JP2000287065A - Image processing system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a system at a low cost, where falsification of an image file is prevented, the falsification is easily detected and only a small processing load is enough for processing the image file. SOLUTION: This system is provided with an image processing unit 102(1) which provides an original picture C(1) resulting from imbedding electronic watermark information that can be extracted by using a watermark key, including authentication information which authenticates an image file from a legal server into an original image A(1) and provides the watermark key b 22(1) and with an image display device 105(1) which uses the watermark key served by the image processing units 102(1), extracts the electronic watermark information from the original image C(1), stores the original image C(1), whose falsification is discriminated by using the watermark key b 22(1) and the watermark key 22b(1) itself, extracts the electronic watermark information from the served original image by using the watermark key served by an image management server 103 properly serving the original image and the watermark key to a utility destination, and displays the original image C(1) whose falsification is discriminated by using the authentication information of the watermark key for a purpose of browsing.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an image processing system, and more particularly, to an image processing system for preventing image falsification. In addition, falsification means two of modification or substitution. The alteration refers to changing the value of data constituting the contents of an image. Replacement refers to replacing an image with another data.

[0002]

2. Description of the Related Art In a conventional image processing system, image management is basically performed by access control in an image storage / processing apparatus. In the method of managing the access permission, it has been performed by disabling tampering by restricting such as prohibiting writing of an image file and enabling only reading. In the management method using encryption, a system combined with an encryption system is configured, an image is encrypted, and a decryption key and an encrypted image are stored.
An encrypted image cannot be decrypted without a decryption key, and processing cannot be performed without decryption.

In addition to the encryption of the image itself, a method of detecting falsification of the image includes a characteristic bit pattern which is also called a fingerprint of data called a message digest, a compressor or a hash value from image data. It is created as verification data and managed separately from the image, verification data is created from the image to be verified at the time of verification, the value is compared with the managed verification data, and if different, tampering has been performed There was also a verification method. The most widely used message digest function for creating such verification data is RSA (USA) M
It is a series of algorithms such as D2, MD4, MD5.

[0004] Even in a system that creates verification data and detects tampering by comparing the values at the time of verification, it can be deceived by creating verification data from a falsified image and replacing both the image and the verification data. The verification data is always used after being encrypted. In a cryptographic system, generally, a “common key system” in which encryption and decryption are performed using a common secret key, and a public key (publ
ic key) and a private key that is kept secret except for the owner of the key. A "public key system" is used, which encrypts with one key and decrypts with the other key.
In addition, a digital signature for authentication is used.
DES (Data
Encryption Standard) system, Nippon Telegraph and Telephone Corporation's FEAL (Fast Encryption Algorithm) system, Mitsubishi Electric Corporation's MISTY system, etc.
A typical “public key system” is the RSA public key system of RSA (USA).

[0005] In addition, as described in Nikkei Electronics 1997.2.24 (no.683), the digital watermarking technique has been mostly applied to "copyright protection".
For this reason, a number of implementation methods have been proposed so as not to impair the image quality and to prevent the embedded watermark from disappearing as much as possible. This method of use involves embedding information using a digital watermark that is difficult to perceive and that is indelible even if a change is made to the image, and confirms the copyright by confirming the information.

As an application of digital watermarking to image verification, as described in Japanese Patent Application Laid-Open No. 10-208026, stamping information is embedded in an original image by steganography (data hiding), which is one of the features of digital watermarking. A technique of extracting tampering and comparing the information to detect tampering has also been proposed. Various uses of information embedding using digital watermarks have been proposed.In addition to copyright information, various management information such as device information of the image created, creator information, and user information can be embedded in the image. Embedding systems have been proposed.

[0007]

However, tampering by a privileged user cannot be prevented by an operation using only an access right, and it is a costly operation to realize complete access right setting for all devices that handle images. Was needed. In image management by encryption, since the image file itself is encrypted, it is necessary to perform decryption (and re-encryption) every time an image is displayed. For this reason, there is a problem that the processing load is increased particularly in a system that processes a large number of images. Also, in a system where images are used by a plurality of machines distributed in the system, since the processing of decryption (and re-encryption) is performed for each machine, the process of the processing and management of the encryption / decryption key are performed. In addition, it is hard to note that the management of the decrypted image is thorough, and there is a problem that it is easy to perform fraud by selecting a machine with low security.

Further, even when falsification is detected using verification data such as a message digest, in order to guarantee the verification data with respect to the management of the verification data,
An encryption system for managing the verification data is required, and the same problem as the above-described image encryption has occurred.

[0009]

According to the first aspect of the present invention, digital watermark information can be extracted using a watermark key including authentication information for authenticating an image file from a valid provider. Providing an image file and its watermark key, extracting digital watermark information from the image file provided from the image providing device using the watermark key provided from the image providing device, and authenticating the watermark key. An image using apparatus that determines whether a watermark key has been tampered with information and determines whether an image file has been tampered with a watermark key that has been tampered with, and uses the image file that has been tampered with. And an image processing system characterized by having a configuration.

[0010] According to a second aspect of the present invention, there is provided an image providing apparatus for providing an image file from which digital watermark information can be extracted using a watermark key including authentication information for authenticating an image file from a valid destination. And generating a watermark key including authentication information of a function of authenticating an image file from a valid provider, and extracting digital watermark information from the image file provided from the image providing apparatus using the watermark key. And determining whether the watermark key has been tampered with using the watermark key authentication information, and determining whether the image file has been tampered with using the watermark key determined to have been tampered with. An image processing system is provided, which comprises an image using apparatus that uses the image processing apparatus.

According to the third aspect of the present invention, a watermark key including authentication information for authenticating an image file from a valid provider is generated, and digital watermark information which can be extracted using the watermark key is converted to an image file. Embedded in a file, an image providing apparatus that provides these image files and a watermark key, and extracting digital watermark information from the image file provided by the image providing apparatus using the watermark key provided by the image providing apparatus; The falsification of the watermark key is determined using the authentication information of the key, and the falsification of the image file is determined using the watermark key that has determined the falsification. An image management device that stores a key and appropriately provides an image file and a watermark key to a user, and a transparency provided by the image management device. The digital watermark information is extracted from the image file provided from the image management apparatus using the watermark key, the watermark key is used to determine whether the watermark key has been tampered with using the watermark key authentication information, and to determine whether the watermark key has been tampered with. The present invention provides an image processing system characterized by comprising: an image utilization device that determines whether or not an image file has been tampered with using the image file and uses the image file that has been determined to have been tampered with.

According to a fourth aspect of the present invention, a watermark key including authentication information for authenticating an image file from a valid destination is generated, and digital watermark information that can be extracted using the watermark key is converted to an image file. Embedding in a file, an image providing apparatus that provides the image file, and a watermark key including authentication information for authenticating the image file from a valid providing destination are generated, and the image providing apparatus uses the watermark key to generate a watermark key. The digital watermark information is extracted from the provided image file, the presence / absence of falsification of the watermark key is determined using the authentication information of the watermark key, and the presence / absence of falsification of the image file is determined using the watermark key that has been determined whether the falsification is performed. The image file that has been judged and tampered with is stored, and an image management device that provides the image file to the use destination and a valid supply destination A watermark key including authentication information for authenticating the image file is generated, digital watermark information is extracted from the image file provided by the image providing apparatus using the watermark key, and the watermark key is extracted using the authentication information of the watermark key. Determine whether the watermark key has been tampered with,
An image processing system characterized in that it comprises: an image using device that determines whether or not an image file has been tampered with a watermark key that has determined whether or not tampered, and uses the image file that has been determined to have been tampered. I will provide a.

According to a fifth aspect of the present invention, a watermark key including authentication information for authenticating an image file from a valid provider is generated, and digital watermark information that can be extracted using the watermark key is extracted from the image file. Embedding in a file, an image providing apparatus that provides this image file, and a watermark key including authentication information for authenticating that the image file is from a valid provider is generated, and the image providing apparatus uses the watermark key to generate a watermark key. The digital watermark information is extracted from the provided image file, the presence / absence of falsification of the watermark key is determined using the authentication information of the watermark key, and the presence / absence of falsification of the image file is determined using the watermark key that has been determined whether the falsification is performed. The image file that has been judged and tampered with is stored, and an attachment including authentication information for authenticating that the image file is from an authorized provider is stored. The information is attached to the image file, and when the image file is accessed from the user, the image management device that provides the image file together with the additional information to the user, and the authentication information is recognized from the additional information, and the authentication is performed. Generate a watermark key containing information, extract digital watermark information from the image file provided by the image management device using the watermark key, determine whether the watermark key has been tampered with using the watermark key authentication information, ,
An image processing system characterized in that it comprises: an image using device that determines whether or not an image file has been tampered with a watermark key that has determined whether or not tampered, and uses the image file that has been determined to have been tampered. I will provide a.

