WO2005107148A1 - Authentication system - Google Patents

Authentication system Download PDF

Info

Publication number
WO2005107148A1
WO2005107148A1 PCT/JP2005/008247 JP2005008247W WO2005107148A1 WO 2005107148 A1 WO2005107148 A1 WO 2005107148A1 JP 2005008247 W JP2005008247 W JP 2005008247W WO 2005107148 A1 WO2005107148 A1 WO 2005107148A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
data
time
acquisition device
encryption key
Prior art date
Application number
PCT/JP2005/008247
Other languages
French (fr)
Japanese (ja)
Inventor
Shinichi Yamada
Yoshihiro Masuyama
Original Assignee
Hitachi, Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi, Ltd. filed Critical Hitachi, Ltd.
Publication of WO2005107148A1 publication Critical patent/WO2005107148A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/00127Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture
    • H04N1/00204Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a digital computer or a digital computer system, e.g. an internet server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/00127Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture
    • H04N1/00204Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a digital computer or a digital computer system, e.g. an internet server
    • H04N1/00244Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a digital computer or a digital computer system, e.g. an internet server with a server, e.g. an internet server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/00127Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture
    • H04N1/00323Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a measuring, monitoring or signaling apparatus, e.g. for transmitting measured information to a central location
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3212Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to a job, e.g. communication, capture or filing of an image
    • H04N2201/3215Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to a job, e.g. communication, capture or filing of an image of a time or duration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3253Position information, e.g. geographical position at time of capture, GPS data

