WO2011151982A1 - Media encryption device, media encryption and decryption device, method of media encryption, and method of media encryption and decryption - Google Patents

Media encryption device, media encryption and decryption device, method of media encryption, and method of media encryption and decryption Download PDF

Info

Publication number
WO2011151982A1
WO2011151982A1 PCT/JP2011/002732 JP2011002732W WO2011151982A1 WO 2011151982 A1 WO2011151982 A1 WO 2011151982A1 JP 2011002732 W JP2011002732 W JP 2011002732W WO 2011151982 A1 WO2011151982 A1 WO 2011151982A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
media
encrypted
area
media data
Prior art date
Application number
PCT/JP2011/002732
Other languages
French (fr)
Japanese (ja)
Inventor
大樹 工藤
優一 出原
勝大 草野
西川 博文
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to JP2012518219A priority Critical patent/JP5393886B2/en
Publication of WO2011151982A1 publication Critical patent/WO2011151982A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • H04N21/23476Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption by partially encrypting, e.g. encrypting the ending portion of a movie
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/30Compression, e.g. Merkle-Damgard construction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • the present invention relates to a media encryption device and a media encryption method for encrypting and protecting media data, and a media encryption / decryption device and a media encryption / decryption method for decrypting media data protected by encryption. is there.
  • Multimedia data such as images and sounds generally has a huge amount of data.
  • Patent Documents 1 to 3 disclose methods for reducing the amount of data to be encrypted in a media file.
  • An apparatus for encrypting compressed moving image information according to Patent Document 1 encrypts only an intra-frame encoded image in moving image data compressed using intra-frame coding and inter-frame coding.
  • the image encryption device encrypts only the low frequency component of an image compressed by orthogonal transform and variable length coding.
  • the encoding device according to Patent Document 3 is notified of the changed variable-length code table by changing the variable-length code table to another table at an arbitrary time when compressing an image by variable-length encoding. It is impossible to read an image on the side of a decoding device that is not present.
  • the invention according to Patent Document 1 has a problem that an image can be estimated by estimating an intra-frame encoded image.
  • the invention according to Patent Document 2 since the start position of the variable length code can be easily specified, there is a problem that it is easily attacked.
  • a low frequency component generally has a large code amount, there is a problem that a large reduction in processing amount cannot be expected.
  • the invention according to Patent Document 3 when there are few patterns in the variable-length code table, there is a problem that the brute force attack causes decoding.
  • the present invention has been made to solve the above-described problems.
  • a media encryption apparatus and a media encryption device that perform highly secure encryption that can sufficiently withstand an attack while reducing the amount of processing required for encryption.
  • a media encryption / decryption device and media encryption / decryption method for encrypting / decrypting encrypted media data are included in the present invention.
  • the media encryption apparatus is a compressed media data including a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data, wherein the media data is compressed. Is input, at least a predetermined part of the header area and a part that extends from the end of the header area to the beginning of the variable-length code area as the part to be encrypted, and among the compressed media data, the cryptographic process And an encryption processing unit that encrypts the part specified by the determination unit.
  • the media encryption device is configured such that when compressed media data including compressed basic data including at least size information of the media data and a variable length code of the media data is input.
  • the basic information and variable length code are multiplexed on the media file format to generate a compressed media file format including a basic information multiplexing area, a size information multiplexing area, and a variable length code multiplexing area, and at least the basic information multiplexing area
  • An encrypted media file format creation unit is provided for encrypting a predetermined portion, a size information multiplexing region, and a portion extending from the end of the size information multiplexing region to the beginning of the variable length code multiplexing region.
  • the media encryption / decryption device is a compressed media data including a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data, the media data being compressed.
  • a header area storing basic information of the media data
  • a variable length code area storing a variable length code of the media data
  • the media data being compressed.
  • An encryption / decryption processing unit to be generated and a media decompression unit for decompressing the compressed media data are provided.
  • the compressed media data including the basic information including at least the size information of the media data and the variable length code of the media data obtained by compressing the media data further includes a predetermined media file.
  • an encrypted compressed media file format multiplexed and encrypted in the format is input, at least a predetermined part of the basic information multiplexed area, size information multiplexed area, and size information of the encrypted compressed media file format
  • An encryption / decryption processing unit that generates a compressed media file format by encrypting and decrypting the portion extending from the end of the multiplexed region to the beginning of the variable-length code multiplexed region, and generating compressed media data by analyzing the compressed media file format Media file formats And analyzing unit is intended and a media decompression unit for decompressing the compressed media data for which the media file format analyzing unit has generated.
  • the media encryption method is a compressed media data comprising a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data, wherein the media data is compressed.
  • the encryption processing determination unit specifies at least a predetermined part of the header area and a part extending from the end of the header area to the beginning of the variable length code area as an encryption part, and an encryption process The encryption processing step for encrypting the portion specified in the encryption processing determination step in the compressed media data.
  • the media file format creation unit multiplexes basic information and variable length code into a predetermined media file format to generate a compressed media file format including a basic information multiplexed area, a size information multiplexed area, and a variable length code multiplexed area
  • an encryption media file format creation step for encrypting at least a predetermined part of the basic information multiplexing area, a size information multiplexing area, and a part extending from the end of the size information multiplexing area to the beginning of the variable length code multiplexing area. It is to be prepared.
  • the media encryption / decryption method is a compressed media data including a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data, wherein the media data is compressed.
  • the encryption / decryption processing unit decrypts at least a predetermined part of the header area and a part extending from the end of the header area to the beginning of the variable-length code area.
  • the encryption / decryption processing step for generating the compressed media data and the media decompression unit include the media decompression step for decompressing the compressed media data.
  • the compressed media data including the basic information including at least the size information of the media data and the variable length code of the media data obtained by compressing the media data further includes a predetermined media file.
  • the encryption / decryption processing unit performs at least a predetermined part of the basic information multiplexed area and size information in the encrypted compressed media file format.
  • the predetermined part of the header area and the part of the compressed media data that extends from the end of the header area to the beginning of the variable-length code area are encrypted. It is possible to obtain a media encryption apparatus and a media encryption method capable of generating highly-encrypted compressed and compressed media data that can sufficiently withstand an attack while being reduced.
  • the predetermined part of the basic information multiplexing area, the size information multiplexing area, and the part extending from the end of the size information multiplexing area to the beginning of the variable length code multiplexing area in the compressed media file format are encrypted. Therefore, it is possible to obtain a media encryption apparatus and a media encryption method capable of generating a highly secure encrypted compressed media file format that can sufficiently withstand an attack while greatly reducing the processing required for encryption. Can do.
  • the predetermined part of the header area and the part extending from the end of the header area to the beginning of the variable-length code area are decrypted in the encrypted compressed media data, the amount of encrypted data Therefore, it is possible to obtain a media encryption / decryption device and a media encryption / decryption method capable of sufficiently reducing the amount of processing at the time of encryption / decryption.
  • the predetermined part of the basic information multiplexing area, the size information multiplexing area, the part extending from the end of the size information multiplexing area to the beginning of the variable length code multiplexing area in the encrypted compressed media file format Since the encrypted data amount is small, a media encryption / decryption device and a media encryption / decryption method capable of sufficiently reducing the processing amount at the time of encryption / decryption can be obtained.
  • FIG. 1 It is a block diagram which shows the structure of the media encryption apparatus concerning Embodiment 1 of this invention. It is a figure which shows an example of the relationship between a sequence and GOP. It is a figure which shows the example of the picture which consists of five slices. It is a figure which shows an example of the relationship between a macroblock and a block. It is a figure which shows the structural example of the compression moving image data which the moving image compression part shown in FIG. 1 outputs. 6 is a diagram illustrating an example of an encrypted part in compressed moving image data in the media encryption device according to Embodiment 1. FIG. It is a block diagram which shows the structure of the media encryption / decryption apparatus which concerns on Embodiment 1 of this invention.
  • FIG. 2 is a diagram illustrating an example of a structure of an MDAT box when H.264 moving image data is multiplexed.
  • FIG. FIG. 25 is a diagram illustrating an example of a part to be encrypted in MP4 data in the media encryption device according to the sixth embodiment. It is a block diagram which shows the structure of the media encryption / decryption apparatus which concerns on Embodiment 6 of this invention. It is a figure which shows an example of the part encrypted in MP4 data in the media encryption apparatus concerning Embodiment 7 of this invention. It is a figure which shows an example of the part encrypted in MP4 data in the media encryption apparatus concerning Embodiment 8 of this invention. It is a block diagram which shows the structure of the media encryption apparatus based on Embodiment 9 of this invention.
  • Embodiment 1 the media encryption apparatus according to the first embodiment compresses non-compressed video data (media data) and includes compressed header data and variable-length code regions (compressed media data).
  • a moving image compression unit media compression unit 101
  • an encryption processing determination unit 102 for specifying a portion to be encrypted in the compressed moving image data based on determination information indicating the encrypted portion
  • a compressed moving image The image processing unit 103 includes an encryption processing unit 103 that encrypts a part specified by the encryption processing determination unit 102 and generates encrypted compressed moving image data (encrypted compressed media data).
  • the moving image compression unit 101 performs compression processing on uncompressed moving image data, and sequentially outputs compressed moving image data.
  • This compression processing is based on MPEG (Moving Picture Expert Group) or H.264. Any method such as H.264 or the like that performs variable-length coding may be used.
  • FIG. 2 is a diagram showing a relationship between a sequence and a GOP, and shows an example composed of a sequence composed of 20 images and four GOPs composed of 5 images.
  • FIG. 3 is a diagram illustrating an example of a picture including five slices.
  • the macro block is composed of 16 pixels ⁇ 16 lines, and is further divided into blocks of 8 pixels ⁇ 8 lines.
  • FIG. 4 is a diagram illustrating an example of the relationship between macroblocks and blocks.
  • FIG. 5 is a diagram illustrating a configuration example of the compressed moving image data output from the moving image compression unit 101.
  • the compressed moving image data includes a sequence header, a GOP header, and GOP data.
  • the GOP data includes a picture header and picture data.
  • the picture data includes a slice header and macroblock data.
  • each header area contains basic information necessary for moving image compression processing, such as image width, height, bit depth, frame rate, picture type (intra-picture coded picture, inter-picture coded picture), and quantization parameter. To be recorded. Also, a unique word called a start code is often recorded at the beginning of each header area. As a result, random access to the moving image becomes possible, and even if a part of the data of the moving image is damaged, it can be expanded from the start code point.
  • the macro block data is referred to as a variable length code area.
  • compressed moving image data is recorded in this macro block portion, and the data is generally variable-length encoded.
  • this variable-length encoding method various methods such as Huffman coding and arithmetic coding are adopted for each moving image compression format, but the moving image compression unit 101 does not ask any kind.
  • Compressed moving image data (shown in FIG. 5) sequentially output from the moving image compression unit 101 is input to the encryption processing determination unit 102 and the encryption processing unit 103, respectively.
  • the encryption processing determination unit 102 performs encryption processing determination on sequentially input compressed moving image data based on predetermined determination information, and determines whether or not the compressed moving image data corresponds to an encrypted portion. The determination result is output to the encryption processing unit 103.
  • an encrypted part defined as determination information will be described.
  • FIG. 6 is a diagram showing a portion to be encrypted in the compressed moving image data.
  • the encrypted part in the middle of the GOP data indicates the encrypted part at the head of the picture header and the encrypted part of the picture data.
  • the encrypted part in the middle of the picture data indicates an encrypted part at the head of the slice header and an encrypted part extending from the end of the slice header to the head of the macroblock data. Therefore, the encrypted part is only the head part of each sequence, GOP, picture, and slice header area, and the part extending from the end of the slice header (header area) to the head of the macroblock data (variable length code area). .
  • a start code serving as a return position for random access and moving image playback is recorded as a unique word at the top of the header area. Therefore, by encrypting the head part of the header area, it becomes difficult to specify the position of the start code that is the start position of the header, and the width, height, bit depth, and frame rate of the image recorded in the header area are difficult. It is difficult to obtain basic information regarding compression of moving images such as picture type and quantization parameter. This makes it difficult to encrypt / decrypt encrypted compressed video data and decompress compressed video data on the media encryption / decryption device side.
  • the part is optional for the part to be encrypted from the beginning of the header area.
  • the encrypted portion so as to include important portions of the moving image data such as the width, height, bit depth, frame rate, picture type, quantization parameter, and the like of the image.
  • the encrypted portion is determined so as to always include the start position of the variable length code.
  • the macroblock data is image data compressed by the variable length encoding process of the moving image compression unit 101, the media encryption / decryption device side encrypts the start position of the variable length code area. Variable length decoding becomes difficult, and moving image reproduction becomes difficult.
  • the encryption processing unit 103 receives the determination result output from the encryption processing determination unit 102 and executes encryption of the compressed moving image data output from the moving image compression unit 101 using an encryption key input separately. Then, encrypted compressed moving image data and encrypted partial information are generated and output.
  • the encrypted compressed video data includes a head portion of each header area as shown in FIG. 6 and a portion extending from the end of the slice header to the head of the variable-length code area in each header area.
  • the encrypted portion information is information indicating which portion is encrypted in the encrypted compressed moving image data, that is, the position of the encrypted portion, and is used when performing decryption.
  • the encrypted partial information is required to be managed in the same manner as the encryption key, but the management method is not limited in the present invention.
  • the media encryption / decryption device uses the encrypted compressed moving image data (encrypted compressed media data) output from the above-described media encryption device as an input, A decryption processing unit 104 that encrypts and decrypts the encrypted portion of the encrypted compressed video data to generate plain compressed video data (compressed media data), and decompresses the compressed video data to generate an uncompressed video A moving image expansion unit (media expansion unit) 105 that generates data is included.
  • a moving image expansion unit (media expansion unit) 105 that generates data is included.
  • the encryption / decryption processing unit 104 specifies the encrypted portion shown in FIG. 6 of the encrypted compressed moving image data from the encrypted portion information and separately inputs it. Using the encrypted key, the encrypted portion is encrypted and decrypted to obtain compressed moving image data in plain text. The obtained compressed moving image data is output to the moving image decompression unit 105.
  • the encryption / decryption processing unit 104 encrypts and decrypts the head part of each header area and the part of each header area that extends from the end of the slice header to the head of the variable-length code area in the encrypted compressed video data. Therefore, compared with the case where the entire sequence is encrypted / decrypted, the portion for performing the encryption / decryption process is small, and the encryption / decryption can be performed with a small processing amount.
  • the moving image decompression unit 105 performs decompression processing of the compressed moving image data input from the encryption / decryption processing unit 104 by a moving image decompression method corresponding to the moving image compression method by the encryption processing unit 103 of the media encryption device. Obtain compressed video data. Thereby, the media encryption / decryption device can obtain an uncompressed moving image.
  • the media encryption apparatus compresses moving image data and stores a header storing basic information of the moving image data and a variable length code of the moving image data.
  • a moving image compression unit 101 that generates compressed moving image data including data, and when compressed moving image data is input from the moving image compression unit 101, macroblock data from the beginning of each header and the end of each slice header
  • Encryption processing determination unit 102 that identifies a portion that straddles the beginning of the encrypted data as a portion to be encrypted, and a portion of the compressed moving image data that is encrypted by the encryption processing determination unit 102 and that indicates the encrypted portion
  • an encryption processing unit 103 that generates the encrypted partial information. For this reason, it is possible to encrypt compressed moving image data with high security that can sufficiently withstand an attack while greatly reducing the processing required for encryption.
  • An encryption / decryption processing unit 104 that encrypts / decodes a head portion of each header indicated by the segmented portion information and a portion extending from the end of each slice header to the head of the macroblock data, and compressed moving image data; And a moving image expansion unit 105 that expands the image. For this reason, encryption / decryption can be performed with a small processing amount when performing encryption / decryption.
  • FIG. 6 Since the media encryption apparatus according to the second embodiment has the same configuration as that of the media encryption apparatus according to the first embodiment shown in FIG. 1, the following description will be given with reference to FIG.
  • the second embodiment as shown in FIG. 8, a portion straddling the head immediately before each header and a portion straddling the head of macroblock data including the variable length code start position from the end of the slice header And encrypt.
  • the encryption processing determination unit 102 determines the encrypted part of the compressed moving image data sequentially input from the moving image compression unit 101 according to the determination information in which the encrypted part shown in FIG. Performs encryption processing of the encrypted portion according to the determination result.
  • the media encryption / decryption device has the same configuration as that of the media encryption / decryption device according to the first embodiment shown in FIG. 7, and the encrypted compression encrypted by the above-described media encryption device. Using the moving image data and the encrypted partial information, encryption / decryption is performed by the same operation as the media encryption / decryption device of the first embodiment.
  • the encryption processing determination unit 102 of the media encryption device performs the macroblock data from the portion of the compressed video data that straddles the head immediately before each header and the end of each slice header.
  • the portion straddling the head of the URL is specified as the portion to be encrypted. For this reason, it becomes more difficult to determine the start code position of the header area, and safety can be further improved.
  • Embodiment 3 Since the media encryption apparatus according to the third embodiment has the same configuration as that of the media encryption apparatus according to the first embodiment shown in FIG. 1, the following description will be given with reference to FIG.
  • the head portion of each header in the compressed moving image data, and the portion straddling the head of the macroblock data including the variable length code start position from the end of each slice header Was encrypted.
  • the third embodiment as shown in FIG. 9, the entire header and the portion straddling the beginning of the macroblock data including the variable length code start position from the end of each slice header are encrypted. .
