the time of reproduction, and displays the result. Although this is not true color, it is possible to minimize the color error on the transmitting and receiving man-machine interfaces at both ends of the system. '
以上説明のように本発明は、 認証取得装置が、 G P S等の電子的な位置測位手 段から受信した測位対象の現在位置データ、 および時刻データと、 認証要求発行 時に認証装置から受信した認証暗号鍵とを一体化したデータを生成し、 この一体 化したデータを、 ネットワークを介して接続される認証装置へ送信し、 認証装置 が認証暗号化鍵を用いて位置情報と時刻情報の認証を行い、 認証要求のあつた認 証取得装置へ返信するものであり、 このことにより、 センタの認証サーバと現場 の認証取得装置間で負荷分散され、 現場での所在確認を容易とした認証システム を提供することができる。  As described above, according to the present invention, the authentication acquisition device is configured such that the current position data and the time data of the positioning target received from the electronic position positioning device such as the GPS, and the authentication encryption code received from the authentication device when the authentication request is issued. Generates data that integrates a key and sends this integrated data to an authentication device connected via a network, and the authentication device authenticates location information and time information using an authentication encryption key. This is a response to the authentication acquisition device that issued the authentication request, which provides an authentication system that distributes the load between the authentication server at the center and the authentication acquisition device at the site, and facilitates location confirmation at the site. can do.
また、 撮像装置を含む認証取得装置が、 現在時刻に同期した撮像素子の駆動タ イミング信号を生成し、 当該駆動タイミング信号に、 認証装置から送信される認 証暗号鍵情報、 ならびに位置測位手段から取得した測位対象の現在位置情報を重 畳してセキュリティマーキング信号を生成し、 撮像装置から出力される画像情報 を、 セキュリティマーキング情報を含む暗号化情報として追記型の記録媒体に記 録することで、 デジタルカメラ等により撮影された画像についてもその真性を維 持するものである。 撮影から記録まで一貫したセキュリティを実現するものであ る。  Also, the authentication acquisition device including the imaging device generates a drive timing signal of the image sensor synchronized with the current time, and the drive timing signal includes the authentication encryption key information transmitted from the authentication device and the position measurement means. A security marking signal is generated by superimposing the acquired current position information of the positioning target, and the image information output from the imaging device is recorded on a write-once recording medium as encrypted information including the security marking information. However, the true nature of images taken by digital cameras and the like is maintained. It provides consistent security from shooting to recording.
更に、 撮影画像のそれぞれの標準色成分について、 あらかじめ用意されたそれ ぞれの標準色成分との差分を演算し、 入力色彩データ補正信号として撮影された 映像信号と共に表示側サブシステムへ送信し、 表示側サブシステムでは、 再現時、 受信した入力色彩データ補正信号を誤差信号として除外するための処理を行うこ とで色彩の真性を担保するものである。 以上により、 撮影から記録まで—貫した セキユリテ.ィを実現することができる。 Further, for each standard color component of the photographed image, a difference from each standard color component prepared in advance is calculated, and transmitted to the display subsystem together with the captured image signal as an input color data correction signal, At the time of reproduction, the display side subsystem must perform processing to exclude the received input color data correction signal as an error signal. This guarantees the trueness of color. As described above, it is possible to realize a secure security from photographing to recording.