Definitions

  • the present invention relates to an authentication system, an authentication acquisition device, and an authentication method for authenticating position data and time data obtained by electronic position measurement means such as GPS and delivering the data to various applications.
  • a technology for acquiring the current position of an object or the like whose position is to be confirmed via electronic position positioning means such as a GPS (Global Positioning System) and publicly authenticating the data is known. And many have been proposed and filed.
  • position data and time data are obtained using GPS satellites, transmitted to the center, and the center requests the location and time data where the copy guard was performed.
  • Technology to transmit to electronic devices that had problems Japanese Patent Laid-Open Publication No. 2001-33537
  • position data and time data specifying the input point are generated, added to the input data as authentication data, and transmitted to a certificate authority.
  • Japanese Patent Application Laid-Open No. 2001-100632 is known.
  • a first object of the present invention is to provide an authentication system and an authentication acquisition device that facilitates location confirmation at the site by appropriately distributing the load between the authentication device at the center and the authentication acquisition terminal at the site. And to provide an authentication method. Further, a second object of the present invention is to maintain the authenticity of an image taken by a digital camera or the like, and record the image from photographing. An object of the present invention is to provide an authentication system, an authentication acquisition device, and an authentication method that realize security that is consistent up to now.
  • the authentication acquisition device receives a radio wave emitted from an electronic position positioning means such as a GPS and receives the current position of the positioning target. It determines the positioning and time, and generates data in which position data (positioning data) and time data are integrated with the authentication encryption key received by the authentication device at the time of issuing the authentication request.
  • the integrated data is transmitted to an authentication device connected via a network, and the authentication device authenticates the position data and the time data using the authentication encryption key. Reply to the authentication acquisition device.
  • an authentication acquisition device including an imaging device generates a drive timing signal of the image sensor synchronized with the current time, and adds the authentication encryption key data transmitted from the authentication device and the position positioning means to the drive timing signal.
  • a security marking signal (security marking data) is generated by superimposing position data indicating the current position of the positioning target that has been positioned by receiving force radio waves. Then, the image data (video data) output from the image pickup apparatus is recorded on the write-once recording medium as encrypted data including the security marking data.
  • FIG. 1 is a diagram cited for explaining a location authentication method of the present invention and a user who uses the method.
  • FIG. 2 is an operation sequence diagram cited for explaining the overall operation of the authentication system of the present invention.
  • FIG. 3 is a flowchart showing the operation of the authentication acquisition device of the present invention.
  • FIG. 4 is a diagram conceptually showing an application example of the authentication acquisition device of the present invention.
  • FIG. 5 is a block diagram showing an internal configuration of an image intrinsic processing unit shown in FIG. 4.
  • 6 is a flowchart showing an operation of the image intrinsic processing unit shown in FIG.
  • FIG. 7 is a block diagram showing a portion related to a color correction process extracted from the image intrinsic processing unit shown in FIG. 5; BEST MODE FOR CARRYING OUT THE INVENTION
  • FIG. 1 is a diagram cited for explaining the location authentication method of the present invention and its use subject.
  • reference numeral 1 denotes a GPS satellite, and a distance to each GPS satellite 1 is obtained when the certification acquisition terminal 20 receives radio waves emitted from three or more (preferably four or more) GPS satellites 1.
  • Electronic positioning means for measuring the current position such as latitude, longitude, altitude and standard time (time) by triangulation based on the measured distance to each GPS satellite 1 Used as the electronic positioning means, a method using FM (Frequency Modulation) radio waves can be used instead. Further, the position data obtained as a result of the positioning may be obtained as electronic positioning means power.
  • FM Frequency Modulation
  • reference numeral 2 denotes an authentication requester
  • reference numeral 3 denotes a location authentication service provider, which respectively owns and manages an authentication acquisition terminal 20 as an authentication acquisition device and an authentication server 30 as an authentication device.
  • the authentication acquisition terminal 20 and the authentication server 30 are connected via a network (not shown)! Puru.
  • the authentication acquisition terminal 20 receives GPS data (radio waves for positioning and measuring (determining) the latitude, longitude, altitude, and time) from the built-in GPS receiver, and determines the current position and determines the time ( Measurement) and issues an authentication encryption key acquisition request to the authentication server 30 to authenticate the measured position data and the determined time data.
  • the authentication server 30 issues authentication encryption key data to the requested authentication acquisition terminal 20, and the authentication acquisition terminal 20 integrates the position data, the time data, and the authentication encryption key data. It generates bundle data and issues an authentication request to the authentication server 30.
  • the authentication server 30 transmits the result of the authentication to the authentication acquisition terminal 20, and the authentication acquisition terminal 20 receiving the result transfers the authentication data to the application. In this way, an appropriate load distribution can be performed between the authentication acquisition terminal 20 and the authentication server 30, so that the authentication requester 2 can obtain a quick response result at the site, and 30 burden reduction Peel off. The details will be described below.
  • FIG. 2 is an operation sequence diagram cited for explaining the overall operation of the authentication system of the present invention.
  • the operation sequence between the GPS satellite 1, the authentication terminal 20, and the authentication server 30 is shown.
  • the authentication acquisition terminal 20 receives a radio wave transmitted by the GPS satellite 1 and performs a positioning process (S21).
  • the radio wave (GPS data) transmitted by the GPS satellite 1 is also delivered to the authentication server 30, and the authentication server 30 performs the same processing as necessary (S22).
  • the authentication acquisition terminal 20 issues a time stamp request to the authentication server 30 (S23), and the authentication server 30 that has received the time stamp transmits a time stamp for synchronization (S24).
  • the authentication acquisition terminal 20 Before and after receiving the time stamp, the authentication acquisition terminal 20 issues an authentication encryption key acquisition request to the authentication server 30 (S25), and bundles the position data, the time stamp, and the received authentication encryption key data. Issue a certification request (S26, S27). Subsequently, an authentication result is transmitted from the authentication server 30, and the authentication acquisition terminal 20 passes the authentication data to the application.
  • the bundled data is ⁇ a. Location data at the time of positioning, b. C.
  • FIG. 3 is a flowchart showing the flow of the operation of the authentication acquisition terminal 20 in that case.
  • the authentication acquiring terminal 20 first acquires radio waves (GPS data) of the GPS satellite 1 (S31), executes a positioning process (S32), and obtains the latitude, longitude, and altitude of the authentication acquiring terminal 20. Obtain position data indicating the current position. Then, a time stamp for synchronization is received from the authentication server 30, and a request for issuing an authentication encryption key is transmitted (S33, S34). Then, it waits for the issuance of the authentication encryption key from the authentication server 30 (S35), generates bundle data of the received authentication encryption key data, position data, and time stamp (time data), and transmits the bundle data to the authentication server 30. (S36). Next, the authentication data from the authentication server 30 When the authentication result is received (S37 ⁇ Yes), the authentication result is delivered to the application (S38).
  • GPS data radio waves
  • S31 executes a positioning process
  • S32 Obtain position data indicating the current position.
  • a time stamp for synchronization is received from the authentication server 30, and a request for is
  • terminal processing in the authentication acquisition terminal 20 is mainly performed, so that location confirmation at the site is facilitated.
  • RFID Radio Frequency
  • Identification can be used to track the distribution of dangerous goods and valuables by combining with tags.
  • the positioning equation for positioning the radio wave position obtained from the GPS satellite 1 is represented by the following equation.
  • X, Y, ⁇ known satellite position
  • X, ⁇ , ⁇ unknown receiver position
  • known pseudorange Includes the actual distance between satellite GPS receivers calculated from the received signal, clock error, propagation delay, and receiver noise. Of these, satellite clock error and propagation delay are corrected before solving)
  • FIG. 4 shows an operation conceptual diagram when the authentication system of the present invention is applied to an imaging device (for example, a digital camera).
  • an imaging device for example, a digital camera