  • the encryption processing determination unit 102 determines the encrypted part of the compressed moving image data sequentially input from the moving image compression unit 101 according to the determination information in which the encrypted part shown in FIG. 9 is defined, and the encryption processing unit 103 Performs encryption processing of the encrypted portion according to the determination result.
  • Encrypting the entire information in each header area increases the amount of processing required for encryption as compared with the first embodiment, but can further enhance safety.
  • header areas all important header areas that affect all sequences such as sequence headers are encrypted, and header areas that only affect slices such as slice headers are the same as in the first and second embodiments. Only a part of the header area (the head part, or the head part and the part immediately before) may be encrypted.
  • the media encryption / decryption device has the same configuration as the media encryption / decryption device of Embodiment 1 shown in FIG. 7, and the encrypted compression encrypted by the above-described media encryption device. Using the moving image data and the encrypted partial information, encryption / decryption is performed by the same operation as the media encryption / decryption device of the first embodiment.
  • the encryption processing determination unit 102 of the media encryption device performs each header of the compressed moving image data and a portion extending from the end of each slice header to the beginning of the macroblock data. It was configured to be specified as the part to be encrypted. For this reason, safety can be further improved.
  • Embodiment 4 Since the media encryption apparatus according to the fourth embodiment has the same configuration as that of the media encryption apparatus according to the first embodiment shown in FIG. 1, the following description will be given with reference to FIG.
  • the fourth embodiment as shown in FIG. 10, in addition to the head portion of each header and the portion straddling the head of macroblock data including the variable length code start position from the end of the slice header, Furthermore, any part other than the beginning of the macroblock data is also encrypted.
  • any part other than the beginning of the macro block data may be selected completely at random, or a part including specific data such as a macro block type may be preferentially selected, or the macro block data
  • the first half may be selected preferentially.
  • the encrypted portion of the macroblock data of the intra-picture coded picture may be increased.
  • DCT Discrete Cosine Transform
  • motion compensation prediction processing using motion vectors
  • the moving image compression unit 101 is configured to perform DCT conversion processing and motion compensation prediction processing, in order to improve safety, the low-frequency component of the DCT coefficient that characterizes the image for the macroblock data of the intra-picture coded picture.
  • the encrypted portion may be changed depending on the picture type, such as encrypting the portion and encrypting the motion vector portion of the macroblock data of the inter-picture coded picture.
  • the encryption processing determination unit 102 determines the encrypted part of the compressed moving image data sequentially input from the moving image compression unit 101 according to the determination information in which the encrypted part shown in FIG. 9 is defined, and the encryption processing unit 103 Performs encryption processing of the encrypted portion according to the determination result.
  • the processing amount required for the encryption is increased as compared with the first embodiment, but the safety is further improved. be able to.
  • each header area is encrypted as in the first embodiment
  • the present invention is not limited to this, and a part that straddles the head immediately before each header area as in the second embodiment. May be encrypted, or the entire header area may be encrypted as in the third embodiment.
  • the media encryption / decryption device has the same configuration as that of the media encryption / decryption device of the first embodiment shown in FIG. 7, and the encrypted compression encrypted by the above-described media encryption device. Using the moving image data and the encrypted partial information, encryption / decryption is performed by the same operation as the media encryption / decryption device of the first embodiment.
  • the encryption processing determination unit 102 of the media encryption apparatus further specifies an arbitrary part other than the beginning of the macroblock data in the compressed moving image data as a part to be encrypted. Configured. For this reason, safety can be further improved.
  • FIG. 11 is a block diagram showing a configuration of the media encryption apparatus according to the fifth embodiment.
  • the media encryption device shown in FIG. 11 includes an encryption processing determination unit 102 and an encryption processing unit 103. 11 that are the same as or equivalent to those in FIG. 1 are denoted by the same reference numerals and description thereof is omitted.
  • the encryption processing determination unit 102 sequentially specifies the encrypted portions.
  • the encryption processing unit 103 performs encryption to obtain encrypted compressed moving image data and encrypted partial information.
  • the media encryption apparatus according to the fifth embodiment omits the moving image compression unit 101 as shown in FIG. 11, and uses compressed moving image data that has already been subjected to compression processing as an input for encryption.
  • the process determining unit 102 identifies the encrypted part, and the encryption process unit 103 performs encryption to obtain encrypted compressed moving image data and encrypted part information.
  • the media encryption apparatus is a macro in which moving image data is compressed, a header storing basic information of the moving image data, and a variable length code of the moving image data are stored.
  • compressed moving image data including block data is input, an encryption processing determination unit 102 that identifies a predetermined portion of each of the header and macroblock data as an encrypted portion, and among the compressed moving image data, an encryption processing determination unit An encryption processing unit 103 that encrypts the part identified by 102 is configured. Therefore, encrypted compressed moving image data can be generated from the compressed moving image data that has already been subjected to compression processing.
  • media encryption apparatus When the media encryption apparatus according to Embodiments 1 to 5 is configured by a computer, media encryption describing the processing contents of the moving image compression unit 101, the encryption processing determination unit 102, the encryption processing unit 103, etc.
  • the program may be stored in the memory of the computer, and the CPU of the computer may execute the media encryption program stored in the memory.
  • a media encryption / decryption program describing the processing contents of the encryption / decryption processing unit 104, the moving image decompression unit 105, and the like is stored in the computer.
  • the media encryption / decryption program stored in the memory may be executed by the CPU of the computer.
  • Embodiment 6 a media encryption device and a media encryption / decryption device configured to encrypt and decrypt video data multiplexed in a media file format will be described.
  • an MPEG-4 media file format (hereinafter referred to as MP4) among various media file formats capable of multiplexing compressed moving image data will be described as an example.
  • MP4 MPEG-4 media file format
  • H.264 As a moving image compression method, H.264 is used.
  • the H.264 system is used.
  • FIG. 12 is a block diagram showing the configuration of the media encryption device according to the sixth embodiment.
  • the media encryption device shown in FIG. H.264 format compressed moving image data compressed media data, hereinafter referred to as H.264 moving image data
  • a moving image compressing unit media compressing unit
  • An H.264 moving image data is composed of an encrypted MP4 generation unit (encrypted media file format creation unit) 107 that generates encrypted MP4 data (encrypted compressed media file format) by multiplexing and encrypting the moving image data on MP4.
  • the moving image compression unit 106 converts the uncompressed moving image data to H.264. H.264 format for compression.
  • H.264 moving image data is output.
  • H.264 moving image analysis data is output.
  • This H. H.264 moving image analysis data is size information indicating the size of each picture, and is data necessary for generating MP4 data in the subsequent stage.
  • Encrypted MP4 generation unit 107 is an H.264 that is sequentially input from moving image compression unit 106. H.264 video data and H.264 video data. The encrypted MP4 data and the MP4 encrypted partial information are generated using the H.264 moving image analysis data and the encryption key input separately.
  • FIG. 13 shows the structure of the MP4 file box.
  • the box structure includes a box length (4 bytes), a box name (4 bytes), and data (data size specified by the box length—8 bytes).
  • the format and contents of the data part of the box are determined by the box name. Boxes may also be nested.
  • FIG. 14 is a diagram showing an example of the data structure of the MP4 file.
  • FIG. 14 shows the simplest file structure of the media file format of the MPEG-4 format.
  • This MP4 file is composed of an FTYP (file type) box, a MOOV (movie) box, and an MDAT (media data) box.
  • FTYP file type
  • MOOV movingie
  • MDAT media data
  • the MOOV box has a tree structure in which a plurality of boxes are nested inside, as will be described later.
  • Basic information of media data (moving image data) is recorded in the MOOV box. For example, video length, width, height, audio sampling frequency, and the like. In addition, what kind of media data is multiplexed in what size (size) in the MP4 file is recorded.
  • This MOOV box constitutes a basic information multiplexing area.
  • STSZ or STZ2, which may be replaced with STZ2 when STSZ is described below.
  • the size of the sample is recorded.
  • the sample size is the size of each frame if the media data is video, and the size of the data in a determined time unit if the media data is audio. Therefore, the size of each media data in the MP4 file can be known from the contents of the STSZ box.
  • STCO or CO64, which may be replaced with CO64 when STCO is described below
  • a chunk is a group of one or more samples. If media data is video, it is a group of one or more video frames. If media data is audio, one or more predetermined time units are used. This is a summary of the data.
  • STSC in the MOOV box.
  • the number of samples in the chunk is recorded. Therefore, the position and size of each sample can be obtained from the contents of the STSZ box, STCO box, and STSC box.
  • the MDAT box is a box in which actual media data such as video or audio is multiplexed.
  • FIG. 15 shows the structure of the MDAT box when H.264 moving image data is multiplexed.
  • the picture data shown in FIG. This is data of each picture of compressed moving image data compressed by the H.264 system.
  • the size is the size of data of each picture. That is, the structure is such that the size of each picture data can be easily understood.
  • the size of the MDAT box constitutes a size information multiplexing area, and the picture data constitutes a variable length code multiplexing area.
  • the encrypted MP4 generation unit 107 When the encrypted MP4 generation unit 107 generates the MP4 file structure data (compressed media file format) as described above, the H.P. H.264 moving image analysis data is used to generate STSZ, STCO, and STSC boxes and to determine the size of data for each picture in the MDAT box.
  • the H.P. H.264 moving image analysis data is used to generate STSZ, STCO, and STSC boxes and to determine the size of data for each picture in the MDAT box.
  • the encrypted MP4 generation unit 107 generates encrypted MP4 data by encrypting a part of the MOOV box and a part of the MDAT box among the data having the MP4 file structure as described above.
  • the portions to be encrypted in the MOOV box are the STSZ, STCO, and STSC boxes.
  • H.C It is possible to make it difficult to specify the position and size of H.264 moving image data.
  • the other part of the MOOV box may be encrypted.
  • FIG. 16 is a diagram showing an example of an encrypted part in MP4 data.
  • the portion to be encrypted in the MDAT box includes the entire size (size information multiplexing area) in the MDAT box and the beginning of the picture data (variable length code multiplexing area) from the end of the size. The straddle part.
  • the picture data includes the start position of the variable length code.
  • the encrypted MP4 generation unit 107 generates and outputs encrypted MP4 data obtained by encrypting the part illustrated in FIG. 16 and MP4 encrypted part information indicating the encrypted part of the encrypted MP4 data.
  • FIG. 17 is a block diagram showing the configuration of the media encryption / decryption device according to the sixth embodiment.
  • the media encryption / decryption device shown in FIG. 17 uses the encrypted MP4 data (encrypted compressed media file format) output from the above-described media encryption device as an input, and uses the encrypted portion in the encrypted MP4 data.
  • encrypted MP4 data encrypted compressed media file format
  • the encrypted MP4 encryption / decryption unit 108 specifies the encrypted part shown in FIG. 16 of the encrypted MP4 data from the MP4 encrypted part information and inputs it separately.
  • the encrypted part is encrypted and decrypted using the encryption key to obtain MP4 data in plain text.
  • the obtained MP4 data is output to the MP4 analysis unit 109.
  • the MP4 analysis unit 109 includes, among the encrypted MP4 data, STSZ, STCO, and STSC boxes that are a part of the MOOV box, a size that is a part of the MDAT box, and a part that extends from the end of the size to the top of the picture data. Therefore, encryption / decryption is possible with a small amount of processing.
  • MP4 analysis unit 109 analyzes the MP4 data, H.264 moving image data is extracted and output to the moving image decompression unit 110.
  • the moving image decompression unit 110 is H.264.
  • H.264 moving image data is decompressed to obtain uncompressed moving image data.
  • the media encryption apparatus compresses the moving image data, and the H.03 which is the size information of the moving image data.
  • H.264 moving image data is generated from the moving image compression unit 106.
  • H.264 moving image data is input, Based on H.264 moving image analysis data.
  • H.264 moving picture data basic information is determined
  • MP4 data including MOOV box and MDAT box is generated by multiplexing basic information, size information and variable length code on MP4, and STSZ, STCO, which are part of MOOV box, and
  • An STSC box, a size that is a part of the MDAT box, and an encrypted MP4 generation unit 107 that encrypts a portion that extends from the end of the size to the beginning of the picture data are configured. Therefore, it is possible to encrypt MP4 data with high security that can sufficiently withstand an attack while greatly reducing the processing required for encryption.
  • the media encryption / decryption device receives the MP4 encrypted portion.
  • MP4 data is generated by decrypting the STSZ, STCO, and STSC boxes that are part of the MOOV box indicated by the information, the size that is part of the MDAT box, and the part that extends from the end of the size to the beginning of the picture data.
  • the encrypted MP4 encryption / decryption unit 108 analyzes the MP4 data, MP4 analysis unit 109 that generates H.264 moving image data; And a moving image expansion unit 110 that expands H.264 moving image data. For this reason, encryption / decryption can be performed with a small processing amount when performing encryption / decryption.
  • Embodiment 7 Since the media encryption apparatus according to the seventh embodiment has the same configuration as that of the media encryption apparatus according to the sixth embodiment shown in FIG. 12, the following description will be given with reference to FIG.
  • a part of the MOOV box in the MP4 data, the STSZ, STCO, and STSC boxes, the size in the MDAT box, and the part straddling the beginning of the picture data including the variable length code start position from the end of the size Was encrypted.
  • the encrypted MP4 generation unit 107 of the seventh embodiment includes a part of the STOV, STCO and STSC boxes of the MOOV box in the MP4 data, and the size in the MDAT box as shown in FIG.
  • the portion immediately preceding the size of the MDAT box (the portion immediately preceding the size information multiplexing area) is also encrypted.
  • Encrypting the immediately preceding portion of the size increases the amount of processing required for encryption as compared with the sixth embodiment, but it becomes difficult to specify the position of the size of each picture data and the size itself, thereby improving safety. be able to.
  • the media encryption / decryption device has the same configuration as that of the media encryption / decryption device according to the sixth embodiment shown in FIG. 17, and the encrypted MP4 encrypted by the above-described media encryption device. Using the data and the MP4 encrypted partial information, encryption / decryption is performed by the same operation as the media encryption / decryption apparatus of the sixth embodiment.
  • the encrypted MP4 generation unit 107 of the media encryption apparatus sets the STSZ, STCO, and STSC boxes that are part of the MOOV box in the MP4 data and the size immediately before the size in the MDAT box.
  • the portion, the size, and the portion extending from the end of the size to the beginning of the picture data are encrypted. For this reason, it becomes difficult to specify the position of the size of each picture data and the size itself, and the safety can be further improved.
  • Embodiment 8 Since the media encryption device according to the eighth embodiment has the same configuration as that of the media encryption device according to the sixth embodiment shown in FIG. 12, the following description will be given with reference to FIG.
  • the STSZ, STCO, and STSC boxes that are part of the MOOV box in the MP4 data, the size in the MDAT box, and the part that straddles the beginning of the picture data including the variable length code start position are encrypted.
  • the encrypted MP4 generation unit 107 of the eighth embodiment includes a part of the STOV, STCO and STSC boxes of the MOOV box in the MP4 data, and the size in the MDAT box as shown in FIG.
  • Arbitrary portions other than the head of picture data in the MDAT box may be selected completely randomly, or a portion including specific data such as a macroblock type may be preferentially selected, or picture data The first half of the may be preferentially selected.
  • the encrypted portion of the macroblock data included in the picture data of the intra-picture encoded picture may be increased.
  • the H.D. In the H.264 video compression method 4 pixel ⁇ 4 line integer precision conversion processing and motion compensation prediction processing using motion vectors are used. Therefore, in order to increase safety, the macroblock data included in the intra-picture coded picture data is encrypted with respect to the macro-block data included in the inter-picture coded picture data. For data, the encrypted portion may be changed depending on the picture type, such as encrypting the motion vector portion.
  • the processing amount required for the encryption is increased as compared with the sixth embodiment, but the safety is further improved. Can be increased.
  • end portion of the picture data corresponding to the straight portion of the size of the MDAT box may be encrypted as in the seventh embodiment.
  • the media encryption / decryption device has the same configuration as that of the media encryption / decryption device according to the sixth embodiment shown in FIG. 17, and the encrypted MP4 encrypted by the above-described media encryption device. Using the data and the MP4 encrypted partial information, encryption / decryption is performed by the same operation as the media encryption / decryption apparatus of the sixth embodiment.
  • the encrypted MP4 generation unit 107 of the media encryption apparatus performs the STSZ, STCO, and STSC boxes as part of the MOOV box in the MP4 data, the size in the MDAT box, A portion extending from the end of the size to the top of the picture data and an arbitrary portion other than the top of the picture data are encrypted. For this reason, safety can be further improved.
  • FIG. FIG. 20 is a block diagram showing a configuration of the media encryption apparatus according to the ninth embodiment.
  • the media encryption device shown in FIG. H.264 moving image data is analyzed, and the size information of each picture is H.264.
  • a moving image analysis unit 111 that outputs H.264 moving image analysis data and an encrypted MP4 generation unit 107 are configured.
  • the encrypted MP4 generation unit 107 is the same as the encrypted MP4 generation unit 107 of the sixth embodiment shown in FIG.
  • the moving image compression unit 106 converts the uncompressed moving image data to H.264. H.264 moving image data and H.264
  • the H.264 moving image analysis data is generated, and the encrypted MP4 generation unit 107 performs multiplexing and encryption to obtain encrypted MP4 data.
  • the media encryption device according to the ninth embodiment includes a moving image analysis unit 111 instead of the moving image compression unit 106 as shown in FIG.
  • the moving image analysis unit 111 uses the H.264 moving image data.
  • H.264 moving image analysis data is generated.
  • H.264 moving image analysis data is used for multiplexing and encryption to output encrypted MP4 data and MP4 encrypted partial information.
  • the media encryption apparatus is provided with an H.264 including a variable length code of the moving image data, which is the compressed moving image data.
  • H.264 moving image data is input, H.264 moving image data is analyzed, and the size information of moving image data is H.264.
  • H.264 moving image analysis data is generated.
  • H.264 Basic information of moving image data is determined, MP4 data including MOOV box and MDAT box is generated by multiplexing basic information, size information and variable length code on MP4, and predetermined parts of MOOV box and MDAT box are encrypted And an encrypted MP4 generation unit 107 to be configured. For this reason, H. already compressed has been performed.
  • Encrypted MP4 data can be generated from H.264 video data.
  • media describing processing contents such as the moving image compression unit 106, the encrypted MP4 generation unit 107, the moving image analysis unit 111, and the like.
  • the encryption program may be stored in a computer memory, and the computer CPU may execute the media encryption program stored in the memory.
  • the media encryption / decryption devices according to Embodiments 6 to 9 are configured by a computer, the processing contents of the encrypted MP4 encryption / decryption unit 108, the MP4 analysis unit 109, the moving image decompression unit 110, and the like are described.
  • the media encryption / decryption program may be stored in the memory of the computer, and the CPU of the computer may execute the media encryption / decryption program stored in the memory.
  • moving image data is used as an example of media data to be encrypted.
  • the type of data is not limited to this, and a header area and a variable-length code area are used.
  • media data such as audio data and still image data including a basic information multiplexing area, a size information multiplexing area, and a variable length code multiplexing area.
  • the media encryption device, the media encryption / decryption device, the media encryption method, and the media encryption / decryption method according to the present invention have a sufficiently small processing amount at the time of encryption / decryption because the amount of encrypted data is small.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Compression Or Coding Systems Of Tv Signals (AREA)