Claims

請求の範囲 The scope of the claims
1 . 測位対象の位置認証を行う認証装置と、 前記認証装置とはネットワークを介 して接続される認証取得装置から成る認証システムであって、 1. An authentication device for performing position authentication of a positioning target, and the authentication device is an authentication system including an authentication acquisition device connected via a network,
電子的な位置測位手段から受信した前記測位対象の現在位置データ、 および時 刻データを取り込み、 これらデータと、 認証要求発行時、 前記認証装置から受信 した認証暗号鍵とを一体化したデータを生成する前記認証取得装置と、  Captures the current position data and time data of the positioning target received from the electronic position positioning means, and generates data integrating these data with the authentication encryption key received from the authentication device when issuing an authentication request. Said certification acquisition device,
前記認証取得装置から前記一体化したデータを取得し、 前記認証暗号化鍵を用 いて前記位置情報と時刻情報の認証を行う前記認証装置と、  An authentication device that acquires the integrated data from the authentication acquisition device, and authenticates the position information and the time information using the authentication encryption key;
を具備することを特徴とする認証システム。  An authentication system comprising:
2 . 請求項 1に記載の認証システムにおいて、 前記認証装置は、  2. The authentication system according to claim 1, wherein the authentication device comprises:
前記認証取得装置からの認証要求を受信し、 前記電子的な位置測位手段から受 信した時刻データに基づく現在時刻に同期した認証暗号鍵を生成し返信する手段 と、  Means for receiving an authentication request from the authentication acquisition device, generating and returning an authentication encryption key synchronized with the current time based on the time data received from the electronic position positioning means,
前記認証取得装置からの前記認証要求と同時に発せられる認証暗号鍵取得要求 に基づき、 前記電子的な位置測位手段から取り込まれる測位対象の現在位置デー タを、 前記生成した認証暗号鍵を用いて認証し、 前記認証取得装置から送信され る簡易測位の結果を確認する手段とを具備することを特徴とする。  Based on an authentication encryption key acquisition request issued at the same time as the authentication request from the authentication acquisition device, the current position data of the positioning target fetched from the electronic position positioning means is authenticated using the generated authentication encryption key. And a means for confirming the result of the simple positioning transmitted from the authentication acquisition device.
3 . 請求項 1に記載の認証システムにおいて、 前記認証装置は、  3. The authentication system according to claim 1, wherein the authentication device comprises:
測位演算式を計算して得られる測位データに対して特定の関数によって生成さ れる認証暗証鍵を付加して暗号化した測位データを生成する手段と、 前記暗号化 された測位演算データを、 前記関数を用いて復号化して前記測位演算結果を得る 手段を具備することを特徴とする。  Means for generating an encrypted positioning data by adding an authentication password generated by a specific function to the positioning data obtained by calculating the positioning operation expression; and Means for obtaining the positioning operation result by decoding using a function.
4 . 測位対象を含む撮影画像の認証を行う認証装置とはネットワークを介して接 続される撮像装置を備えた認証取得装置であって、  4. An authentication device that performs authentication of a captured image including a positioning target is an authentication acquisition device including an imaging device connected via a network,
現在時刻に同期した撮像素子の駆動タイミング信号を生成し、 当該駆動タイミ ング信号に、 前記認証装置から送信される認証暗号鍵情報、 ならびに前記位置測 位手段から取得した測位対象の現在位置情報を重畳してセキュリティマーキング 信号を生成する手段と、 A drive timing signal for the image sensor synchronized with the current time is generated, and the drive timing Means for generating a security marking signal by superimposing authentication encryption key information transmitted from the authentication device, and current position information of a positioning target obtained from the position positioning means,
前記撮像装置から出力される画像情報を、 前記セキュリティマーキング情報を 含む暗号化情報として追記型の記録媒体に記録する手段と、  Means for recording image information output from the imaging device as encryption information including the security marking information on a write-once recording medium,
を具備することを特徴とする認証取得装置。  An authentication acquisition device comprising:
5 . 請求項 4に記載の認証取得装置であって、  5. The authentication acquisition device according to claim 4, wherein
前記撮影画像のそれぞれの色成分について、 それぞれの標準色成分との差分を 演算し、 再現時、 前記差分を誤差信号として除外する手段を具備することを特徴 とする。  It is characterized in that it comprises means for calculating a difference between each color component of the photographed image and each standard color component, and excluding the difference as an error signal at the time of reproduction.
6 . 請求項 4に記載の認証取得装置であって、  6. The certification acquisition device according to claim 4, wherein
光入力を分光し、 それぞれから得られる撮影画像に前記セキュリティマーキン グ情報ならぴに現在位置情報を重畳してセキュリティマーキング信号を生成し、 それぞれに用意される追記型の記録媒体に記録することを特徴とする。  It is assumed that the light input is spectrally separated, the security marking information is superimposed on the captured image obtained from each of them, and the current position information is superimposed to generate a security marking signal, and the security marking signal is recorded on the write-once recording medium prepared for each. Features.
7 . 請求項 4に記載の認証取得装置であって、  7. The certification acquisition device according to claim 4, wherein
撮影者固有の生体情報を取得して得られる撮影者情報、 撮影方位情報を含む前 記現在位置情報、 環境情報の少なくとも一つを前記セキュリティマーキング信号 と関連付けて前記追記型の記録媒体に記録することを特徴とする。  At least one of photographer information obtained by acquiring biometric information unique to a photographer, current position information including photographing direction information, and environmental information is recorded on the write-once recording medium in association with the security marking signal. It is characterized by the following.
8 . 認証取得装置とネットワークを介して接続される認証装置が測位対象の位置 認証を行う認証方法であって、  8. An authentication method in which an authentication device connected to the authentication acquisition device via a network performs position authentication of a positioning target,
前記認証取得装置が電子的な位置測位手段から受信した前記測位対象の現在位 置データ、 および時刻データを取得するステップと、  A step in which the authentication acquisition device acquires current position data and time data of the positioning target received from electronic position positioning means;
前記取得した各データと、 認証要求発行時に前記認証装置から受信した認証暗 号鍵とを一体化したデータを生成し、 前記認証装置へ送信するステツプと、 前記一体化したデータを受信した認証装置が前記認証暗号化鍵を用いて前記位 置情報と時刻情報の認証を行うステップと、 を有することを特徴とする認証方法。 A step of generating data in which the acquired data and an authentication encryption key received from the authentication device at the time of issuing the authentication request are integrated, and transmitting the integrated data to the authentication device; and an authentication device receiving the integrated data. Performing authentication of the position information and the time information using the authentication encryption key, An authentication method, comprising:
PCT/JP2004/006222 2004-04-28 2004-04-28 Authentication system, authentication acquisition device, and authentication method WO2005107147A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2004/006222 WO2005107147A1 (en) 2004-04-28 2004-04-28 Authentication system, authentication acquisition device, and authentication method
PCT/JP2005/008247 WO2005107148A1 (en) 2004-04-28 2005-04-28 Authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2004/006222 WO2005107147A1 (en) 2004-04-28 2004-04-28 Authentication system, authentication acquisition device, and authentication method