  • the digital camera 40 operates as the authentication acquisition terminal 20 of the present invention.
  • the digital camera 40 is connected to the authentication server 30 of the location authentication service provider 3 via the communication module 49.
  • location authentication image data storage and time authentication are also performed.
  • the digital camera 40 includes, in addition to a camera body (not shown), a GPS satellite 1 to a GPS receiver 41 (including map information data in FIG. 4), an azimuth gyro 42, a geomagnetic sensor 43, temperature, pressure, and humidity. It has an ambient environment sensor 44 for measuring data, etc., an operator ID confirmation unit 45 by inputting biometric data such as fingerprints, and a tag reader unit 46 as input devices.
  • an operator ID confirmation unit 45 by inputting biometric data such as fingerprints
  • a tag reader unit 46 as input devices.
  • the large double circle below the operator ID confirmation unit 45 is a cradle for the operator ID confirmation unit 45 such as a fingerprint sensor.
  • These input data are provided to a CPU 47 (here, an image intrinsic processing unit) serving as a control center and processed.
  • the GPS receiver 41 input of positioning radio waves (including differential input by FM radio waves) from the GPS satellite 1 is obtained (corresponding to “input of positioning means power”), and the azimuth gyro is used.
  • Direction input can be obtained from 42 and geomagnetic sensor 43, ambient environment data such as temperature, pressure, and humidity can be input from environment sensor 44, and biometric data such as fingerprints can be input from operator ID confirmation unit 45.
  • data of an IC tag such as an RFID tag can be input from the tag reader section 46.
  • the captured video data is encrypted in association with the input data, and is recorded on a write-once recording medium 48 (hereinafter referred to as "encryption recording medium") built in the digital camera 40. . Also, it is similarly recorded on the write-once recording medium 36 (authentication archive) of the authentication server 30.
  • the positioning result current position data of the positioning target measured based on the input of the radio wave from the GPS satellite 1 (position positioning means) is associated with the video data and encrypted.
  • the captured video data be tamper-proof after the optical-Z electrical conversion of an image sensor (hereinafter, referred to as an image sensor).
  • an image sensor an image sensor
  • the captured video data is stored simultaneously in a plurality of write-once recording media such as the digital camera 40 and the authentication archive 36 (the authentication archive 36 of the authentication server 30).
  • the connected communication lines shall have high security.
  • the certification archive 36 on the center side shall have necessary access control and shall have a falsification prevention function and a physical protection function.
  • FIG. 5 shows an example of the configuration of an image authenticity processing unit that is essential for securing the authenticity of the video and storing the authenticable video.
  • FIG. 6 is a flowchart showing the processing procedure. .
  • reference numeral 472 denotes an image sensor unit configured by a CCD (Charge Coupled Device) or the like, and is driven by a drive timing signal (S91) generated by the image sensor drive timing unit 471.
  • the security marking generation unit 483 includes the authentication encryption key data generated by the authentication server 30 which is taken in through the authentication encryption key reception unit 476, the external signal reception unit 473, the synchronization time reception unit 474, and the position authentication processing unit.
  • the security masking data is generated by superimposing the time data and the position data obtained via the 475 and supplied to the security marking processing unit 485 (S92).
  • the security marking processing unit 485 is also supplied with the above-described drive timing signal and an image sensor output signal (photographed video data) input via the AZD processing unit 482.
  • the data is combined with the data, and supplied to the camera signal processing unit 489 via the output buffer 484 as video generation basic data (S93).
  • the camera signal processing unit 489 performs processing using the video generation basic data as a camera input signal, and generates and outputs video encryption data including security marking data.
  • the video encrypted data is transmitted and recorded in real time to the authentication archive (write-once recording medium 36) of the authentication server 30 via the secure line 487.
  • the synchronization time stamp (synchronization time receiving unit 474), the measured position data (position authentication processing unit 475), the ambient environment sensor data (various sensors 441 and 442), the operator ID (operation Person ID The receiving unit 477) may be linked and recorded.
  • the above-mentioned data (signals), synchronization time stamp data (synchronization time reception unit 474), measured position data (position authentication processing unit 475), ambient environment sensor data (various sensors 441 and 442), operator ID
  • the data (operator ID receiving unit 477) is stored (recorded) in the encryption recording medium 48 together with the video signal when all the data is received (S94).
  • the demodulation algorithm driven by the security marking data is used to extract the true video data having the data power including the additional data other than the video (security). Demodulation by marking data, S96).
  • the processing for making the optical Z electrical signal conversion timing after the image sensor impossible to falsify has been described.
  • the timing of starting mechanical or electrical shutters that limit the optical input at the stage must be considered as well.
  • an image sensor unit 472 such as a CCD (optical Z-electric conversion element).
  • CCD optical Z-electric conversion element
  • the present invention can be applied to a shutter using ON / OFF of the optical Z-electric conversion element and a mechanical or electronic shutter, and the timing can be appropriately set.
  • the time can be set in consideration of the shutter speed (moving speed of the slit or the like).
  • FIG. 7 is a diagram cited for the purpose of explaining the mutual error difference correction processing in a general manner, and illustrates a photographing-side subsystem 100 and a display-side subsystem 200 as transmission / reception sides.
  • the main configuration of the digital camera 40 described above is shown in the photographing-side subsystem 100.
  • the color data transmitted and received via the network is expressed slightly differently due to the color expression error of each display device.
  • the color on the transmission / reception side man-machine interface at both ends of the system is minimized although the color is not a true color. It is intended for the distribution of data, including data.
  • a standard color template (TP) is prepared, and each standard color component of the captured image generated by the standard template color data generation unit 501 is generated and output.
  • the standard color difference processing unit 502 calculates the difference between the color components of the captured image and the respective standard color components, generates an input color data correction signal, and displays the image data (video data) together with the captured video signal (video data).
  • Send to system 200 The display-side subsystem 200 performs an operation for excluding the received input color data correction signal (difference signal) as an error signal at the time of reproduction, and displays the result.
  • the authentication acquisition device receives the current position data and time data of the positioning target received by the electronic position measurement means such as GPS, and receives the authentication device power when the authentication request is issued. Generates data obtained by integrating the authenticated encryption key and the integrated data, transmits the integrated data to an authentication device connected via a network, and the authentication device uses the authentication encryption key to generate position data and time data. The authentication is then sent back to the authentication requesting device that requested the authentication.This distributes the load between the authentication server at the center and the authentication obtaining device at the site, making it easier to confirm the location at the site. Authentication system can be provided.
  • the authentication acquisition device including the imaging device is configured to operate the imaging device in synchronization with the current time.
  • a security marking data is generated by superimposing the authentication encryption key data transmitted from the authentication device and the current position data of the positioning target that also acquired the position positioning means power on the driving timing signal, and generating the security marking data.
  • the difference between each standard color component prepared in advance is calculated and transmitted to the display subsystem together with the captured video signal as an input color data correction signal
  • the display subsystem secures the trueness of color by performing processing to exclude the received input color data correction signal as an error signal during reproduction. As described above, it is possible to realize consistent security up to the recording of shooting power.

Abstract

An authentication system has an authentication acquiring device (digital camera (40)) and an authentication device (authentication server (30)). The an authentication acquiring device (digital camera (40)) imports current position data and time data of an object of which position is to be defined received from electronic position defining means and produces data in which these imported data and an authentication encryption key received from the authentication device (authentication server (30)) are combined when an authentication request is issued. The authentication device (authentication server (30)) acquires the combined data from the authentication acquiring device (digital camera (40)) and authenticates the position data and the time data by using authentication encryption key.

Description

明 細 書  Specification
言忍証システム  Word Ninja system
技術分野  Technical field
[0001] 本発明は、 GPS等、電子的な位置測位手段によって得られる位置データや時刻デ ータを認証して各種アプリケーションに引き渡す、認証システムおよび認証取得装置 ならびに認証方法に関する。  The present invention relates to an authentication system, an authentication acquisition device, and an authentication method for authenticating position data and time data obtained by electronic position measurement means such as GPS and delivering the data to various applications.
背景技術  Background art
[0002] 所在'位置確認の対象となる物体等の現在位置を GPS (Global Positioning System )等、電子的な位置測位手段を介して取得し、そのデータを公的に認証する技術に ついて、従来から多数提案され、出願されている。  [0002] A technology for acquiring the current position of an object or the like whose position is to be confirmed via electronic position positioning means such as a GPS (Global Positioning System) and publicly authenticating the data is known. And many have been proposed and filed.
[0003] 例えば、デジタルカメラやパソコン等の可搬性電子機器に関し、 GPS衛星を利用し て位置データおよび時刻データを得、これらをセンタへ送信し、センタがコピーガード された場所と時間データを要求のあった電子機器へ送信する技術 (特開 2001— 33 537号公報)、入力した地点を特定する位置データおよび時刻データを生成し、認 証データとして入力データに付加すると共に、認証局へ送信してデジタル署名を付 加する技術 (特開 2001— 100632号公報)が知られている。  [0003] For example, regarding portable electronic devices such as digital cameras and personal computers, position data and time data are obtained using GPS satellites, transmitted to the center, and the center requests the location and time data where the copy guard was performed. Technology to transmit to electronic devices that had problems (Japanese Patent Laid-Open Publication No. 2001-33537), position data and time data specifying the input point are generated, added to the input data as authentication data, and transmitted to a certificate authority. (Japanese Patent Application Laid-Open No. 2001-100632) is known.
[0004] いずれもデータの客観性を確保することにより、交通事故等の際の保険請求をはじ め、警察、消防等の現場検証に広く実施可能であり、証拠としての証明力を向上させ るための手段として大きな効果が得られる。し力しながら、いずれも認証局等のセンタ 処理が中心であるため、センタ負荷が大きぐこのため、現場での所在確認に時間を 要していた。また、デジタルカメラによって撮影されたデジタル画像は改竄が容易で あり、その保管の仕方によっては証拠能力に疑問が残り、依然として客観性に乏しい ものであった。  [0004] In any case, by ensuring the objectivity of data, it can be widely applied to on-site inspections of police, fire departments, etc., including insurance claims in the event of traffic accidents, etc., and improve the proof power as evidence As a result, a great effect can be obtained. However, the central processing of the certificate authority and the like is the center, and the load on the center is large, so it took time to confirm the location at the site. In addition, digital images captured by digital cameras were easily tampered with, and the evidential ability remained questionable depending on the way they were stored, and their objectivity was still poor.
[0005] 従って本発明の第 1の課題は、センタの認証装置と現場の認証取得端末間で適当 に負荷分散することにより、現場での所在確認を容易とした、認証システムおよび認 証取得装置ならびに認証方法を提供することにある。また、本発明の第 2の課題は、 デジタルカメラ等により撮影された画像にっ 、てもその真性を維持し、撮影から記録 まで一貫したセキュリティを実現する、認証システムおよび認証取得装置ならびに認 証方法を提供することにある。 [0005] Accordingly, a first object of the present invention is to provide an authentication system and an authentication acquisition device that facilitates location confirmation at the site by appropriately distributing the load between the authentication device at the center and the authentication acquisition terminal at the site. And to provide an authentication method. Further, a second object of the present invention is to maintain the authenticity of an image taken by a digital camera or the like, and record the image from photographing. An object of the present invention is to provide an authentication system, an authentication acquisition device, and an authentication method that realize security that is consistent up to now.
発明の開示  Disclosure of the invention
[0006] 前記した課題を解決するために、本発明の認証システムは、認証取得装置が、 GP S等の電子的な位置測位手段カゝら発せられた電波を受信して測位対象の現在位置 の測位と時刻の決定を行い、位置データ (測位データ)および時刻データと、認証要 求発行時に認証装置力 受信した認証暗号鍵とを一体ィ匕したデータを生成する。そ してこの一体化したデータを、ネットワークを介して接続される認証装置へ送信し、認 証装置が認証暗号ィ匕鍵を用いて位置データおよび時刻データの認証を行 、、認証 要求のあった認証取得装置へ返信する。  [0006] In order to solve the above-described problems, in the authentication system of the present invention, the authentication acquisition device receives a radio wave emitted from an electronic position positioning means such as a GPS and receives the current position of the positioning target. It determines the positioning and time, and generates data in which position data (positioning data) and time data are integrated with the authentication encryption key received by the authentication device at the time of issuing the authentication request. The integrated data is transmitted to an authentication device connected via a network, and the authentication device authenticates the position data and the time data using the authentication encryption key. Reply to the authentication acquisition device.
[0007] このことにより、センタの認証サーバと現場の認証取得装置間で負荷が分散され、 現場での所在確認を容易とした認証システムを提供することができる。  [0007] This makes it possible to provide an authentication system in which the load is distributed between the authentication server at the center and the authentication acquisition device at the site, and the location confirmation at the site is facilitated.
[0008] また、撮像装置を含む認証取得装置が、現在時刻に同期した撮像素子の駆動タイ ミング信号を生成し、当該駆動タイミング信号に、認証装置から送信される認証暗号 鍵データならびに位置測位手段力 の電波を受信して測位した測位対象の現在位 置を示す位置データを重畳してセキュリティマーキング信号 (セキュリティマーキング データ)を生成する。そして、撮像装置カゝら出力される画像データ(映像データ)を、こ のセキュリティマーキングデータを含む暗号ィ匕データとして追記型記録媒体に記録 する。  [0008] Further, an authentication acquisition device including an imaging device generates a drive timing signal of the image sensor synchronized with the current time, and adds the authentication encryption key data transmitted from the authentication device and the position positioning means to the drive timing signal. A security marking signal (security marking data) is generated by superimposing position data indicating the current position of the positioning target that has been positioned by receiving force radio waves. Then, the image data (video data) output from the image pickup apparatus is recorded on the write-once recording medium as encrypted data including the security marking data.
[0009] このこと〖こより、デジタルカメラ等により撮影された画像についてもその真性を維持し 、撮影力 記録まで一貫したセキュリティを実現することができる。  [0009] Thus, it is possible to maintain the trueness of an image photographed by a digital camera or the like and realize consistent security up to recording of photographing power.
図面の簡単な説明  Brief Description of Drawings
[0010] [図 1]本発明の位置認証方法とその利用主体を説明するために引用した図である。  FIG. 1 is a diagram cited for explaining a location authentication method of the present invention and a user who uses the method.
[図 2]本発明の認証システムの全体動作を説明するために引用した動作シーケンス 図である。  FIG. 2 is an operation sequence diagram cited for explaining the overall operation of the authentication system of the present invention.
[図 3]本発明の認証取得装置の動作を示すフローチャートである。  FIG. 3 is a flowchart showing the operation of the authentication acquisition device of the present invention.
[図 4]本発明の認証取得装置の応用例を概念的に示した図である。  FIG. 4 is a diagram conceptually showing an application example of the authentication acquisition device of the present invention.
[図 5]図 4に示す画像真性処理部の内部構成を示すブロック図である。 [図 6]図 5に示す画像真性処理部の動作を示すフローチャートである。 FIG. 5 is a block diagram showing an internal configuration of an image intrinsic processing unit shown in FIG. 4. 6 is a flowchart showing an operation of the image intrinsic processing unit shown in FIG.
[図 7]図 5に示す画像真性処理部のうち、色補正処理に係わる部分を抽出して示した ブロック図である。 発明を実施するための最良の形態  FIG. 7 is a block diagram showing a portion related to a color correction process extracted from the image intrinsic processing unit shown in FIG. 5; BEST MODE FOR CARRYING OUT THE INVENTION
[0011] 以下、本発明の実施形態について図面を参照しながら詳細に説明する。図 1は、 本発明の位置認証方法とその利用主体を説明するために引用した図である。  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram cited for explaining the location authentication method of the present invention and its use subject.
[0012] 図 1において、符号 1は GPS衛星であり、認証取得端末 20が、 3以上 (好ましくは 4 以上)の GPS衛星 1から発せられる電波を受信することにより各 GPS衛星 1までの距 離を測定し、この測定した各 GPS衛星 1までの距離に基づいて三角測量原理で、緯 度、経度、高度力 なる現在位置の測位ならびに標準時間(時刻)を測定するための 電子的な測位手段として用いられる。なお、電子的な測位手段としては、他に、 FM ( Frequency Modulation)電波によるもの等で代替可能である。また、測位した結果の 位置データを電子的な測位手段力 取得してもよい。ちなみに、符号 2は認証要求 者、符号 3は所在'位置認証サービス事業者であり、それぞれ、認証取得装置として の認証取得端末 20、認証装置としての認証サーバ 30を所持管理している。認証取 得端末 20と認証サーバ 30とは、図示せぬネットワークを介して接続されて!ヽる。  In FIG. 1, reference numeral 1 denotes a GPS satellite, and a distance to each GPS satellite 1 is obtained when the certification acquisition terminal 20 receives radio waves emitted from three or more (preferably four or more) GPS satellites 1. Electronic positioning means for measuring the current position such as latitude, longitude, altitude and standard time (time) by triangulation based on the measured distance to each GPS satellite 1 Used as In addition, as the electronic positioning means, a method using FM (Frequency Modulation) radio waves can be used instead. Further, the position data obtained as a result of the positioning may be obtained as electronic positioning means power. Incidentally, reference numeral 2 denotes an authentication requester, and reference numeral 3 denotes a location authentication service provider, which respectively owns and manages an authentication acquisition terminal 20 as an authentication acquisition device and an authentication server 30 as an authentication device. The authentication acquisition terminal 20 and the authentication server 30 are connected via a network (not shown)! Puru.
[0013] 前記したシステム構成にぉ 、て概略動作の流れを説明すれば以下のようになる。  With reference to the system configuration described above, the general operation flow will be described as follows.
すなわち、認証取得端末 20は、内蔵の GPSレシーバにより GPSデータ (緯度、経度 、高度、時間を測位、測定 (決定)するための電波)を受信して現在位置の測位およ び時刻の決定 (測定)を行うと共に、認証サーバ 30に対し、測位した位置データ、お よび決定した時刻データを認証するための認証暗号鍵取得要求を発行する。これを 受けた認証サーバ 30は、要求のあった認証取得端末 20に対して認証暗号鍵データ を発行し、認証取得端末 20は、位置データおよび時刻データと認証暗号鍵データと を一体ィ匕したバンドルデータを生成して認証サーバ 30に対して認証要求を発行する 。認証サーバ 30は、認証した結果を認証取得端末 20に送信し、これを受けた認証 取得端末 20は、認証データのアプリケーションへの引渡しを行う。このように、認証取 得端末 20と認証サーバ 30との間で適度な負荷分散を行うことができ、このため、認 証要求者 2は現場で迅速な回答結果を得ることができ、認証サーバ 30の負担軽減が はかれる。以下に詳細な説明を行う。 That is, the authentication acquisition terminal 20 receives GPS data (radio waves for positioning and measuring (determining) the latitude, longitude, altitude, and time) from the built-in GPS receiver, and determines the current position and determines the time ( Measurement) and issues an authentication encryption key acquisition request to the authentication server 30 to authenticate the measured position data and the determined time data. Upon receiving this, the authentication server 30 issues authentication encryption key data to the requested authentication acquisition terminal 20, and the authentication acquisition terminal 20 integrates the position data, the time data, and the authentication encryption key data. It generates bundle data and issues an authentication request to the authentication server 30. The authentication server 30 transmits the result of the authentication to the authentication acquisition terminal 20, and the authentication acquisition terminal 20 receiving the result transfers the authentication data to the application. In this way, an appropriate load distribution can be performed between the authentication acquisition terminal 20 and the authentication server 30, so that the authentication requester 2 can obtain a quick response result at the site, and 30 burden reduction Peel off. The details will be described below.
[0014] 図 2は、本発明の認証システムの全体動作を説明するために引用した動作シーケ ンス図である。ここでは、 GPS衛星 1と認証取得端末 20と認証サーバ 30間の動作シ 一ケンスが示されている。まず、認証取得端末 20は、 GPS衛星 1が送信する電波を 受信し、測位処理を実施する(S21)。なお、 GPS衛星 1が送信する電波(GPSデー タ)は、認証サーバ 30にも届けられ、認証サーバ 30においても、必要に応じて同様 の処理が行なわれる(S22)。続いて、認証取得端末 20は、認証サーバ 30にタイムス タンプの要求を発行し(S23)、これを受信した認証サーバ 30は、同期用のタイムスタ ンプを送信する(S24)。このタイムスタンプ受信と前後して認証取得端末 20は、認証 サーバ 30に対して認証暗号鍵取得要求を発行しており(S25)、位置データとタイム スタンプならびに受信した認証暗号鍵データをバンドルして認証要求を発行する(S 26、 S27)。続いて認証サーバ 30から認証結果が送信され、認証取得端末 20は、そ の認証データをアプリケーションへ引き渡す、ここでは、バンドルするデータは、「a. 測位した際の位置データ、 b.サーノから得たタイムスタンプ、 c.サーバから得た認 証暗号鍵データ」である。即ち、測位した際の時刻データに代えて、サーバ 30から得 たタイムスタンプをノ ンドノレしてもよ!/、。  FIG. 2 is an operation sequence diagram cited for explaining the overall operation of the authentication system of the present invention. Here, the operation sequence between the GPS satellite 1, the authentication terminal 20, and the authentication server 30 is shown. First, the authentication acquisition terminal 20 receives a radio wave transmitted by the GPS satellite 1 and performs a positioning process (S21). The radio wave (GPS data) transmitted by the GPS satellite 1 is also delivered to the authentication server 30, and the authentication server 30 performs the same processing as necessary (S22). Next, the authentication acquisition terminal 20 issues a time stamp request to the authentication server 30 (S23), and the authentication server 30 that has received the time stamp transmits a time stamp for synchronization (S24). Before and after receiving the time stamp, the authentication acquisition terminal 20 issues an authentication encryption key acquisition request to the authentication server 30 (S25), and bundles the position data, the time stamp, and the received authentication encryption key data. Issue a certification request (S26, S27). Subsequently, an authentication result is transmitted from the authentication server 30, and the authentication acquisition terminal 20 passes the authentication data to the application. Here, the bundled data is `` a. Location data at the time of positioning, b. C. The authenticated encryption key data obtained from the server. " That is, a time stamp obtained from the server 30 may be used in place of the time data at the time of positioning!
[0015] 。なお 以下に具体的な実施形態について説明する力 本発明の認証システムによ れば、処理負荷を認証取得端末 20に負担させる方法と、認証サーバ 30に負担させ る方法の二通りある。まず、前者力 説明する。図 3に、その場合の認証取得端末 20 における動作の流れがフローチャートで示されている。  [0015]. In the following, according to the authentication system of the present invention, there are two methods, a method of causing the authentication acquisition terminal 20 to bear the processing load and a method of causing the authentication server 30 to bear the processing load. First, the former power is explained. FIG. 3 is a flowchart showing the flow of the operation of the authentication acquisition terminal 20 in that case.
[0016] (第 1の実施形態)  (First Embodiment)
図 3において、認証取得端末 20は、最初に GPS衛星 1の電波(GPSデータ)を取 込み(S31)、測位処理を実行して(S32)、緯度、経度、高度から成る認証取得端末 20の現在位置を示す位置データを入手する。そして、認証サーバ 30から同期を取る ためのタイムスタンプを受信して認証暗号鍵の発行要求を送信する(S33、 S34)。 続いて、認証サーバ 30から認証暗号鍵の発行を待ち(S35)、当該受信した認証暗 号鍵データと、位置データおよびタイムスタンプ(時刻データ)とのバンドルデータを 生成し、認証サーバ 30へ送信する(S36)。続いて、認証サーバ 30からの認証デー タ (バンドルデータ)の送信を待ち、認証結果を受信したら(S37→Yes)、認証結果 をアプリケーションへ引き渡す (S38)。 In FIG. 3, the authentication acquiring terminal 20 first acquires radio waves (GPS data) of the GPS satellite 1 (S31), executes a positioning process (S32), and obtains the latitude, longitude, and altitude of the authentication acquiring terminal 20. Obtain position data indicating the current position. Then, a time stamp for synchronization is received from the authentication server 30, and a request for issuing an authentication encryption key is transmitted (S33, S34). Then, it waits for the issuance of the authentication encryption key from the authentication server 30 (S35), generates bundle data of the received authentication encryption key data, position data, and time stamp (time data), and transmits the bundle data to the authentication server 30. (S36). Next, the authentication data from the authentication server 30 When the authentication result is received (S37 → Yes), the authentication result is delivered to the application (S38).
[0017] 前記した本実施形態によれば、認証取得端末 20での端末処理が中心となるため、 現場での所在確認が容易になる。なお、アプリケーションとして、前記した事故等の 保険請求、警察、消防等の現場検証のほかに、 RFID (Radio Frequency [0017] According to the above-described embodiment, terminal processing in the authentication acquisition terminal 20 is mainly performed, so that location confirmation at the site is facilitated. As applications, in addition to the above-mentioned insurance claims for accidents, on-site verification of police, firefighting, etc., RFID (Radio Frequency
Identification)タグと組み合わせることによる危険物や貴重品の物流トラッキング等が 考えられる。  Identification) can be used to track the distribution of dangerous goods and valuables by combining with tags.
[0018] 具体的に、危険物、毒物、可燃物、放射性物質、爆発物、刀剣、銃、火気、爆薬、 汚染物質等に関する製造保管、使用、搬送に関する公的監督管理は、現在複数の 法律と官公庁に跨り、また、様式は個々に異なっており、データ収蔵の形態も異なつ ており、一元管理がなされていない。また、現在における所在把握の方法の多くは、 届出や報告書によるものであり、電子化されておらず、また、リアルタイムにその所在 が把握されていない。このため、例えば、これら危険物、あるいはその容器に脱着不 能な IDタグを組み込み、前記した測位認証管理と組み合わせることで、これらの所在 •位置データを取得し、収蔵し、求めに応じて認証データとして提供することができる 。物的防護建屋に保管された危険物に関しても同様、 RFIDタグとの連携をはかり、 室内外で測位管理することによる輸送を含む移動管理も可能である。このことにより、 平時は勿論のこと、大規模災害発生時における危険物の所在の把握、および所在 · 位置に関する報告を自動的、かつ、正確に把握できる。  [0018] Specifically, public supervision and management of manufacturing, storage, use, and transportation of dangerous substances, poisons, combustibles, radioactive materials, explosives, swords, guns, fire, explosives, contaminants, etc. are currently subject to several laws. The data format is different, the data storage format is different, and there is no centralized management. In addition, many of the methods for determining whereabouts are currently based on reports and reports, are not digitized, and their locations are not known in real time. For this reason, for example, by incorporating a non-removable ID tag into these dangerous goods or their containers, and combining with the above-mentioned positioning and authentication management, the location data is acquired, stored, and authenticated as required. Can be provided as data. Similarly, for dangerous goods stored in a physical protection building, it is possible to cooperate with an RFID tag and manage the movement, including transport by performing positioning control indoors and outdoors. As a result, it is possible to automatically and accurately grasp the location of hazardous materials at the time of a large-scale disaster, as well as reports on the location and location, in addition to normal times.
[0019] なお、 GPS衛星 1から得られる電波力 位置を測位する測位方程式は、次の式で 示される。  [0019] The positioning equation for positioning the radio wave position obtained from the GPS satellite 1 is represented by the following equation.
[測位方程式]  [Positioning equation]
(X -X ) 2+ (Y -Y ) 2+ (Z -Z ) 2= (R -C ) 2 (X -X) 2 + (Y -Y) 2 + (Z -Z) 2 = (R -C) 2
但し、 i(i= l, 2, 3, 4):測位に使用する衛星、 X、 Y、 Ζ:既知の衛星位置、 X、 Υ 、 Ζ:未知の受信機位置、 :既知の擬似距離 (受信信号から計算される衛星 GPS レシーバ間の実距離、時計誤差、伝播遅延、受信機雑音を含む。このうち、衛星時 計誤差と伝播遅延は解く前に補正される)、 C  Where i (i = l, 2, 3, 4): satellite used for positioning, X, Y, Ζ: known satellite position, X, 、, Ζ: unknown receiver position,: known pseudorange ( Includes the actual distance between satellite GPS receivers calculated from the received signal, clock error, propagation delay, and receiver noise. Of these, satellite clock error and propagation delay are corrected before solving), C
Bu:受信機時計誤差。  Bu: Receiver clock error.
[0020] (第 2の実施形態) 図 4は、本発明の認証システムを撮像装置 (例えば、デジタルカメラ)に応用した場 合の動作概念図を示す。 (Second Embodiment) FIG. 4 shows an operation conceptual diagram when the authentication system of the present invention is applied to an imaging device (for example, a digital camera).
[0021] ここでは、デジタルカメラ 40が本発明の認証取得端末 20として動作する。デジタル カメラ 40は、通信モジュール 49を介して所在'位置認証サービス事業者 3の認証サ ーバ 30に接続される。ここでは、前記した所在'位置認証の他に、映像'データ保管 、時刻認証も行われる。 Here, the digital camera 40 operates as the authentication acquisition terminal 20 of the present invention. The digital camera 40 is connected to the authentication server 30 of the location authentication service provider 3 via the communication module 49. Here, in addition to the above-mentioned “location authentication”, image data storage and time authentication are also performed.
[0022] デジタルカメラ 40は、図示せぬカメラ本体部の他に、 GPS衛星 1から GPSレシーバ 41 (なお図 4では地図情報データも含む)、方位ジャイロ 42、地磁気センサ 43、温度 、気圧、湿度等を測定する周囲環境センサ 44、指紋等の生体データ入力による操作 者 ID確認部 45、ならびにタグリーダ部 46を入力デバイスとして備えている。図 4にお いて、操作者 ID確認部 45の下の大きな 2重丸は、指紋センサといったような操作者 I D確認部 45の受け台である。これら入力データは、制御中枢となる CPU47 (ここで は、画像真性処理部)に提供され、処理される。  The digital camera 40 includes, in addition to a camera body (not shown), a GPS satellite 1 to a GPS receiver 41 (including map information data in FIG. 4), an azimuth gyro 42, a geomagnetic sensor 43, temperature, pressure, and humidity. It has an ambient environment sensor 44 for measuring data, etc., an operator ID confirmation unit 45 by inputting biometric data such as fingerprints, and a tag reader unit 46 as input devices. In FIG. 4, the large double circle below the operator ID confirmation unit 45 is a cradle for the operator ID confirmation unit 45 such as a fingerprint sensor. These input data are provided to a CPU 47 (here, an image intrinsic processing unit) serving as a control center and processed.
[0023] ここで、 GPSレシーバ 41からは GPS衛星 1からの測位用の電波の入力(FM電波 によるデフアレンシャル入力も含む)が得られ(「測位手段力 の入力」に相当)、方位 ジャイロ 42や地磁気センサ 43からは方位の入力が得られ、温度気圧、湿度等、環境 センサ 44からは周辺環境データの入力が得られ、操作者 ID確認部 45からは指紋等 の生体データの入力が得られ、タグリーダ部 46からは RFIDタグのような ICタグのデ ータの入力が得られる。  Here, from the GPS receiver 41, input of positioning radio waves (including differential input by FM radio waves) from the GPS satellite 1 is obtained (corresponding to “input of positioning means power”), and the azimuth gyro is used. Direction input can be obtained from 42 and geomagnetic sensor 43, ambient environment data such as temperature, pressure, and humidity can be input from environment sensor 44, and biometric data such as fingerprints can be input from operator ID confirmation unit 45. As a result, data of an IC tag such as an RFID tag can be input from the tag reader section 46.
[0024] なお、撮影した映像データは、これら入力データと関連付けられて暗号化され、デ ジタルカメラ 40に内蔵された追記型の記録媒体 48 (以下、暗号ィ匕記録メディア)に記 録される。また、認証サーバ 30の追記型記録媒体 36 (認証アーカイブ)にも同様に 記録される。ちなみに、 GPS衛星 1 (位置測位手段)からの電波の入力に基づいて測 位した測位結果 (測位対象の現在の位置データ)を、映像データと関連付けて暗号 ィ匕してちょい。  [0024] The captured video data is encrypted in association with the input data, and is recorded on a write-once recording medium 48 (hereinafter referred to as "encryption recording medium") built in the digital camera 40. . Also, it is similarly recorded on the write-once recording medium 36 (authentication archive) of the authentication server 30. Incidentally, the positioning result (current position data of the positioning target) measured based on the input of the radio wave from the GPS satellite 1 (position positioning means) is associated with the video data and encrypted.
[0025] ところで、現場の状況記録のための写真撮影は、工事前後、あるいは交通事故等 の際の保険請求をはじめ、警察、および消防の現場検証等で広く実施されている。こ こでは、これらの映像記録において、撮影された日時とともに、撮影された方向、場 所を同時に真性映像データとして記録し、収蔵する。また。要求に応じて真性映像デ ータを再現し、提供するまでの一貫したシステムを提供するものである。 [0025] By the way, photographing for recording the situation at the site is widely carried out before and after the construction, in the case of a traffic accident, etc., as well as in the field inspection of police and fire departments, etc. Here, in these video recordings, the shooting date and time, the shooting direction, Locations are simultaneously recorded and stored as intrinsic video data. Also. It provides a consistent system from reproducing intrinsic video data to providing it on demand.
[0026] このとき、撮影された映像データは、撮像素子(以下、イメージセンサという)の光 Z 電気変換以降の処理は改竄不可能なものであることが必須とされ、映像データは、 先の入力データと共に、デジタルカメラ 40ならびに認証アーカイブ 36 (認証サーバ 3 0の認証アーカイブ 36)等の複数の追記型記録媒体に同時に収蔵される。また、接 続される通信回線については高セキュア性を有するものとする。更に、センタ側の認 証アーカイブ 36については、必要な立ち入り管理が行なわれ、改竄防止機能、およ び物理的防護機能を持つこととする。  At this time, it is essential that the captured video data be tamper-proof after the optical-Z electrical conversion of an image sensor (hereinafter, referred to as an image sensor). Together with the input data, it is stored simultaneously in a plurality of write-once recording media such as the digital camera 40 and the authentication archive 36 (the authentication archive 36 of the authentication server 30). The connected communication lines shall have high security. In addition, the certification archive 36 on the center side shall have necessary access control and shall have a falsification prevention function and a physical protection function.
[0027] 図 5に、映像の真性を確保し、認証可能な映像を保存するために必須となる画像真 性処理部の構成例が、図 6に、その処理手順がフローチャートで示されている。  FIG. 5 shows an example of the configuration of an image authenticity processing unit that is essential for securing the authenticity of the video and storing the authenticable video. FIG. 6 is a flowchart showing the processing procedure. .
[0028] 図 5において、符号 472は、 CCD (Charge Coupled Device)等により構成されるィメ ージセンサ部であり、イメージセンサ駆動タイミング部 471により生成される駆動タイミ ング信号 (S91)により駆動される。また、セキュリティマーキング生成部 483は、認証 暗号鍵受信部 476を介して取り込まれる認証サーバ 30によって生成された認証暗号 鍵データ、ならびに、外部信号受信部 473、同期時刻受信部 474、位置認証処理部 475を介して得られる、それぞれ時刻データと位置データを重畳してセキュリティマ 一キングデータを生成してセキュリティマーキング処理部 485へ供給する(S92)。セ キユリティマーキング処理部 485には、他に、前記した駆動タイミング信号、 AZD処 理部 482を介して入力されるイメージセンサ出力信号 (撮影した映像データ)が供給 されており、ここでセキュリティマーキングデータと合成され、映像生成基礎データ(S 93)として出力バッフ 484を経由してカメラ信号処理部 489へ供給される。  In FIG. 5, reference numeral 472 denotes an image sensor unit configured by a CCD (Charge Coupled Device) or the like, and is driven by a drive timing signal (S91) generated by the image sensor drive timing unit 471. . Further, the security marking generation unit 483 includes the authentication encryption key data generated by the authentication server 30 which is taken in through the authentication encryption key reception unit 476, the external signal reception unit 473, the synchronization time reception unit 474, and the position authentication processing unit. The security masking data is generated by superimposing the time data and the position data obtained via the 475 and supplied to the security marking processing unit 485 (S92). The security marking processing unit 485 is also supplied with the above-described drive timing signal and an image sensor output signal (photographed video data) input via the AZD processing unit 482. The data is combined with the data, and supplied to the camera signal processing unit 489 via the output buffer 484 as video generation basic data (S93).
[0029] カメラ信号処理部 489は、前記映像生成基礎データをカメラ入力信号として処理を 行い、セキュリティマーキングデータを含む映像暗号ィ匕データを生成して出力する。 この映像暗号ィ匕データは、セキュア回線 487を介して認証サーバ 30の認証ァーカイ ブ(追記型記録媒体 36)ヘリアルタイムに伝送され、記録される。このとき、必要に応 じて、同期時刻スタンプ(同期時刻受信部 474)、測位した位置データ (位置認証処 理部 475)、周囲環境センサデータ (各種センサ 441、 442)、操作者 ID (操作者 ID 受信部 477)をリンクして記録してもよい。なお、前記した各データ (信号)、同期時刻 スタンプデータ(同期時刻受信部 474)、測位した位置データ (位置認証処理部 475 )、周囲環境センサのデータ(各種センサ 441、 442)、操作者 IDデータ (操作者 ID 受信部 477)は、全て受信した時点で映像信号と共に、暗号ィ匕記録メディア 48にも 保存 (記録)される(S94)。 [0029] The camera signal processing unit 489 performs processing using the video generation basic data as a camera input signal, and generates and outputs video encryption data including security marking data. The video encrypted data is transmitted and recorded in real time to the authentication archive (write-once recording medium 36) of the authentication server 30 via the secure line 487. At this time, if necessary, the synchronization time stamp (synchronization time receiving unit 474), the measured position data (position authentication processing unit 475), the ambient environment sensor data (various sensors 441 and 442), the operator ID (operation Person ID The receiving unit 477) may be linked and recorded. The above-mentioned data (signals), synchronization time stamp data (synchronization time reception unit 474), measured position data (position authentication processing unit 475), ambient environment sensor data (various sensors 441 and 442), operator ID The data (operator ID receiving unit 477) is stored (recorded) in the encryption recording medium 48 together with the video signal when all the data is received (S94).
[0030] このように、認証データを同時に異なった記録媒体へ異なった形式で記録すること により、複数記録媒体に跨って異なる形式の映像データを同時に改竄しない限り目 的を持った第三者による故意の改竄は不可能になる。  [0030] As described above, by simultaneously recording the authentication data in different formats on different recording media, it is possible for a third party having the purpose to perform the same operation unless the video data in different formats is simultaneously falsified across a plurality of recording media. Intentional tampering becomes impossible.
[0031] また、この映像暗号ィ匕データを再生するには(S95)、セキュリティマーキングデータ によって駆動される復調アルゴリズムを用いて映像以外の付与データを含むデータ 力も真の映像データを抽出する(セキュリティマーキングデータによる復調、 S96)。  [0031] In order to reproduce the video encrypted data (S95), the demodulation algorithm driven by the security marking data is used to extract the true video data having the data power including the additional data other than the video (security). Demodulation by marking data, S96).
[0032] なお、前記した本発明実施形態によれば、イメージセンサによる光 Z電気信号変換 タイミング以降を改竄不可能なものとする処理について述べたが、露光調節等、光 Z 電気信号変換の前段階にある光学的な入力を制限する機械式または電気式シャツ ターの起動タイミングについても同様に考慮する必要がある。例えば、デジタルカメラ であっても、 CCD (光 Z電気変換素子)といったようなイメージセンサ部 472の前に光 学的な入力を制限 (露光調節)するための機械式または電子式シャッターが存在す るものがある。これが存在する理由は高速で動く被写体を撮影する際の光 Z電気変 換素子の ONZOFFによるシャッターよりも、機械式または電子式シャッターの方が 低コストなことや電子的な回路の煩雑さが解消され、従来の写真技術的な操作 (絞り Xシャッタースピード X焦点)が可能であるからといわれている。このように、光 Z電 気変換素子の ONZOFFによるシャッターの場合でも、機械式または電子式シャツタ 一の場合でも本発明を適用でき、タイミングは適宜設定できるものとする。なお、シャ ッター速度 (スリットなどの移動速度)を考慮して、時刻を設定することもできる。  According to the above-described embodiment of the present invention, the processing for making the optical Z electrical signal conversion timing after the image sensor impossible to falsify has been described. The timing of starting mechanical or electrical shutters that limit the optical input at the stage must be considered as well. For example, even in a digital camera, there is a mechanical or electronic shutter for restricting an optical input (exposure adjustment) in front of an image sensor unit 472 such as a CCD (optical Z-electric conversion element). There is something. The reason for this is that mechanical or electronic shutters are lower in cost than electronic shutters that use ON / OFF switching of the optical Z-electric conversion element when shooting fast-moving subjects, and the complexity of electronic circuits is eliminated. It is said that conventional photographic technical operations (aperture X shutter speed X focus) are possible. As described above, the present invention can be applied to a shutter using ON / OFF of the optical Z-electric conversion element and a mechanical or electronic shutter, and the timing can be appropriately set. The time can be set in consideration of the shutter speed (moving speed of the slit or the like).
[0033] また、より高度なセキュリティ応用力メラにぉ 、ては、光入力をノヽーフミラー等による 二重系により処理を行い、個別に暗号ィ匕記録メディア 48に同時に登録することが考 えられる。更に、色彩平準化のために、送受信側で同じ基準に基づいた補正色彩が 再現できる相互誤差差分補正処理を行うこともできる(S97)。 [0034] 以下、前記した相互誤差差分補正処理について説明する。図 7は、相互誤差差分 補正処理を汎用的に説明するために引用した図であり、送受信側として、撮影側サ ブシステム 100と表示側サブシステム 200を例示している。 [0033] Further, for a higher security application capability, it is conceivable that the optical input is processed by a dual system such as a non-mirror and the like, and individually registered in the encryption media 48 simultaneously. . Further, for color leveling, a mutual error difference correction process capable of reproducing a corrected color based on the same criterion can be performed on the transmitting and receiving sides (S97). Hereinafter, the above-described mutual error difference correction processing will be described. FIG. 7 is a diagram cited for the purpose of explaining the mutual error difference correction processing in a general manner, and illustrates a photographing-side subsystem 100 and a display-side subsystem 200 as transmission / reception sides.
[0035] 撮影側サブシステム 100に前記したデジタルカメラ 40の要部構成が示されて ヽる。  The main configuration of the digital camera 40 described above is shown in the photographing-side subsystem 100.
なお、図 7中、図 5と同一番号が付されたブロックは、図 5に示すそれと同じとする。  In FIG. 7, blocks denoted by the same reference numerals as those in FIG. 5 are the same as those shown in FIG.
[0036] ネットワークを介して送受信される色彩データは、個々の表示装置の色彩表現誤差 により、若干異なって表現される。ここでは、ある標準に対して色彩表現誤差の無い データをやりとりすることにより、真なる色彩ではないもののシステムの両端にある送 受信側のマンマシンインタフェース上での誤差を最小とすることで色彩を含むデータ の流通を目的としている。  [0036] The color data transmitted and received via the network is expressed slightly differently due to the color expression error of each display device. Here, by exchanging data without color representation error with a certain standard, the color on the transmission / reception side man-machine interface at both ends of the system is minimized although the color is not a true color. It is intended for the distribution of data, including data.
[0037] 具体的に、標準色彩テンプレート (TP)を用意し、標準テンプレート色彩データ生 成部 501により生成された撮影画像のそれぞれの標準色成分について生成出力す る。標準色彩差分処理部 502は、撮影画像の色成分と、それぞれの標準色成分との 差分を演算し、入力色彩データ補正信号を生成し、撮影された映像信号 (映像デー タ)と共に表示側サブシステム 200へ送信する。表示側サブシステム 200では、再現 時、受信した入力色彩データ補正信号 (差分信号)を誤差信号として除外するため の演算を行い、表示する。このことにより、真なる色彩ではないものの、システムの両 端にある送受信側のマンマシンインタフェース上での色彩誤差を最小とすることがで きる。  Specifically, a standard color template (TP) is prepared, and each standard color component of the captured image generated by the standard template color data generation unit 501 is generated and output. The standard color difference processing unit 502 calculates the difference between the color components of the captured image and the respective standard color components, generates an input color data correction signal, and displays the image data (video data) together with the captured video signal (video data). Send to system 200. The display-side subsystem 200 performs an operation for excluding the received input color data correction signal (difference signal) as an error signal at the time of reproduction, and displays the result. Although this is not true color, it is possible to minimize the color error on the transmitting / receiving man-machine interface at both ends of the system.
[0038] 以上説明のように本発明は、認証取得装置が、 GPS等の電子的な位置測位手段 力 受信した測位対象の現在の位置データおよび時刻データと、認証要求発行時 に認証装置力 受信した認証暗号鍵とを一体ィ匕したデータを生成し、この一体化し たデータを、ネットワークを介して接続される認証装置へ送信し、認証装置が認証暗 号鍵を用いて位置データおよび時刻データの認証を行 、、認証要求のあった認証 取得装置へ返信するものであり、このことにより、センタの認証サーバと現場の認証取 得装置間で負荷分散され、現場での所在確認を容易とした認証システムを提供する ことができる。  As described above, according to the present invention, the authentication acquisition device receives the current position data and time data of the positioning target received by the electronic position measurement means such as GPS, and receives the authentication device power when the authentication request is issued. Generates data obtained by integrating the authenticated encryption key and the integrated data, transmits the integrated data to an authentication device connected via a network, and the authentication device uses the authentication encryption key to generate position data and time data. The authentication is then sent back to the authentication requesting device that requested the authentication.This distributes the load between the authentication server at the center and the authentication obtaining device at the site, making it easier to confirm the location at the site. Authentication system can be provided.
[0039] また、撮像装置を含む認証取得装置が、現在時刻に同期した撮像素子の駆動タイ ミング信号を生成し、当該駆動タイミング信号に、認証装置から送信される認証暗号 鍵データ、ならびに位置測位手段力も取得した測位対象の現在の位置データを重 畳してセキュリティマーキングデータを生成し、撮像装置から出力される映像データ を、セキュリティマーキングデータを含む暗号ィ匕データとして追記型の記録媒体に記 録することで、デジタルカメラ等により撮影された画像にっ 、てもその真性を維持する ものである。また、撮影力も記録まで一貫したセキュリティを実現するものである。 更に、撮影画像のそれぞれの標準色成分について、あらかじめ用意されたそれぞ れの標準色成分との差分を演算し、入力色彩データ補正信号として撮影された映像 信号と共に表示側サブシステムへ送信し、表示側サブシステムでは、再現時、受信し た入力色彩データ補正信号を誤差信号として除外するための処理を行うことで色彩 の真性を担保するものである。以上により、撮影力も記録まで一貫したセキュリティを 実現することができる。 [0039] Further, the authentication acquisition device including the imaging device is configured to operate the imaging device in synchronization with the current time. A security marking data is generated by superimposing the authentication encryption key data transmitted from the authentication device and the current position data of the positioning target that also acquired the position positioning means power on the driving timing signal, and generating the security marking data. By recording video data output from the device as write-once recording media including security marking data on a write-once recording medium, an image captured by a digital camera or the like can maintain its authenticity. It is. In addition, the shooting power realizes consistent security up to recording. Further, for each standard color component of the captured image, the difference between each standard color component prepared in advance is calculated and transmitted to the display subsystem together with the captured video signal as an input color data correction signal, The display subsystem secures the trueness of color by performing processing to exclude the received input color data correction signal as an error signal during reproduction. As described above, it is possible to realize consistent security up to the recording of shooting power.