Abstract

In a media encryption device, a dynamic image compression unit (101) compresses video data and generates compressed video data which includes a header storing basic information of the video data and macroblock data storing the variable-length code of the video data. An encryption processing determination unit (102) identifies as encryption portions the leading portion of each header in the compressed video data and the portion extending from the tail end of a slice header to the head of the macroblock data, and an encryption processing unit (103) encrypts the identified portions while generating encrypted portion information indicative of the encrypted portions.

Description

メディア暗号化装置、メディア暗号復号装置、メディア暗号化方法およびメディア暗号復号方法Media encryption device, media encryption / decryption device, media encryption method, and media encryption / decryption method
 この発明は、メディアデータを暗号化して保護するためのメディア暗号化装置およびメディア暗号化方法、ならびに暗号化により保護されたメディアデータを復号するためのメディア暗号復号装置およびメディア暗号復号方法に関するものである。 The present invention relates to a media encryption device and a media encryption method for encrypting and protecting media data, and a media encryption / decryption device and a media encryption / decryption method for decrypting media data protected by encryption. is there.
 多くのマルチメディアコンテンツは、著作権保護または閲覧制限を目的として暗号化され、保護されている。画像、音声等のマルチメディアデータは一般にデータ量が膨大であり、データ全てを暗号化する場合、膨大な処理を要する。 Many multimedia contents are encrypted and protected for the purpose of copyright protection or browsing restrictions. Multimedia data such as images and sounds generally has a huge amount of data. When all data is encrypted, a huge amount of processing is required.
 そこで、特許文献1~3に、メディアファイル中の暗号化するデータ量を減らす方法が開示されている。
 特許文献1に係る圧縮動画像情報の暗号化装置は、フレーム内符号化およびフレーム間符号化を用いて圧縮された動画像データ中の、フレーム内符号化画像のみを暗号化する。 Therefore, Patent Documents 1 to 3 disclose methods for reducing the amount of data to be encrypted in a media file.
An apparatus for encrypting compressed moving image information according to Patent Document 1 encrypts only an intra-frame encoded image in moving image data compressed using intra-frame coding and inter-frame coding.
 特許文献2に係る画像暗号化装置は、直交変換および可変長符号化により圧縮された画像の低周波成分のみを暗号化する。 The image encryption device according to Patent Document 2 encrypts only the low frequency component of an image compressed by orthogonal transform and variable length coding.
 特許文献3に係る符号化装置は、画像を可変長符号化により圧縮する際に、任意時点で可変長符号テーブルを別のテーブルに変更することで、変更された可変長符号テーブルを通知されていない復号装置側での画像の読み出しを不可能にする。 The encoding device according to Patent Document 3 is notified of the changed variable-length code table by changing the variable-length code table to another table at an arbitrary time when compressing an image by variable-length encoding. It is impossible to read an image on the side of a decoding device that is not present.
特開平7-184188号公報Japanese Patent Laid-Open No. 7-184188 特開平11-88857号公報Japanese Patent Laid-Open No. 11-88857 特開2001-274790号公報JP 2001-274790 A
 しかしながら、特許文献1に係る発明では、フレーム内符号化画像を推定することで、画像を推定できるという課題があった。
 特許文献2に係る発明では、可変長符号の開始位置が容易に特定できるため、攻撃されやすいという課題があった。また、一般に低周波成分は符号量が大きいので、大きな処理量の削減が望めないという課題もあった。
 特許文献3に係る発明では、可変長符号テーブルのパターンが少ない場合、総当り攻撃により復号されてしまう課題があった。 However, the invention according to Patent Document 1 has a problem that an image can be estimated by estimating an intra-frame encoded image.
In the invention according to Patent Document 2, since the start position of the variable length code can be easily specified, there is a problem that it is easily attacked. In addition, since a low frequency component generally has a large code amount, there is a problem that a large reduction in processing amount cannot be expected.
In the invention according to Patent Document 3, when there are few patterns in the variable-length code table, there is a problem that the brute force attack causes decoding.
 この発明は、上記のような課題を解決するためになされたもので、暗号化に要する処理量を削減しながら、攻撃に十分耐えうる安全性の高い暗号化を行うメディア暗号化装置およびメディア暗号化方法、ならびに暗号化されたメディアデータを暗号復号するメディア暗号復号装置およびメディア暗号復号方法を得ることを目的とする。 The present invention has been made to solve the above-described problems. A media encryption apparatus and a media encryption device that perform highly secure encryption that can sufficiently withstand an attack while reducing the amount of processing required for encryption. And a media encryption / decryption device and media encryption / decryption method for encrypting / decrypting encrypted media data.
 この発明に係るメディア暗号化装置は、メディアデータが圧縮されてなる、当該メディアデータの基本情報を格納したヘッダ領域と当該メディアデータの可変長符号を格納した可変長符号領域とを含む圧縮メディアデータが入力されると、少なくともヘッダ領域の所定部分とヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号化する部分として特定する暗号処理判定部と、圧縮メディアデータのうち、暗号処理判定部が特定した部分を暗号化する暗号処理部とを備えるものである。 The media encryption apparatus according to the present invention is a compressed media data including a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data, wherein the media data is compressed. Is input, at least a predetermined part of the header area and a part that extends from the end of the header area to the beginning of the variable-length code area as the part to be encrypted, and among the compressed media data, the cryptographic process And an encryption processing unit that encrypts the part specified by the determination unit.
 この発明に係るメディア暗号化装置は、メディアデータが圧縮されてなる、当該メディアデータの少なくともサイズ情報を含む基本情報と当該メディアデータの可変長符号とを含む圧縮メディアデータが入力されると、所定のメディアファイルフォーマットに基本情報および可変長符号を多重化して基本情報多重化領域、サイズ情報多重化領域および可変長符号多重化領域を含む圧縮メディアファイルフォーマットを生成し、少なくとも基本情報多重化領域の所定部分とサイズ情報多重化領域とサイズ情報多重化領域の終端から可変長符号多重化領域の先頭を跨る部分とを暗号化する暗号化メディアファイルフォーマット作成部を備えるものである。 The media encryption device according to the present invention is configured such that when compressed media data including compressed basic data including at least size information of the media data and a variable length code of the media data is input. The basic information and variable length code are multiplexed on the media file format to generate a compressed media file format including a basic information multiplexing area, a size information multiplexing area, and a variable length code multiplexing area, and at least the basic information multiplexing area An encrypted media file format creation unit is provided for encrypting a predetermined portion, a size information multiplexing region, and a portion extending from the end of the size information multiplexing region to the beginning of the variable length code multiplexing region.
 この発明に係るメディア暗号復号装置は、メディアデータが圧縮されてなる、当該メディアデータの基本情報を格納したヘッダ領域と当該メディアデータの可変長符号を格納した可変長符号領域とを含む圧縮メディアデータが、さらに暗号化されてなる暗号化圧縮メディアデータが入力されると、少なくともヘッダ領域の所定部分とヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号復号して圧縮メディアデータを生成する暗号復号処理部と、圧縮メディアデータを伸張するメディア伸張部とを備えるものである。 The media encryption / decryption device according to the present invention is a compressed media data including a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data, the media data being compressed. However, when encrypted compressed media data further encrypted is input, at least a predetermined part of the header area and a part straddling the beginning of the variable length code area from the end of the header area are decrypted to obtain the compressed media data. An encryption / decryption processing unit to be generated and a media decompression unit for decompressing the compressed media data are provided.
 この発明に係るメディア暗号復号装置は、メディアデータが圧縮されてなる、当該メディアデータの少なくともサイズ情報を含む基本情報と当該メディアデータの可変長符号とを含む圧縮メディアデータが、さらに所定のメディアファイルフォーマットに多重化および暗号化されてなる暗号化圧縮メディアファイルフォーマットが入力されると、当該暗号化圧縮メディアファイルフォーマットのうちの少なくとも基本情報多重化領域の所定部分とサイズ情報多重化領域とサイズ情報多重化領域の終端から可変長符号多重化領域の先頭を跨る部分とを暗号復号して圧縮メディアファイルフォーマットを生成する暗号復号処理部と、圧縮メディアファイルフォーマットを解析して、圧縮メディアデータを生成するメディアファイルフォーマット解析部と、メディアファイルフォーマット解析部が生成した圧縮メディアデータを伸張するメディア伸張部とを備えるものである。 In the media encryption / decryption device according to the present invention, the compressed media data including the basic information including at least the size information of the media data and the variable length code of the media data obtained by compressing the media data further includes a predetermined media file. When an encrypted compressed media file format multiplexed and encrypted in the format is input, at least a predetermined part of the basic information multiplexed area, size information multiplexed area, and size information of the encrypted compressed media file format An encryption / decryption processing unit that generates a compressed media file format by encrypting and decrypting the portion extending from the end of the multiplexed region to the beginning of the variable-length code multiplexed region, and generating compressed media data by analyzing the compressed media file format Media file formats And analyzing unit is intended and a media decompression unit for decompressing the compressed media data for which the media file format analyzing unit has generated.
 この発明に係るメディア暗号化方法は、メディアデータが圧縮されてなる、当該メディアデータの基本情報を格納したヘッダ領域と当該メディアデータの可変長符号を格納した可変長符号領域とを含む圧縮メディアデータが入力されると、暗号処理判定部が、少なくともヘッダ領域の所定部分とヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号化する部分として特定する暗号処理判定ステップと、暗号処理部が、圧縮メディアデータのうち、暗号処理判定ステップで特定した部分を暗号化する暗号処理ステップとを備えるものである。 The media encryption method according to the present invention is a compressed media data comprising a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data, wherein the media data is compressed. Is input, the encryption processing determination unit specifies at least a predetermined part of the header area and a part extending from the end of the header area to the beginning of the variable length code area as an encryption part, and an encryption process The encryption processing step for encrypting the portion specified in the encryption processing determination step in the compressed media data.
 この発明に係るメディア暗号化方法は、メディアデータが圧縮されてなる、当該メディアデータの少なくともサイズ情報を含む基本情報と当該メディアデータの可変長符号とを含む圧縮メディアデータが入力されると、暗号化メディアファイルフォーマット作成部が、所定のメディアファイルフォーマットに基本情報および可変長符号を多重化して基本情報多重化領域、サイズ情報多重化領域および可変長符号多重化領域を含む圧縮メディアファイルフォーマットを生成し、少なくとも基本情報多重化領域の所定部分とサイズ情報多重化領域とサイズ情報多重化領域の終端から可変長符号多重化領域の先頭を跨る部分とを暗号化する暗号化メディアファイルフォーマット作成ステップを備えるものである。 In the media encryption method according to the present invention, when compressed media data including compressed basic data including at least size information of the media data and a variable-length code of the media data is input. The media file format creation unit multiplexes basic information and variable length code into a predetermined media file format to generate a compressed media file format including a basic information multiplexed area, a size information multiplexed area, and a variable length code multiplexed area And an encryption media file format creation step for encrypting at least a predetermined part of the basic information multiplexing area, a size information multiplexing area, and a part extending from the end of the size information multiplexing area to the beginning of the variable length code multiplexing area. It is to be prepared.
 この発明に係るメディア暗号復号方法は、メディアデータが圧縮されてなる、当該メディアデータの基本情報を格納したヘッダ領域と当該メディアデータの可変長符号を格納した可変長符号領域とを含む圧縮メディアデータが、さらに暗号化されてなる暗号化圧縮メディアデータが入力されると、暗号復号処理部が、少なくともヘッダ領域の所定部分とヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号復号して圧縮メディアデータを生成する暗号復号処理ステップと、メディア伸張部が、圧縮メディアデータを伸張するメディア伸張ステップとを備えるものである。 The media encryption / decryption method according to the present invention is a compressed media data including a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data, wherein the media data is compressed. However, when encrypted compressed media data that is further encrypted is input, the encryption / decryption processing unit decrypts at least a predetermined part of the header area and a part extending from the end of the header area to the beginning of the variable-length code area. Thus, the encryption / decryption processing step for generating the compressed media data and the media decompression unit include the media decompression step for decompressing the compressed media data.
 この発明に係るメディア暗号復号方法は、メディアデータが圧縮されてなる、当該メディアデータの少なくともサイズ情報を含む基本情報と当該メディアデータの可変長符号とを含む圧縮メディアデータが、さらに所定のメディアファイルフォーマットに多重化および暗号化されてなる暗号化圧縮メディアファイルフォーマットが入力されると、暗号復号処理部が、当該暗号化圧縮メディアファイルフォーマットのうちの少なくとも基本情報多重化領域の所定部分とサイズ情報多重化領域とサイズ情報多重化領域の終端から可変長符号多重化領域の先頭を跨る部分とを暗号復号して圧縮メディアファイルフォーマットを生成する暗号復号処理ステップと、メディアファイルフォーマット解析部が、圧縮メディアファイルフォーマットを解析して、圧縮メディアデータを生成するメディアファイルフォーマット解析ステップと、メディア伸張部が、メディアファイルフォーマット解析ステップで生成した圧縮メディアデータを伸張するメディア伸張ステップとを備えるものである。 In the media encryption / decryption method according to the present invention, the compressed media data including the basic information including at least the size information of the media data and the variable length code of the media data obtained by compressing the media data further includes a predetermined media file. When an encrypted compressed media file format multiplexed and encrypted in the format is input, the encryption / decryption processing unit performs at least a predetermined part of the basic information multiplexed area and size information in the encrypted compressed media file format. An encryption / decryption processing step for generating a compressed media file format by decrypting the multiplexed region and the portion extending from the end of the size information multiplexed region to the beginning of the variable-length code multiplexed region, and the media file format analyzing unit compresses Analyze media file format Te, a media file format analyzing step of generating a compressed media data, the media decompression unit is intended and a media expansion step of decompressing the compressed media data generated by the media file format analyzing step.
 この発明によれば、圧縮メディアデータのうちのヘッダ領域の所定部分とヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号化するようにしたので、暗号化に要する処理を大幅に削減しつつ、攻撃に十分耐えうる安全性の高い暗号化圧縮メディアデータを生成可能なメディア暗号化装置およびメディア暗号化方法を得ることができる。 According to the present invention, the predetermined part of the header area and the part of the compressed media data that extends from the end of the header area to the beginning of the variable-length code area are encrypted. It is possible to obtain a media encryption apparatus and a media encryption method capable of generating highly-encrypted compressed and compressed media data that can sufficiently withstand an attack while being reduced.
 この発明によれば、圧縮メディアファイルフォーマットのうちの基本情報多重化領域の所定部分とサイズ情報多重化領域とサイズ情報多重化領域の終端から可変長符号多重化領域の先頭を跨る部分とを暗号化するようにしたので、暗号化に要する処理を大幅に削減しつつ、攻撃に十分耐えうる安全性の高い暗号化圧縮メディアファイルフォーマットを生成可能なメディア暗号化装置およびメディア暗号化方法を得ることができる。 According to the present invention, the predetermined part of the basic information multiplexing area, the size information multiplexing area, and the part extending from the end of the size information multiplexing area to the beginning of the variable length code multiplexing area in the compressed media file format are encrypted. Therefore, it is possible to obtain a media encryption apparatus and a media encryption method capable of generating a highly secure encrypted compressed media file format that can sufficiently withstand an attack while greatly reducing the processing required for encryption. Can do.
 この発明によれば、暗号化圧縮メディアデータのうちのヘッダ領域の所定部分とヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号復号するようにしたので、暗号化されたデータ量が小さいことにより、暗号復号時の処理量も十分小さくすることが可能なメディア暗号復号装置およびメディア暗号復号方法を得ることができる。 According to this invention, since the predetermined part of the header area and the part extending from the end of the header area to the beginning of the variable-length code area are decrypted in the encrypted compressed media data, the amount of encrypted data Therefore, it is possible to obtain a media encryption / decryption device and a media encryption / decryption method capable of sufficiently reducing the amount of processing at the time of encryption / decryption.
 この発明によれば、暗号化圧縮メディアファイルフォーマットのうちの基本情報多重化領域の所定部分とサイズ情報多重化領域とサイズ情報多重化領域の終端から可変長符号多重化領域の先頭を跨る部分とを暗号復号するようにしたので、暗号化されたデータ量が小さいことにより、暗号復号時の処理量も十分小さくすることが可能なメディア暗号復号装置およびメディア暗号復号方法を得ることができる。 According to the present invention, the predetermined part of the basic information multiplexing area, the size information multiplexing area, the part extending from the end of the size information multiplexing area to the beginning of the variable length code multiplexing area in the encrypted compressed media file format, Since the encrypted data amount is small, a media encryption / decryption device and a media encryption / decryption method capable of sufficiently reducing the processing amount at the time of encryption / decryption can be obtained.
この発明の実施の形態1に係るメディア暗号化装置の構成を示すブロック図である。It is a block diagram which shows the structure of the media encryption apparatus concerning Embodiment 1 of this invention. シーケンスとGOPの関係の一例を示す図である。It is a figure which shows an example of the relationship between a sequence and GOP. 5つのスライスからなるピクチャの例を示す図である。It is a figure which shows the example of the picture which consists of five slices. マクロブロックとブロックの関係の一例を示す図である。It is a figure which shows an example of the relationship between a macroblock and a block. 図1に示す動画像圧縮部が出力する圧縮動画像データの構成例を示す図である。It is a figure which shows the structural example of the compression moving image data which the moving image compression part shown in FIG. 1 outputs. 実施の形態1に係るメディア暗号化装置において、圧縮動画像データ中の暗号化される部分の一例を示す図である。6 is a diagram illustrating an example of an encrypted part in compressed moving image data in the media encryption device according to Embodiment 1. FIG. この発明の実施の形態1に係るメディア暗号復号装置の構成を示すブロック図である。It is a block diagram which shows the structure of the media encryption / decryption apparatus which concerns on Embodiment 1 of this invention. この発明の実施の形態2に係るメディア暗号化装置において、圧縮動画像データ中の暗号化される部分の一例を示す図である。It is a figure which shows an example of the part encrypted in the compressed moving image data in the media encryption apparatus concerning Embodiment 2 of this invention. この発明の実施の形態3に係るメディア暗号化装置において、圧縮動画像データ中の暗号化される部分の一例を示す図である。In the media encryption apparatus concerning Embodiment 3 of this invention, it is a figure which shows an example of the part encrypted in compressed moving image data. この発明の実施の形態4に係るメディア暗号化装置において、圧縮動画像データ中の暗号化される部分の一例を示す図である。It is a figure which shows an example of the part encrypted in the compressed moving image data in the media encryption apparatus concerning Embodiment 4 of this invention. この発明の実施の形態5に係るメディア暗号化装置の構成を示すブロック図である。It is a block diagram which shows the structure of the media encryption apparatus based on Embodiment 5 of this invention. この発明の実施の形態6に係るメディア暗号化装置の構成を示すブロック図である。It is a block diagram which shows the structure of the media encryption apparatus based on Embodiment 6 of this invention. MP4ファイルのボックス構造を示す図である。It is a figure which shows the box structure of MP4 file. MP4ファイルのデータ構造の一例を示す図である。It is a figure which shows an example of the data structure of MP4 file. H.264動画像データを多重化した場合の、MDATボックスの構造の一例を示す図である。H. 2 is a diagram illustrating an example of a structure of an MDAT box when H.264 moving image data is multiplexed. FIG. 実施の形態6に係るメディア暗号化装置において、MP4データ中の暗号化される部分の一例を示す図である。FIG. 25 is a diagram illustrating an example of a part to be encrypted in MP4 data in the media encryption device according to the sixth embodiment. この発明の実施の形態6に係るメディア暗号復号装置の構成を示すブロック図である。It is a block diagram which shows the structure of the media encryption / decryption apparatus which concerns on Embodiment 6 of this invention. この発明の実施の形態7に係るメディア暗号化装置において、MP4データ中の暗号化される部分の一例を示す図である。It is a figure which shows an example of the part encrypted in MP4 data in the media encryption apparatus concerning Embodiment 7 of this invention. この発明の実施の形態8に係るメディア暗号化装置において、MP4データ中の暗号化される部分の一例を示す図である。It is a figure which shows an example of the part encrypted in MP4 data in the media encryption apparatus concerning Embodiment 8 of this invention. この発明の実施の形態9に係るメディア暗号化装置の構成を示すブロック図である。It is a block diagram which shows the structure of the media encryption apparatus based on Embodiment 9 of this invention.
 以下、この発明をより詳細に説明するために、この発明を実施するための形態について、添付の図面に従って説明する。従来、メディアデータを圧縮することを符号化、圧縮されたメディアデータを伸張することを復号と呼ぶことがあるが、本発明ではこの復号と暗号復号とを区別するために、メディアデータの符号化および復号という表現は用いずに、圧縮および伸張と表現する。また、暗号化されたデータを平文に戻すことを暗号復号と呼ぶこととする。 Hereinafter, in order to explain the present invention in more detail, modes for carrying out the present invention will be described with reference to the accompanying drawings. Conventionally, compression of media data is sometimes referred to as encoding, and decompression of compressed media data is sometimes referred to as decoding. In the present invention, in order to distinguish between decoding and encryption / decryption, encoding of media data is performed. The expressions “compression” and “decoding” are used without using the expression “decoding”. Returning encrypted data to plaintext is called encryption / decryption.
実施の形態1.
 図1に示すように、本実施の形態1に係るメディア暗号化装置は、非圧縮動画像データ(メディアデータ)を圧縮し、ヘッダ領域および可変長符号領域を含む圧縮動画像データ(圧縮メディアデータ)を生成する動画像圧縮部(メディア圧縮部)101と、暗号化部分を示す判定情報に基づいて、圧縮動画像データのうちの暗号化する部分を特定する暗号処理判定部102と、圧縮動画像データのうち、暗号処理判定部102が特定した部分を暗号化して暗号化圧縮動画像データ(暗号化圧縮メディアデータ)を生成する暗号処理部103とから構成される。 Embodiment 1 FIG.
As shown in FIG. 1, the media encryption apparatus according to the first embodiment compresses non-compressed video data (media data) and includes compressed header data and variable-length code regions (compressed media data). ) Generating a moving image compression unit (media compression unit) 101, an encryption processing determination unit 102 for specifying a portion to be encrypted in the compressed moving image data based on determination information indicating the encrypted portion, and a compressed moving image The image processing unit 103 includes an encryption processing unit 103 that encrypts a part specified by the encryption processing determination unit 102 and generates encrypted compressed moving image data (encrypted compressed media data).
 以下、各処理ブロックを説明する。
 動画像圧縮部101は、非圧縮動画像データの圧縮処理を行い、順次、圧縮動画像データを出力する。この圧縮処理は、MPEG(Moving Picture Expert Group)またはH.264等、可変長符号化を行う方式であればどのような方式でも良い。 Hereinafter, each processing block will be described.
The moving image compression unit 101 performs compression processing on uncompressed moving image data, and sequentially outputs compressed moving image data. This compression processing is based on MPEG (Moving Picture Expert Group) or H.264. Any method such as H.264 or the like that performs variable-length coding may be used.
 ここで、動画像圧縮部101が扱う、動画像圧縮方式の基本的なデータ構成について説明する。先ず、1つの動画像全体をシーケンスと呼ぶ。シーケンスは複数枚の画像から構成されており、シーケンスの一部の複数枚の画像をGOP(Group Of Pictures)と呼ぶ。図2は、シーケンスとGOPの関係を表した図であり、20枚の画像からなるシーケンスと、5枚の画像からなる4つのGOPとで構成された例を示している。 Here, a basic data configuration of the moving image compression method handled by the moving image compression unit 101 will be described. First, an entire moving image is called a sequence. The sequence is composed of a plurality of images, and a plurality of images of a part of the sequence are referred to as GOP (Group Of Pictures). FIG. 2 is a diagram showing a relationship between a sequence and a GOP, and shows an example composed of a sequence composed of 20 images and four GOPs composed of 5 images.
 また、1枚の画像はピクチャと呼ばれる。さらに、ピクチャの一部をスライスと呼び、ピクチャは1以上のスライスから構成される。このスライスは1以上のマクロブロックから構成される。図3は、5つのスライスからなるピクチャの例を示す図である。 Also, one image is called a picture. Furthermore, a part of the picture is called a slice, and the picture is composed of one or more slices. This slice is composed of one or more macroblocks. FIG. 3 is a diagram illustrating an example of a picture including five slices.
 また、マクロブロックは、16画素×16ラインから構成され、さらに8画素×8ラインのブロックに分割される。図4は、マクロブロックとブロックの関係の一例を示す図である。 Also, the macro block is composed of 16 pixels × 16 lines, and is further divided into blocks of 8 pixels × 8 lines. FIG. 4 is a diagram illustrating an example of the relationship between macroblocks and blocks.
 図5は、動画像圧縮部101が出力する圧縮動画像データの構成例を示す図である。圧縮動画像データはシーケンスヘッダ、GOPヘッダおよびGOPデータから構成され、このGOPデータはピクチャヘッダおよびピクチャデータから構成され、このピクチャデータはスライスヘッダおよびマクロブロックデータから構成される。 FIG. 5 is a diagram illustrating a configuration example of the compressed moving image data output from the moving image compression unit 101. The compressed moving image data includes a sequence header, a GOP header, and GOP data. The GOP data includes a picture header and picture data. The picture data includes a slice header and macroblock data.
 圧縮動画像データのうち、シーケンスヘッダ、GOPヘッダ、ピクチャヘッダ、スライスヘッダをそれぞれヘッダ領域と称す。各ヘッダ領域には、画像の幅、高さ、ビット深度、フレームレート、ピクチャタイプ(画面内符号化ピクチャ、画面間符号化ピクチャ)、量子化パラメータ等の動画像圧縮処理に必要な基本情報が記録される。また、各ヘッダ領域の先頭部分はスタートコードと呼ばれるユニークワードが記録される場合が多い。これにより、動画像のランダムアクセスが可能になると共に、動画像の一部のデータが破損した場合であっても、スタートコードの地点から伸張が可能となる。 Among the compressed video data, the sequence header, GOP header, picture header, and slice header are each referred to as a header area. Each header area contains basic information necessary for moving image compression processing, such as image width, height, bit depth, frame rate, picture type (intra-picture coded picture, inter-picture coded picture), and quantization parameter. To be recorded. Also, a unique word called a start code is often recorded at the beginning of each header area. As a result, random access to the moving image becomes possible, and even if a part of the data of the moving image is damaged, it can be expanded from the start code point.
 圧縮動画像データのうち、マクロブロックデータを可変長符号領域と称す。実際に圧縮された動画像データが記録されるのがこのマクロブロックの部分であり、一般にデータは可変長符号化される。この可変長符号化方式にはハフマン符号化、算術符号化等、動画像圧縮形式毎に様々な方式が採用されているが、動画像圧縮部101ではその種類は問わない。 Among the compressed video data, the macro block data is referred to as a variable length code area. Actually compressed moving image data is recorded in this macro block portion, and the data is generally variable-length encoded. As this variable-length encoding method, various methods such as Huffman coding and arithmetic coding are adopted for each moving image compression format, but the moving image compression unit 101 does not ask any kind.
 なお、ここでは、一般的な動画像圧縮方式を例に説明したが、ピクチャ、GOP、スライス、マクロブロック、ブロックといった用語は動画像圧縮方式によって異なることもある。また、動画像圧縮方式によっては、GOPヘッダまたはピクチャヘッダが存在しない方式もある。また、図4では、マクロブロックの例として16画素×16ライン、ブロックの例として8画素×8ラインを示したが、大きさは画像圧縮方式によって異なるので、図4の例に限定されるものではない。例えば、H.264方式では、ブロックのサイズは4画素×4ラインである。ここでは、動画像圧縮部101が生成する圧縮動画像データに含まれる各領域の構成の違いおよび用語の違いは問わないこととする。 Note that although a general moving image compression method has been described as an example here, terms such as picture, GOP, slice, macroblock, and block may differ depending on the moving image compression method. In addition, depending on the moving image compression method, there is a method in which no GOP header or picture header exists. 4 shows 16 pixels × 16 lines as an example of a macro block and 8 pixels × 8 lines as an example of a block. However, the size differs depending on the image compression method, and is therefore limited to the example of FIG. is not. For example, H.M. In the H.264 system, the block size is 4 pixels × 4 lines. Here, it is assumed that there is no difference in the configuration and terminology of each region included in the compressed moving image data generated by the moving image compression unit 101.
 動画像圧縮部101から順次出力される圧縮動画像データ(図5に示す)は、暗号処理判定部102と暗号処理部103とにそれぞれ入力される。 Compressed moving image data (shown in FIG. 5) sequentially output from the moving image compression unit 101 is input to the encryption processing determination unit 102 and the encryption processing unit 103, respectively.
 暗号処理判定部102は、予め設定された判定情報に基づいて、順次入力される圧縮動画像データの暗号化処理判定を行ってその圧縮動画像データが暗号化部分に相当するか否かを判定し、判定結果を暗号処理部103に出力する。以下、判定情報として定義する暗号化部分の例を説明する。 The encryption processing determination unit 102 performs encryption processing determination on sequentially input compressed moving image data based on predetermined determination information, and determines whether or not the compressed moving image data corresponds to an encrypted portion. The determination result is output to the encryption processing unit 103. Hereinafter, an example of an encrypted part defined as determination information will be described.
 図6は、圧縮動画像データ中の暗号化される部分を示す図である。図6の例では、GOPデータの途中にある暗号化部分はピクチャヘッダ先頭の暗号化部分およびピクチャデータの暗号化部分を示している。さらに、ピクチャデータの途中にある暗号化部分は、スライスヘッダ先頭の暗号化部分およびスライスヘッダ終端からマクロブロックデータ先頭に跨る暗号化部分を示している。従って、暗号化部分は、シーケンス、GOP、ピクチャ、スライスの各ヘッダ領域の先頭部分と、スライスヘッダ(ヘッダ領域)の終端からマクロブロックデータ(可変長符号領域)の先頭を跨る部分とのみである。 FIG. 6 is a diagram showing a portion to be encrypted in the compressed moving image data. In the example of FIG. 6, the encrypted part in the middle of the GOP data indicates the encrypted part at the head of the picture header and the encrypted part of the picture data. Further, the encrypted part in the middle of the picture data indicates an encrypted part at the head of the slice header and an encrypted part extending from the end of the slice header to the head of the macroblock data. Therefore, the encrypted part is only the head part of each sequence, GOP, picture, and slice header area, and the part extending from the end of the slice header (header area) to the head of the macroblock data (variable length code area). .
 前述の通り、ヘッダ領域の先頭部分には、ランダムアクセスおよび動画像再生の復帰位置となるスタートコードがユニークワードとして記録されている。よって、ヘッダ領域の先頭部分を暗号化することで、ヘッダの開始位置であるスタートコードの位置を特定することが困難となり、ヘッダ領域に記録された画像の幅、高さ、ビット深度、フレームレート、ピクチャタイプ、量子化パラメータ等の動画像の圧縮に関する基本情報を得ることが困難となる。これにより、メディア暗号復号装置側での暗号化圧縮動画像データの暗号復号および圧縮動画像データの伸張が困難となる。 As described above, a start code serving as a return position for random access and moving image playback is recorded as a unique word at the top of the header area. Therefore, by encrypting the head part of the header area, it becomes difficult to specify the position of the start code that is the start position of the header, and the width, height, bit depth, and frame rate of the image recorded in the header area are difficult. It is difficult to obtain basic information regarding compression of moving images such as picture type and quantization parameter. This makes it difficult to encrypt / decrypt encrypted compressed video data and decompress compressed video data on the media encryption / decryption device side.
 また、ヘッダ領域の先頭から具体的にどの部分までを暗号化するかについては、任意とする。暗号化量が多いほど、メディア暗号復号装置側での暗号復号および伸張は困難になる一方、後述の暗号処理部103における暗号化に要する処理量が増大する。そこで、画像の幅、高さ、ビット深度、フレームレート、ピクチャタイプ、量子化パラメータ等の、動画像データの重要な部分を含むように暗号化部分を決定すると良い。 Also, it is optional for the part to be encrypted from the beginning of the header area. As the amount of encryption increases, encryption / decryption and expansion on the media encryption / decryption device side become more difficult, while the amount of processing required for encryption in the encryption processing unit 103 described later increases. Therefore, it is preferable to determine the encrypted portion so as to include important portions of the moving image data such as the width, height, bit depth, frame rate, picture type, quantization parameter, and the like of the image.
 また、もう1つの暗号化部分であるスライスヘッダ終端からマクロブロックデータ先頭に跨る部分に関しては、可変長符号の開始位置を必ず含むように暗号化部分を決定する。前述の通り、マクロブロックデータは動画像圧縮部101の可変長符号化処理により圧縮された画像データであるので、この可変長符号領域の先頭位置を暗号化することにより、メディア暗号復号装置側での可変長復号が困難となり、動画像再生は困難となる。 Also, with respect to a portion extending from the end of the slice header to the beginning of the macroblock data, which is another encrypted portion, the encrypted portion is determined so as to always include the start position of the variable length code. As described above, since the macroblock data is image data compressed by the variable length encoding process of the moving image compression unit 101, the media encryption / decryption device side encrypts the start position of the variable length code area. Variable length decoding becomes difficult, and moving image reproduction becomes difficult.
 暗号処理部103は、暗号処理判定部102から出力された判定結果を受けて、別途入力される暗号鍵を使って、動画像圧縮部101から出力された圧縮動画像データの暗号化を実行し、暗号化圧縮動画像データと暗号化部分情報とを生成し、出力する。 The encryption processing unit 103 receives the determination result output from the encryption processing determination unit 102 and executes encryption of the compressed moving image data output from the moving image compression unit 101 using an encryption key input separately. Then, encrypted compressed moving image data and encrypted partial information are generated and output.
 暗号化圧縮動画像データは、圧縮動画像データのうち、図6に示すように各ヘッダ領域の先頭部分と、各ヘッダ領域のうちのスライスヘッダの終端から可変長符号領域の先頭に跨る部分とが暗号化されたものである。シーケンス全体を暗号化する場合に比べ、暗号化処理に要する処理量を大幅に削減することが可能となる。
 また、暗号化部分情報とは、暗号化圧縮動画像データにおいて、どの部分が暗号化されているか、即ち暗号化部分の位置を示す情報であり、暗号復号する際に用いられる。なお、暗号化部分情報は、暗号鍵と同様、管理が求められるが、本発明ではその管理の方法は問わない。 As shown in FIG. 6, the encrypted compressed video data includes a head portion of each header area as shown in FIG. 6 and a portion extending from the end of the slice header to the head of the variable-length code area in each header area. Is encrypted. Compared to the case where the entire sequence is encrypted, the amount of processing required for the encryption process can be greatly reduced.
The encrypted portion information is information indicating which portion is encrypted in the encrypted compressed moving image data, that is, the position of the encrypted portion, and is used when performing decryption. The encrypted partial information is required to be managed in the same manner as the encryption key, but the management method is not limited in the present invention.
 なお、暗号化方式は、DES(Data Encription Standard)、AES(Advanced Encription Standard)等、多くの方式が知られているが、暗号処理部103による暗号化方式の種類は問わない。 It should be noted that there are many known encryption methods such as DES (Data Encryption Standard) and AES (Advanced Encryption Standard), but the encryption method used by the encryption processing unit 103 is not limited.
 次に、暗号化圧縮動画像データの暗号復号を行うメディア暗号復号装置を説明する。
 図7に示すように、本実施の形態1に係るメディア暗号復号装置は、前述のメディア暗号化装置から出力された暗号化圧縮動画像データ(暗号化圧縮メディアデータ)を入力に用いて、暗号化圧縮動画像データ中の暗号化された部分を暗号復号して平文の圧縮動画像データ(圧縮メディアデータ)を生成する暗号復号処理部104と、圧縮動画像データを伸張して非圧縮動画像データを生成する動画像伸張部(メディア伸張部)105とから構成される。 Next, a media encryption / decryption device that performs encryption / decryption of encrypted compressed video data will be described.
As shown in FIG. 7, the media encryption / decryption device according to Embodiment 1 uses the encrypted compressed moving image data (encrypted compressed media data) output from the above-described media encryption device as an input, A decryption processing unit 104 that encrypts and decrypts the encrypted portion of the encrypted compressed video data to generate plain compressed video data (compressed media data), and decompresses the compressed video data to generate an uncompressed video A moving image expansion unit (media expansion unit) 105 that generates data is included.
 以下、各処理ブロックを説明する。
 暗号復号処理部104は、暗号化部分情報および暗号化圧縮動画像データが入力されると、暗号化部分情報から暗号化圧縮動画像データの図6に示した暗号化部分を特定し、別途入力される暗号鍵を用いて、その暗号化部分の暗号復号を行い、平文となった圧縮動画像データを得る。得られた圧縮動画像データは動画像伸張部105に出力される。 Hereinafter, each processing block will be described.
When the encrypted portion information and the encrypted compressed moving image data are input, the encryption / decryption processing unit 104 specifies the encrypted portion shown in FIG. 6 of the encrypted compressed moving image data from the encrypted portion information and separately inputs it. Using the encrypted key, the encrypted portion is encrypted and decrypted to obtain compressed moving image data in plain text. The obtained compressed moving image data is output to the moving image decompression unit 105.
 暗号復号処理部104は、暗号化圧縮動画像データのうち、各ヘッダ領域の先頭部分と、各ヘッダ領域のうちのスライスヘッダの終端から可変長符号領域の先頭に跨る部分とを暗号復号すればよいので、シーケンス全体を暗号復号する場合に比べて暗号復号処理を行う部分が小さく、小さな処理量で暗号復号が可能である。 The encryption / decryption processing unit 104 encrypts and decrypts the head part of each header area and the part of each header area that extends from the end of the slice header to the head of the variable-length code area in the encrypted compressed video data. Therefore, compared with the case where the entire sequence is encrypted / decrypted, the portion for performing the encryption / decryption process is small, and the encryption / decryption can be performed with a small processing amount.
 動画像伸張部105は、メディア暗号化装置の暗号処理部103による動画像圧縮方式に対応した動画像伸張方式により、暗号復号処理部104から入力される圧縮動画像データの伸張処理を行い、非圧縮動画像データを得る。
 これにより、メディア暗号復号装置は非圧縮の動画像を得ることができる。 The moving image decompression unit 105 performs decompression processing of the compressed moving image data input from the encryption / decryption processing unit 104 by a moving image decompression method corresponding to the moving image compression method by the encryption processing unit 103 of the media encryption device. Obtain compressed video data.
Thereby, the media encryption / decryption device can obtain an uncompressed moving image.
 以上より、実施の形態1によれば、メディア暗号化装置を、動画像データを圧縮して、当該動画像データの基本情報を格納したヘッダと当該動画像データの可変長符号を格納したマクロブロックデータとを含む圧縮動画像データを生成する動画像圧縮部101と、動画像圧縮部101から圧縮動画像データが入力されると、各ヘッダの先頭部分と、各スライスヘッダの終端からマクロブロックデータの先頭を跨る部分とを暗号化する部分として特定する暗号処理判定部102と、圧縮動画像データのうち、暗号処理判定部102が特定した部分を暗号化すると共に、暗号化した部分を示す暗号化部分情報を生成する暗号処理部103とを備えるように構成した。このため、暗号化に要する処理を大幅に削減しつつ、攻撃に十分耐えうる安全性の高い圧縮動画像データの暗号化が可能になる。 As described above, according to the first embodiment, the media encryption apparatus compresses moving image data and stores a header storing basic information of the moving image data and a variable length code of the moving image data. A moving image compression unit 101 that generates compressed moving image data including data, and when compressed moving image data is input from the moving image compression unit 101, macroblock data from the beginning of each header and the end of each slice header Encryption processing determination unit 102 that identifies a portion that straddles the beginning of the encrypted data as a portion to be encrypted, and a portion of the compressed moving image data that is encrypted by the encryption processing determination unit 102 and that indicates the encrypted portion And an encryption processing unit 103 that generates the encrypted partial information. For this reason, it is possible to encrypt compressed moving image data with high security that can sufficiently withstand an attack while greatly reducing the processing required for encryption.
 また、実施の形態1によれば、メディア暗号復号装置を、暗号化圧縮動画像データと共に、当該暗号化圧縮動画像データの暗号化された部分を示す暗号化部分情報が入力されると、暗号化部分情報が示す各ヘッダの先頭部分と、各スライスヘッダの終端からマクロブロックデータの先頭を跨る部分とを暗号復号して圧縮動画像データを生成する暗号復号処理部104と、圧縮動画像データを伸張する動画像伸張部105とを備えるように構成した。このため、暗号復号を行う際も、小さな処理量で暗号復号が可能になる。 Further, according to the first embodiment, when the encrypted part information indicating the encrypted part of the encrypted compressed moving image data is input to the media encryption / decryption device together with the encrypted compressed moving image data, An encryption / decryption processing unit 104 that encrypts / decodes a head portion of each header indicated by the segmented portion information and a portion extending from the end of each slice header to the head of the macroblock data, and compressed moving image data; And a moving image expansion unit 105 that expands the image. For this reason, encryption / decryption can be performed with a small processing amount when performing encryption / decryption.
実施の形態2.
 本実施の形態2に係るメディア暗号化装置は、図1に示す上記実施の形態1のメディア暗号化装置と図面上では同様の構成であるため、以下では図1を援用して説明する。上記実施の形態1では、図6に示したように、圧縮動画像データ中の各ヘッダの先頭部分と、スライスヘッダの終端から可変長符号開始位置を含むマクロブロックデータの先頭を跨る部分とを暗号化した。これに対して、本実施の形態2では、図8に示すように、各ヘッダの直前から先頭を跨る部分と、スライスヘッダの終端から可変長符号開始位置を含むマクロブロックデータの先頭を跨る部分とを暗号化する。 Embodiment 2. FIG.
Since the media encryption apparatus according to the second embodiment has the same configuration as that of the media encryption apparatus according to the first embodiment shown in FIG. 1, the following description will be given with reference to FIG. In the first embodiment, as shown in FIG. 6, the head portion of each header in the compressed moving image data and the portion straddling the head of the macroblock data including the variable length code start position from the end of the slice header. Encrypted. On the other hand, in the second embodiment, as shown in FIG. 8, a portion straddling the head immediately before each header and a portion straddling the head of macroblock data including the variable length code start position from the end of the slice header And encrypt.
 従って、暗号処理判定部102は、図8に示す暗号化部分が定義された判定情報に従って、動画像圧縮部101から順次入力される圧縮動画像データの暗号化部分を判定し、暗号処理部103がその判定結果に従って暗号化部分の暗号化処理を行う。 Therefore, the encryption processing determination unit 102 determines the encrypted part of the compressed moving image data sequentially input from the moving image compression unit 101 according to the determination information in which the encrypted part shown in FIG. Performs encryption processing of the encrypted portion according to the determination result.
 各ヘッダ領域の直前から先頭を跨いで暗号化することにより、各ヘッダ領域のスタートコード位置を判別することがより困難になり、上記実施の形態1に比べて暗号化に要する処理量は増えるが、安全性をより高めることができる。 By encrypting the header area immediately before each header area, it becomes more difficult to determine the start code position of each header area, and the amount of processing required for encryption increases as compared with the first embodiment. , Can increase safety.
 本実施の形態2に係るメディア暗号復号装置は、図7に示す上記実施の形態1のメディア暗号復号装置と図面上では同様の構成であり、上述したメディア暗号化装置が暗号化した暗号化圧縮動画像データおよび暗号化部分情報を用いて、上記実施の形態1のメディア暗号復号装置と同様の動作により暗号復号を行う。 The media encryption / decryption device according to the second embodiment has the same configuration as that of the media encryption / decryption device according to the first embodiment shown in FIG. 7, and the encrypted compression encrypted by the above-described media encryption device. Using the moving image data and the encrypted partial information, encryption / decryption is performed by the same operation as the media encryption / decryption device of the first embodiment.
 以上より、実施の形態2によれば、メディア暗号化装置の暗号処理判定部102を、圧縮動画像データのうちの各ヘッダの直前から先頭を跨る部分と、各スライスヘッダの終端からマクロブロックデータの先頭を跨る部分とを暗号化する部分として特定するように構成した。このため、ヘッダ領域のスタートコード位置を判別することがより困難になり、安全性をさらに高めることができる。 As described above, according to the second embodiment, the encryption processing determination unit 102 of the media encryption device performs the macroblock data from the portion of the compressed video data that straddles the head immediately before each header and the end of each slice header. The portion straddling the head of the URL is specified as the portion to be encrypted. For this reason, it becomes more difficult to determine the start code position of the header area, and safety can be further improved.
実施の形態3.
 本実施の形態3に係るメディア暗号化装置は、図1に示す上記実施の形態1のメディア暗号化装置と図面上では同様の構成であるため、以下では図1を援用して説明する。上記実施の形態1では、図6に示したように、圧縮動画像データ中の各ヘッダの先頭部分と、各スライスヘッダの終端から可変長符号開始位置を含むマクロブロックデータの先頭を跨る部分とを暗号化した。これに対して、本実施の形態3では、図9に示すように、各ヘッダ全体と、各スライスヘッダの終端から可変長符号開始位置を含むマクロブロックデータの先頭を跨る部分とを暗号化する。 Embodiment 3 FIG.
Since the media encryption apparatus according to the third embodiment has the same configuration as that of the media encryption apparatus according to the first embodiment shown in FIG. 1, the following description will be given with reference to FIG. In the first embodiment, as shown in FIG. 6, the head portion of each header in the compressed moving image data, and the portion straddling the head of the macroblock data including the variable length code start position from the end of each slice header, Was encrypted. On the other hand, in the third embodiment, as shown in FIG. 9, the entire header and the portion straddling the beginning of the macroblock data including the variable length code start position from the end of each slice header are encrypted. .
 従って、暗号処理判定部102は、図9に示す暗号化部分が定義された判定情報に従って、動画像圧縮部101から順次入力される圧縮動画像データの暗号化部分を判定し、暗号処理部103がその判定結果に従って暗号化部分の暗号化処理を行う。 Therefore, the encryption processing determination unit 102 determines the encrypted part of the compressed moving image data sequentially input from the moving image compression unit 101 according to the determination information in which the encrypted part shown in FIG. 9 is defined, and the encryption processing unit 103 Performs encryption processing of the encrypted portion according to the determination result.
 各ヘッダ領域の情報全体を暗号化することにより、上記実施の形態1に比べて暗号化に要する処理量は増えるが、安全性をより高めることができる。 Encrypting the entire information in each header area increases the amount of processing required for encryption as compared with the first embodiment, but can further enhance safety.
 なお、各ヘッダ領域のうち、シーケンスヘッダのようにシーケンス全てに影響する重要なヘッダ領域は全て暗号化し、スライスヘッダのようにスライスにしか影響しないヘッダ領域は上記実施の形態1,2と同様にヘッダ領域の一部(先頭部分、または先頭部分とその直前部分)のみを暗号化しても良い。 Of the header areas, all important header areas that affect all sequences such as sequence headers are encrypted, and header areas that only affect slices such as slice headers are the same as in the first and second embodiments. Only a part of the header area (the head part, or the head part and the part immediately before) may be encrypted.
 本実施の形態3に係るメディア暗号復号装置は、図7に示す上記実施の形態1のメディア暗号復号装置と図面上では同様の構成であり、上述したメディア暗号化装置が暗号化した暗号化圧縮動画像データおよび暗号化部分情報を用いて、上記実施の形態1のメディア暗号復号装置と同様の動作により暗号復号を行う。 The media encryption / decryption device according to Embodiment 3 has the same configuration as the media encryption / decryption device of Embodiment 1 shown in FIG. 7, and the encrypted compression encrypted by the above-described media encryption device. Using the moving image data and the encrypted partial information, encryption / decryption is performed by the same operation as the media encryption / decryption device of the first embodiment.
 以上より、実施の形態3によれば、メディア暗号化装置の暗号処理判定部102を、圧縮動画像データのうちの各ヘッダと、各スライスヘッダの終端からマクロブロックデータの先頭を跨る部分とを暗号化する部分として特定するように構成した。このため、安全性をさらに高めることができる。 As described above, according to the third embodiment, the encryption processing determination unit 102 of the media encryption device performs each header of the compressed moving image data and a portion extending from the end of each slice header to the beginning of the macroblock data. It was configured to be specified as the part to be encrypted. For this reason, safety can be further improved.
実施の形態4.
 本実施の形態4に係るメディア暗号化装置は、図1に示す上記実施の形態1のメディア暗号化装置と図面上では同様の構成であるため、以下では図1を援用して説明する。上記実施の形態1では、図6に示したように、圧縮動画像データ中の各ヘッダの先頭部分と、スライスヘッダの終端から可変長符号開始位置を含むマクロブロックデータの先頭を跨る部分とを暗号化した。これに対して、本実施の形態4では、図10に示すように、各ヘッダの先頭部分と、スライスヘッダの終端から可変長符号開始位置を含むマクロブロックデータの先頭を跨る部分とに加え、さらに、マクロブロックデータの先頭以外の任意部分も暗号化する。 Embodiment 4 FIG.
Since the media encryption apparatus according to the fourth embodiment has the same configuration as that of the media encryption apparatus according to the first embodiment shown in FIG. 1, the following description will be given with reference to FIG. In the first embodiment, as shown in FIG. 6, the head portion of each header in the compressed moving image data and the portion straddling the head of the macroblock data including the variable length code start position from the end of the slice header. Encrypted. In contrast, in the fourth embodiment, as shown in FIG. 10, in addition to the head portion of each header and the portion straddling the head of macroblock data including the variable length code start position from the end of the slice header, Furthermore, any part other than the beginning of the macroblock data is also encrypted.
 マクロブロックデータの先頭以外の任意部分は、完全にランダムに選択しても良いし、またはマクロブロックタイプ等の特定のデータを含む部分を優先的に選択しても良いし、あるいはマクロブロックデータの前半部分を優先的に選択しても良い。これにより、暗号化を行ったストリームに対して復号装置側で暗号復号を行わずに画像伸張処理を行うような場合に、画像の前半部分で可変長復号が失敗して早い段階で画像伸張処理が中断されるようになるので、安全性を高めることができる。 Any part other than the beginning of the macro block data may be selected completely at random, or a part including specific data such as a macro block type may be preferentially selected, or the macro block data The first half may be selected preferentially. As a result, when image decompression processing is performed on the encrypted stream without performing decryption on the decryption device side, variable length decryption fails in the first half of the image and image decompression processing is performed at an early stage. Will be interrupted, so safety can be improved.
 また、安全性を高めるために、画面内符号化ピクチャのマクロブロックデータについては、暗号化部分を増やしても良い。 Also, in order to increase the security, the encrypted portion of the macroblock data of the intra-picture coded picture may be increased.
 また、多くの画像圧縮方式ではDCT(Discrete Cosine Transform)変換処理、および動きベクトルによる動き補償予測処理が用いられている。そこで、動画像圧縮部101がDCT変換処理および動き補償予測処理を行う構成の場合に、安全性を高めるために、画面内符号化ピクチャのマクロブロックデータについては画像を特徴付けるDCT係数の低周波成分部分を暗号化し、画面間符号化ピクチャのマクロブロックデータについては動きベクトル部分を暗号化する等、ピクチャタイプによって暗号化部分を変更しても良い。 In many image compression methods, DCT (Discrete Cosine Transform) conversion processing and motion compensation prediction processing using motion vectors are used. Therefore, in the case where the moving image compression unit 101 is configured to perform DCT conversion processing and motion compensation prediction processing, in order to improve safety, the low-frequency component of the DCT coefficient that characterizes the image for the macroblock data of the intra-picture coded picture. The encrypted portion may be changed depending on the picture type, such as encrypting the portion and encrypting the motion vector portion of the macroblock data of the inter-picture coded picture.
 従って、暗号処理判定部102は、図9に示す暗号化部分が定義された判定情報に従って、動画像圧縮部101から順次入力される圧縮動画像データの暗号化部分を判定し、暗号処理部103がその判定結果に従って暗号化部分の暗号化処理を行う。 Therefore, the encryption processing determination unit 102 determines the encrypted part of the compressed moving image data sequentially input from the moving image compression unit 101 according to the determination information in which the encrypted part shown in FIG. 9 is defined, and the encryption processing unit 103 Performs encryption processing of the encrypted portion according to the determination result.
 マクロブロックデータの先頭以外の任意部分を暗号化して、各マクロブロックデータの暗号化部分を増やすことにより、上記実施の形態1に比べて暗号化に要する処理量は増えるが、安全性をより高めることができる。 By encrypting an arbitrary part other than the head of the macroblock data and increasing the encrypted part of each macroblock data, the processing amount required for the encryption is increased as compared with the first embodiment, but the safety is further improved. be able to.
 なお、上記実施の形態1と同様に各ヘッダ領域の先頭部分を暗号化しているが、これに限定されるものではなく、上記実施の形態2と同様に各ヘッダ領域の直前から先頭を跨る部分を暗号化しても良いし、または上記実施の形態3と同様に各ヘッダ領域全体を暗号化しても良い。 In addition, although the head part of each header area is encrypted as in the first embodiment, the present invention is not limited to this, and a part that straddles the head immediately before each header area as in the second embodiment. May be encrypted, or the entire header area may be encrypted as in the third embodiment.
 本実施の形態4に係るメディア暗号復号装置は、図7に示す上記実施の形態1のメディア暗号復号装置と図面上では同様の構成であり、上述したメディア暗号化装置が暗号化した暗号化圧縮動画像データおよび暗号化部分情報を用いて、上記実施の形態1のメディア暗号復号装置と同様の動作により暗号復号を行う。 The media encryption / decryption device according to the fourth embodiment has the same configuration as that of the media encryption / decryption device of the first embodiment shown in FIG. 7, and the encrypted compression encrypted by the above-described media encryption device. Using the moving image data and the encrypted partial information, encryption / decryption is performed by the same operation as the media encryption / decryption device of the first embodiment.
 以上より、実施の形態4によれば、メディア暗号化装置の暗号処理判定部102を、さらに、圧縮動画像データのうちのマクロブロックデータの先頭以外の任意部分を暗号化する部分として特定するように構成した。このため、安全性をさらに高めることができる。 As described above, according to the fourth embodiment, the encryption processing determination unit 102 of the media encryption apparatus further specifies an arbitrary part other than the beginning of the macroblock data in the compressed moving image data as a part to be encrypted. Configured. For this reason, safety can be further improved.
実施の形態5.
 図11は、本実施の形態5に係るメディア暗号化装置の構成を示すブロック図である。図11に示すメディア暗号化装置は、暗号処理判定部102と、暗号処理部103とから構成される。なお、図11において図1と同一または相当の部分については同一の符号を付し説明を省略する。 Embodiment 5 FIG.
FIG. 11 is a block diagram showing a configuration of the media encryption apparatus according to the fifth embodiment. The media encryption device shown in FIG. 11 includes an encryption processing determination unit 102 and an encryption processing unit 103. 11 that are the same as or equivalent to those in FIG. 1 are denoted by the same reference numerals and description thereof is omitted.
 上記実施の形態1~4に係るメディア暗号化装置は図1に示した通り、動画像圧縮部101が非圧縮動画像データを圧縮しながら、暗号処理判定部102が順次暗号化部分を特定して暗号処理部103で暗号化を行って、暗号化圧縮動画像データと暗号化部分情報とを得る構成であった。これに対して、本実施の形態5に係るメディア暗号化装置は、図11に示す通り動画像圧縮部101を省略して、既に圧縮処理が行われた圧縮動画像データを入力に用いて暗号処理判定部102が暗号化部分を特定し、暗号処理部103で暗号化を行って暗号化圧縮動画像データと暗号化部分情報とを得る構成にする。 In the media encryption devices according to the first to fourth embodiments, as shown in FIG. 1, while the moving image compression unit 101 compresses uncompressed moving image data, the encryption processing determination unit 102 sequentially specifies the encrypted portions. Thus, the encryption processing unit 103 performs encryption to obtain encrypted compressed moving image data and encrypted partial information. On the other hand, the media encryption apparatus according to the fifth embodiment omits the moving image compression unit 101 as shown in FIG. 11, and uses compressed moving image data that has already been subjected to compression processing as an input for encryption. The process determining unit 102 identifies the encrypted part, and the encryption process unit 103 performs encryption to obtain encrypted compressed moving image data and encrypted part information.
 以上より、実施の形態5によれば、メディア暗号化装置を、動画像データが圧縮されてなる、当該動画像データの基本情報を格納したヘッダと当該動画像データの可変長符号を格納したマクロブロックデータとを含む圧縮動画像データが入力されると、ヘッダおよびマクロブロックデータそれぞれの所定部分を暗号化する部分として特定する暗号処理判定部102と、圧縮動画像データのうち、暗号処理判定部102が特定した部分を暗号化する暗号処理部103とを備えるように構成した。このため、既に圧縮処理が行われた圧縮動画像データから暗号化圧縮動画像データを生成することができる。 As described above, according to the fifth embodiment, the media encryption apparatus is a macro in which moving image data is compressed, a header storing basic information of the moving image data, and a variable length code of the moving image data are stored. When compressed moving image data including block data is input, an encryption processing determination unit 102 that identifies a predetermined portion of each of the header and macroblock data as an encrypted portion, and among the compressed moving image data, an encryption processing determination unit An encryption processing unit 103 that encrypts the part identified by 102 is configured. Therefore, encrypted compressed moving image data can be generated from the compressed moving image data that has already been subjected to compression processing.
 なお、上記実施の形態1~5に係るメディア暗号化装置をコンピュータで構成する場合、動画像圧縮部101、暗号処理判定部102、暗号処理部103等の処理内容を記述しているメディア暗号化プログラムをコンピュータのメモリに格納し、コンピュータのCPUがメモリに格納されているメディア暗号化プログラムを実行するようにしてもよい。
 同様に、上記実施の形態1~5に係るメディア暗号復号装置をコンピュータで構成する場合、暗号復号処理部104、動画像伸張部105等の処理内容を記述しているメディア暗号復号プログラムをコンピュータのメモリに格納し、コンピュータのCPUがメモリに格納されているメディア暗号復号プログラムを実行するようにしてもよい。 When the media encryption apparatus according to Embodiments 1 to 5 is configured by a computer, media encryption describing the processing contents of the moving image compression unit 101, the encryption processing determination unit 102, the encryption processing unit 103, etc. The program may be stored in the memory of the computer, and the CPU of the computer may execute the media encryption program stored in the memory.
Similarly, when the media encryption / decryption devices according to Embodiments 1 to 5 are configured by a computer, a media encryption / decryption program describing the processing contents of the encryption / decryption processing unit 104, the moving image decompression unit 105, and the like is stored in the computer. The media encryption / decryption program stored in the memory may be executed by the CPU of the computer.
実施の形態6.
 本実施の形態6では、メディアファイルフォーマットに多重化された動画像データを暗号化および暗号復号する構成のメディア暗号化装置およびメディア暗号復号装置を説明する。以下では、圧縮動画像データを多重化可能な各種メディアファイルフォーマットのうち、MPEG-4形式のメディアファイルフォーマット(以下、MP4と呼ぶ)を例に用いて説明する。また、動画像圧縮方式として、H.264方式を利用するものとする。 Embodiment 6 FIG.
In the sixth embodiment, a media encryption device and a media encryption / decryption device configured to encrypt and decrypt video data multiplexed in a media file format will be described. In the following description, an MPEG-4 media file format (hereinafter referred to as MP4) among various media file formats capable of multiplexing compressed moving image data will be described as an example. As a moving image compression method, H.264 is used. The H.264 system is used.
 図12は、本実施の形態6に係るメディア暗号化装置の構成を示すブロック図である。図12に示すメディア暗号化装置は、非圧縮動画像データをH.264方式の圧縮動画像データ(圧縮メディアデータ、以下、H.264動画像データと呼ぶ)に圧縮する動画像圧縮部(メディア圧縮部)106と、H.264動画像データをMP4に多重化および暗号化して暗号化MP4データ(暗号化圧縮メディアファイルフォーマット)を生成する暗号化MP4生成部(暗号化メディアファイルフォーマット作成部)107とから構成される。 FIG. 12 is a block diagram showing the configuration of the media encryption device according to the sixth embodiment. The media encryption device shown in FIG. H.264 format compressed moving image data (compressed media data, hereinafter referred to as H.264 moving image data), a moving image compressing unit (media compressing unit) 106; An H.264 moving image data is composed of an encrypted MP4 generation unit (encrypted media file format creation unit) 107 that generates encrypted MP4 data (encrypted compressed media file format) by multiplexing and encrypting the moving image data on MP4.
 以下、各処理ブロックを説明する。
 動画像圧縮部106は、非圧縮動画像データをH.264方式で圧縮してH.264動画像データを出力すると共に、H.264動画像解析データを出力する。このH.264動画像解析データとは、各ピクチャのサイズを示すサイズ情報であり、後段のMP4データ生成に必要なデータである。 Hereinafter, each processing block will be described.
The moving image compression unit 106 converts the uncompressed moving image data to H.264. H.264 format for compression. H.264 moving image data is output. H.264 moving image analysis data is output. This H. H.264 moving image analysis data is size information indicating the size of each picture, and is data necessary for generating MP4 data in the subsequent stage.
 暗号化MP4生成部107は、動画像圧縮部106から順次入力されるH.264動画像データおよびH.264動画像解析データと、別途入力される暗号鍵とを用いて、暗号化MP4データとMP4暗号化部分情報とを生成する。 Encrypted MP4 generation unit 107 is an H.264 that is sequentially input from moving image compression unit 106. H.264 video data and H.264 video data. The encrypted MP4 data and the MP4 encrypted partial information are generated using the H.264 moving image analysis data and the encryption key input separately.
 ここで、MP4ファイルの構造を説明する。
 MP4ファイルはボックスと呼ばれるデータ構造を有する。図13に、MP4ファイルのボックスの構造を示す。ボックスの構造は、図13に示すようにボックス長(4バイト)、ボックス名称(4バイト)、データ(ボックス長で指定されたデータサイズ-8バイト)からなる。ボックスは、ボックス名称によって、データ部分のフォーマットおよび内容が決定される。また、ボックスは入れ子になる場合もある。 Here, the structure of the MP4 file will be described.
An MP4 file has a data structure called a box. FIG. 13 shows the structure of the MP4 file box. As shown in FIG. 13, the box structure includes a box length (4 bytes), a box name (4 bytes), and data (data size specified by the box length—8 bytes). The format and contents of the data part of the box are determined by the box name. Boxes may also be nested.
 図14は、MP4ファイルのデータ構造の一例を示す図である。図14ではMPEG-4形式のメディアファイルフォーマットの最も単純なファイル構成を示しており、このMP4ファイルはFTYP(ファイルタイプ)ボックス、MOOV(ムービー)ボックス、MDAT(メディアデータ)ボックスからなる。ただし、MOOVボックスは、後述するように、内部に複数のボックスが入れ子になって形成されたツリー構造を有する。 FIG. 14 is a diagram showing an example of the data structure of the MP4 file. FIG. 14 shows the simplest file structure of the media file format of the MPEG-4 format. This MP4 file is composed of an FTYP (file type) box, a MOOV (movie) box, and an MDAT (media data) box. However, the MOOV box has a tree structure in which a plurality of boxes are nested inside, as will be described later.
 MOOVボックスには、メディアデータ(動画像データ)の基本情報が記録される。例えば、映像の長さ、幅、高さ、音声のサンプリング周波数等である。それ以外にも、MP4ファイル内にどのようなメディアデータがどの大きさ(サイズ)で多重化されているかを記録している。
 このMOOVボックスが、基本情報多重化領域を構成する。 Basic information of media data (moving image data) is recorded in the MOOV box. For example, video length, width, height, audio sampling frequency, and the like. In addition, what kind of media data is multiplexed in what size (size) in the MP4 file is recorded.
This MOOV box constitutes a basic information multiplexing area.
 次に、MOOVボックス内に入れ子になっているボックスを説明し、上述の情報がどのように記録されるかを述べる。
 MOOVボックス内には、STSZ(またはSTZ2、以下、STSZについて述べるときはSTZ2と置き換えてもよい)というボックスが存在する。このSTSZボックスには、サンプルのサイズが記録される。ここで、サンプルのサイズとは、メディアデータが映像であれば各フレームのサイズとなり、メディアデータが音声であれば決められた時間単位のデータのサイズとなる。従って、このSTSZボックスの内容から、各メディアデータのMP4ファイル中におけるサイズを知ることができる。 Next, boxes nested within the MOOV box are described and how the above information is recorded.
Within the MOOV box, there is a box called STSZ (or STZ2, which may be replaced with STZ2 when STSZ is described below). In the STSZ box, the size of the sample is recorded. Here, the sample size is the size of each frame if the media data is video, and the size of the data in a determined time unit if the media data is audio. Therefore, the size of each media data in the MP4 file can be known from the contents of the STSZ box.
 この他、MOOVボックス内には、STCO(またはCO64、以下、STCOについて述べるときはCO64と置き換えてもよい)というボックスが存在する。このSTCOボックスには、MP4ファイル内におけるチャンクの位置が記録される。チャンクとは、1以上のサンプルをまとめたものであり、メディアデータが映像であれば1以上の映像フレームをひとまとめにしたものであり、メディアデータが音声であれば1以上の決められた時間単位のデータをまとめたものである。 In addition, a box called STCO (or CO64, which may be replaced with CO64 when STCO is described below) exists in the MOOV box. In this STCO box, the position of the chunk in the MP4 file is recorded. A chunk is a group of one or more samples. If media data is video, it is a group of one or more video frames. If media data is audio, one or more predetermined time units are used. This is a summary of the data.
 さらに、MOOVボックス内には、STSCというボックスが存在する。このSTSCボックスには、チャンクにおけるサンプルの数が記録される。従って、STSZボックス、STCOボックスおよびSTSCボックスの内容から、各サンプルの位置とサイズとを求めることができる。 Furthermore, there is a box called STSC in the MOOV box. In this STSC box, the number of samples in the chunk is recorded. Therefore, the position and size of each sample can be obtained from the contents of the STSZ box, STCO box, and STSC box.
 MDATボックスは、映像または音声等の実際のメディアデータを多重化しているボックスである。特に、H.264動画像データを多重化した場合のMDATボックスの構造を図15に示す。図15に示すピクチャデータとは、H.264方式で圧縮された圧縮動画像データの各ピクチャのデータである。また、サイズとは、各ピクチャのデータのサイズである。つまり、各ピクチャのデータのサイズが容易に分かる構造になっている。
 このMDATボックスのサイズがサイズ情報多重化領域を構成し、ピクチャデータが可変長符号多重化領域を構成する。 The MDAT box is a box in which actual media data such as video or audio is multiplexed. In particular, H.C. FIG. 15 shows the structure of the MDAT box when H.264 moving image data is multiplexed. The picture data shown in FIG. This is data of each picture of compressed moving image data compressed by the H.264 system. The size is the size of data of each picture. That is, the structure is such that the size of each picture data can be easily understood.
The size of the MDAT box constitutes a size information multiplexing area, and the picture data constitutes a variable length code multiplexing area.
 暗号化MP4生成部107が、以上述べたようなMP4ファイル構造のデータ(圧縮メディアファイルフォーマット)を生成する際に、各ピクチャのサイズのデータであるH.264動画像解析データを用いて、STSZ、STCOおよびSTSCボックスを生成すると共に、MDATボックス内の各ピクチャのデータのサイズを決定する。 When the encrypted MP4 generation unit 107 generates the MP4 file structure data (compressed media file format) as described above, the H.P. H.264 moving image analysis data is used to generate STSZ, STCO, and STSC boxes and to determine the size of data for each picture in the MDAT box.
 また、暗号化MP4生成部107は、以上述べたようなMP4ファイル構造のデータのうち、MOOVボックスの一部とMDATボックスの一部を暗号化して、暗号化MP4データを生成する。
 MOOVボックス中で暗号化を行う部分(基本情報多重化領域の任意部分)は、STSZ、STCOおよびSTSCボックスとする。これにより、H.264動画像データの位置およびサイズの特定を困難にすることができる。ただし、暗号化MP4生成部107の暗号化処理能力に余裕がある場合または安全性をより高めたい場合には、MOOVボックスのその他の部分を暗号化しても良い。 In addition, the encrypted MP4 generation unit 107 generates encrypted MP4 data by encrypting a part of the MOOV box and a part of the MDAT box among the data having the MP4 file structure as described above.
The portions to be encrypted in the MOOV box (arbitrary portions of the basic information multiplexing area) are the STSZ, STCO, and STSC boxes. As a result, H.C. It is possible to make it difficult to specify the position and size of H.264 moving image data. However, when there is a margin in the encryption processing capacity of the encrypted MP4 generation unit 107 or when it is desired to further increase the security, the other part of the MOOV box may be encrypted.
 図16は、MP4データ中の暗号化される部分の一例を示す図である。MDATボックス中で暗号化を行う部分は、図16に示すように、MDATボックス中のサイズ(サイズ情報多重化領域)全体と、サイズの終端からピクチャデータ(可変長符号多重化領域)の先頭を跨る部分とする。このとき、ピクチャデータに関しては、可変長符号の開始位置を含むようにする。サイズから可変長符号開始位置を含むピクチャデータの先頭を跨る部分を暗号化することで、ピクチャのサイズの特定を困難にすると共に、可変長復号を困難とし、安全性を高めることができる。 FIG. 16 is a diagram showing an example of an encrypted part in MP4 data. As shown in FIG. 16, the portion to be encrypted in the MDAT box includes the entire size (size information multiplexing area) in the MDAT box and the beginning of the picture data (variable length code multiplexing area) from the end of the size. The straddle part. At this time, the picture data includes the start position of the variable length code. By encrypting the portion of the picture data including the start position of the variable length code including the variable length code start position from the size, it is difficult to specify the size of the picture, making variable length decoding difficult, and improving the safety.
 このように、暗号化MP4生成部107は、図16に示す部分を暗号化した暗号化MP4データと、暗号化MP4データの暗号化部分を示すMP4暗号化部分情報とを生成し、出力する。 As described above, the encrypted MP4 generation unit 107 generates and outputs encrypted MP4 data obtained by encrypting the part illustrated in FIG. 16 and MP4 encrypted part information indicating the encrypted part of the encrypted MP4 data.
 次に、暗号化MP4データの暗号復号を行うメディア暗号復号装置を説明する。
 図17は、本実施の形態6に係るメディア暗号復号装置の構成を示すブロック図である。図17に示すメディア暗号復号装置は、前述のメディア暗号化装置から出力された暗号化MP4データ(暗号化圧縮メディアファイルフォーマット)を入力に用いて、暗号化MP4データ中の暗号化された部分を暗号復号して平文のMP4データ(圧縮メディアファイルフォーマット)を生成する暗号化MP4暗号復号部(暗号復号処理部)108と、MP4データを解析してH.264動画像データ(圧縮メディアデータ)を生成するMP4解析部(メディアファイルフォーマット解析部)109と、H.264動画像データを伸張して非圧縮動画像データを生成する動画像伸張部(メディア伸張部)110とから構成される。 Next, a media encryption / decryption device that performs encryption / decryption of encrypted MP4 data will be described.
FIG. 17 is a block diagram showing the configuration of the media encryption / decryption device according to the sixth embodiment. The media encryption / decryption device shown in FIG. 17 uses the encrypted MP4 data (encrypted compressed media file format) output from the above-described media encryption device as an input, and uses the encrypted portion in the encrypted MP4 data. An encrypted MP4 encryption / decryption unit (encryption / decryption processing unit) 108 that generates plaintext MP4 data (compressed media file format) by decryption and H.264 MP4 analysis unit (media file format analysis unit) 109 that generates H.264 moving image data (compressed media data); A moving image expansion unit (media expansion unit) 110 that expands H.264 moving image data to generate uncompressed moving image data.
 以下、各処理ブロックを説明する。
 暗号化MP4暗号復号部108は、MP4暗号化部分情報および暗号化MP4データが入力されると、MP4暗号化部分情報から暗号化MP4データの図16に示した暗号化部分を特定し、別途入力される暗号鍵を用いて、その暗号化部分の暗号復号を行い、平文となったMP4データを得る。得られたMP4データはMP4解析部109に出力される。 Hereinafter, each processing block will be described.
When the MP4 encrypted part information and the encrypted MP4 data are input, the encrypted MP4 encryption / decryption unit 108 specifies the encrypted part shown in FIG. 16 of the encrypted MP4 data from the MP4 encrypted part information and inputs it separately. The encrypted part is encrypted and decrypted using the encryption key to obtain MP4 data in plain text. The obtained MP4 data is output to the MP4 analysis unit 109.
 MP4解析部109は、暗号化MP4データのうち、MOOVボックスの一部であるSTSZ、STCOおよびSTSCボックスと、MDATボックスの一部であるサイズと、サイズの終端からピクチャデータの先頭を跨る部分とを暗号復号すればよいので、小さな処理量で暗号復号が可能である。 The MP4 analysis unit 109 includes, among the encrypted MP4 data, STSZ, STCO, and STSC boxes that are a part of the MOOV box, a size that is a part of the MDAT box, and a part that extends from the end of the size to the top of the picture data. Therefore, encryption / decryption is possible with a small amount of processing.
 MP4解析部109は、MP4データの解析を行って、H.264動画像データを取り出し、動画像伸張部110に出力する。 MP4 analysis unit 109 analyzes the MP4 data, H.264 moving image data is extracted and output to the moving image decompression unit 110.
 動画像伸張部110は、H.264動画像データの伸張処理を行い、非圧縮動画像データを得る。 The moving image decompression unit 110 is H.264. H.264 moving image data is decompressed to obtain uncompressed moving image data.
 以上より、実施の形態6によれば、メディア暗号化装置を、動画像データを圧縮して、当該動画像データのサイズ情報であるH.264動画像解析データと当該動画像データの可変長符号を含むH.264動画像データとを生成する動画像圧縮部106と、動画像圧縮部106からH.264動画像データが入力されると、H.264動画像解析データに基づいてH.264動画像データの基本情報を決定し、MP4に基本情報、サイズ情報および可変長符号を多重化してMOOVボックスおよびMDATボックスを含むMP4データを生成し、MOOVボックスの一部であるSTSZ、STCOおよびSTSCボックスと、MDATボックスの一部であるサイズと、サイズの終端からピクチャデータの先頭を跨る部分とを暗号化する暗号化MP4生成部107とを備えるように構成した。このため、暗号化に要する処理を大幅に削減しつつ、攻撃に十分耐えうる安全性の高いMP4データの暗号化が可能になる。 As described above, according to the sixth embodiment, the media encryption apparatus compresses the moving image data, and the H.03 which is the size information of the moving image data. H.264 moving image analysis data and a variable length code of the moving image data. H.264 moving image data is generated from the moving image compression unit 106. H.264 moving image data is input, Based on H.264 moving image analysis data. H.264 moving picture data basic information is determined, MP4 data including MOOV box and MDAT box is generated by multiplexing basic information, size information and variable length code on MP4, and STSZ, STCO, which are part of MOOV box, and An STSC box, a size that is a part of the MDAT box, and an encrypted MP4 generation unit 107 that encrypts a portion that extends from the end of the size to the beginning of the picture data are configured. Therefore, it is possible to encrypt MP4 data with high security that can sufficiently withstand an attack while greatly reducing the processing required for encryption.
 また、実施の形態6によれば、メディア暗号復号装置を、暗号化MP4データと共に、当該暗号化MP4データの暗号化された部分を示すMP4暗号化部分情報が入力されると、MP4暗号化部分情報が示すMOOVボックスの一部であるSTSZ、STCOおよびSTSCボックスと、MDATボックスの一部であるサイズと、サイズの終端からピクチャデータの先頭を跨る部分とを暗号復号してMP4データを生成する暗号化MP4暗号復号部108と、MP4データを解析して、H.264動画像データを生成するMP4解析部109と、H.264動画像データを伸張する動画像伸張部110とを備えるように構成した。このため、暗号復号を行う際も、小さな処理量で暗号復号が可能になる。 Further, according to the sixth embodiment, when MP4 encrypted portion information indicating an encrypted portion of the encrypted MP4 data is input together with the encrypted MP4 data, the media encryption / decryption device receives the MP4 encrypted portion. MP4 data is generated by decrypting the STSZ, STCO, and STSC boxes that are part of the MOOV box indicated by the information, the size that is part of the MDAT box, and the part that extends from the end of the size to the beginning of the picture data. The encrypted MP4 encryption / decryption unit 108 analyzes the MP4 data, MP4 analysis unit 109 that generates H.264 moving image data; And a moving image expansion unit 110 that expands H.264 moving image data. For this reason, encryption / decryption can be performed with a small processing amount when performing encryption / decryption.
実施の形態7.
 本実施の形態7に係るメディア暗号化装置は、図12に示す上記実施の形態6のメディア暗号化装置と図面上では同様の構成であるため、以下では図12を援用して説明する。上記実施の形態6では、MP4データにおけるMOOVボックスの一部のSTSZ、STCOおよびSTSCボックスと、MDATボックス中のサイズと、サイズの終端から可変長符号開始位置を含むピクチャデータの先頭を跨る部分とを暗号化した。これに対して、本実施の形態7の暗号化MP4生成部107は、MP4データにおけるMOOVボックスの一部のSTSZ、STCOおよびSTSCボックスと、図18に示すように、MDATボックス中のサイズと、サイズの終端から可変長符号開始位置を含むピクチャデータの先頭を跨る部分とに加え、さらに、MDATボックスのサイズの直前部分(サイズ情報多重化領域の直前部分)も暗号化する。 Embodiment 7 FIG.
Since the media encryption apparatus according to the seventh embodiment has the same configuration as that of the media encryption apparatus according to the sixth embodiment shown in FIG. 12, the following description will be given with reference to FIG. In the sixth embodiment, a part of the MOOV box in the MP4 data, the STSZ, STCO, and STSC boxes, the size in the MDAT box, and the part straddling the beginning of the picture data including the variable length code start position from the end of the size, Was encrypted. On the other hand, the encrypted MP4 generation unit 107 of the seventh embodiment includes a part of the STOV, STCO and STSC boxes of the MOOV box in the MP4 data, and the size in the MDAT box as shown in FIG. In addition to the portion extending from the end of the size to the beginning of the picture data including the variable length code start position, the portion immediately preceding the size of the MDAT box (the portion immediately preceding the size information multiplexing area) is also encrypted.
 サイズの直前部分を暗号化することにより、上記実施の形態6に比べて暗号化に要する処理量は増えるが、各ピクチャデータのサイズの位置およびサイズそのものの特定が困難になり、安全性を高めることができる。 Encrypting the immediately preceding portion of the size increases the amount of processing required for encryption as compared with the sixth embodiment, but it becomes difficult to specify the position of the size of each picture data and the size itself, thereby improving safety. be able to.
 本実施の形態7に係るメディア暗号復号装置は、図17に示す上記実施の形態6のメディア暗号復号装置と図面上では同様の構成であり、上述したメディア暗号化装置が暗号化した暗号化MP4データおよびMP4暗号化部分情報を用いて、上記実施の形態6のメディア暗号復号装置と同様の動作により暗号復号を行う。 The media encryption / decryption device according to the seventh embodiment has the same configuration as that of the media encryption / decryption device according to the sixth embodiment shown in FIG. 17, and the encrypted MP4 encrypted by the above-described media encryption device. Using the data and the MP4 encrypted partial information, encryption / decryption is performed by the same operation as the media encryption / decryption apparatus of the sixth embodiment.
 以上より、実施の形態7によれば、メディア暗号化装置の暗号化MP4生成部107を、MP4データのうちのMOOVボックスの一部のSTSZ、STCOおよびSTSCボックスと、MDATボックス中のサイズの直前部分と、サイズと、サイズの終端からピクチャデータの先頭を跨る部分とを暗号化するように構成した。このため、各ピクチャデータのサイズの位置およびサイズそのものの特定が困難になり、安全性をより高めることができる。 As described above, according to the seventh embodiment, the encrypted MP4 generation unit 107 of the media encryption apparatus sets the STSZ, STCO, and STSC boxes that are part of the MOOV box in the MP4 data and the size immediately before the size in the MDAT box. The portion, the size, and the portion extending from the end of the size to the beginning of the picture data are encrypted. For this reason, it becomes difficult to specify the position of the size of each picture data and the size itself, and the safety can be further improved.
実施の形態8.
 本実施の形態8に係るメディア暗号化装置は、図12に示す上記実施の形態6のメディア暗号化装置と図面上では同様の構成であるため、以下では図12を援用して説明する。上記実施の形態6では、MP4データにおけるMOOVボックスの一部のSTSZ、STCOおよびSTSCボックスと、MDATボックス中のサイズと、可変長符号開始位置を含むピクチャデータの先頭を跨る部分とを暗号化した。これに対して、本実施の形態8の暗号化MP4生成部107は、MP4データにおけるMOOVボックスの一部のSTSZ、STCOおよびSTSCボックスと、図19に示すように、MDATボックス中のサイズと、サイズの終端から可変長符号開始位置を含むピクチャデータの先頭を跨る部分とに加え、さらに、MDATボックスのピクチャデータの先頭以外の任意部分(可変長符号多重化領域の先頭以外の任意部分)も暗号化する。 Embodiment 8 FIG.
Since the media encryption device according to the eighth embodiment has the same configuration as that of the media encryption device according to the sixth embodiment shown in FIG. 12, the following description will be given with reference to FIG. In the sixth embodiment, the STSZ, STCO, and STSC boxes that are part of the MOOV box in the MP4 data, the size in the MDAT box, and the part that straddles the beginning of the picture data including the variable length code start position are encrypted. . On the other hand, the encrypted MP4 generation unit 107 of the eighth embodiment includes a part of the STOV, STCO and STSC boxes of the MOOV box in the MP4 data, and the size in the MDAT box as shown in FIG. In addition to the portion extending from the end of the size to the beginning of the picture data including the variable length code start position, there is also an arbitrary portion other than the beginning of the MDAT box picture data (an arbitrary portion other than the beginning of the variable length code multiplexing area) Encrypt.
 MDATボックスのピクチャデータの先頭以外の任意部分は、完全にランダムに選択しても良いし、またはマクロブロックタイプ等の特定のデータを含む部分を優先的に選択しても良いし、あるいはピクチャデータの前半部分を優先的に選択しても良い。これにより、暗号化を行ったストリームに対して復号装置側で暗号復号を行わずに画像伸張処理を行うような場合に、画像の前半部分で可変長復号が失敗して早い段階で画像伸張処理が中断されるようになるので、安全性を高めることができる。 Arbitrary portions other than the head of picture data in the MDAT box may be selected completely randomly, or a portion including specific data such as a macroblock type may be preferentially selected, or picture data The first half of the may be preferentially selected. As a result, when image decompression processing is performed on the encrypted stream without performing decryption on the decryption device side, variable length decryption fails in the first half of the image and image decompression processing is performed at an early stage. Will be interrupted, so safety can be improved.
 また、安全性を高めるために、画面内符号化ピクチャのピクチャデータに含まれるマクロブロックデータについては、暗号化部分を増やしても良い。 Also, in order to increase safety, the encrypted portion of the macroblock data included in the picture data of the intra-picture encoded picture may be increased.
 また、動画像圧縮部106のH.264動画像圧縮方式では、4画素×4ラインの整数精度変換処理、および動きベクトルによる動き補償予測処理が用いられている。そこで、安全性を高めるために、画面内符号化ピクチャデータに含まれるマクロブロックデータについては画像を特徴付ける整数精度変換係数の低周波成分部分を暗号化し、画面間符号化ピクチャデータに含まれるマクロブロックデータについては動きベクトル部分を暗号化する等、ピクチャタイプによって暗号化部分を変更しても良い。 In addition, the H.D. In the H.264 video compression method, 4 pixel × 4 line integer precision conversion processing and motion compensation prediction processing using motion vectors are used. Therefore, in order to increase safety, the macroblock data included in the intra-picture coded picture data is encrypted with respect to the macro-block data included in the inter-picture coded picture data. For data, the encrypted portion may be changed depending on the picture type, such as encrypting the motion vector portion.
 MDATボックスのピクチャデータの先頭以外の任意部分を暗号化して、各ピクチャデータの暗号化部分を増やすことにより、上記実施の形態6に比べて暗号化に要する処理量は増えるが、安全性をより高めることができる。 By encrypting an arbitrary part other than the head of the picture data in the MDAT box and increasing the encrypted part of each picture data, the processing amount required for the encryption is increased as compared with the sixth embodiment, but the safety is further improved. Can be increased.
 なお、上記実施の形態7と同様にMDATボックスのサイズの直線部分に相当するピクチャデータの終端部分も暗号化しても良い。 Note that the end portion of the picture data corresponding to the straight portion of the size of the MDAT box may be encrypted as in the seventh embodiment.
 本実施の形態8に係るメディア暗号復号装置は、図17に示す上記実施の形態6のメディア暗号復号装置と図面上では同様の構成であり、上述したメディア暗号化装置が暗号化した暗号化MP4データおよびMP4暗号化部分情報を用いて、上記実施の形態6のメディア暗号復号装置と同様の動作により暗号復号を行う。 The media encryption / decryption device according to the eighth embodiment has the same configuration as that of the media encryption / decryption device according to the sixth embodiment shown in FIG. 17, and the encrypted MP4 encrypted by the above-described media encryption device. Using the data and the MP4 encrypted partial information, encryption / decryption is performed by the same operation as the media encryption / decryption apparatus of the sixth embodiment.
 以上より、実施の形態8によれば、メディア暗号化装置の暗号化MP4生成部107を、MP4データのうちのMOOVボックスの一部のSTSZ、STCOおよびSTSCボックスと、MDATボックス中のサイズと、サイズの終端からピクチャデータの先頭を跨る部分と、ピクチャデータの先頭以外の任意部分とを暗号化するように構成した。このため、安全性をより高めることができる。 As described above, according to the eighth embodiment, the encrypted MP4 generation unit 107 of the media encryption apparatus performs the STSZ, STCO, and STSC boxes as part of the MOOV box in the MP4 data, the size in the MDAT box, A portion extending from the end of the size to the top of the picture data and an arbitrary portion other than the top of the picture data are encrypted. For this reason, safety can be further improved.
実施の形態9.
 図20は、本実施の形態9に係るメディア暗号化装置の構成を示すブロック図である。図20に示すメディア暗号化装置は、H.264動画像データを解析して各ピクチャのサイズ情報であるH.264動画像解析データを出力する動画像解析部111と、暗号化MP4生成部107とから構成される。暗号化MP4生成部107は、図12に示した上記実施の形態6の暗号化MP4生成部107と同様のため説明を省略する。 Embodiment 9 FIG.
FIG. 20 is a block diagram showing a configuration of the media encryption apparatus according to the ninth embodiment. The media encryption device shown in FIG. H.264 moving image data is analyzed, and the size information of each picture is H.264. A moving image analysis unit 111 that outputs H.264 moving image analysis data and an encrypted MP4 generation unit 107 are configured. The encrypted MP4 generation unit 107 is the same as the encrypted MP4 generation unit 107 of the sixth embodiment shown in FIG.
 上記実施の形態6~8に係るメディア暗号化装置は図12に示したとおり、動画像圧縮部106が非圧縮動画像データをH.264動画像データに圧縮すると共にH.264動画像解析データを生成し、暗号化MP4生成部107が多重化および暗号化を行って、暗号化MP4データを得る構成であった。これに対して、本実施の形態9に係るメディア暗号化装置は、図20に示す通り動画像圧縮部106の代わりに動画像解析部111を備え、既に圧縮処理が行われたH.264動画像データを用いて動画像解析部111がH.264動画像解析データを生成し、暗号化MP4生成部107がH.264動画像データと得られたH.264動画像解析データとを用いて多重化および暗号化を行い、暗号化MP4データおよびMP4暗号化部分情報を出力する構成にする。 In the media encryption apparatuses according to the above sixth to eighth embodiments, as shown in FIG. 12, the moving image compression unit 106 converts the uncompressed moving image data to H.264. H.264 moving image data and H.264 The H.264 moving image analysis data is generated, and the encrypted MP4 generation unit 107 performs multiplexing and encryption to obtain encrypted MP4 data. In contrast, the media encryption device according to the ninth embodiment includes a moving image analysis unit 111 instead of the moving image compression unit 106 as shown in FIG. The moving image analysis unit 111 uses the H.264 moving image data. H.264 moving image analysis data is generated. H.264 moving image data and the obtained H.264. H.264 moving image analysis data is used for multiplexing and encryption to output encrypted MP4 data and MP4 encrypted partial information.
 以上より、実施の形態9によれば、メディア暗号化装置を、動画像データが圧縮されてなる、当該動画像データの可変長符号を含むH.264動画像データが入力されると、H.264動画像データを解析して、動画像データのサイズ情報であるH.264動画像解析データを生成する動画像解析部111と、このH.264動画像解析データに基づいてH.264動画像データの基本情報を決定し、MP4に基本情報、サイズ情報および可変長符号を多重化してMOOVボックスおよびMDATボックスを含むMP4データを生成し、MOOVボックスおよびMDATボックスそれぞれの所定部分を暗号化する暗号化MP4生成部107とを備えるように構成した。このため、既に圧縮処理が行われたH.264動画像データから暗号化MP4データを生成することができる。 As described above, according to the ninth embodiment, the media encryption apparatus is provided with an H.264 including a variable length code of the moving image data, which is the compressed moving image data. H.264 moving image data is input, H.264 moving image data is analyzed, and the size information of moving image data is H.264. H.264 moving image analysis data is generated. Based on H.264 moving image analysis data. H.264 Basic information of moving image data is determined, MP4 data including MOOV box and MDAT box is generated by multiplexing basic information, size information and variable length code on MP4, and predetermined parts of MOOV box and MDAT box are encrypted And an encrypted MP4 generation unit 107 to be configured. For this reason, H. already compressed has been performed. Encrypted MP4 data can be generated from H.264 video data.
 なお、上記実施の形態6~9に係るメディア暗号化装置をコンピュータで構成する場合、動画像圧縮部106、暗号化MP4生成部107、動画像解析部111等の処理内容を記述しているメディア暗号化プログラムをコンピュータのメモリに格納し、コンピュータのCPUがメモリに格納されているメディア暗号化プログラムを実行するようにしてもよい。
 同様に、上記実施の形態6~9に係るメディア暗号復号装置をコンピュータで構成する場合、暗号化MP4暗号復号部108、MP4解析部109、動画像伸張部110等の処理内容を記述しているメディア暗号復号プログラムをコンピュータのメモリに格納し、コンピュータのCPUがメモリに格納されているメディア暗号復号プログラムを実行するようにしてもよい。 In the case where the media encryption apparatus according to Embodiments 6 to 9 is configured by a computer, media describing processing contents such as the moving image compression unit 106, the encrypted MP4 generation unit 107, the moving image analysis unit 111, and the like. The encryption program may be stored in a computer memory, and the computer CPU may execute the media encryption program stored in the memory.
Similarly, when the media encryption / decryption devices according to Embodiments 6 to 9 are configured by a computer, the processing contents of the encrypted MP4 encryption / decryption unit 108, the MP4 analysis unit 109, the moving image decompression unit 110, and the like are described. The media encryption / decryption program may be stored in the memory of the computer, and the CPU of the computer may execute the media encryption / decryption program stored in the memory.
 また、上記実施の形態1~9では、暗号化対象のメディアデータとして動画像データを例に用いて説明したが、データの種類はこれに限定されるものではなく、ヘッダ領域と可変長符号領域とを含む、または基本情報多重化領域とサイズ情報多重化領域と可変長符号多重化領域とを含む音声データ、静止画データ等のメディアデータであってもよい。このようなメディアデータにおいても、ヘッダ領域または基本情報多重化領域に含まれる再生に必要な基本情報(音声データであればチャンネル数、サンプリング周波数およびビット深度等、静止画データであれば画像幅、高さ、ビット深度および量子化パラメータ等)と、ヘッダ領域またはサイズ情報多重化領域から可変長符号開始位置を跨る部分とを暗号化することにより、暗号に要する処理を大幅に削減しながら、安全性の高い暗号化メディアデータを生成することができる。 In the first to ninth embodiments, moving image data is used as an example of media data to be encrypted. However, the type of data is not limited to this, and a header area and a variable-length code area are used. Or media data such as audio data and still image data including a basic information multiplexing area, a size information multiplexing area, and a variable length code multiplexing area. Even in such media data, basic information necessary for reproduction included in the header area or the basic information multiplexing area (such as the number of channels, sampling frequency and bit depth for audio data, image width for still image data, By encrypting the height, bit depth, quantization parameter, etc.) and the part that spans the variable length code start position from the header area or the size information multiplexing area, the processing required for encryption is greatly reduced, and safety is ensured. Highly encrypted media data can be generated.
 以上のように、この発明に係るメディア暗号化装置、メディア暗号復号装置、メディア暗号化方法およびメディア暗号復号方法は、暗号化されたデータ量が小さいことにより、暗号復号時の処理量も十分小さくすることが可能なメディア暗号復号装置およびメディア暗号復号方法を得ることができるため、メディアデータを暗号化して保護するためのメディア暗号化装置およびメディア暗号化方法、ならびに暗号化により保護されたメディアデータを復号するためのメディア暗号復号装置およびメディア暗号復号方法等に用いるのに適している。 As described above, the media encryption device, the media encryption / decryption device, the media encryption method, and the media encryption / decryption method according to the present invention have a sufficiently small processing amount at the time of encryption / decryption because the amount of encrypted data is small. Media encryption / decryption device and media encryption / decryption method that can be performed, media encryption device and media encryption method for encrypting and protecting media data, and media data protected by encryption Is suitable for use in a media encryption / decryption device, a media encryption / decryption method, and the like.
 101,106 動画像圧縮部、102 暗号処理判定部、103 暗号処理部、104 暗号復号処理部、105 動画像伸張部、107 暗号化MP4生成部、108 暗号化MP4暗号復号部、109 MP4解析部、110 動画像伸張部、111 動画像解析部。 101, 106 Moving image compression unit, 102 Encryption processing determination unit, 103 Encryption processing unit, 104 Encryption / decryption processing unit, 105 Moving image decompression unit, 107 Encrypted MP4 generation unit, 108 Encrypted MP4 encryption / decryption unit, 109 MP4 analysis unit 110, moving image expansion unit, 111 moving image analysis unit.

Claims (44)

  1.  メディアデータが圧縮されてなる、当該メディアデータの基本情報を格納したヘッダ領域と当該メディアデータの可変長符号を格納した可変長符号領域とを含む圧縮メディアデータが入力されると、少なくとも前記ヘッダ領域の所定部分と前記ヘッダ領域の終端から前記可変長符号領域の先頭を跨る部分とを暗号化する部分として特定する暗号処理判定部と、
     前記圧縮メディアデータのうち、前記暗号処理判定部が特定した部分を暗号化する暗号処理部とを備えるメディア暗号化装置。     When compressed media data including a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data is input, the header area is at least the header area. An encryption processing determination unit that identifies the predetermined part and the part that extends from the end of the header area to the beginning of the variable-length code area as an encrypted part;
    A media encryption apparatus comprising: an encryption processing unit that encrypts a portion specified by the encryption processing determination unit in the compressed media data.
  2.  暗号処理判定部は、圧縮メディアデータのうちの各ヘッダ領域の先頭部分と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号化する部分として特定することを特徴とする請求項1記載のメディア暗号化装置。 The encryption processing determination unit is characterized in that the beginning part of each header area in the compressed media data and the part extending from the end of each header area to the beginning of the variable-length code area are specified as parts to be encrypted. The media encryption device according to claim 1.
  3.  暗号処理判定部は、圧縮メディアデータのうちの各ヘッダ領域の直前から先頭を跨る部分と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号化する部分として特定することを特徴とする請求項1記載のメディア暗号化装置。 The encryption processing determination unit specifies a portion of the compressed media data that extends from immediately before the header area and a portion that extends from the end of each header area to the beginning of the variable-length code area as an encrypted portion. The media encryption device according to claim 1.
  4.  暗号処理判定部は、圧縮メディアデータのうちの各ヘッダ領域と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号化する部分として特定することを特徴とする請求項1記載のメディア暗号化装置。 The encryption processing determination unit identifies each header area in the compressed media data and a part extending from the end of each header area to the beginning of the variable-length code area as an encrypted part. The described media encryption device.
  5.  暗号処理判定部は、さらに、圧縮メディアデータのうちの可変長符号領域の先頭以外の任意部分を暗号化する部分として特定することを特徴とする請求項1記載のメディア暗号化装置。 2. The media encryption apparatus according to claim 1, wherein the encryption processing determination unit further specifies an arbitrary portion other than the beginning of the variable length code area in the compressed media data as the portion to be encrypted.
  6.  メディアデータを圧縮して、当該メディアデータの基本情報を格納したヘッダ領域と当該メディアデータの可変長符号を格納した可変長符号領域とを含む圧縮メディアデータを生成するメディア圧縮部を備えることを特徴とする請求項1項記載のメディア暗号化装置。 A media compression unit that compresses media data and generates compressed media data including a header area that stores basic information of the media data and a variable-length code area that stores a variable-length code of the media data. The media encryption device according to claim 1.
  7.  暗号処理部は、暗号化した部分を示す暗号化部分情報を生成することを特徴とする請求項1記載のメディア暗号化装置。 The media encryption apparatus according to claim 1, wherein the encryption processing unit generates encrypted part information indicating the encrypted part.
  8.  メディアデータが圧縮されてなる、当該メディアデータの少なくともサイズ情報を含む基本情報と当該メディアデータの可変長符号とを含む圧縮メディアデータが入力されると、所定のメディアファイルフォーマットに前記基本情報および前記可変長符号を多重化して基本情報多重化領域、サイズ情報多重化領域および可変長符号多重化領域を含む圧縮メディアファイルフォーマットを生成し、少なくとも前記基本情報多重化領域の所定部分と前記サイズ情報多重化領域と前記サイズ情報多重化領域の終端から前記可変長符号多重化領域の先頭を跨る部分とを暗号化する暗号化メディアファイルフォーマット作成部を備えるメディア暗号化装置。 When compressed media data including at least the size information of the media data and the variable length code of the media data is input, the basic information and the media information are compressed into a predetermined media file format. A variable length code is multiplexed to generate a compressed media file format including a basic information multiplexing area, a size information multiplexing area, and a variable length code multiplexing area, and at least a predetermined portion of the basic information multiplexing area and the size information multiplexing Encryption apparatus comprising: an encryption area and an encrypted media file format creation section for encrypting a portion extending from the end of the size information multiplexing area to the beginning of the variable length code multiplexing area.
  9.  暗号化メディアファイルフォーマット作成部は、さらに、圧縮メディアファイルフォーマットのうちのサイズ情報多重化領域の直前部分を暗号化することを特徴とする請求項8記載のメディア暗号化装置。 9. The media encryption device according to claim 8, wherein the encrypted media file format creation unit further encrypts a portion immediately before the size information multiplexing area in the compressed media file format.
  10.  暗号化メディアファイルフォーマット作成部は、さらに、圧縮メディアファイルフォーマットのうちの可変長符号多重化領域の先頭以外の任意部分を暗号化することを特徴とする請求項8記載のメディア暗号化装置。 9. The media encryption apparatus according to claim 8, wherein the encrypted media file format creation unit further encrypts an arbitrary portion other than the beginning of the variable length code multiplexing area in the compressed media file format.
  11.  メディアデータを圧縮して、当該メディアデータの少なくともサイズ情報を含む基本情報と当該メディアデータの可変長符号とを含む圧縮メディアデータを生成するメディア圧縮部を備えることを特徴とする請求項8記載のメディア暗号化装置。 9. The media compression unit according to claim 8, further comprising a media compression unit that compresses the media data and generates compressed media data including basic information including at least size information of the media data and a variable length code of the media data. Media encryption device.
  12.  暗号化メディアファイルフォーマット作成部は、暗号化した部分を示す暗号化部分情報を生成することを特徴とする請求項8記載のメディア暗号化装置。 The media encryption apparatus according to claim 8, wherein the encrypted media file format creation unit generates encrypted part information indicating an encrypted part.
  13.  メディアデータが圧縮されてなる、当該メディアデータの基本情報を格納したヘッダ領域と当該メディアデータの可変長符号を格納した可変長符号領域とを含む圧縮メディアデータが、さらに暗号化されてなる暗号化圧縮メディアデータが入力されると、少なくとも前記ヘッダ領域の所定部分と前記ヘッダ領域の終端から前記可変長符号領域の先頭を跨る部分とを暗号復号して前記圧縮メディアデータを生成する暗号復号処理部と、
     前記圧縮メディアデータを伸張するメディア伸張部とを備えるメディア暗号復号装置。     Encryption obtained by further compressing compressed media data including a header area that stores basic information of the media data and a variable length code area that stores a variable length code of the media data. When compressed media data is input, an encryption / decryption processing unit that generates the compressed media data by decrypting at least a predetermined part of the header area and a part extending from the end of the header area to the beginning of the variable-length code area When,
    A media encryption / decryption device comprising a media decompression unit for decompressing the compressed media data.
  14.  暗号復号処理部は、暗号化圧縮メディアデータのうちの各ヘッダ領域の先頭部分と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号復号することを特徴とする請求項13記載のメディア暗号復号装置。 The encryption / decryption processing unit performs encryption / decryption of a head part of each header area in the encrypted compressed media data and a part extending from the end of each header area to the head of the variable-length code area. 14. The media encryption / decryption device according to 13.
  15.  暗号復号処理部は、暗号化圧縮メディアデータのうちの各ヘッダ領域の直前から先頭を跨る部分と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号復号することを特徴とする請求項13記載のメディア暗号復号装置。 The encryption / decryption processing unit performs encryption / decryption of a portion of the encrypted compressed media data that extends from immediately before each header region and a portion that extends from the end of each header region to the beginning of the variable-length code region. The media encryption / decryption device according to claim 13.
  16.  暗号復号処理部は、暗号化圧縮メディアデータのうちの各ヘッダ領域と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号復号することを特徴とする請求項13記載のメディア暗号復号装置。 14. The encryption / decryption processing unit performs encryption / decryption of each header area in the encrypted compressed media data and a portion extending from the end of each header area to the beginning of the variable-length code area. Media encryption / decryption device.
  17.  暗号復号処理部は、さらに、暗号化圧縮メディアデータのうちの可変長符号領域の先頭以外の任意部分を暗号復号することを特徴とする請求項13記載のメディア暗号復号装置。 14. The media encryption / decryption device according to claim 13, wherein the encryption / decryption processing unit further performs encryption / decryption of an arbitrary portion other than the beginning of the variable-length code area in the encrypted compressed media data.
  18.  暗号復号処理部は、暗号化圧縮メディアデータと共に、当該暗号化圧縮メディアデータの暗号化された部分を示す暗号化部分情報が入力されると、当該暗号化部分情報が示す部分を暗号復号することを特徴とする請求項13記載のメディア暗号復号装置。 When the encrypted part information indicating the encrypted part of the encrypted compressed media data is input together with the encrypted compressed media data, the encryption / decryption processing unit decrypts the part indicated by the encrypted part information The media encryption / decryption device according to claim 13.
  19.  メディアデータが圧縮されてなる、当該メディアデータの少なくともサイズ情報を含む基本情報と当該メディアデータの可変長符号とを含む圧縮メディアデータが、さらに所定のメディアファイルフォーマットに多重化および暗号化されてなる暗号化圧縮メディアファイルフォーマットが入力されると、当該暗号化圧縮メディアファイルフォーマットのうちの少なくとも基本情報多重化領域の所定部分とサイズ情報多重化領域と前記サイズ情報多重化領域の終端から可変長符号多重化領域の先頭を跨る部分とを暗号復号して圧縮メディアファイルフォーマットを生成する暗号復号処理部と、
     前記圧縮メディアファイルフォーマットを解析して、前記圧縮メディアデータを生成するメディアファイルフォーマット解析部と、
     前記メディアファイルフォーマット解析部が生成した前記圧縮メディアデータを伸張するメディア伸張部とを備えるメディア暗号復号装置。     Compressed media data including compressed media data and basic information including at least size information of the media data and a variable length code of the media data is further multiplexed and encrypted into a predetermined media file format. When an encrypted compressed media file format is input, a variable length code is generated from at least a predetermined portion of the basic information multiplexed area, a size information multiplexed area, and an end of the size information multiplexed area of the encrypted compressed media file format. An encryption / decryption processing unit that generates a compressed media file format by decrypting a portion straddling the head of the multiplexed area;
    Analyzing the compressed media file format and generating the compressed media data;
    A media encryption / decryption device comprising: a media decompression unit that decompresses the compressed media data generated by the media file format analysis unit.
  20.  暗号復号処理部は、さらに、暗号化圧縮メディアファイルフォーマットのうちのサイズ情報多重化領域の直前部分を暗号復号することを特徴とする請求項19記載のメディア暗号復号装置。 The media encryption / decryption device according to claim 19, wherein the encryption / decryption processing unit further performs encryption / decryption of a portion immediately before the size information multiplexing area in the encrypted compressed media file format.
  21.  暗号復号処理部は、さらに、暗号化圧縮メディアファイルフォーマットのうちの可変長符号多重化領域の先頭以外の任意部分を暗号化することを特徴とする請求項19記載のメディア暗号復号装置。 The media encryption / decryption device according to claim 19, wherein the encryption / decryption processing unit further encrypts an arbitrary portion other than the head of the variable-length code multiplexing area in the encrypted compressed media file format.
  22.  暗号復号処理部は、暗号化圧縮メディアファイルフォーマットと共に、当該暗号化圧縮メディアファイルフォーマットの暗号化された部分を示す暗号化部分情報が入力されると、当該暗号化部分情報が示す部分を暗号復号することを特徴とする請求項19記載のメディア暗号復号装置。 When the encrypted part information indicating the encrypted part of the encrypted compressed media file format is input together with the encrypted compressed media file format, the encryption / decryption processing unit decrypts the part indicated by the encrypted part information The media encryption / decryption device according to claim 19.
  23.  メディアデータが圧縮されてなる、当該メディアデータの基本情報を格納したヘッダ領域と当該メディアデータの可変長符号を格納した可変長符号領域とを含む圧縮メディアデータが入力されると、暗号処理判定部が、少なくとも前記ヘッダ領域の所定部分と前記ヘッダ領域の終端から前記可変長符号領域の先頭を跨る部分とを暗号化する部分として特定する暗号処理判定ステップと、
     暗号処理部が、前記圧縮メディアデータのうち、前記暗号処理判定ステップで特定した部分を暗号化する暗号処理ステップとを備えるメディア暗号化方法。     When compressed media data including a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data is input, the encryption processing determination unit Is an encryption process determination step that specifies at least a predetermined part of the header area and a part that extends from the end of the header area to the beginning of the variable length code area as an encryption part
    A media encryption method comprising: an encryption processing step, wherein an encryption processing unit encrypts a portion specified in the encryption processing determination step in the compressed media data.
  24.  暗号処理判定ステップは、圧縮メディアデータのうちの各ヘッダ領域の先頭部分と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号化する部分として特定することを特徴とする請求項23記載のメディア暗号化方法。 The encryption processing determination step is characterized in that the beginning portion of each header area in the compressed media data and the portion extending from the end of each header area to the beginning of the variable length code area are specified as portions to be encrypted. The media encryption method according to claim 23.
  25.  暗号処理判定ステップは、圧縮メディアデータのうちの各ヘッダ領域の直前から先頭を跨る部分と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号化する部分として特定することを特徴とする請求項23記載のメディア暗号化方法。 The encryption processing determination step specifies a portion of the compressed media data that extends from immediately before the header area and a portion that extends from the end of each header area to the beginning of the variable-length code area as an encrypted portion. 24. The media encryption method according to claim 23.
  26.  暗号処理判定ステップは、圧縮メディアデータのうちの各ヘッダ領域と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号化する部分として特定することを特徴とする請求項23記載のメディア暗号化方法。 24. The encryption processing determination step specifies each header area in the compressed media data and a part extending from the end of each header area to the beginning of the variable length code area as an encrypted part. The media encryption method described.
  27.  暗号処理判定ステップは、さらに、圧縮メディアデータのうちの可変長符号領域の先頭以外の任意部分を暗号化する部分として特定することを特徴とする請求項23記載のメディア暗号化方法。 The media encryption method according to claim 23, wherein the encryption processing determination step further specifies an arbitrary portion other than the beginning of the variable length code area in the compressed media data as the portion to be encrypted.
  28.  メディア圧縮部が、メディアデータを圧縮して、当該メディアデータの基本情報を格納したヘッダ領域と当該メディアデータの可変長符号を格納した可変長符号領域とを含む圧縮メディアデータを生成するメディア圧縮ステップを備え、
     暗号処理判定ステップは、前記メディア圧縮ステップで生成した圧縮メディアデータを暗号化することを特徴とする請求項23記載のメディア暗号化方法。     A media compression step in which a media compression unit compresses media data and generates compressed media data including a header area storing basic information of the media data and a variable length code area storing a variable length code of the media data With
    24. The media encryption method according to claim 23, wherein the encryption processing determination step encrypts the compressed media data generated in the media compression step.
  29.  暗号処理ステップは、暗号化した部分を示す暗号化部分情報を生成することを特徴とする請求項23記載のメディア暗号化方法。 24. The media encryption method according to claim 23, wherein the encryption processing step generates encrypted part information indicating the encrypted part.
  30.  メディアデータが圧縮されてなる、当該メディアデータの少なくともサイズ情報を含む基本情報と当該メディアデータの可変長符号とを含む圧縮メディアデータが入力されると、暗号化メディアファイルフォーマット作成部が、所定のメディアファイルフォーマットに前記基本情報および可変長符号を多重化して基本情報多重化領域、サイズ情報多重化領域および可変長符号多重化領域を含む圧縮メディアファイルフォーマットを生成し、少なくとも前記基本情報多重化領域の所定部分と前記サイズ情報多重化領域と前記サイズ情報多重化領域の終端から前記可変長符号多重化領域の先頭を跨る部分とを暗号化する暗号化メディアファイルフォーマット作成ステップを備えるメディア暗号化方法。 When the compressed media data including the basic information including at least the size information of the media data and the variable length code of the media data is input, the encrypted media file format creation unit The basic information and variable length code are multiplexed in a media file format to generate a compressed media file format including a basic information multiplexing area, a size information multiplexing area, and a variable length code multiplexing area, and at least the basic information multiplexing area Encryption method including an encrypted media file format creating step for encrypting a predetermined portion of the size information multiplexing region and a portion extending from the end of the size information multiplexing region to the beginning of the variable length code multiplexing region .
  31.  暗号化メディアファイルフォーマット作成ステップは、さらに、圧縮メディアファイルフォーマットのうちのサイズ情報多重化領域の直前部分を暗号化することを特徴とする請求項30記載のメディア暗号化方法。 The media encryption method according to claim 30, wherein the encrypted media file format creation step further encrypts a portion immediately before the size information multiplexing area in the compressed media file format.
  32.  暗号化メディアファイルフォーマット作成ステップは、さらに、圧縮メディアファイルフォーマットのうちの可変長符号多重化領域の先頭以外の任意部分を暗号化することを特徴とする請求項30記載のメディア暗号化方法。 The media encryption method according to claim 30, wherein the encrypted media file format creation step further encrypts an arbitrary part other than the head of the variable length code multiplexing area in the compressed media file format.
  33.  メディア圧縮部が、メディアデータを圧縮して、当該メディアデータの少なくともサイズ情報を含む基本情報と当該メディアデータの可変長符号とを含む圧縮メディアデータを生成するメディア圧縮ステップを備え、
     暗号化メディアファイルフォーマット作成ステップは、前記メディア圧縮ステップで生成した前記圧縮メディアデータを多重化および暗号化することを特徴とする請求項30記載のメディア暗号化方法。     The media compression unit includes a media compression step of compressing the media data and generating compressed media data including basic information including at least size information of the media data and a variable length code of the media data,
    The media encryption method according to claim 30, wherein the encrypted media file format creation step multiplexes and encrypts the compressed media data generated in the media compression step.
  34.  暗号化メディアファイルフォーマット作成ステップは、暗号化した部分を示す暗号化部分情報を生成することを特徴とする請求項30記載のメディア暗号化方法。 The media encryption method according to claim 30, wherein the encrypted media file format creation step generates encrypted part information indicating an encrypted part.
  35.  メディアデータが圧縮されてなる、当該メディアデータの基本情報を格納したヘッダ領域と当該メディアデータの可変長符号を格納した可変長符号領域とを含む圧縮メディアデータが、さらに暗号化されてなる暗号化圧縮メディアデータが入力されると、暗号復号処理部が、少なくとも前記ヘッダ領域の所定部分と前記ヘッダ領域の終端から前記可変長符号領域の先頭を跨る部分とを暗号復号して前記圧縮メディアデータを生成する暗号復号処理ステップと、
     メディア伸張部が、前記圧縮メディアデータを伸張するメディア伸張ステップとを備えるメディア暗号復号方法。     Encryption obtained by further compressing compressed media data including a header area that stores basic information of the media data and a variable length code area that stores a variable length code of the media data. When the compressed media data is input, the encryption / decryption processing unit encrypts and decrypts at least the predetermined part of the header area and the part extending from the end of the header area to the beginning of the variable-length code area to obtain the compressed media data. An encryption / decryption processing step to be generated;
    A media encryption / decryption method comprising: a media decompression unit, wherein a media decompression unit decompresses the compressed media data.
  36.  暗号復号ステップは、暗号化圧縮メディアデータのうちの各ヘッダ領域の先頭部分と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号復号することを特徴とする請求項35記載のメディア暗号復号方法。 The encryption / decryption step encrypts / decrypts the head portion of each header area in the encrypted compressed media data and the portion extending from the end of each header area to the head of the variable-length code area. The media encryption / decryption method described.
  37.  暗号復号ステップは、暗号化圧縮メディアデータのうちの各ヘッダ領域の直前から先頭を跨る部分と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号復号することを特徴とする請求項35記載のメディア暗号復号方法。 The encryption / decryption step encrypts / decrypts a portion of the encrypted compressed media data that straddles the head immediately before each header area and a portion that straddles the head of the variable-length code area from the end of each header area. The media encryption / decryption method according to claim 35.
  38.  暗号復号ステップは、暗号化圧縮メディアデータのうちの各ヘッダ領域と、前記各ヘッダ領域の終端から可変長符号領域の先頭を跨る部分とを暗号復号することを特徴とする請求項35記載のメディア暗号復号方法。 36. The medium according to claim 35, wherein the encryption / decryption step decrypts each header area of the encrypted compressed media data and a portion extending from the end of each header area to the beginning of the variable-length code area. Encryption / decryption method.
  39.  暗号復号ステップは、さらに、暗号化圧縮メディアデータのうちの可変長符号領域の先頭以外の任意部分を暗号復号することを特徴とする請求項35記載のメディア暗号復号方法。 36. The media encryption / decryption method according to claim 35, wherein the encryption / decryption step further includes encryption / decryption of an arbitrary portion other than the head of the variable-length code area in the encrypted compressed media data.
  40.  暗号復号処理ステップは、暗号化圧縮メディアデータと共に、当該暗号化圧縮メディアデータの暗号化された部分を示す暗号化部分情報が入力されると、当該暗号化部分情報が示す部分を暗号復号することを特徴とする請求項35記載のメディア暗号復号方法。 In the encryption / decryption processing step, when encrypted part information indicating the encrypted part of the encrypted compressed media data is input together with the encrypted compressed media data, the part indicated by the encrypted part information is decrypted. 36. The media encryption / decryption method according to claim 35.
  41.  メディアデータが圧縮されてなる、当該メディアデータの少なくともサイズ情報を含む基本情報と当該メディアデータの可変長符号とを含む圧縮メディアデータが、さらに所定のメディアファイルフォーマットに多重化および暗号化されてなる暗号化圧縮メディアファイルフォーマットが入力されると、暗号復号処理部が、当該暗号化圧縮メディアファイルフォーマットのうちの少なくとも基本情報多重化領域の所定部分とサイズ情報多重化領域と前記サイズ情報多重化領域の終端から可変長符号多重化領域の先頭を跨る部分とを暗号復号して圧縮メディアファイルフォーマットを生成する暗号復号処理ステップと、
     メディアファイルフォーマット解析部が、前記圧縮メディアファイルフォーマットを解析して、前記圧縮メディアデータを生成するメディアファイルフォーマット解析ステップと、
     メディア伸張部が、前記メディアファイルフォーマット解析ステップで生成した前記圧縮メディアデータを伸張するメディア伸張ステップとを備えるメディア暗号復号方法。     Compressed media data including compressed media data and basic information including at least size information of the media data and a variable length code of the media data is further multiplexed and encrypted into a predetermined media file format. When the encrypted compressed media file format is input, the encryption / decryption processing unit includes at least a predetermined part of the basic information multiplexed region, the size information multiplexed region, and the size information multiplexed region of the encrypted compressed media file format. An encryption / decryption processing step for generating a compressed media file format by encrypting and decrypting a portion straddling the beginning of the variable-length code multiplexing area from the end of
    A media file format analysis unit that analyzes the compressed media file format and generates the compressed media data; and
    A media encryption / decryption method comprising: a media decompression unit, wherein a media decompression unit decompresses the compressed media data generated in the media file format analysis step.
  42.  暗号復号処理ステップは、さらに、暗号化圧縮メディアファイルフォーマットのうちのサイズ情報多重化領域の直前部分を暗号復号することを特徴とする請求項41記載のメディア暗号復号方法。 42. The media encryption / decryption method according to claim 41, wherein the encryption / decryption processing step further performs encryption / decryption of a portion immediately before the size information multiplexing area in the encrypted compressed media file format.
  43.  暗号復号処理ステップは、さらに、暗号化圧縮メディアファイルフォーマットのうちの可変長符号多重化領域の先頭以外の任意部分を暗号化することを特徴とする請求項41記載のメディア暗号復号方法。 42. The media encryption / decryption method according to claim 41, wherein the encryption / decryption processing step further encrypts an arbitrary portion other than the beginning of the variable-length code multiplexing area in the encrypted compressed media file format.
  44.  暗号復号処理ステップは、暗号化圧縮メディアファイルフォーマットと共に、当該暗号化圧縮メディアファイルフォーマットの暗号化された部分を示す暗号化部分情報が入力されると、当該暗号化部分情報が示す部分を暗号復号することを特徴とする請求項41記載のメディア暗号復号方法。 In the encryption / decryption processing step, when the encrypted portion information indicating the encrypted portion of the encrypted compressed media file format is input together with the encrypted compressed media file format, the portion indicated by the encrypted portion information is decrypted. 42. The media encryption / decryption method according to claim 41, wherein:
PCT/JP2011/002732 2010-06-01 2011-05-17 Media encryption device, media encryption and decryption device, method of media encryption, and method of media encryption and decryption WO2011151982A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2012518219A JP5393886B2 (en) 2010-06-01 2011-05-17 Media encryption device, media encryption / decryption device, media encryption method, and media encryption / decryption method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2010125932 2010-06-01
JP2010-125932 2010-06-01

Publications (1)

Publication Number Publication Date
WO2011151982A1 true WO2011151982A1 (en) 2011-12-08

Family

ID=45066375

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/002732 WO2011151982A1 (en) 2010-06-01 2011-05-17 Media encryption device, media encryption and decryption device, method of media encryption, and method of media encryption and decryption

Country Status (2)

Country Link
JP (1) JP5393886B2 (en)
WO (1) WO2011151982A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013153372A (en) * 2012-01-26 2013-08-08 Kayaba Ind Co Ltd Drive recorder
JP2013196330A (en) * 2012-03-19 2013-09-30 Kayaba Ind Co Ltd Drive recorder
JP2013197842A (en) * 2012-03-19 2013-09-30 Kayaba Ind Co Ltd Drive recorder
WO2014012516A1 (en) * 2012-07-20 2014-01-23 Tencent Technology (Shenzhen) Company Limited Method, device, and system for encrypting and decrypting image
JP2015517266A (en) * 2012-04-05 2015-06-18 ホアウェイ・テクノロジーズ・カンパニー・リミテッド System and method for secure asynchronous event notification for adaptive streaming based on ISO base media file format
JP2017046162A (en) * 2015-08-26 2017-03-02 隆正 光信 Synthetic moving image creation system, synthetic moving image creation support system and synthetic moving image creation program
CN112839244A (en) * 2019-11-22 2021-05-25 北京大学 Monitoring video grading encryption and decryption method and system based on code stream grade

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10145773A (en) * 1996-11-14 1998-05-29 Toshiba Corp Method for ciphering animation data, computer system applying the method and dynamic image data encoding/ decoding device
JPH1118070A (en) * 1997-06-26 1999-01-22 Matsushita Electric Ind Co Ltd Image compressing device, image extending device and transmission equipment
JP2001243703A (en) * 2000-02-24 2001-09-07 Nec Corp Method and system for preventing unauthorized copy of contents
JP2006157426A (en) * 2004-11-29 2006-06-15 Hitachi Kokusai Electric Inc Encrypted data communication apparatus

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001086481A (en) * 1999-07-13 2001-03-30 Matsushita Electric Ind Co Ltd Packet separating device, digital signal transfer system, enciphering device, medium and information aggregate
WO2010044146A1 (en) * 2008-10-15 2010-04-22 三菱電機株式会社 Encryption device and decoding device, and encryption method and decoding method
WO2011125188A1 (en) * 2010-04-07 2011-10-13 三菱電機株式会社 Video encryption device, video decoding device, video encryption program, and video encryption method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10145773A (en) * 1996-11-14 1998-05-29 Toshiba Corp Method for ciphering animation data, computer system applying the method and dynamic image data encoding/ decoding device
JPH1118070A (en) * 1997-06-26 1999-01-22 Matsushita Electric Ind Co Ltd Image compressing device, image extending device and transmission equipment
JP2001243703A (en) * 2000-02-24 2001-09-07 Nec Corp Method and system for preventing unauthorized copy of contents
JP2006157426A (en) * 2004-11-29 2006-06-15 Hitachi Kokusai Electric Inc Encrypted data communication apparatus

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013153372A (en) * 2012-01-26 2013-08-08 Kayaba Ind Co Ltd Drive recorder
JP2013196330A (en) * 2012-03-19 2013-09-30 Kayaba Ind Co Ltd Drive recorder
JP2013197842A (en) * 2012-03-19 2013-09-30 Kayaba Ind Co Ltd Drive recorder
JP2015517266A (en) * 2012-04-05 2015-06-18 ホアウェイ・テクノロジーズ・カンパニー・リミテッド System and method for secure asynchronous event notification for adaptive streaming based on ISO base media file format
WO2014012516A1 (en) * 2012-07-20 2014-01-23 Tencent Technology (Shenzhen) Company Limited Method, device, and system for encrypting and decrypting image
US20140032929A1 (en) * 2012-07-20 2014-01-30 Tencent Technology (Shenzhen) Company Limited Method, device, and system for encrypting and decrypting image
KR20150036679A (en) * 2012-07-20 2015-04-07 텐센트 테크놀로지(센젠) 컴퍼니 리미티드 Method, Device and System for encrypting and decrypting image
KR101582128B1 (en) 2012-07-20 2016-01-04 텐센트 테크놀로지(센젠) 컴퍼니 리미티드 Method, Device and System for encrypting and decrypting image
US9235713B2 (en) 2012-07-20 2016-01-12 Tencent Technology (Shenzhen) Company Limited Method, device, and system for encrypting and decrypting image
JP2017046162A (en) * 2015-08-26 2017-03-02 隆正 光信 Synthetic moving image creation system, synthetic moving image creation support system and synthetic moving image creation program
CN112839244A (en) * 2019-11-22 2021-05-25 北京大学 Monitoring video grading encryption and decryption method and system based on code stream grade
CN112839244B (en) * 2019-11-22 2022-03-25 北京大学 Monitoring video grading encryption and decryption method and system based on code stream grade

Also Published As

Publication number Publication date
JPWO2011151982A1 (en) 2013-07-25
JP5393886B2 (en) 2014-01-22

Similar Documents

Publication Publication Date Title
JP5393886B2 (en) Media encryption device, media encryption / decryption device, media encryption method, and media encryption / decryption method
Long et al. Separable reversible data hiding and encryption for HEVC video
US8094814B2 (en) Method and apparatus for using counter-mode encryption to protect image data in frame buffer of a video compression system
JP6914381B2 (en) Systems and methods for protecting basic bitstreams that incorporate independently encoded tiles
US9473829B2 (en) Methods and devices for selective format-preserving data encryption
WO2010044146A1 (en) Encryption device and decoding device, and encryption method and decoding method
CN1852443B (en) Data processing device
EP1879388A1 (en) Video information recording device, video information recording method, video information recording program, and recording medium containing the video information recording program
US20120230388A1 (en) Method and system for protecting image data in frame buffers of video compression systems
US8472625B2 (en) Method and system for protecting 3D video content
CN110881142A (en) Audio and video data encryption and decryption method and device based on rtmp and readable storage medium
Seidel et al. Cryptanalysis of video encryption algorithms
JP2005080204A (en) Encoding apparatus and decoding apparatus using encryption key included in digital watermark, methods thereof
JP2004198760A (en) Compression enciphering device and expansion decoding device
CN115278243A (en) Real-time video encryption method and device for resisting deep learning face attack
JP2010021931A (en) Video image transmitter and video image receiver
Rohara et al. Using Codeword Substitution to Hide Data in Encrypted MPEG-4 Videos
KR20070109735A (en) Encryption method for picture and apparatus thereof
JP5610981B2 (en) Image encryption device, image decryption device, image encryption method, image decryption method, image encryption program, and image decryption program
KR20060007208A (en) Video stream encrypting method for digital rights management
JP2008017401A (en) Information processing apparatus and method, and program
JP2002044658A (en) Encoding method, decoding method, encoder and decoder of dynamic image data
Lian et al. Perceptual cryptography on MPEG compressed videos
JP2005136893A (en) Decoding processing program and decoding processing apparatus
JP2000197062A (en) Image coder with encryption function and image decoder with encryption decoding function

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11789397

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2012518219

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11789397

Country of ref document: EP

Kind code of ref document: A1