According to a sixth aspect of the present invention, in the first aspect, the image using apparatus generates authentication information for authenticating an image file from a valid destination, and provides the authentication information and the provided authentication information. There is provided an image processing system having a configuration characteristic of authenticating the validity of a provided watermark key by comparing authentication information extracted from the watermark key with the authentication information. According to a seventh aspect of the present invention, in the third aspect, the image management device generates authentication information for authenticating the image file from a valid destination, and generates the authentication information from the authentication information and the provided watermark key. There is provided an image processing system characterized in that the authenticity of a provided watermark key is compared with extracted authentication information to authenticate the configuration.

According to an eighth aspect of the present invention, in the third aspect, the image using apparatus generates authentication information for authenticating the image file from a valid destination, and the authentication information and the provided authentication information are provided. There is provided an image processing system having a configuration characteristic of authenticating the validity of a provided watermark key by comparing authentication information extracted from the watermark key with the authentication information. According to a ninth aspect of the present invention, in the third aspect, the image management device includes the authentication information included in the provided watermark key in the accompanying information attached to the image file, and uses the accompanying information together with the image file in the usage destination. The image using apparatus recognizes the authentication information from the accompanying information, generates a watermark key including the authentication information, and uses the watermark key to convert the electronic watermark information from the image file provided from the image management apparatus. Provided is an image processing system characterized by extracting and determining whether there is tampering, and using an image file determined to have tampering.

According to a tenth aspect of the present invention, in any one of the first to ninth aspects, the authentication information includes provision destination identification information for identifying a provision destination of the image file or image identification information for identifying the image file. And an image processing system characterized by including the following. The providing destination identification information of the authentication information includes, for example, device identification information for identifying the providing destination image providing device, the MAC address of the providing destination image providing device, and identifying the system to which the providing destination image providing device belongs. There are system identification information and creator identification information for identifying the creator of the image file. The provision destination identification information may be represented by a hash value with a variable data size. Further, the image identification information of the recognition information includes, for example, a count number that increases each time the image providing apparatus provides the image file to the image using apparatus, and a one-way count every time the image providing apparatus provides the image file to the image using apparatus. There is a hash value to be updated by the hash function, and time information such as a file creation time when the image providing device creates the image file file. The accompanying information according to claim 6 or 9 includes, for example, a file name of an image file.

[0017]

Embodiments of the present invention will be described below with reference to the drawings. It should be noted that the present invention is not limited by this. First Embodiment FIG. 1 is a network configuration diagram of an image processing system according to a first embodiment.

In this image processing system, images captured by the image input devices 101 (1) to (M) are transferred to the image processing devices 102 (1) to (M) via the image management server 103 and the network 104. The information is displayed on each of the display devices 105 (1) to 105 (N). In the following description, the m-th image input device 101 (1) to (M) is referred to as the image input device 101 (m), and the image processing devices 102 (1) to
The m-th of (M) is the image processing device 102 (m), and the n-th of the image display devices 105 (1)-(N) is the image display device 105 (m).
(n).

The image input device 101 (m) is a device which captures an image and converts it into electronic data, and is usually constituted by a scanner or an electronic camera, and outputs the captured image data as an original image A (m). The image processing device 10
2 (m) is the original image A from the image input device 101 (m).
(m), an original image C (m) in which a digital watermark is embedded in the original image A (m), and an encrypted watermark key b
22 (m) is output as a pair.

FIG. 2 shows a functional block diagram of the image processing apparatus according to the first embodiment. This image processing device 102
(m) includes a digital watermark embedding unit 21 (m), a watermark key generation unit 22 (m), and an encryption unit 23 (m). The digital watermark embedding unit 21 (m) transmits a digital watermark for detecting tampering to the original image A (m) to a watermark key B22 (m).
To output the original image C (m) embedded in the original image A (m). The watermark key generation unit 22 (m) generates the watermark key B22 (m). Here, the watermark key B22 (m)
In this embodiment, is described as a common key that can be used for both embedding and verification of a digital watermark, but embedding and verification may be different.

If the original image A (m), the original image C (m) and the watermark key B22 (m) can be easily obtained, various original images A (m) and their original images C (m) By examining the relationship between the difference between the digital watermark and the watermark key B22 (m), the analysis of the digital watermark embedding method is facilitated, and the falsification and forgery of the original image C (m) is enhanced. For this reason, it is preferable that the watermark key B22 (m) is not distributed in the original state and the system is not circulated. In this case, a public key system such as RSA is used to generate the watermark key B22 (m).
Assume a case of 22 (m) exchange.

FIG. 3 shows a functional block diagram of the watermark key generation unit of the image processing apparatus according to the first embodiment. The watermark key generation unit 22 (m)
(m) and watermark key generation means 25 (m). The authentication information generating means 24 (m) has a function of generating authentication information for authenticating that the image file is from an authorized destination. The authentication information includes provider identification information for identifying the provider of the image file and image identification information for identifying the image file. Here, an apparatus identification value D24a (m) for identifying the image processing apparatus 102 (m) that is the providing destination and an image identification value D24b (m) for identifying the original image A (m) are used. The authentication information generating means 24 (m) has a device identification value storage unit 24a (m) for storing the device identification value D24a (m).
And an image counter 24b (m) that outputs an image identification value D24b (m) for numbering the original image A (m) as a count number incremented every time the original image A (m) is processed. The watermark key generation means 25 (m) has a device identification value D
A watermark key B22 including 24a (m) and an image identification value D24b (m)
(m) is generated. For example, the device identification value D24a (m) is changed to "KK
K FJI123 ”and the image identification value D24b (m) as“ 01
In the case of "234567", a watermark key B22 (m) including "KKK FJI12301234567" which is simply connected to each other is generated. The device identification value D24
As a (m), a value set in software or hardware in the image processing apparatus 102 (m) can be used.

Returning to FIG. 2, the encryption section 23 (m) encrypts the watermark key B22 (m) and outputs a watermark key b22 (m). Then, the image processing apparatus 102 (m) outputs the original image C (m) and the watermark key b22 (m) as a pair. Returning to FIG. 1, the image management server 103 is a server that stores and manages the original image C (m) and the watermark key b22 (m) sent from the image processing apparatus 102 (m). It is constructed as a database or a workflow system, and manages the original image C (m) and the watermark key b22 (m) in pairs.

FIG. 4 shows a functional block diagram of the image management server according to the first embodiment. This image management server 1
03 denotes an electronic watermark verification unit 31, an authentication information / detection verification unit 33, and authentication information generation units 34 (1) to (M) (hereinafter, m
The third is referred to as authentication information generating means 34 (m). ), A decryption unit 36, a storage control unit 37, and an encryption unit 38. The digital watermark verification unit 31 includes an image processing device 102
It is verified whether or not an electronic watermark can be extracted from the original image C (m) provided from (m) by using the provided watermark key B22 (m). If the watermark key B22 (m) is valid, then even if a digital watermark can be extracted from the original image C (m), if tampering is detected, it is known that tampering has been performed. It can be seen that the image C (m) has been replaced. The authentication information / detection verification unit 33 extracts the device identification value D24a (m) and the image identification value D24b (m) from the watermark key B22 (m), and
The device identification values D34a (1) to (M) generated by (m) (hereinafter, m
The third is referred to as a device identification value D34a (m). ) And the image identification value D34
b (1) to (M) (hereinafter, the m-th is referred to as an image identification value D34b (m)) to verify whether the provided watermark key B22 (m) is valid. I do. The authentication information generating means 34 (m) has a function of generating authentication information for authenticating an image file from a valid destination. The authentication information includes provider identification information for identifying the provider of the image file and image identification information for identifying the image file. Here, the device identification value D24a for identifying the image processing device 102 (m) that is the providing destination.
The same device identification value D34a (m) as (m) and the same image identification value D34b (m) as the image identification value D24b (m) for identifying the original image A (m) are used. The authentication information generating means 34 (m) has a device identification value storage unit 34a (m) for storing a device identification value D34a (m), and an image identification value D34b for numbering the original image A (m). An image counter 3 that outputs (m) as a count number incremented for each processing of the original image C (m)
4b (m). The storage of the device identification value D34a (m) in the device identification value storage unit 34a (m) and the image counter 3
The setting of 4b (m) is performed in advance at the start of system operation or during system operation.

The decoding unit 36 includes an image processing device 102
The encrypted watermark key b22 (m) sent from (m)
To the original watermark key B22 (m). The storage controller 37 manages the original image C (m) and the watermark key B22 (m) as a pair. The encryption unit 38 is configured to include the image display device 1
A watermark key b22 (n) is generated by encrypting the watermark key B22 (m) in accordance with every 05 (n). Then, the image management server 103 sends the watermark key b22 (n) together with the original image C (m).
Are sent to each image display device 105 (n) in pairs (see FIG. 1). Note that here, the image processing apparatus 102
The original image C (M) processed in (m) is stored in the image management server 1
When the image is sent to the image display device 105 (n) via the display device 03 and displayed, it is determined that the number of times of image processing in the image processing device 102 (m) is the same as the number of times of display in the image display device 105 (n). Suppose. This assumption is applied to the following embodiments.

Returning to FIG. 1, the network 104
Is a network constructed by, for example, a LAN or a WAN. The image display device 105 (n) displays the original image C
This is a device that displays and uses (m). FIG. 5 shows a functional block configuration diagram of the image display device according to the first embodiment. The image display device 105 (n) includes a digital watermark verification unit 51 (n)
Authentication information extraction / verification unit 53 (n); authentication information generation means 54 (1) to (M) (hereinafter, the m-th authentication information generation means 5
4 (m). ), The decoding unit 56 (n), and the display control unit 5
9 (n). The digital watermark verification unit 51 (n)
Is the original image C provided from the image management server 103.
(m) is used to verify whether or not a digital watermark can be extracted using the provided watermark key B22 (m). Watermark key B22 (m)
Is legitimate, the falsification is detected if the digital watermark can be extracted from the original image C (m), indicating that falsification has been performed.
It can be seen that (m) has been replaced. The authentication information / detection verification unit 53 (n) extracts the device identification value D24a (m) and the image identification value D24b (m) from the watermark key B22 (m),
Device identification value D54a generated by authentication information generating means 54 (n)
By comparing (m) with the image identification value D54b (m),
It verifies whether the provided watermark key B22 (m) is valid. The authentication information generation unit 54 (m) has a function of generating authentication information for authenticating that the image file is from an authorized destination. The authentication information includes provider identification information for identifying the provider of the image file and image identification information for identifying the image file. Here, the same device identification value D54a (m) as the device identification value D24a (m) for identifying the image processing device 102 (m) that is the providing destination and the above-described device identification value for identifying the original image A (m). The same image identification value D54b (m) as the image identification value D24b (m) is used. The authentication information generating means 54 (m) has a device identification value storage unit 54a (m) for storing a device identification value D54a (m), and a number in which the order in which the original image A (m) was sent is numbered. And an image counter 54b (m) that outputs an image identification value D54b (m) for performing the processing as a count number incremented for each processing of the original image C (m). The device identification value storage unit 5 stores the device identification value D54a (m).
The storage in the memory 4a (m) and the setting of the image counter 54b (m) are performed in advance at the start of system operation or during operation.

The decoding section 56 (n) is provided in the image management server 1
03 encrypted watermark key b22 (n)
To the original watermark key B22 (m). The display control unit 59 (n) converts the provided original image C (m) into a C (not shown).
It is displayed on a display unit such as an RT. Next, a flow of image processing of the image processing system having the above configuration will be described. 1 to 5 will be referred to as appropriate.

First, an original image A (m) converted into electronic data and captured by the image input device 101 (m) is input to the image processing device 102 (m). Next, the image processing apparatus 10
2 (m), a watermark key generation unit 22 (m) generates a watermark key B22 (m) for embedding a digital watermark, and uses the watermark key B22 (m) to generate a digital watermark embedding unit 21 (m).
(m) generates an original image C (m) in which a digital watermark is embedded. In the image processing apparatus 102 (m), the encryption unit 23
(m) encrypts the watermark key B22 (m) generated using the public key of the image management server 103 into the watermark key b22 (m). Then, the image processing device 102 (m)
(m) and the watermark key b22 (m) are sent to the image management server 103 in pairs.

Next, in the image management server 103, the decryption unit 36 decrypts the sent watermark key b 22 (m) using the secret key of the image management server 103, and
1 verifies the digital watermark of the original image C (m) using the decrypted watermark key B22 (m). If the digital watermark is successfully extracted, the transmitted original image C (m) is tampered with. Confirm that they have not been done. Also, the image management server 10
In 3, the authentication information / detection verification unit 33 separates the device identification value D24a (m) and the image identification value D24b (m) from the decrypted watermark key B22 (m), and the authentication information generation unit 34 (m) Generated device identification value D34a (m) and image identification value D34b (m)
To each of. As a result of this comparison, the device identification value D
If 24a (m) matches the device identification value D34a (m) and the image identification value D24b (m) matches the image identification value D34b (m), the provided watermark key B22 (m) Judge that it is a legitimate one provided by a legitimate provider. If both do not match, or if one does not match, it is determined that the watermark key B22 (m) from the legitimate destination has been tampered with. Further, in the image management server 103, the storage controller 37 manages the unaltered original image C (m) and the watermark key B22 (m) as a pair.
Here, when the digital watermark cannot be extracted or when the digital watermark can be extracted but falsification is detected, the original image C (m) is not legitimate, and the falsification detection warning is issued. Is notified by display or the like, and the display of the original image C (m) is not performed. Then, the image display device 105 (n)
When the transfer of the original image C (m) is requested or automatically transferred from the
In step 8, a watermark key b22 (n) obtained by encrypting the watermark key B22 (m) is generated for each of the image display devices 105 (n).
The watermark key b22 (n) is paired with the original image C (m) and sent to each image display device 105 (n).

In each image display device 105 (n), the decoding unit 5
6 (n) is decrypted using the secret key of the image display device 105 (n), and the digital watermark verifying unit 51 (n) decrypts the decrypted watermark key B22 (m). Is used to verify the digital watermark of the original image C (m), and if extraction is successful, it is confirmed that the transmitted original image C (m) has not been tampered with. In addition, the image display device 1
At 05 (n), the authentication information / detection verification unit 53 (m) separates the device identification value D24a (m) and the image identification value D24b (m) from the decrypted watermark key B22 (m), and generates authentication information. Means 54
(m) are compared with the device identification value D54a (m) and the image identification value D54b (m), respectively. As a result of this comparison,
If the device identification value D24a (m) matches the device identification value D54a (m) and the image identification value D24b (m) matches the image identification value D54b (m), the provided watermark key B22 ( m) is judged to be a legitimate one provided by a legitimate provider. If both do not match, or if one does not match, it is determined that the watermark key B22 (m) from the legitimate destination has been tampered with. Further, in the image management server 103, if it is found that the provided original image C (m) has not been falsified, the display control unit 59 (n)
Displays the original image C (m) on a display unit such as a CRT (not shown).

Therefore, the image display device 105 (n)
When the digital watermark cannot be extracted, or when the digital watermark can be extracted but falsification is detected, the original image C (m) is not valid, so that a falsification detection warning is displayed by displaying or the like, and the By not displaying the original image C (m), it is possible to prevent fraud by the falsified image. According to the first embodiment, in an image processing apparatus that performs only image display when using an image, an original image in which a digital watermark that can be altered is embedded is provided, and a watermark key including authentication information is provided. Since the electronic watermark is extracted from the original image by using the watermark key at the providing destination, it is possible to detect falsification of the original image. Also, at the destination,
The authentication information is extracted from the watermark key including the authentication information, and if the watermark key is valid, the same authentication information as the extracted authentication information is generated and compared with each other to authenticate the validity of the watermark key. it can. Therefore, if the digital watermark cannot be extracted from the provided original image using the provided watermark key, if the validity of the watermark key has not been confirmed, whether the original image itself has been tampered with or the watermark key It is not possible to determine whether the original image has been tampered with, but if the validity of the watermark key is confirmed as in the present embodiment, it is possible to determine that the original image has been tampered with in some way. . Therefore, in the present embodiment, it is not necessary to introduce another authentication mechanism, and it is possible to improve the security against impersonation of the image processing apparatus and replacement of the image.

Further, in the present embodiment, the image data can be managed as image data as compared with a conventional encryption system that encrypts and manages the image and cannot display the image unless decrypted. It can be configured similarly to an image processing system, and once an original image is created, especially when original original image data is not created, it is possible to prevent image modification to a high degree.

In the above-described first embodiment, an example has been described in which the watermark key is encrypted and transferred. The watermark key is also used when embedding a digital watermark. After the image is created, it is a key used only for extracting and verifying the digital watermark. Unlike a decryption key in a cryptographic system, it is not a key for returning to the original image, so its management is less strict than the decryption key. There is also a feature that can be made. When the image input device, the image processing device, and the image management server are integrated high-security devices having so-called tamper resistance, for example, a device that is not hacked from the outside, cannot see the inside, or does not destroy the system, etc. In the case of, the original image data is less likely to be exploited, so that the confidentiality of the watermark key can be relaxed, and there is little problem even if the original key is moved as it is. However, even if the verification of the original image by the watermark key is established, the verification of the digital watermark can be established by replacing both the original image and the watermark key with counterfeit ones. Even if only the original image or the watermark key is replaced with an invalid one, the verification will not be established and will be revealed. To indicate that the original image is legitimate and that the image has not been falsified or altered, that is, has not been tampered with, the watermark key must first be legitimate and the original image It is necessary that a digital watermark is extracted from the digital watermark, and thereafter, the tampering of the image is not detected by the verification of the digital watermark.

As one of the methods capable of creating a forged original image and a watermark key for verifying the digital watermark, an image processing apparatus is illegally used, and an original image and a watermark key created using the image processing apparatus are used. There is a way to change it.
If the processing is performed by software, it is possible to steal the software and use it illegally. However, in the present embodiment, this image processing apparatus is a key to security, and if it is not stolen, the possibility of causing a problem is extremely low. In addition, the watermark key generation unit and the digital watermark embedding unit are implemented in hardware to conceal the processing and make it harder to steal.However, in view of cost and ease of implementation, measures must be taken in the processing of implementation in software. is necessary. Therefore, by using the watermark key including the authentication information as in the present embodiment, it is possible to perform authentication that the image processing apparatus that has transmitted the original image and the watermark key is legitimate. Become.

Second Embodiment Hereinafter, differences from the first embodiment will be described. The second embodiment is different from the first embodiment in that the image identification value in the authentication information included in the watermark key is not counted by the image counter, but is a hash value for labeling each image file. And The hash value can be set for any authentication information, and the description thereof is omitted. The network of the image processing system is assumed to be the case of the first embodiment, and the description thereof will be omitted.

FIG. 6 is a functional block diagram of the watermark key generation unit of the image processing apparatus. This watermark key generation unit 2
2 (m) has an authentication information generating means 24 (m) and a watermark key generating means 25 (m). Authentication information generating means 2
4 (m) has a function of generating authentication information for authenticating an image file from a valid provider. The authentication information includes provider identification information for identifying the provider of the image file and image identification information for identifying the image file.
Here, an apparatus identification value D24a (m) for identifying the image processing apparatus that is the providing destination and an image identification value D24c (m) for identifying the original image A (m) are used. This image identification value D24
In the second embodiment, c (m) is a hash value. This hash value is generated by a one-way hash function. As a one-way hash function, for example, R
SA (USA) MD4, MD5 and SHA (Secure Hash)
Algorithm).

For this reason, the authentication information generating means 24 (m)
The device identification value storage unit 24a (m) storing the device identification value D24a (m) and the image identification value D24c (m) for numbering the original image A (m) are stored in the original image A (m). A hash value generator 24c (m) for generating a hash value for each process. The watermark key generation means 25 (m) has a device identification value D
A watermark key B22 (m) including 24a (m) and an image identification value D24c (m) as a hash value is generated. In order to generate a hash value, an initial value c (m) is required, and this initial value c (m) is set in advance at the start of system operation or the like.
When the operation starts, the hash value generation unit 24c
(m) generates a hash value from the initial value c (m), and then creates a hash value of the current image from the hash value generated for the immediately preceding image to be fed back. (m) generates a watermark key B22 (m) from the value.

The above-mentioned watermark key generation unit 22
If the recognition information generation means 24 (m) of (m) is also provided in the image management server or the image input device, it is possible to mutually determine whether or not the watermark key is valid. The description of the input device is omitted. Also, in the image management server and the image input device, the initial value of the one-way hash function may be set in advance at the start of system operation,
The device identification value of the image processing device may be used as the initial value. In this case, the image management server or the image display device can set the initial value only by inputting the device identification value. In the case where the watermark key is changed in the exchange between the image management server and the image display device, the hash value used between the image processing device and the image management server is set only by the image management server by the device identification value. You just need to input

In the second embodiment, since the watermark key including the authentication information generated by the hash value is used, if the initial value, the usage function, and the current application count are not known due to the characteristics of the one-way hash function, the generation of the recognition information is performed. Is very difficult, and forgery of the watermark key becomes difficult as compared with the case of using the counter as in the first embodiment, and the effect of increasing security is obtained. Further, since the generated hash value has a feature that the hash value size is fixed, it is useful to keep the hash value within the limit when using a digital watermark that limits the size of the watermark key.

Third Embodiment Hereinafter, differences from the first embodiment will be described. The third embodiment differs from the first embodiment in that the image identification value in the authentication information included in the watermark key is not the count number of the image counter, but the file creation time for creating the image file. And

FIG. 7 shows a functional block diagram of the watermark key generation unit of the image processing apparatus. This watermark key generation unit 2
2 (m) has an authentication information generating means 24 (m) and a watermark key generating means 25 (m). Authentication information generating means 2
4 (m) has a function of generating authentication information for authenticating an image file from a valid provider. The authentication information includes provider identification information for identifying the provider of the image file and image identification information for identifying the image file.
Here, an apparatus identification value D24a (m) for identifying the image processing apparatus that is the providing destination and an image identification value D24d (m) for identifying the original image A (m) are used. This image identification value D24
d (m) is the file creation time in the third embodiment.

For this reason, the authentication information generating means 24 (m)
The device identification value storage unit 24a (m) storing the device identification value D24a (m) and the image identification value D24d (m) for numbering the original image A (m) are stored in the original image A (m). A timer 24d (m) for counting the file creation time for each process. Note that the file creation time is kept with the image file in almost all file systems.
The timer 24d does not need to be specially provided. The watermark key generation means 25 (m) generates a watermark key B22 (m) including a device identification value D24a (m) and an image identification value D24d (m) as a file creation time.

FIG. 8 shows a functional block diagram of the authentication information generating means of the image management server. The authentication information generating means 34 (m) has a function of generating authentication information for authenticating that the image file is from an authorized destination. The authentication information includes provider identification information for identifying the provider of the image file and image identification information for identifying the image file. Here, an apparatus identification value D34a (m) for identifying the image processing apparatus that is the providing destination and an image identification value D34d (m) for identifying the original image A (m) are used. This image identification value D34d (m) is the file creation time in the third embodiment.

For this reason, the authentication information generating means 34 (m)
The device identification value storage unit 34a (m) storing the device identification value D34a (m) and the image identification value D34d (m) for numbering the original image A (m) are stored in the original image A (m). A time stamp storage unit 34d (m) for storing a file creation time for each process. In almost all file systems, the file creation time is transferred together with the image file as additional information accompanying the image file. For this reason, the time stamp storage unit 34d
(m) usually need not be provided.

The above-mentioned authentication information generating means 34
If (m) is also provided in the image management server or image input device,
Since it is possible to mutually determine whether or not the watermark key is valid, the description of the image management server and the image input device is omitted. In the third embodiment, the file creation time is used as the image identification value, and the watermark key including the authentication information generated based on the file creation time is used. become. If the file creation time is transferred in a state that can be checked by anyone, as in a normal file system, the security is reduced. Therefore, it is preferable to transfer the file after encrypting it.

Fourth Embodiment Hereinafter, differences from the first embodiment will be described. The fourth embodiment differs from the first embodiment in that creator information for identifying the creator of the original image is added to the authentication information included in the watermark key. The network of the image processing system is assumed to be the case of the first embodiment, and the description thereof will be omitted.

FIG. 9 shows a functional block diagram of the watermark key generation unit of the image processing apparatus. This watermark key generation unit 2
2 (m) has an authentication information generating means 24 (m) and a watermark key generating means 25 (m). Authentication information generating means 2
4 (m) has a function of generating authentication information for authenticating an image file from a valid provider. Further, a creator authentication device 24e (m) for authenticating the creator of the original image A (m) is connected to the watermark key generation unit 25 (m). The creator authentication device 24e (m) may be provided outside or inside the image processing device. In the authentication information of the present embodiment, the authentication information for identifying the provider includes the provider identification information, the image identification information, and the creator information. Here, an apparatus identification value D24a (m) for identifying the image processing apparatus that is the providing destination, an image identification value D24b (m) for identifying the original image A (m), and a creator of the original image are described. The creator information D24e (m) to be identified is used. This creator information D24e
(m) is added in the third embodiment. The creator information includes, for example, a creator ID, a creator name, fingerprint information, iris information, face image data, and the like.
Therefore, the image authentication device 24e (m) needs to have a function of performing password authentication, fingerprint authentication, iris authentication, face photo authentication, and the like. The creator information D24e (m) is
It may be set in advance at the start of system operation or during operation.

The authentication information generating means 24 (m) has a device identification value storage section 24a (m) and an image counter 24b (m).
Wherein the watermark key generation means 25 (m) comprises:
A watermark key B22 (m) including the device identification value D24a (m), the image identification value D24b (m) and the creator information D24e (m) is generated. The creator authentication device 24e (m) connected to the recognition information generating means 24 (m) of the watermark key generating unit 22 (m).
Is provided in the image management server and the image input device, it is possible to mutually determine whether or not the watermark key is valid. Therefore, the description of the image management server and the image input device is omitted. Also, the setting of the creator information D24e (m) may be set in the image management server or the image input device in advance at the start of the system operation.

According to the fourth embodiment, when performing image processing in the image processing apparatus for preventing forgery at the time of capturing an image and specifying the creator at the time of falsification detection, the creator authentication is performed and the watermark key is executed. Since the creator information is included as the creation information, it is easy to specify the creator of the original image. Therefore, it is easier to track the creator after the forgery is found, and if an unauthorized original image is created using an image processing device, it is easy to trace the creator and to prevent forgery The effect of deterrence can be greatly improved.

That is, in general, in a system in which authentication is performed when operating the image processing apparatus and the authentication log and the image processing log are analyzed when tampering is detected, the creator can be specified. Although it is possible to prevent the creator identification work, furthermore, in this embodiment, by including the creator information in the watermark key, as a result of verification of the digital watermark and the watermark key, if tampering is detected, It becomes possible to specify a falsified person. This is because even a falsified person cannot embed a digital watermark without using the creator information of the falsified person.

When there are a plurality of authorized persons, it is easiest to generate a watermark key for the number of authorized persons and use the verified watermark key. Therefore, authorizer I
D and the table of the authorized person information are registered in the image management server and the image display device, and not the creator information itself but information such as the authorized person ID is transferred by communication, and the authorized person information is obtained from the authorized person ID. May be retrieved and used for watermark key generation. In this case, it is preferable that the creator information itself be encrypted and transferred by communication.

Further, when the system is large, a creator database device, which is a database for registering image processing authors, is prepared in the system in order to facilitate management of authors. preferable. As a result, the management of the authorizing person can be performed centrally, and the security of the creator information can be easily maintained because there is only one management place.

There are various types of creator information in consideration of creator authentication devices and security considerations. Among them, for example, in the case of large-size data such as a face photograph image, the creator information is used as a watermark key. When there is a limit to the data size that can be used, use a one-way hash function to convert large data into a fixed-size hash value, and use a watermark key that includes authentication information that adds the hash value to the creator information. Is preferred.

Fifth Embodiment Hereinafter, differences from the first embodiment will be described. The fifth embodiment is different from the first embodiment in that a MAC ID when a LAN is installed is not a device identification value for specifying a device in authentication information included in a watermark key.
The address is used for device identification. Further, the network of the image processing system is assumed to be the case of the first embodiment, and the description thereof is omitted. However, here, in particular, the image processing apparatus and the image management server are connected by LAN, Assume that the board is installed.

FIG. 10 is a functional block diagram of the watermark key generation unit of the image processing apparatus. The watermark key generator 22 (m) has an authentication information generator 24 (m) and a watermark key generator 25 (m). The authentication information generating means 24 (m) generates an image identification value D24b (m) for identifying the original image A (m) in the authentication information for authenticating the image file from a valid provider. It has a function to do. Also, the watermark key generation unit 25 (m) has its own M as a device identification value for identifying the image processing device to which the watermark is provided.
A MAC address detector 24f (m) for detecting the AC address D24f (m) is connected. This MAC address detection unit 24f (m) may be provided outside or inside the image processing apparatus. The MAC address D24f (m) is a number unique to the image processing device. The authentication information generating means 2
4 (m) is provided with a device identification value storage section 24a for storing a device identification value D24a (m). The watermark key generating means 2
5 (m) is the MAC address D24f (m) as the device identification value
And a watermark key B22 (m) including the image identification value D24b (m).

In the present embodiment, if the image management server or the image display device is provided with a storage unit for storing the MAC address of the image processing device in advance, the watermark is provided in the same manner as in the first embodiment. Since it can be determined whether the key is valid or not, the description of the image management server and the image display device is omitted. When the MAC address is used, since the MAC address of the image processing apparatus that has sent the watermark key can be recognized by the image management server, the MAC address and the watermark key can be used without providing a storage unit for the MAC address. It is possible to compare the separated device identification values. This case will be described in a seventh embodiment below.

In the fifth embodiment, since the watermark key including the authentication information using the MAC address is used as the device identification value, it is not necessary to newly set the device identification value. Sixth Embodiment Hereinafter, differences from the above-described first embodiment will be described. The sixth embodiment differs from the first embodiment in that system information for identifying the system to which the image processing apparatus belongs is added to the authentication information included in the watermark key. The network of the image processing system is assumed to be the case of the first embodiment, and the description thereof will be omitted.

FIG. 11 is a functional block diagram of the watermark key generation unit of the image processing apparatus. The watermark key generator 22 (m) has an authentication information generator 24 (m) and a watermark key generator 25 (m). The authentication information generating means 24 (m) has a function of generating authentication information for authenticating that the image file is from an authorized destination. Also,
The watermark key generation unit 25 (m) is connected to a system information storage unit 24g (m) storing system information D24g (m) for identifying the system to which the image processing apparatus belongs. The system information storage unit 24g (m) may be provided outside or inside the image processing apparatus. The authentication information of the present embodiment includes the provision destination identification information, the image identification information, and the system information. Here, the device identification value D24a (m) for identifying the image processing device that is the providing destination and the original image A
An image identification value D24b (m) for identifying (m) and system information D24g (m) are used. This system information D24g (m)
Is added in the sixth embodiment, and may be set in advance at the start of system operation or during operation. In the case of a large number of image processing devices, the burden and labor are burdensome.
It is easier and safer to embed it in software so that it is difficult to retrieve.

The authentication information generating means 24 (m) includes an apparatus identification value storage section 24a (m) and an image counter 24b.
(m). The watermark key generating means 25 (m)
Generates a watermark key B22 (m) including a device identification value D24a (m), an image identification value D24b (m), and system information D24g (m). If the system information storage unit 24g (m) connected to the recognition information generation unit 24 (m) of the watermark key generation unit 22 (m) is also provided in the image management server or the image input device, the system information storage unit 24g (m) can be used as a watermark. Since it is possible to determine whether or not the key is valid, the description of the image management server and the image input device is omitted.