Publications (1)

Publication Number Publication Date
WO2005107147A1 true WO2005107147A1 (en) 2005-11-10

Family

ID=35242009

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/JP2004/006222 WO2005107147A1 (en) 2004-04-28 2004-04-28 Authentication system, authentication acquisition device, and authentication method
PCT/JP2005/008247 WO2005107148A1 (en) 2004-04-28 2005-04-28 Authentication system

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/008247 WO2005107148A1 (en) 2004-04-28 2005-04-28 Authentication system

Country Status (1)

Country Link
WO (2) WO2005107147A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8730559B2 (en) 2005-11-25 2014-05-20 Fuji Xerox Co., Ltd. Multicolor display optical composition, optical device, and display method of optical device

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007165973A (en) * 2005-12-09 2007-06-28 Furuno Electric Co Ltd Verifying data generating device and authenticating data generating device
EP2397868A1 (en) * 2010-06-15 2011-12-21 The European Union, represented by the European Commission Method of providing an authenticable time-and-location indication
JP5667967B2 (en) * 2011-12-20 2015-02-12 株式会社 日立産業制御ソリューションズ Location information authentication system and location information authentication method
CN108449563B (en) * 2018-02-01 2020-07-10 厦门星宸科技有限公司 Method and system for encrypting and decrypting audio and video

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6376687A (en) * 1986-09-19 1988-04-06 Canon Inc Adaptation type difference encoding system
JPH01100586A (en) * 1987-10-13 1989-04-18 Nec Corp Key generator
JP2000050193A (en) * 1998-07-27 2000-02-18 Fuji Photo Film Co Ltd Method and device for generating digital image and storage medium
JP2001033537A (en) * 1999-07-23 2001-02-09 Nec Corp Position certification system and electronic apparatus employed the system
JP2003157241A (en) * 2001-11-22 2003-05-30 Fuji Photo Film Co Ltd Position certification device, time certification device, position authentication device, time authentication device, position authentication system, and program

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4000412B2 (en) * 1998-09-17 2007-10-31 富士フイルム株式会社 Electronic camera and data verification method
JP2002218389A (en) * 2001-01-23 2002-08-02 Olympus Optical Co Ltd Electronic camera

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6376687A (en) * 1986-09-19 1988-04-06 Canon Inc Adaptation type difference encoding system
JPH01100586A (en) * 1987-10-13 1989-04-18 Nec Corp Key generator
JP2000050193A (en) * 1998-07-27 2000-02-18 Fuji Photo Film Co Ltd Method and device for generating digital image and storage medium
JP2001033537A (en) * 1999-07-23 2001-02-09 Nec Corp Position certification system and electronic apparatus employed the system
JP2003157241A (en) * 2001-11-22 2003-05-30 Fuji Photo Film Co Ltd Position certification device, time certification device, position authentication device, time authentication device, position authentication system, and program

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8730559B2 (en) 2005-11-25 2014-05-20 Fuji Xerox Co., Ltd. Multicolor display optical composition, optical device, and display method of optical device

Also Published As

Publication number Publication date
WO2005107148A1 (en) 2005-11-10

Similar Documents

Publication Publication Date Title
US20210358241A1 (en) Systems and methods for location indentification and tracking using a camera
CN110889772B (en) Policy processing method and device, computer equipment and storage medium
CN110689460B (en) Traffic accident data processing method, device, equipment and medium based on block chain
KR100816408B1 (en) Certificate issuance server and certification system for certifying operating environment
US20200014816A1 (en) Secure digital media capture and analysis
US20080184272A1 (en) Documentation system for loss control
JP2002215029A5 (en)
US8189048B2 (en) Vehicle speed monitoring system
US7003113B1 (en) Position authentication system and electronic equipment using the same
JP5669517B2 (en) Image data selling system, image data selling method, photographing apparatus, and server apparatus
US20040201751A1 (en) Secure digital photography system
JP2002215029A (en) Information authentication device and digital camera using the same
CN108141366A (en) For the system and method for certification production image data
JP4812002B2 (en) Recording apparatus, recording collection server, recording method, and recording collection method
CN110706371A (en) Block chain-based driving safety management method, system and storage medium
CA2754369C (en) Method for creating a secure dataset and method for evaluating the same
JP2007221551A (en) Recorder, and recording method
US20200202465A1 (en) Method and operation of a portable device and a cloud server for preserving the chain of custody for digital evidence
WO2005107148A1 (en) Authentication system
JP2005045486A (en) Imaging device, and method and program for authentication of photographed image
US20120072733A1 (en) Wearable time-bracketed video authentication
JP5151451B2 (en) Person identification system, person identification device, person identification method, and person identification program
CN111212074A (en) Qualification determination method, device, equipment and storage medium based on block chain
CN110597906A (en) Block chain-based entrance integral generation method, device, equipment and storage medium
KR101628720B1 (en) Copied image evidence management system for verifying authenticity and integrity

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP