JP2008042631A - Digital camera and camera system - Google Patents

Abstract

A digital camera capable of safely and reliably transferring photographing data to a desired server.
A camera system includes a first medialess camera serving as an authentication server, a second medialess camera serving as a client, and a file server. Each of the medialess cameras 110 and 120 includes authentication units 111 and 121, first communication units 112 and 122, and second communication units 113 and 123, respectively. The file server 150 includes a communication unit 154, a data storage unit 151, an authentication unit 153, and a user attribute storage unit 152. The first medialess camera 110 performs authentication when the second medialess camera 120 logs into the file server 150. The second medialess camera 120 that has succeeded in authentication directly transfers the shooting data to the file server 150.
[Selection] Figure 1

Description

  The present invention relates to a digital camera and a camera system. In particular, the present invention relates to a camera system including a medialess camera that transmits camera information such as photographed image information to an external recording device by communication, and a server as an external recording device that receives the camera information and stores it in the recording device.

  2. Description of the Related Art Conventionally, a digital still camera records an electrical signal as image data that has undergone photoelectric conversion in an imaging unit on an external recording medium such as a memory card or a hard disk. Such processing of image data is different from the conventional processing in which a silver halide camera burns an image on a film and processes the image as position data. Thereby, an image can be reproduced by reading out an electrical signal as recorded image data even after shooting.

  However, the recorded and reproduced images require a considerable amount of data. In particular, for still images that are important for viewing purposes or detailed details, it is not possible to apply thinning out of the amount of data such as moving image processing using human visual characteristics seen in TV systems. A large amount of data is necessary. In recent years, digital still cameras have realized megapixel processing because of faithful reproduction of images, and are approaching the processing state of silver halide cameras.

  In the above-mentioned megapixel class digital still camera, the data amount of the recorded image is 4 million pixel class (12-bit data) and the data amount exceeds 6 MB. With this size of data amount, storage to an external recording medium and transfer between devices via an I / F are not suitable. Furthermore, it is necessary to reduce the amount of data when handling a large amount of images. Actually, most digital still cameras perform compression processing of image data before recording on an external recording medium.

  As compression processing of image data, in most cases, high-frequency information is suppressed using orthogonal transform such as DCT. This processing utilizes the fact that the recognition ability is not so strict about the change of the high frequency component as the change of the DC component as human visual characteristics. The DCT itself does not compress the data, but after converting the image data into a spatial frequency by this processing, the quantization on the high frequency side is coarsened. As a result, the image data as the spatial frequency is converted into information containing a lot of zeros on the high frequency side, and the data amount is reduced. Conventionally, JPEG is known as a compression processing method in which image information quantized at a spatial frequency is scanned in order of frequency, and run-length information is Huffman-coded by table processing and compiled. By performing such compression processing, the image data stored in the recording medium can be reduced in size relative to the original data that is not processed, and most digital still cameras perform this processing. .

  As described above, the amount of data captured by a digital still camera increases as the number of pixels increases, and in most cases, the image is stored by storing it in a recording medium such as a CF card attached to the camera. . In recent years, the capacity of recording media has been increasing, and it has become possible to store several tens to several hundreds of photographic image data. However, the recording medium is expensive.

  On the other hand, there is an increasing demand for a medialess camera that sequentially transfers image data to an external recording device and does not hold it in the camera body. Rather than storing the image data on the camera and storing the image data, it is much more convenient for organizing, storing and operating the image data if the image data is sequentially stored in the external recording device.

  The device configuration of the above-described medialess camera cannot be established by the camera alone, but requires a file server as an external recording device. FIG. 8 is a block diagram schematically showing a configuration of a conventional camera system. The medialess camera 610 in FIG. 8 corresponds to the medialess camera, and the file server 620 corresponds to the file server. In the communication between the devices, there is a status exchange according to the status. In FIG. 8, only an authentication request and data transfer are indicated by arrows. The exchange of the two arrows is related to the present invention.

  The data transfer itself is realized by communication such as normal wired, wireless, or optical communication. In order to cope with an attack on the communication path, the data itself is encrypted by a common key cryptosystem or the like. For authentication, countermeasures against wiretapping and impersonation must be taken into account, and SSH (Secure Shell) using public key cryptography such as RSA is used.

  The file server 620 in FIG. 8 has a key storage unit 622, which stores public host_key and private host_key. The host_key is used for host authentication. The private host_key is a key that only the host has and should be strictly managed, and the public host_key is disclosed to the medialess camera 610 serving as a client. The file server 620 needs to operate as an SSH server.

  The medialess camera 610 transmits the authentication request generated by the authentication unit 611 to the communication unit 624 included in the file server 620 via the communication unit 612. Here, the medialess camera 610 transmits a connection request as a client. The file server 620 receives the connection request and returns the public host_key and public server_key, and a list of common key encryption systems supported by the file server 620 to the medialess camera 610. The server_key is also used for host authentication, but the server_key is updated at predetermined time intervals. Further, the server_key is not stored in the key storage unit 622. The server_key exists to prevent the information encrypted with the host_key from being decrypted, and it is difficult to decrypt the encrypted information by modifying the information with the server_key updated at this predetermined time interval. Let

  The medialess camera 610 compares the already disclosed host_key with the host_key transmitted from the file server 620 and confirms that they match. Next, the authentication unit 611 generates a session_key that is a 256-bit long random number, and encrypts the session_key using the public host_key and public private_key received earlier. Also, a system to be used for communication is selected from the received list of common key cryptosystems. The medialess camera 610 transfers the encrypted session_key and the selected system to the file server 620.

  The file server 620 executes decryption of the received session_key using the private host_key and private server_key. If the decryption is successful, the medialess camera 610 as the client can determine that the file server 620 is a valid server. The above example is server host authentication by SSH1, and of course there are other methods. As described above, the host authentication is established, and the session_key serving as a common key for data encryption can be shared between the server and the client.

  In addition, user authentication is required for the medialess camera 610 to log in to the file server 620. There are several methods for user authentication by the server, and one of them is user authentication by a public key cryptosystem.

  The medialess camera 610 transfers the user name and public_key to the file server 620 when a login request to the file server 620 is requested. The file server 620 searches the key storage unit 622 for an authorized_key file corresponding to the user. When the public_key is confirmed, a random number is generated, and data obtained by encrypting the random number with the public_key (hereinafter referred to as “challenge”) is generated and transferred to the medialess camera 610.

  The medialess camera 610 decrypts the challenge received using the private_key and passphrase. Then, a checksum of the decrypted challenge is created by MD5 (hash function), and the creation result is returned to the file server 620. The file server 620 itself also creates a random number MD5, and the user authentication is established if they match with the received data.

As described above, after the authentication of the medialess camera 610 and the file server 620 is mutually established, the image data of the medialess camera 610 is sequentially stored in the file server 620. The session_key described above is used for data encryption at that time.
Japanese Patent Laid-Open No. 2001-326921

  As described above, since the captured image data obtained by a digital camera is digital data, in recent years, there has been an increasing demand for a medialess camera that sequentially transfers image data to an external recording device and does not hold it inside the camera body. ing. Although overlapping, it is much more convenient for organizing, storing, and operating image data than storing image data by installing media in the camera and sequentially storing it in a file server.

  Further, if SSH or the like is used for authentication between the medialess camera and the file server, it can be operated relatively safely.

  In the apparatus configuration of the medialess camera, for example, when the same subject is photographed by a plurality of cameras at the same time, there is a demand for storing image data in the same file server. In the medialess camera that is a communication camera, securing a communication path is the most important issue.

  The former request can be solved by performing an authentication procedure for each camera on the same file server. However, each user must be registered in advance in the target file server. Therefore, users who are not registered in advance cannot use the same file server. However, if private key information is disclosed in order to provide other users with their file server services, security will be reduced.

  The latter problem is serious. For example, when multiple users try to secure the communication path with the same file server separately using different medialess cameras, the communication path of the camera of a specific user is weak or cannot secure the communication path Sometimes photographing by the user is not guaranteed. According to this, the existence itself as a medialess camera is denied.

  An object of the present invention is to provide a digital camera and a camera system capable of safely and reliably transferring shooting data to a desired server.

  In order to achieve the above object, the digital camera according to claim 1 is a digital camera that transfers photographing data to an external storage device, and communication means that communicates with other devices configured to use the external storage device. And authentication means for authenticating the use of the external storage device by the other device via the communication means.

  According to a sixth aspect of the present invention, there is provided a camera system comprising: the digital camera according to the first aspect; and a server having an external storage device that stores photographing data transferred from the digital camera and the other device. To do.

  According to the present invention, in a digital camera that transfers photographed data to a predetermined external storage device, it communicates with another device configured to use the external storage device, and the use of the external storage device by the other device is performed. Since authentication is performed via communication, the other device can safely and reliably transfer image data to a desired server.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a block diagram schematically showing a configuration of a main part of each component while schematically showing a configuration of a camera system according to an embodiment of the present invention.

  1, the camera system 100 includes a first medialess camera 110 serving as an authentication server, a second medialess camera 120 to a fourth medialess camera 140 serving as clients, and a file server 150.

  Each of the medialess cameras 110, 120, 130, and 140 includes authentication units 111, 121, 131, and 141, respectively. When the camera itself becomes an authentication server, the authentication unit first executes a server / host authentication procedure for the file server 150, and then executes user authentication for each client. At that time, the user attribute information received from each client is transferred to the file server 150, and the data transfer permission of each client is acquired from the file server 150. When the camera itself is a client, an authentication request is transmitted to the camera serving as the authentication server.

  In addition, each of the medialess cameras 110, 120, 130, and 140 includes first communication units 112, 122, 132, and 142, respectively. The first communication unit has a mechanism for transmitting and receiving the authentication request between the cameras.

  Furthermore, each of the medialess cameras 110, 120, 130, and 140 includes second communication units 113, 123, 133, and 143 each having a mechanism for transferring shooting data to the file server 150.

  The file server 150 includes a communication unit 154 that establishes communication with a client, a data storage unit 151 that stores photographing data transferred from the client, and an authentication unit 153 that performs authentication with a camera serving as an authentication server. Furthermore, the file server 150 has the function of the conventional key storage unit 622 described above, and includes a user attribute storage unit 152 that stores user attribute information of a client permitted to log in by the authentication server.

  Each medialess camera includes an authentication unit, a first communication unit, and a second communication unit, and the file server 150 includes a user attribute storage unit 152, so that a plurality of arbitrary cameras share the same file server 150. At this time, it is possible to store the photographing data safely without individually performing authentication between the client and the server.

  In FIG. 1, the first medialess camera 110 to the fourth medialess camera 140 realize storage of shooting data in the same file server 150. The first medialess camera 110 functions as an authentication server that performs authentication when another camera logs in to the file server 150. The second medialess camera 120 to the fourth medialess camera 140 exist as clients from the viewpoint of authentication with respect to the first medialess camera 110. A camera that has succeeded in authentication encrypts image data using a session_key described later, and directly transfers the data to the file server 150.

  Hereinafter, a system flow in which the second medialess camera 120 to the fourth medialess camera 140 serving as the client illustrated in FIG. 1 log in to the file server 150 via the first medialess camera 110 serving as the authentication server will be described in detail. In the present embodiment, a state transition of a medialess camera as an arbitrary client, a medialess camera as an authentication server, and a file server will be described.

  2, 3 and 4 are diagrams for explaining threads between the file server, the authentication server, and the client. 2, 3, and 4, the file server 150 in FIG. 1 is described as a: file server, the first medialess camera 110 as b: authentication server, and the second medialess camera 120 as c: client. . Note that the authentication method in the present embodiment does not limit only the method. Further, although the authentication method may be based on the above-described SSH, the authentication flow here is different from that of SSH. A feature of this embodiment is that one of the medialess cameras also serves as an authentication server.

  Note that a: file server, b: authentication server, and c: client have public_key (pa, pb, pc) (a: public_key of the file server is set to pa), which are made public. It is an encryption key. Also, a: file server, b: authentication server, and c: secret_key (sa, sb, sc) (a: secret_key of the file server is assumed to be sa) corresponding to public_key are determined for these. Is kept private and only in each device.

  2, 3, and 4, a: detailed state transition of the file server is shown in FIG. 5, b: detailed state transition of the authentication server is shown in FIG. 6, c: detailed state transition of the client Is shown in FIG.

  In FIG. 2, all devices are in a standby state (steps S301, S401, S501). Here, the camera serving as the authentication server needs to complete authentication of its own file server before a connection request from the client to the file server is generated. Therefore, a negotiation request is transmitted to the file server (step S402). Next, the file server that has received the negotiation request from the authentication server transmits the public_key (pa, pb) of each of the file server and the authentication server to the authentication server (step S302). Note that, as in SSH, the public host_key and public server_key on the file server side may be used for authentication, which is safer in terms of security.

  Next, the authentication server that has received public_key (pa, pb) from the file server first compares the received public_key (pb) with the public_key (pb) published in advance, and confirms whether or not they match (step S403). ). If the public_key (pb) matches, create a session_key used for data transfer as a common encryption key (step S404), and use the public_key (pa) of the file server and the secret_key (sb) of the authentication server Encryption is performed (step S405). Then, the authentication server transmits each encrypted session_key to the file server (step S406).

  2, FIG. 3 and FIG. 4, Exx (nn) indicates that nn is encrypted with the encryption key xx. For example, Esb (session_key) is b: secret_key (sb) of the authentication server, Indicates that session_key is encrypted. Secret_key is a synonym for private_key.

  Next, the file server that received each encrypted session_key decrypts each session_key using secret_key (sa) and public_key (pb), compares each session_key, and confirms whether or not they match (step S303). If the session_keys match, the service of the authentication server for the client is regarded as valid on the file server side, and an acknowledgment that the connection from the client is permitted is transmitted to the authentication server (step S304).

  2, 3 and 4, Dxx (nn) indicates that nn is decrypted with the encryption key xx. For example, Dpb (Esb (session key)) is encrypted with secret_key (sb). Indicates that the session_key is decrypted with public_key (pb).

  Thereafter, the file server is in an authentication valid state with respect to the authentication server (step S305), and the authentication server is in an authentication valid state with respect to the file server and waiting for a connection request from the client (step S407).

  Referring to FIG. 3, when the authentication server is waiting for a connection request from the client and the camera serving as the client enters a shooting data transfer state such as a recording mode (step S502), the client The negotiation is started, and the authentication server responds to the negotiation. At that time, the client transmits the user name and public_key (pc) to the authentication server (step S503). Next, the authentication server creates the challenge using the public_key (pc) received from the client (step S408), and transmits the challenge to the client (step S409).

  Next, the client decrypts the challenge received from the authentication server using secret_key (sc) and outputs the MD5 value (step S504), and transmits the output of the MD5 value to the authentication server (step S505). The authentication server outputs the MD5 value from the random number in advance before receiving the MD5 value output from the client, compares the MD5 value when receiving the MD5 value output from the client, and determines whether or not they match. Confirmation (step S410). If the MD5 values match, the authentication server encrypts the user name and attribute of the client and public_key (pc) with public_key (pa) so that the client can log in to the file server (step S411). The converted client user name and attribute and public_key (pc) are transmitted to the file server (step S412).

  Next, the file server decrypts the received encrypted client user name and attribute, public_key (pc) with secret_key (sa) (step S306), and executes a procedure for unconditionally allowing login to the client. . The procedure is, for example, storing client information in the user attribute storage unit 152. Next, the file server transmits a connection permission report for the client to the authentication server (step S307). Since the authentication server receives the report of the connection permission from the file server to the client file server, the above-described session_key used for data transfer is encrypted with public_key (pc) (step S413), and the encrypted session_key is used as the client. (Step S414).

  When the client receives session_key from the authentication server, the client can communicate with the file server, and the communication state is in a standby state until a transfer request is generated (step S506). On the other hand, the authentication server also enters a standby state, and is not involved in any transfer of shooting data to the client file server thereafter (step S415).

  Proceeding to FIG. 4, the client needs to confirm whether or not communication with the file server is possible before transferring the photographed data to the file server. Therefore, the client transmits a negotiation inquiry to the file server before transferring the photographic data (step S507). Here, the client queries its own information to confirm that the file server responds. The file server that has received the inquiry transmits an affirmative response to the inquiry to the client (step S308). Note that the communication contents in steps S507 and S308 may be anything.

  Next, the client trusts the communication to the file server when the inquiry to the file server is normally returned. Then, the client encrypts the shooting data with the session_key (step S508), and transmits the encrypted shooting data to the file server (step S509). At the same time, the client encrypts user information such as session_key and user name with secret_key (sc), and transmits the encrypted information to the file server. The reason why the common encryption key system is used for the photographed data is that the load of system resources accompanying encryption is lighter than that of the public key encryption system.

  Next, the file server decrypts the encrypted image data received from the client with the session_key, and decrypts the encrypted user information such as the session_key and the user name with the public_key (pc) (step S309). The data is stored in the next data storage unit 151. It should be noted that the storage location of the shooting data is determined in advance in step S306 according to the attribute of the client. The file server area to which the client can connect is limited by the attribute of the client.

  In the present embodiment, as shown in FIG. 1, the first medialess camera 110 serving as an authentication server gives a private attribute to the second medialess camera 120 serving as a client, and the third medialess camera 130 serving as a client. The public attribute is given, and the protected attribute is given to the fourth medialess camera 140. The individual attribute indicates the status of the service for the client of the file server. As the service status, for example, public attribute: accessible only to some authorized server areas, protected attribute: accessible to server areas of public and its derivative areas, private attribute: accessible to all server areas, and so on. Can be set. A client given the private attribute can access any area of the file server in the same way as the authentication server. A client given the public attribute cannot freely set an area where shooting data can be stored.

  In the present embodiment, the service control for the client of the file server is not limited in detail. It is only characterized by the addition of the attributes as described above. Further, the control is not limited to storing data in the file server by the client, and control for extracting data may be possible. If anything, it goes without saying that it is more necessary to strictly manage the status of the file server service for the client in the case of control for extracting data.

  Returning to FIG. 4, after storing the shooting data transferred from the client, the file server transmits an acknowledgment of receiving the shooting data to the client (step S <b> 310).

  Then, when the transfer of the shooting data to the file server by the client or the shooting data transfer state such as the recording mode is ended, a connection end request is transmitted. In this embodiment, when the client ends the recording mode (step S510), a connection end request is transmitted to the authentication server (step S511). The connection termination request may transfer data to that effect or send a status. Next, the authentication server that has received the connection termination request from the client discards the client information (step S416) and transmits a client connection termination request to the file server (step S417).

  Next, the file server that has received the client connection termination request discards the client information and discards the session_key (step S311). When communicating using host_key and server_key as in SSH, server_key is discarded. Then, the file server transmits an acknowledgment of the client connection termination request to the authentication server (step S312). The authentication server that has received the acknowledgment of the client connection termination request from the file server creates session_key again (step S404), and repeats the processing from step S405 described above.

  Since the gist of the present embodiment is the above-described authentication procedure to the client, the state transitions in FIGS. 2, 3 and 4 include exceptions such as timeout, server accident, and unexpected ON / OFF of the apparatus power supply. The processing is not shown.

  If the detailed state transition of each device shown in FIG. 5, FIG. 6, and FIG. 7 is captured somewhat, in FIG. 5, if there is no response from the authentication server for a certain time in step S302, a time-out process is performed. Transition to the standby state. In step S303, if the session_key transferred from the authentication server is decrypted and the results do not match, the authentication with the authentication server is discarded.

  Similarly, in FIG. 6, in step S402, S406, S412, and S417, if there is no response from the file server for a predetermined time, a timeout process is performed, and the process transits to the standby state in step S401. In step S403, if the public_key transferred from the file server does not match the known public_key, the authentication with the file server is discarded. On the other hand, there is a case where it is desired to cancel authentication with the client from the authentication server. This is a case where the first medialess camera 110 serving as an authentication server leaves the authentication mode. In this case, end processing is performed between the file server and the authentication server. When session_key is updated in a certain period, state transition is made from step S415 to step S404 as session timeout processing.

  Similarly, in FIG. 7, if there is no response from the authentication server for a predetermined time in steps S503 and S505, a time-out process is performed, and the process transits to the standby state in step S501. In steps S507 and S509, if there is no response from the file server, a time-out process is performed, and a transition is made to the standby state in step S501.

  The time-out process described above is to return to a standby state or an instructed state by discarding a process that has been delayed halfway.

1 is a block diagram schematically showing a configuration of a main part in each component while schematically showing a configuration of a camera system according to an embodiment of the present invention. It is a figure explaining the thread | sled between a file server, an authentication server, and a client. It is a figure explaining the thread | sled between the file server, authentication server, and client following FIG. It is a figure explaining the thread | sled between the file server, authentication server, and client following FIG. It is a figure explaining the detailed state transition of a file server. It is a figure explaining the detailed state transition of an authentication server. It is a figure explaining the detailed state transition of a client. It is a block diagram which shows the structure of the conventional camera system roughly.

Explanation of symbols

100 camera system 110 first medialess camera 120 second medialess camera 150 file server 111, 121, 153 authentication unit 112, 122 first communication unit 113, 123 second communication unit 151 data storage unit 152 user attribute storage unit 154 communication Part

Claims (7)

In digital cameras that transfer shooting data to an external storage device,
Communication means for communicating with other devices configured to use the external storage device;
A digital camera comprising: authentication means for authenticating use of the external storage device by the other device via the communication means. Furthermore, it comprises setting means for setting the usable area of the external storage device by the device to the other device,
The digital camera according to claim 1, wherein the authentication unit authenticates use of the external storage device by the other device in the set usable area.   3. The digital camera according to claim 1, wherein the authentication unit employs a public key cryptosystem in the authentication.   The digital camera according to any one of claims 1 to 3, wherein the digital camera is a medialess camera not equipped with a recording medium for recording the shooting data.   The digital camera according to claim 1, wherein the other device is a digital camera.   The digital camera according to claim 1, and a server having an external storage device that stores shooting data transferred from the digital camera and the other device. Camera system.   The server stores user information of the digital camera transferred from the digital camera and user information of the other device transferred from the digital camera when the other device requests use of the external storage device User information of the other device stored in the user information storage unit when there is a transfer request of photographing data from the other device at the time of use authentication of the external storage device by the information storage unit and the other device 7. A camera system according to claim 6, further comprising permission means for permitting transfer of the photographing data by the other device.

Images