According to the sixth embodiment, since the system information for identifying the system is included in the watermark key for embedding the digital watermark in the image file, it is possible to prevent fraud from outside the system. For example, according to the present embodiment, it is not only possible to confirm and take countermeasures against fraud in the same system, but also to detect forgery using devices and tools of another system created by the same method. It will be easier. In other words, if the image processing software is implemented as an image processing device or software processing of another system of the same system type, for example, even if the image processing software is stolen or illegally performed, the system information differs for each system. For this reason, the original image and the watermark key that are forged for verification can be found at the time of verification, so that unauthorized use can be prevented.

Seventh Embodiment FIG. 12 is a network configuration diagram of an image processing system according to a seventh embodiment. In this image processing system, images captured by the image input devices 101 (1) to (M) are converted into image display devices 108 via the image processing devices 106 (1) to (M), the image management server 107 and the network 104. (1)
~ (N). In the following description, the m-th image input device 101 (1) to (M) is referred to as the image input device 101 (m), and the image processing device 1 (m)
The m-th of 06 (1) to (M) is the image processing device 106 (m), and the n-th of the image display devices 108 (1) to (N) is the image display device 108 (n). Here, in particular, the image processing device 106 (m) and the image management server 107 are connected to a LAN (not shown).
, And a case where a LAN board is incorporated.

The image input device 101 (m) is a device which takes in an image and converts it into electronic data, and is usually constituted by a scanner or an electronic camera, and outputs the taken image data as an original image A (m). The image processing device 10
6 (m) is the original image A from the image input device 101 (m).
(m), and has a function of outputting an original image C (m) in which a digital watermark is embedded in the original image A (m).

FIG. 13 shows a functional block diagram of an image processing apparatus according to the seventh embodiment. This image processing device 10
6 (m) includes a digital watermark embedding unit 61 (m), a watermark key generation unit 62 (m), and a MAC address detection unit 64d (m). The digital watermark embedding unit 61 (m) includes an original image C (m) in which an electronic watermark for detecting falsification of the original image A (m) is embedded in the original image A (m) using the watermark key B62 (m). ) Is output. The watermark key generator 62
(m) generates the watermark key B22 (m). here,
In this embodiment, the watermark key B62 (m) is described as a common key that can be used for both embedding and verification of a digital watermark, but the embedding and verification may be different.

As described in the first embodiment, in the seventh embodiment, the watermark key B62 (m) is generated by using a public key system such as RSA to generate the watermark key B62 (m).
It is assumed that (m) is exchanged. FIG.
FIG. 3 is a functional block configuration diagram of a watermark key generation unit of the image processing apparatus according to the embodiment. This watermark key generation unit 62 (m)
Are authentication information generating means 64 (m) and watermark key generating means 6
5 (m). The authentication information generating means 64 (m)
Has a function of generating authentication information that authenticates an image file from a valid provider. The authentication information includes provider identification information for identifying the provider of the image file and image identification information for identifying the image file. Here, a MAC address D64d (m) for identifying the image processing apparatus 106 (m) as the providing destination and an image identification value D64b (m) for identifying the original image A (m) are used. The authentication information generating means 64 (m) outputs the image identification value D64b (m) for numbering the original image A (m) as a count number which is incremented every time the original image A (m) is processed. Counter 6
4b (m). The watermark key generating means 65
(m) is the MAC address D64d (m) and the image identification value D64b (m)
And generates a watermark key B62 (m) containing For example, MA
If the C address D64d (m) is "00: AB: 20: CD: 40: EF" and the image identification value D64b (m) is "0x00000001", the watermark key B62 () including "0x00AB20CD40EF00000001" which is a combination of the two. m) is generated. In the case of the watermark key B62 (m) including the creator information D24e (m) described in the fourth embodiment, for example, the MAC address D64d (m)
Is "00: AB: 20: CD: 40: EF", the image identification value D64b (m) is "0x01234567", and the hexadecimal data of the creator information D24e (m) is "0x89ABO1BE9859". A watermark key B62 (m) including the combined “0x00AB20CD40EF0123456789ABO1BE9859” is generated. When the hexadecimal data of the creator information D24e (m) is long, for example, “0xFF0122CFAA
234C5688FE0100EF0100EFA289EF "
`` 0x00AB20CD40EF0123456789ABO1BE9859FF0122CFAA234C
5688FE0100EF0100EFA289EF "watermark key B62 (m)
Generate

Returning to FIG. 13, the MAC address detecting section 64d (m) is provided with the MAC address of the image processing apparatus 106 (m) itself.
The address D64d (m) is detected. Then, the image processing apparatus 1
06 (m) outputs the original image C (m). Returning to FIG. 12, the image management server 107
It is a server that stores and manages the original image C (m) sent from 06 (m), and is constructed as a normal database or workflow system.

FIG. 15 shows a functional block diagram of an image management server according to the seventh embodiment. The image management server 107 includes a MAC address detection unit 70, a digital watermark verification unit 71, a watermark key generation unit 72, and authentication information generation units 74 (1) to (M) provided in the watermark key generation unit 72.
(Hereinafter, the m-th is referred to as authentication information generating means 74 (m).)
And a watermark key generation unit 75, a storage control unit 77, a file name creation unit 90, and a MAC address database 9
And 1. The MAC address detection unit 70 includes:
The MAC address D64d (m) of the image processing device 106 (m) for identifying the image processing device 106 (m) as the providing destination
Is detected. The digital watermark verification unit 71 verifies whether a digital watermark can be extracted using the generated watermark key B72 (m) from the original image C (m) provided from the image processing device 106 (m). If the digital watermark cannot be extracted from the original image C (m), it can be understood that the original image C (m) has been tampered with. The watermark key generation unit 72 has a function of generating a watermark key B72 (m), and includes the authentication information generation unit 74 (m) and the watermark key generation unit 75. The authentication information generating means 74 (m) is provided with an original image A (m)
Image identification values D74b (1) to (M) for numbering
(Hereinafter, the m-th image identification value D74b (m)) is provided as an image counter 74b (m) that outputs a count number incremented for each processing of the original image C (m). The setting of the image counter 74b (m) is performed in advance at the start of the system operation or during the operation. The watermark key generation unit 75 is configured to output the MA detected by the MAC address detection unit 70.
A watermark key B72 (m) including the C address D64d (m) and the image identification value D74b (m) is generated.

The storage controller 77 manages an original image C (m) and a file name F (m) as information accompanying the original image C (m). The file name creation unit 90 includes the image processing device 106
File name F (m) based on MAC address D64d (m) of (m)
Create The MAC address database 91
Is the file name F (m) based on the MAC address D64d (m)
Is stored. Therefore, the file name creation unit 90 can obtain the file name F (m) based on the MAC address D64d (m) from the MAC address database 91. Note that the file name creation unit 90 may create the file name F (m) each time based on a certain definition formula. Then, the image management server 107 attaches the file name F (m) together with the original image C (m),
It is sent to each image display device 108 (n) (see FIG. 12).

Returning to FIG. 12, the network 104
Is a network constructed by, for example, a LAN or a WAN. The image display device 108 (n) displays the original image C
This is a device for displaying and using (m). FIG. 16 shows a functional block configuration diagram of the image display device of the seventh embodiment. The image display device 108 (n) includes a digital watermark verification unit 81
(n), a watermark key generator 82 (n), and authentication information generators 84 (1) to 84 (1) provided in the watermark key generator 82 (n).
(M) (the m-th is hereinafter referred to as authentication information generation means 74 (m)), watermark key generation means 85 (n), display control section 89 (n), MAC address database 91 (n),
And a file name processing unit 92 (n). The digital watermark verification unit 81 (n) verifies whether a digital watermark can be extracted using the watermark key B72 (m) that has generated the original image C (m) provided from the image management server 107. If the digital watermark cannot be extracted from the original image C (m), it can be understood that the original image C (m) has been tampered with. The watermark key generation unit 82 (n) has a function of generating a watermark key B72 (m), and includes the authentication information generation unit 84 (m) and the watermark key generation unit 85 (n). The authentication information generating means 84 (m) uses image identification values D74b (1) to D (M) for numbering the original image A (m) (hereinafter, the m-th image identification value D74b (m)). And an image counter 84b (m) for outputting as a count number incremented for each processing of the original image C (m). The image counter 84b
Set (m) should be performed in advance at the start of system operation or during operation. The watermark key generating means 85 generates a watermark key B72 (m) including the MAC address D64d (m) and the image identification value D84b (m) from the file name processing section 92 (n). Note that the image identification value D84b (m) is
It is set to be the same as 74b (m). The MAC address database 91 (n) stores the MAC address D64d
A definition table of a file name F (m) based on (m) is stored. The file name processing unit 92 (n) refers to the MAC address database 91 (n) and
(m) to the MAC address D64 of the image processing device 106 (m).
Obtain d (m). Note that the file name creation unit 92 (n) refers to the MAC address database 91 (n) from the file name F (m) based on a certain definition formula each time, and the MAC address D64d ( m) may be obtained. The display controller 59 (n) displays the provided original image C (m) on a display unit such as a CRT (not shown).

Next, the flow of image processing of the image processing system having the above configuration will be described. Reference is made to FIGS. 12 to 6 as appropriate. First, the original image A (m) converted into electronic data and captured by the image input device 101 (m) is input to the image processing device 106 (m). Next, the image processing device 106
In (m), a watermark key generation unit 62 (m) generates a watermark key B62 (m) for embedding a digital watermark, and the digital watermark embedding unit 61 is used by using the watermark key B62 (m).
(m) generates an original image C (m) in which a digital watermark is embedded. In the image processing device 106 (m), the MAC address detection unit 64d (m) replaces its own MAC address D64d (m).
Is detected, and a part or all of the MAC address D64d (m) is included in the watermark key B62 (m). Then, the image processing device 106 (m) sends the original image C (m) to the image management server 107.

Next, in the image management server 107, the MAC
The address detection unit 70 determines the MAC of the image processing device 106 (m).
The address D64d (m) is detected, and the watermark key generation means 75 outputs the watermark key B72 (m) including the MAC address D64d (m).
And the digital watermark verification unit 71 verifies the digital watermark of the original image C (m) using the generated watermark key B72 (m). It confirms that C (m) has not been tampered with. When the transfer of the original image C (m) is requested or automatically transferred from the image display device 108 (n), the image management server 107 transmits the image data to the image processing device 106 (m).
File name F (m) based on the MAC address D64d (m) of
Is attached to the original image C (m) and each image display device 108
Send to (n).

In each image display device 108 (n), the file name F (m) of the image processing device 106 (m)
After obtaining the AC address D64d (m), the watermark key generation means 85
(n) is a watermark key B7 including the MAC address D64d (m).
2 (m), and the digital watermark verification unit 81 (n) verifies the digital watermark of the original image C (m) using the generated watermark key B72 (m). Then, it is confirmed that the transmitted original image C (m) has not been falsified. Then, the display control section 59 (n) displays the original image C (m) on a display section such as a CRT (not shown).

Therefore, the image display device 108 (n)
When the digital watermark cannot be extracted, or when the digital watermark can be extracted but falsification is detected, the original image C (m) is not valid, so that a falsification detection warning is displayed by displaying or the like, and the By not displaying the original image C (m), it is possible to prevent fraud by the falsified image. According to the seventh embodiment, since the accompanying information based on the authentication information is passed from the image management server to the image display device in association with the image file, the image display device can also generate the watermark key. Becomes possible. In the case of the image management server from the image processing apparatus, it may be similarly transferred. In the case where the image processing apparatus is connected to the image management server, it is assumed that the image processing apparatus is connected to the LAN.
The image management server can receive the MAC address on the LAN without changing the system.

Eighth Embodiment FIG. 17 is a network configuration diagram of an image processing system according to an eighth embodiment. In this image processing system, an image captured by the image input device 101 (m) is displayed on each of the image processing device 110 (m), the image management server 120, and the image display device 130 (n) via the network 104. It has become so. In the following description,
(m) and (n) are used in the same meaning as in the above embodiments.

The image input device 101 (m) is a device which captures an image and converts it into electronic data, and is usually constituted by a scanner or an electronic camera, and outputs the captured image data as an original image A (m). The image processing device 11
0 (m) is the original image A from the image input device 101 (m).
(m), and has a function of outputting an original image H (m) in which a digital watermark is embedded in the original image A (m).
For this purpose, the digital watermark embedding unit 112 (m) and the watermark key generating unit 111 (m) are provided. The digital watermark embedding unit 112 (m) embeds a digital watermark for detecting tampering with the original image A (m) in the original image A (m) using the watermark key G111 (m). ) Is output.
The watermark key generation unit 111 (m) generates the watermark key G111 (m) including the authentication information described in each of the embodiments. Here, in the present embodiment, the watermark key G111 (m) is described as a common key that can be used for both embedding and verification of a digital watermark, but the embedding and verification may be different. In addition, similarly to the above embodiment,
It is assumed that a watermark key G111 (m) is exchanged using a public key system such as RSA for generating the watermark key G111 (m).

The image management server 120 is a server for storing and managing the original image H (m) sent from the image processing device 110 (m). It has an embedding unit 122 (m) and a watermark key generation unit 121 (m). The digital watermark embedding unit 122 (m) extracts and verifies a digital watermark for detecting falsification of the original image H (m) using the watermark key G121 (m). The watermark key generation unit 121 (m) generates the same watermark key G121 (m) as the watermark key G111 (m). The storage in the device identification value storage unit (not shown) in the watermark key generation unit 121 (m), the setting of an image counter (not shown), and the like are performed in advance at the start of system operation or during operation.

The network 104 is, for example, LA
N, WAN, etc. The image display device 130 (n) is a device for displaying and using the original image C (m), and has a digital watermark embedding unit 132 (n) and a watermark key generation unit 131 (n). The digital watermark embedding unit 132 (n) extracts and verifies a digital watermark for detecting falsification of the original image H (m) using the watermark key G131 (m). The watermark key generator 131
(n) generates the same watermark key G131 (m) as the watermark key G111 (m). Note that the watermark key generation unit 131
The storage in the device identification value storage unit (not shown) and the setting of the image counter (not shown) in (n) are performed in advance at the start of system operation or during operation.

In the above configuration, the image management server 110
(m) is the same watermark key G12 (m) as the watermark key G111 (m) including the authentication information by the watermark key generation unit 121 (m).
1 (m), the digital watermark verifying unit 122 (m) extracts the digital watermark from the original image H (m) using the watermark key G121 (m), verifies the presence or absence of tampering, and does not illustrate. The original image H (m) is stored in the storage controller. Similarly, the image display device 130 (n) generates the same watermark key G131 (m) as the watermark key G111 (m) including the authentication information by the watermark key generation unit 131 (n), and performs digital watermark verification. Part 132
(n) is the original image H (m) using the watermark key G131 (m).
Then, the electronic watermark is extracted from the data, the presence or absence of tampering is verified, and the original image H (m) is displayed on a display unit (not shown).

Therefore, according to the eighth embodiment, there is no need to send a watermark key from the image processing apparatus to the image management server or from the image management server to the image display apparatus. By simply registering a device identification value such as a device serial number in the image display device at the start of system operation, an original image is sent from the image management server to the image display device at the time of image display, and can be displayed on the image display device. Become like For example, as a workflow, a case where the image is transmitted from the image input device to the image management server and the image display device as a series of flows and is displayed, and a case where the image display device requests the image management server to display a specific image, and is displayed. If only the original images are transferred to each other, the images can be displayed on the image display device, which leads to a reduction in the transfer processing time.

In the watermark key generation unit described in each of the above embodiments, the number of additional software or hardware can be reduced. Further, there is an effect that the security level of the system is improved by reducing the number of places where the watermark key can be exploited. Further, in each of the above-described embodiments, the description has been made assuming that there is one image management server. The same can be achieved by providing a server that collectively manages the number of image processing times in the system. Further, if the number of times of image processing in each image processing apparatus is known, the above-described method can be applied even if there are a plurality of image management servers. When an image is sent, the image processing server queries the number of image processing times, generates an image identification value that is a hash value from the number of image processing times, generates a watermark key from the image identification value, and performs verification. If the verification is successful, the original image and the watermark key may be stored in pairs.

[0080]

As described above, according to the image processing system of the present invention, the watermark including the authentication information for authenticating that the image file is from a valid destination that can be determined only by the mutual devices that exchange the image file. Since the digital watermark information can be extracted from the image file in which the digital watermark information is embedded by using the key, the effect of determining whether the image file has been tampered can be obtained.

Therefore, it is possible to prevent tampering by the privileged user, and it is possible to obtain an effect that a complete access right setting operation can be realized at a low cost for all devices which handle images. Further, since it is not necessary to encrypt the image file itself, it is not necessary to perform the decryption (and re-encryption) processing every time the image is displayed as in the related art.
For this reason, the processing load can be reduced especially in a system that processes a large amount of images, and in a system where images are used by multiple machines distributed in the system, image management is thorough and a machine with low security is used. Can prevent fraud.

Further, since tampering of an image can be detected without an encryption system for managing verification data, management of the encryption system itself does not need to be high security. Therefore, according to the present invention, it is possible to provide an image processing system that prevents tampering of an image file, easily detects tampering of the image file, and reduces the processing load of the image file at low cost.

[Brief description of the drawings]

FIG. 1 is a network configuration diagram of an image processing system according to a first embodiment.

FIG. 2 is a functional block configuration diagram of the image processing apparatus according to the first embodiment;

FIG. 3 is a functional block configuration diagram of a watermark key generation unit of the image processing device according to the first embodiment;

FIG. 4 is a functional block configuration diagram of an image management server according to the first embodiment;

FIG. 5 is a functional block configuration diagram of the image display device according to the first embodiment;

FIG. 6 is a functional block configuration diagram of a watermark key generation unit of the image processing device according to the second embodiment.

FIG. 7 is a functional block configuration diagram of a watermark key generation unit of the image processing device according to the third embodiment;

FIG. 8 is a functional block configuration diagram of an authentication information generation unit according to the third embodiment.

FIG. 9 is a functional block configuration diagram of a watermark key generation unit of the image processing device according to the fourth embodiment.

FIG. 10 is a functional block configuration diagram of a watermark key generation unit of the image management server according to the fifth embodiment.

FIG. 11 is a functional block configuration diagram of a watermark key generation unit of the image processing apparatus according to the sixth embodiment.

FIG. 12 is a diagram illustrating a network configuration of an image processing system according to a seventh embodiment.

FIG. 13 is a functional block configuration diagram of an image processing apparatus according to a seventh embodiment.

FIG. 14 is a functional block configuration diagram of a watermark key generation unit of the image processing apparatus according to the seventh embodiment.

FIG. 15 is a functional block configuration diagram of an image management server according to a seventh embodiment.

FIG. 16 is a functional block configuration diagram of an image display device according to a seventh embodiment.

FIG. 17 is a diagram illustrating a network configuration of an image processing system according to an eighth embodiment.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 101 Image input device 102 Image processing device 103 Image management server 104 Network 105 Image display device

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI theme coat ゛ (Reference) 9A001 F-term (Reference) 5B017 AA06 BA05 BA07 BB03 CA16 5B050 BA10 CA08 EA10 EA19 FA02 GA07 GA08 5B057 CE08 CG07 5C076 AA14 BA06 5J104 AA14 EA10 NA27 9A001 CC07 HH27 LL03

Claims (10)

[Claims] 1. An image file from which digital watermark information can be extracted using a watermark key including authentication information for authenticating that the image file is from an authorized provider, and an image providing apparatus for providing the watermark key, The digital watermark information is extracted from the image file provided from the image providing device using the watermark key provided from the image providing device, and the presence or absence of the falsification of the watermark key is determined using the authentication information of the watermark key. An image processing system comprising: an image using device that determines whether an image file has been tampered with using a watermark key that has determined whether or not the image file has been tampered with, and uses the image file that has determined whether or not tampered. 2. An image providing apparatus for providing an image file from which digital watermark information can be extracted by using a watermark key including authentication information for authenticating an image file from a valid provider, Generating a watermark key including authentication information of a function for authenticating that the image file is an image file, extracting digital watermark information from an image file provided from the image providing apparatus using the watermark key, and obtaining authentication information of the watermark key. And an image utilization device that uses the image file that determines whether the image file has been tampered with, and determines whether the image file has been tampered with, using the watermark key that has determined whether or not the watermark key has been tampered with. An image processing system comprising: 3. A watermark key including authentication information for authenticating an image file from a valid provider is generated, and digital watermark information that can be extracted using the watermark key is embedded in the image file. And an image providing apparatus that provides a watermark key, extracting digital watermark information from an image file provided from the image providing apparatus using the watermark key provided from the image providing apparatus, and using authentication information of the watermark key. Determine whether the watermark key has been tampered with, determine whether the image file has been tampered with the watermark key that has been tampered with, and store the image file and the watermark key that have been tampered with, An image management device that appropriately provides an image file and a watermark key to a user; and an image management device that uses the watermark key provided by the image management device. The digital watermark information is extracted from the image file provided by the management device, the presence / absence of falsification of the watermark key is determined using the authentication information of the watermark key, and the falsification of the image file is performed using the watermark key that has been determined whether the falsification is performed. An image processing system comprising: an image using device that uses an image file that determines whether or not there is falsification and determines whether or not tampering has occurred. 4. A watermark key including authentication information for authenticating an image file from a valid provider is generated, and digital watermark information that can be extracted using the watermark key is embedded in the image file. And a watermark key including authentication information for certifying that the image file is from an authorized destination. The watermark key is used to generate an electronic file from the image file provided by the image providing apparatus. Extracting the watermark information, determining whether the watermark key has been tampered with using the authentication information of the watermark key, and determining whether the image file has been tampered with using the watermark key determined to have been tampered with, and determining whether the image file has been tampered with. The determined image file is stored, and an image management device that provides the image file to the use destination and an image file from a valid supply destination. A watermark key including authentication information for authenticating the watermark key is generated, digital watermark information is extracted from the image file provided from the image providing apparatus using the watermark key, and the watermark key is authenticated using the watermark key authentication information. An image using apparatus that uses the image file that determines whether or not the image file has been tampered with using the watermark key that has determined whether or not the image file has been tampered with, and determines whether or not the image file has been tampered with. Image processing system. 5. A watermark key including authentication information for authenticating an image file from a valid provider is generated, and digital watermark information that can be extracted using the watermark key is embedded in the image file. And a watermark key including authentication information for certifying that the image file is from an authorized destination. The watermark key is used to generate an electronic file from the image file provided by the image providing apparatus. Extracting the watermark information, determining whether the watermark key has been tampered with using the authentication information of the watermark key, and determining whether the image file has been tampered with using the watermark key determined to have been tampered with, and determining whether the image file has been tampered with. The determined image file is stored, and the accompanying information including the authentication information for authenticating the image file from a valid provider is stored in the image file. In any case, when an image file is accessed from the use destination, an image management apparatus that provides the use information together with the image file to the use destination, and recognizes authentication information from the accompanying information, and a watermark key including the authentication information. Is generated, the digital watermark information is extracted from the image file provided from the image management device using the watermark key, and the presence or absence of the falsification is determined while determining whether the watermark key has been tampered using the authentication information of the watermark key. Using the determined watermark key, determine whether the image file has been tampered with,
An image processing system comprising: an image using device that uses an image file that has been determined to have been tampered with. 6. The image utilization device according to claim 1,
Generates authentication information that authenticates the image file from a valid provider, compares the authentication information with authentication information extracted from the provided watermark key, and authenticates the validity of the provided watermark key. An image processing system, comprising: 7. The image management device according to claim 3,
Generates authentication information that authenticates the image file from a valid provider, compares the authentication information with authentication information extracted from the provided watermark key, and authenticates the validity of the provided watermark key. An image processing system, comprising: 8. The image utilization device according to claim 3,
Generates authentication information that authenticates the image file from a valid provider, compares the authentication information with authentication information extracted from the provided watermark key, and authenticates the validity of the provided watermark key. An image processing system, comprising: 9. The image management apparatus according to claim 3, wherein the authentication information included in the provided watermark key is included in accompanying information attached to the image file, and the accompanying information is provided to the user together with the image file. The image using apparatus recognizes the authentication information from the accompanying information, generates a watermark key including the authentication information, extracts digital watermark information from the image file provided from the image management apparatus using the watermark key, and falsifies. An image processing system characterized in that the presence / absence of a falsification is determined and the image file for which the falsification is determined is used. 10. The authentication information according to claim 1, wherein the authentication information includes provision destination identification information for identifying a provision destination of the image file or image identification information for identifying the image file. Image processing system.