Claims

請求の範囲 The scope of the claims
[1] 測位対象の位置認証を行う認証装置と、前記認証装置とはネットワークを介して接続 される認証取得装置力 成る認証システムであって、  [1] An authentication device that performs position authentication of a positioning target, and the authentication device is an authentication system that includes an authentication acquisition device connected via a network,
電子的な位置測位手段力 発せられた電波を受信して前記測位対象の現在位置 の測位と時刻の決定を行い、生成される位置データおよび時刻データを取得し、認 証要求発行時、前記取得した位置データおよび時刻データと前記認証装置から受 信した認証暗号鍵とを一体化したデータを生成する前記認証取得装置と、  Electronic position positioning means Receives the emitted radio wave, determines the position of the current position of the positioning target and determines the time, obtains the generated position data and time data, and obtains the data when the authentication request is issued. The authentication acquisition device for generating data in which the obtained position data and time data and the authentication encryption key received from the authentication device are integrated;
前記認証取得装置から前記一体化したデータを取得し、前記認証暗号鍵を用いて 前記位置データおよび前記時刻データの認証を行う前記認証装置と、  The authentication device that acquires the integrated data from the authentication acquisition device, and authenticates the position data and the time data using the authentication encryption key;
を具備することを特徴とする認証システム。  An authentication system comprising:
[2] 測位対象を含む撮影画像の認証を行う認証装置とはネットワークを介して接続される 撮像装置を備えた認証取得装置であって、  [2] An authentication device that performs authentication of a captured image including a positioning target is an authentication acquisition device including an imaging device connected via a network,
現在時刻に同期した撮像素子の駆動タイミング信号を生成し、当該駆動タイミング 信号に、前記認証装置から送信される認証暗号鍵データ、ならびに前記位置測位手 段からの入力、または前記入力に基づ!/、て測位した測位対象の現在の位置データ を重畳してセキュリティマーキングデータを生成する手段と、  A drive timing signal of the image sensor synchronized with the current time is generated, and based on the drive timing signal, the authentication encryption key data transmitted from the authentication device and the input from the position positioning means or the input! Means for generating security marking data by superimposing the current position data of the positioning target measured by
前記撮像装置から出力される映像データを、前記セキュリティマーキングデータを 含む暗号化データとして追記型の記録媒体に記録する手段と、  Means for recording video data output from the imaging device as encrypted data including the security marking data on a write-once recording medium;
を具備することを特徴とする認証取得装置。  An authentication acquisition device comprising:
[3] 請求項 2に記載の認証取得装置であって、 [3] The authentication acquisition device according to claim 2, wherein
前記撮影画像のそれぞれの色成分につ!、て、それぞれの標準色成分との差分を 演算し、再現時、前記差分を誤差信号として除外する手段を具備することを特徴とす る認証取得装置。  Means for calculating a difference between each color component of the captured image and each standard color component, and excluding the difference as an error signal at the time of reproduction. .
[4] 請求項 2に記載の認証取得装置であって、 [4] The authentication acquisition device according to claim 2, wherein
光入力を分光し、それぞれから得られる撮影画像に前記セキュリティマーキングデ ータならびに現在の位置データを重畳してセキュリティマーキングデータを生成し、 それぞれに用意される追記型の記録媒体に記録することを特徴とする認証取得装置 The light input is separated, and the security marking data and the current position data are superimposed on the captured image obtained from each of them to generate security marking data, and the security marking data is recorded on the write-once recording medium prepared for each. Characteristic certification acquisition device
[5] 請求項 2に記載の認証取得装置であって、 [5] The authentication acquisition device according to claim 2, wherein
撮影者固有の生体データを取得して得られる撮影者データ、撮影方位データを含 む前記現在の位置データ、環境データの少なくとも一つを前記セキュリティマーキン グデータと関連付けて前記追記型の記録媒体に記録することを特徴とする認証取得 装置。  At least one of photographer data obtained by acquiring biometric data unique to the photographer, current position data including photographing azimuth data, and environmental data is recorded on the recordable recording medium in association with the security marking data. A certification acquisition device characterized by performing the following.
[6] 認証取得装置とネットワークを介して接続される認証装置が測位対象の位置認証を 行う認証方法であって、  [6] An authentication method in which an authentication device connected to the authentication acquisition device via a network performs location authentication of a positioning target,
前記認証取得装置が電子的な位置測位手段から発せられた電波を受信して前記 測位対象の現在位置の測位と時刻の決定を行 ヽ、生成される位置データおよび時 刻データを取得するステップと、  A step in which the authentication acquisition device receives a radio wave emitted from electronic position positioning means, performs positioning of the current position of the positioning target and determination of time, and obtains generated position data and time data. ,
前記取得した位置データおよび時刻データと、認証要求発行時に前記認証装置 力 受信した認証暗号鍵とを一体ィ匕したデータを生成し、前記認証装置へ送信する ステップと、  Generating the data obtained by integrating the acquired position data and time data and the authentication encryption key received by the authentication device when issuing the authentication request, and transmitting the data to the authentication device;
前記一体化したデータを受信した認証装置が前記認証暗号鍵を用 ヽて前記位置 データおよび前記時刻データの認証を行うステップと、  An authentication device that receives the integrated data performs authentication of the position data and the time data using the authentication encryption key;
を有することを特徴とする認証方法。  An authentication method, comprising:
PCT/JP2005/008247 2004-04-28 2005-04-28 Authentication system WO2005107148A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JPPCT/JP2004/006222 2004-04-28
PCT/JP2004/006222 WO2005107147A1 (en) 2004-04-28 2004-04-28 Authentication system, authentication acquisition device, and authentication method

Publications (1)

Publication Number Publication Date
WO2005107148A1 true WO2005107148A1 (en) 2005-11-10

Family

ID=35242009

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/JP2004/006222 WO2005107147A1 (en) 2004-04-28 2004-04-28 Authentication system, authentication acquisition device, and authentication method
PCT/JP2005/008247 WO2005107148A1 (en) 2004-04-28 2005-04-28 Authentication system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/JP2004/006222 WO2005107147A1 (en) 2004-04-28 2004-04-28 Authentication system, authentication acquisition device, and authentication method

Country Status (1)

Country Link
WO (2) WO2005107147A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007165973A (en) * 2005-12-09 2007-06-28 Furuno Electric Co Ltd Verifying data generating device and authenticating data generating device
JP2013130395A (en) * 2011-12-20 2013-07-04 Hitachi Information & Control Solutions Ltd Positional information authentication system and positional information authentication method
JP2013534622A (en) * 2010-06-15 2013-09-05 ジ ヨーロピアン ユニオン,リプレゼンテッド バイ ジ ヨーロピアン コミッション How to provide certifiable time and location indicators
TWI760527B (en) * 2018-02-01 2022-04-11 大陸商星宸科技股份有限公司 Method and system to encrypt and decrypt audio and video file

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4946016B2 (en) 2005-11-25 2012-06-06 富士ゼロックス株式会社 Multicolor display optical composition, optical element, and display method of optical element

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000101884A (en) * 1998-09-17 2000-04-07 Fuji Photo Film Co Ltd Electronic camera
JP2001033537A (en) * 1999-07-23 2001-02-09 Nec Corp Position certification system and electronic apparatus employed the system
JP2002218389A (en) * 2001-01-23 2002-08-02 Olympus Optical Co Ltd Electronic camera

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6376687A (en) * 1986-09-19 1988-04-06 Canon Inc Adaptation type difference encoding system
JP2833747B2 (en) * 1987-10-13 1998-12-09 日本電気株式会社 Key generator
JP2000050193A (en) * 1998-07-27 2000-02-18 Fuji Photo Film Co Ltd Method and device for generating digital image and storage medium
JP3929759B2 (en) * 2001-11-22 2007-06-13 富士フイルム株式会社 Location certification device, time certification device, location authentication device, time certification device, location certification system, and program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000101884A (en) * 1998-09-17 2000-04-07 Fuji Photo Film Co Ltd Electronic camera
JP2001033537A (en) * 1999-07-23 2001-02-09 Nec Corp Position certification system and electronic apparatus employed the system
JP2002218389A (en) * 2001-01-23 2002-08-02 Olympus Optical Co Ltd Electronic camera

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007165973A (en) * 2005-12-09 2007-06-28 Furuno Electric Co Ltd Verifying data generating device and authenticating data generating device
JP2013534622A (en) * 2010-06-15 2013-09-05 ジ ヨーロピアン ユニオン,リプレゼンテッド バイ ジ ヨーロピアン コミッション How to provide certifiable time and location indicators
JP2013130395A (en) * 2011-12-20 2013-07-04 Hitachi Information & Control Solutions Ltd Positional information authentication system and positional information authentication method
TWI760527B (en) * 2018-02-01 2022-04-11 大陸商星宸科技股份有限公司 Method and system to encrypt and decrypt audio and video file

Also Published As

Publication number Publication date
WO2005107147A1 (en) 2005-11-10

Similar Documents

Publication Publication Date Title
US11212416B2 (en) Secure digital media capture and analysis
CN110689460B (en) Traffic accident data processing method, device, equipment and medium based on block chain
JP2021523490A (en) Reliable contextual content
CN109523413B (en) Policy processing method and device, computer equipment and storage medium
US20170041148A1 (en) Blockchain-supported device location verification with digital signatures
US7003113B1 (en) Position authentication system and electronic equipment using the same
US8189048B2 (en) Vehicle speed monitoring system
CN110706371B (en) Block chain-based driving safety management method, system and storage medium
JP2002215029A (en) Information authentication device and digital camera using the same
JP2002215029A5 (en)
JPWO2005119539A1 (en) Certificate issuing server and certification system for certifying operating environment
JP4877738B2 (en) Recording apparatus and recording method
JP4812002B2 (en) Recording apparatus, recording collection server, recording method, and recording collection method
WO2005107148A1 (en) Authentication system
US8479009B2 (en) Wearable time-bracketed video authentication
CN111414598A (en) Monitoring method, device and equipment based on block chain and storage medium
JP2005045486A (en) Imaging device, and method and program for authentication of photographed image
CN110597906A (en) Block chain-based entrance integral generation method, device, equipment and storage medium
CN111212074A (en) Qualification determination method, device, equipment and storage medium based on block chain
JP2010204867A (en) In-vehicle image recording device
US20130110345A1 (en) Electronic distance recorder verification
US7023362B2 (en) Positional information storage system and method, semiconductor memory, and program
CN110599328A (en) Block chain based risk user determination method, device, equipment and storage medium
US20220229885A1 (en) Image processing apparatus, image processing method, program, and imaging apparatus
KR102174611B1 (en) Blackbox apparatus and video generation method using the same

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP