JP2008312065A - Image processing apparatus and method - Google Patents

Abstract

A series of images are encrypted at a high speed without increasing the shooting interval of continuous shooting.
A key acquisition unit generates key data according to a shooting process and a shooting mode of an image generation unit and causes the key holding unit to hold the key data. The encryption unit 55 encrypts the image captured by the image generation unit 54 with the key data held by the key holding unit 53. The encryption unit 55 controls the key deletion unit 59 according to the shooting process and shooting mode of the image generation unit 54, and deletes the key data held by the key holding unit 53.
[Selection] Figure 5

Description

  The present invention relates to encryption of captured image data.

  Instead of silver halide photography, digital cameras that digitize captured images and record them on recording media as digital data have become widespread. As a result, it has become extremely easy to copy the image data of the photographed image to an information processing apparatus such as a personal computer and display the image. Further, the image data of the photographed image can be instantly transmitted to any destination in the world using a communication line.

  On the other hand, digital data can be generated without limitation as exactly as the original copy. If it can be copied freely, the user of the copyrighted work does not have to pay the creator of the copyrighted work, and it can be said that it is a huge threat to the creator.

  In order to prevent unauthorized use of digital data, there is a technique for encrypting image data of a photographed image in the apparatus simultaneously with photographing by a digital camera (for example, Patent Document 1). The technique disclosed in Patent Document 1 receives an encryption key for image data from an external device for each shooting, and deletes the encryption key from the apparatus when the encryption of the image data is completed. Therefore, the encryption key exists in the apparatus only for a short period when the photographing process is executed. Therefore, even if an attacker analyzes the operation of the apparatus, it is extremely difficult to eavesdrop on the encryption key.

  However, according to the technique of Patent Document 1, communication with an external device occurs every time shooting is performed. That is, the next photographing cannot be performed until the encryption key is received from the external device and the encryption of the image data is completed. As a result, when continuous shooting is performed, the shooting interval becomes long, which is not practical. If the shooting interval is shortened by giving priority to the shooting interval of continuous shooting, it becomes difficult to receive the encryption key from the external device during the continuous shooting.

JP 11-205738 A

  An object of the present invention is to encrypt a series of images at high speed without increasing the shooting interval of continuous shooting.

  The present invention has the following configuration as one means for achieving the above object.

  The image processing according to the present invention generates key data in accordance with a shooting process and a shooting mode of the image shooting means, holds the key data in a memory, and the image shooting means uses the key data held in the memory. A predetermined calculation is performed on the photographed image, and erasure of the key data held in the memory is controlled in accordance with a photographing process and a photographing mode of the image photographing means.

  According to the present invention, a series of images can be encrypted at high speed without increasing the shooting interval of continuous shooting.

  Hereinafter, image processing according to an embodiment of the present invention will be described in detail with reference to the drawings.

[System configuration]
FIG. 1 is a block diagram illustrating a configuration example of an image processing system according to an embodiment.

  The image input device 11 is an image input device such as a digital camera that captures a subject and generates image data in accordance with a user instruction. The key supply device 12 holds key data necessary for encryption of image data executed by the image input device 11, and supplies the key data to the image input device 11 in response to a request from the image input device 11. When image data needs to be encrypted, the image input device 11 requests key data from the key supply device 12, and encrypts the image data with the supplied key data.

  The image input device 11 and the key supply device 12 are connected to each other by a serial bus such as USB (universal serial bus) or IEEE1394. Alternatively, card interfaces such as SDIO (secure digital input / output) and PCMCIA (Personal Computer Memory Card International Association) may be used for interconnection. Of course, they may be interconnected via a wired, wireless or infrared network.

  Although details will be described later, the key supply device 12 can be realized by an IC card. In this case, the connection method between the image input device 11 and the key supply device 12 is a contact type through a connector or a non-contact type using an electromagnetic field, or a hybrid type or dual type having both a contact type and a non-contact type function. Interface type may be used.

[Configuration of image input device]
FIG. 2 is a block diagram showing a configuration example of the image input device 11. As shown in FIG.

  The image input device 11 is a digital camera, for example, and when the user instructs photographing of the subject via the operation unit 26, the image data captured by the imaging unit 27 is stored in the storage memory 23 under the control of the CPU 25. The storage memory 23 may be a built-in memory of the image input device 11, or a memory medium such as a memory card that can be mounted on or attached to the image input device 11.

  The CPU 25 executes a control program stored in the ROM 22 using a work memory 24 such as a RAM, and controls other components via the system bus 20. The ROM 22 stores shared information necessary for generating verification data. The CPU 25 temporarily stores the image data (RAW data or JPEG data) output from the imaging unit 27 in the work memory 24, converts the image data into a data file and adds shooting information, and if necessary, encryption described later. Various processes such as conversion. Then, the processed data file is stored in the storage memory 23 with a file name such as shooting order.

  The operation unit 26 includes a shutter switch, a mode dial switch, and a monitor. The user can set various shooting parameters and processing parameters in addition to shooting instructions via the operation unit 26. That is, the operation unit 26 functions as a monitor that displays captured images and a user interface that accepts various user instructions. The user can perform the following instructions and settings by operating the mode dial switch. There are power on / off of the image input device 11, automatic shooting mode, shooting mode, playback mode, multi-screen playback / erase mode, PC connection mode, and the like. The shooting modes include a moving image shooting mode, a continuous shooting mode, a bracket shooting mode, and a JPEG / RAW simultaneous recording mode.

  The imaging unit 27 has an optical system such as a lens, a diaphragm, a shutter, a CCD, or an optical sensor. When the shutter switch is pressed, the subject is photographed, and an electrical signal is read from the CCD or the like and converted into a digital signal. The photographing data (RAW data) is temporarily stored in the work memory 24, and processing such as conversion (development) of the RAW data into, for example, YCbCr data, JPEG compression of the YCbCr data, and the like is performed.

  When the continuous shooting mode is set by the mode dial switch, the imaging unit 27 performs continuous shooting and continuously outputs a plurality of image data while the user continues to press the shutter switch.

  When the mode dial switch is set to the moving image shooting mode, the imaging unit 27 starts moving image shooting when the shutter switch is pressed, and stops moving image shooting when the shutter switch is pressed again. Of course, as in the continuous shooting mode, it is possible to set to perform moving image shooting while the shutter switch is pressed.

  In addition, when the mode dial switch is set to the bracket shooting mode, when the shutter switch is pressed, the imaging unit 27 switches shooting conditions such as white balance and exposure step by step, and executes multiple shootings. Output multiple image data.

  When the mode dial switch is set to the JPEG / RAW simultaneous recording mode, the CPU 25 stores both the RAW format and JPEG format image data output from the imaging unit 27 in the storage memory 23.

  In the following, “Continuous Shooting Mode” refers to continuous shooting modes such as continuous shooting mode, movie shooting mode, and bracket shooting mode, or modes that store multiple image data such as JPEG / RAW simultaneous recording mode. Call it.

  The drive unit 28 drives a mechanism that performs mechanical operations such as focus adjustment, aperture adjustment, and shutter opening / closing necessary for shooting according to the control of the CPU 25.

  The interface (I / F) 29 is the above-described serial bus interface, card interface, or network interface that interconnects the image input device 11 and the external device including the key supply device 12 and the IC card. The CPU 25 transmits the image data stored in the storage memory 23 to the external device via the I / F 29. Further, the key supply device 12 is requested for key data, and the key data is received via the I / F 29. That is, the I / F 29 provides various interfaces between the image input device 11 and an external device. Of course, the CPU 25 can determine whether or not the key supply device 12 is connected to the I / F 29.

[Configuration of host computer]
A host computer can be applied as the key supply device 12. FIG. 3 is a block diagram showing a configuration example of the host computer 31. As shown in FIG.

  The host computer 31 is a general personal computer. The CPU 33 uses the RAM 35 as a work memory, executes a control program and an operating system (OS) stored in the ROM 34 and the hard disk drive (HDD) 36, and controls a configuration to be described later via the system bus 30.

  The USB I / F 38 is an interface with the serial bus 46, and in addition to input devices such as a keyboard 41 and a mouse 42, peripheral devices such as a scanner 43, a printer 44, and a card reader / writer 45 are connected. A network interface card (NIC) 40 is an interface with a network 47 to which a server device or the like is connected. An optical disc drive is a drive that reads and writes optical disc media such as CDs and DVDs.

  The CPU 33 displays a user interface on the monitor 32 via the video I / F 37 and inputs a user instruction via a keyboard 41 and a mouse 42 connected to a serial bus 46 such as USB. Then, according to a user instruction, a program stored in the HDD 36 or the like is executed, and various processes are executed.

  For example, it is assumed that the user gives an instruction to reproduce an image or video stored in an optical disk medium inserted in the optical disk drive 39 or a memory card inserted in the card reader / writer 45. The CPU 33 loads a player (program) for reproducing images and videos from the HDD 36 to the RAM 35 and starts the player. The player loads a data file designated by the user from an optical disk medium or a memory card into the RAM 35, performs data expansion or image processing, and displays an image or video on the monitor 32 via the video I / F 37.

  Also, the user uploads an image or video stored in an optical disk medium inserted in the optical disk drive 39 or a memory card inserted in the card reader / writer 45 to a server device connected to the network 47, or transmits it via the Internet. Is instructed. The CPU 33 loads the data file designated by the user from the optical disk medium or the memory card into the RAM 35. Then, the data is packetized according to the data transfer protocol, and the packet describing the destination is transmitted to the network 47 via the NIC 40.

[Basic configuration of IC card]
An IC card can be applied as the key supply device 12. FIG. 4 is a block diagram showing a configuration example of the IC card 141.

  The CPU 142 controls the operation of the IC card 141 according to the IC card application (program) stored in the EEPROM 143 using the RAM 146 as a work memory. The EEPROM 143 stores various secret information such as key data, a plurality of IC card applications, user data, and the like.

  The coprocessor 144 encrypts the hash value of the digital data M using one of a plurality of key data stored in the EEPROM 143 using the RAM 146 as a work memory, and generates a digital signature S of the digital data M. The encryption algorithm uses public key encryption such as RSA encryption. The coprocessor 144 can execute various arithmetic processes such as an encryption process, a hash function, and a signature process.

  The ROM 145 stores a multi-application OS and a command interpreter. The multi-application OS is an operating system that manages a plurality of IC card applications stored in the EEPROM 143. The multi-application OS includes an input / output function, an encryption function, a file management function, a function for adding a new IC card application to the EEPROM 143, and a function for deleting an IC card application stored in the EEPROM 143.

  The interface (IF) unit 147 receives a command transmitted from the external device and transmits a response to the received command to the external device.

[Image input processing]
FIG. 5 is a functional block diagram illustrating the image input process. The following is an explanation after the image input device 11 is turned on, the CPU 25 loads the OS into the work memory 24, and the application for executing the image input process is loaded into the work memory 24. is there. The image input process may be executed by the host computer 31. In that case, an application for image input processing is loaded into the RAM 35 by the CPU 33, and an image is input from a peripheral device connected to the USB I / F 38 via the serial bus 46.

  As shown in FIG. 5, the functional blocks of the image input device 11 are an authentication unit 51, a key acquisition unit 52, a key holding unit 53, an image generation unit (image capturing unit) 54, an encryption unit 55, an image output unit 56, A photographing operation confirmation unit 57, a communication unit 58, and a key deletion unit 59 are included. These functional blocks are realized by software processing, but may be installed in the image input apparatus 11 as hardware that realizes equivalent functions.

  The authentication unit 51 communicates with an authentication unit (described later) of the key supply device 12 connected to the image input device 11 via the communication unit 58 to authenticate the validity of the key supply device 12.

  When the authenticating unit 51 authenticates the validity of the key supply device 12, the key acquisition unit 52 requests key data from the key supply device 12 via the communication unit 58. When the key data is received from the key supply device 12, the received key data is output to the key holding unit 53.

  The key holding unit 53 holds the key data input from the key acquisition unit 52 in the work memory 24 or the like.

  The image generation unit 54 acquires the video signal generated by the imaging unit 27 as image information, and performs image signal processing, digital signal processing, and the like to generate image data. At that time, image compression processing such as JPEG encoding may be performed in accordance with a user instruction via the operation unit 26. Then, the generated image data is output to the encryption unit 55.

  The encryption unit 55 encrypts the image data input from the image generation unit 54 using the key data held by the key holding unit 53, and outputs the encrypted image data to the image output unit 56. The encryption algorithm used by the encryption unit 55 is not particularly limited. For example, various common key encryption algorithms such as a block encryption algorithm such as AES or DES or a stream encryption algorithm such as RC4, or various public key encryption algorithms represented by RSA can be used.

  Also, the encryption unit 55 directly encrypts the image data using the key data held by the key holding unit 53. However, the present invention is not limited to this, and key data (image key data) is generated each time image data is input separately from the key data received from the key supply device 12, and an image is generated using the image key data. Data may be encrypted. In this case, the image key data may be encrypted using the key data held by the image holding unit 54, and the encrypted image key data may be output together with the encrypted image data.

  The image output unit 56 stores the encrypted image data input from the encryption unit 56 in the storage memory 23 or transmits it to a predetermined host computer or server device via the I / F 29.

  The shooting operation confirmation unit 57 checks the state of the shutter switch and the like of the operation unit 26 and determines whether shooting is continued, that is, whether continuous shooting, movie shooting, and bracket shooting are performed. When shooting is not continued, or when a series of shooting is finished, the key deletion unit 59 is requested to delete the key data. Hereinafter, the state in which continuous shooting, moving image shooting, and bracket shooting are performed may be expressed as “during continuous shooting”.

  When the key deletion unit 59 is requested to delete the key data from the photographing operation confirmation unit 57, the key deletion unit 59 deletes the key data held by the key holding unit 53. The key erasure unit 59 erases the key data by overwriting the key data with a predetermined value such as “0” or a pseudo-random number, or by invalidating access to the key data storage area.

[Key supply process]
FIG. 6 is a functional block diagram illustrating the key supply processing unit. The host computer 31, IC card 141, etc. can be used as a key supply device. The following is a description after the host computer 31 or the IC card 141 is turned on, the OS is loaded into the RAM 35 or the RAM 146, and the key supply application is loaded into the RAM 35 or the RAM 46. .

  As shown in FIG. 6, the functional block of the key supply device 12 includes an authentication unit 61, a key transmission unit 62, a key holding unit 63, and a communication unit 64. These functional blocks are realized by software processing, but may be installed in the key supply apparatus 12 as hardware that realizes equivalent functions.

  The authentication unit 61 communicates with the authentication unit 51 of the image input device 11 connected to the key supply device 12 via the communication unit 64, and authenticates the validity of the image input device 11.

  When the authenticity of the image input device 11 is authenticated by the authentication unit 61, the key transmission unit 62 receives a key data request from the image input device 11 via the communication unit 64. Then, the key data held by the key holding unit 63 is transmitted to the image input device 11.

  The key holding unit 63 holds key data in the EEPROM 143 and the ROM 145, and outputs the key data held in response to a request from the key transmission unit 62 to the key transmission unit 62.

[Authentication process]
FIG. 7 is a flowchart for explaining the authentication process. The authentication process of the key supply device and the authentication process of the host terminal are executed by the authentication unit 51 (hereinafter, host authentication unit 51) of the image input device 11 and the authentication unit 61 (hereinafter, device authentication unit 61) of the key supply device 12. The

  The host authentication unit 51 generates a challenge r1 (S81), and transmits the generated challenge r1 to the key supply device 12 via the communication unit 58 (S82). For the challenge r1, for example, a pseudo-random number generated by a pseudo-random number generator (not shown) may be used.

The device authentication unit 61 receives the challenge r1 ′ via the communication unit 64 (S91), and generates a response M1 ′ according to the equation (1) using the received challenge r1 ′ (S92).
z = F (x, y)… (1)

  F (x, y) in the equation (1) is a function for calculating a response corresponding to the challenge y from the data x. The function F (x, y) in the first embodiment uses the secret information K as x, generates a MAC (message authentication code) of the input data y, and uses the generated MAC as a response. That is, a response M1 ′ is generated from the challenge r1 ′ as M1 ′ = F (K, r1 ′).

  The secret information K is assumed to be safely shared in advance between the image input device 11 and the key supply device 12. However, the method is not limited to this. A method using a common key method such as AES or DES as a function F (x, y), a method using a public key method such as RSA, or a hash such as SHA-1 or MD5 Various methods such as a method using a function can be applied.

  Next, the device authentication unit 61 generates a challenge r2 (S93), and transmits the response M1 ′ and the challenge r2 to the image input device 11 via the communication unit 64 (S94).

  The host authentication unit 51 receives the response M1 ′ and the challenge r2 ′ (equal to r2 when the challenge generated in step S93 described above is received) via the communication unit 58 (S83). Then, the response M1 is generated by the equation (1) using the challenge r1 (S84). Then, the generated response M1 is compared with the received response M1 ′ (S85), and if the values of both responses match (M1 = M1 ′), the process proceeds to step S86. The process ends as “failure”.

  If the authentication process is successful, the host authentication unit 51 generates a response M2 ′ according to Equation (1) using the received challenge r2 ′ (S86), and supplies the generated response M2 ′ via the communication unit 58. The data is transmitted to the device 12 (S87).

  The device authentication unit 61 receives the response M2 ′ via the communication unit 58 (S95), and generates a response M2 according to the equation (1) using the challenge r2 (S96). Then, the generated response M2 is compared with the received response M2 ′ (S97). For example, a value indicating “authentication failure” is set as the authentication result (S99). Then, the authentication result is transmitted to the image input device 11 via the communication unit 64 (S100).

  The host authentication unit 51 receives the authentication result via the communication unit 58 (S88), and determines the authentication result (S89). If the authentication result indicates “authentication success”, the processing is terminated as authentication success. If the authentication result indicates “authentication failure”, the processing is terminated as authentication failure.

  The obtained authentication result is held in the work memory 24 of the image input device 11 and the RAM 146 (or RAM 35) of the key supply device 12, and can be referred to in the key acquisition processing by the key acquisition unit 52.

[Encryption processing]
FIG. 8 is a flowchart for explaining the encryption process. The encryption process is executed by the encryption unit 55 of the image input device 11.

  The encryption unit 55 determines whether or not an image shooting process has been executed by the image generation unit 54 (S101) .If the shooting process has not been executed, the process returns to step S101, and the shooting process has been executed. If so, the process proceeds to step S102.

  When the shooting process is executed, the encryption unit 55 determines whether the continuous shooting mode (that is, continuous shooting mode, movie shooting mode, bracket shooting mode, JPEG / RAW simultaneous recording mode) is set in the image generation unit 54. Is determined (S102). If the continuous shooting mode is set, the process proceeds to step S103. If the continuous shooting mode is not set, the process proceeds to step S107.

  If the continuous shooting mode is not set, the encryption unit 55 causes the key acquisition unit 52 to request key data from the key supply device 12 (S107). When the key holding unit 53 receives and holds the key data from the key acquisition unit 52, the image data output from the image generation unit 54 is encrypted using the key data (S108). Then, the key erasure unit 59 deletes the key data held by the key holding unit 53 (S109), and the process returns to step S101.

  On the other hand, when the continuous shooting mode is set, the encryption unit 55 determines whether the image data output from the image generation unit 54 corresponds to the first (or first frame) in the continuous shooting mode. (S103). In the case of the first frame (or the first frame), the key acquisition unit 52 is requested to request key data from the key supply device 12 (S104). When the key holding unit 53 receives and holds the key data from the key acquisition unit 52, the first image data (or the first frame) output from the image generation unit 54 is encrypted using the key data (S105). ).

  In addition, when the image data output from the image generation unit 54 is the second image (or second frame) or later in the continuous shooting mode, the encryption unit 55 uses the key data held by the key holding unit 53 to use the second image. (Or the second frame) The subsequent image data is encrypted (S105).

  After executing the encryption in the continuous shooting mode (S105), the encryption unit 55 determines whether or not the continuous shooting is being performed by the shooting operation confirmation unit 57 (S106). If the continuous shooting is in progress, the process returns to step S101. If the continuous shooting is not in progress, the key deletion unit 59 deletes the key data held by the key holding unit 53, assuming that a series of shootings is completed (S109) Is returned to step S101.

  In the bracket shooting mode, a predetermined number (for example, three) of image data is shot with different exposure settings. Therefore, the key data may be deleted after encrypting a predetermined number of image data.

  In JPEG / RAW simultaneous recording mode, for example, after encrypting the second image data (JPEG format), the key data is requested when encrypting the first image data (RAW format). The key data may be deleted.

  As described above, a series of image data in the continuous shooting mode is encrypted with one key data. Therefore, the shooting interval of continuous shooting does not become long, and a series of image data can be encrypted at high speed. Furthermore, the key data is present in the image input device 11 only during the continuous shooting period, and the key data is erased almost simultaneously when the continuous shooting ends. Therefore, the possibility of leakage of key data is extremely small.

[Modification]
In the above, an example in which key data is received from the outside of the image input device 11 has been described. However, the present invention is not limited to this, and key data may be generated in the image input device 11. In that case, instead of requesting key data in steps S104 and S107, key data is generated in the image input device 11 using a pseudo random number generator (not shown).

  In the above description, the encryption unit 55 encrypts image data using the received key data. However, the present invention is not limited to this, and various methods using key data for generating a MAC (Message Authentication Code) or digital signature for image data can be applied. In the case of MAC, the received key data can be used as secret information when generating the MAC. In the case of a digital signature, the received key data can be used as a secret key when generating a digital signature. Then, verification data that can detect falsification of image data can be generated.

  The information processing according to the second embodiment of the present invention will be described below. Note that the same reference numerals in the second embodiment denote the same parts as in the first embodiment, and a detailed description thereof will be omitted.

  In the first embodiment, key data is requested when an image is shot, and during continuous shooting in the continuous shooting mode, the key data is held in the key holding unit 53 and encrypted using the same key data. An example has been described in which key data is deleted after shooting is completed.

  However, during the connection period between the key supply device 12 and the image input device 11, the key holding unit 53 may continue to hold the key data. In the second embodiment, a method in which the key holding unit 53 continues to hold key data during the connection period between the key supply device 12 and the image input device 11 will be described.

[Key acquisition process]
FIG. 9 is a flowchart illustrating the key acquisition process according to the second embodiment. The key acquisition process is executed by the key acquisition unit 52 of the image input device 11.

  The key acquisition unit 52 inquires of the communication unit 58 whether or not the connection of the key supply device 12 has been detected (S71). The authentication result is determined (S74). If a reply indicating that the detection has been made is not received from the communication unit 58, or if the authentication result indicates that mutual authentication has failed, the process returns to step S71.

  When the authentication result indicates that the mutual authentication is successful, the key acquisition unit 52 requests key data from the key supply device 12 via the communication unit 58 (S75), and receives the key data (S76). Then, the received key data is output to the key holding unit 53 and held (S77).

[Key deletion process]
FIG. 10 is a flowchart for explaining the key deletion process. The key erasure process is executed by the key erasure unit 59 of the image input device 11.

  The key erasure unit 59 inquires of the communication unit 58 whether or not the disconnection of the key supply device 12 has been detected (S111). Is deleted (S113).

  In this way, key data is held during the period in which the image input device 11 and the key supply device 12 are connected. Therefore, it is possible to reduce the processing time required for obtaining and erasing key data, and to further shorten the shooting interval in the continuous shooting mode.

[Other embodiments]
Note that the present invention can be applied to a system including a plurality of devices (for example, a computer, an interface device, a reader, a printer, etc.), but an apparatus (for example, a copier, a facsimile machine, a control device) including a single device. Etc.).

  Another object of the present invention is to supply a storage medium storing a computer program for realizing the functions of the above embodiments to a system or apparatus, and the computer (CPU or MPU) of the system or apparatus executes the computer program. But it is achieved. In this case, the software read from the storage medium itself realizes the functions of the above embodiments, and the computer program and the computer-readable storage medium storing the computer program constitute the present invention. .

  Further, the above functions are not only realized by the execution of the computer program. That is, according to the instruction of the computer program, the operating system (OS) running on the computer and / or the first, second, third,... This includes the case where the above function is realized.

  The computer program may be written in a memory of a device such as a function expansion card or unit connected to the computer. That is, it includes the case where the CPU of the first, second, third,... Device performs part or all of the actual processing according to the instructions of the computer program, thereby realizing the above functions.

  When the present invention is applied to the storage medium, the storage medium stores a computer program corresponding to or related to the flowchart described above.

A block diagram showing a configuration example of an image processing system of an embodiment A block diagram showing a configuration example of an image input device, A block diagram showing a configuration example of a host computer, Block diagram showing a configuration example of an IC card, Functional block diagram for explaining image input processing, Functional block diagram for explaining the key supply processing unit, A flowchart for explaining the authentication process; A flowchart for explaining the encryption process; Flowchart explaining the key acquisition processing of the second embodiment, It is a flowchart explaining a key deletion process.

Claims (12)

Generating means for generating key data in accordance with the photographing mode and photographing process of the image photographing means;
Holding means for holding the key data;
A calculation unit that performs a predetermined calculation on the image captured by the image capturing unit with the key data held by the holding unit;
An image processing apparatus comprising: an erasing unit that controls erasure of key data held by the holding unit according to a shooting mode and a shooting process of the image shooting unit.   2. The generation unit according to claim 1, wherein when the continuous shooting mode is set as the shooting mode, the generation unit generates the key data during the shooting process of the first frame or the first frame in the continuous shooting. The described image processing apparatus.   3. The image processing apparatus according to claim 1, wherein the generation unit requests the key data from an external device and receives the key data from the external device.   4. The erasing unit according to claim 1, wherein when the continuous shooting mode is set as the shooting mode, the key data held by the holding unit is not deleted during a continuous shooting period. An image processing apparatus according to one item.   4. The erasing unit according to claim 1, wherein when the continuous shooting mode is set as the shooting mode, the key data held by the holding unit is deleted after the continuous shooting is completed. An image processing apparatus according to claim 1.   6. The image processing apparatus according to claim 1, wherein the calculation unit encrypts the image data using the key data.   6. The image processing apparatus according to claim 1, wherein the calculation unit generates verification data that can detect falsification of the image using the key data.   8. The image processing apparatus according to claim 7, wherein the verification data is a digital signature.   8. The image processing apparatus according to claim 7, wherein the verification data is a message authentication code. Depending on the shooting process and shooting mode of the image shooting means, key data is generated,
Holding the key data in a memory;
With the key data held in the memory, a predetermined calculation is performed on the image captured by the image capturing means,
An image processing method comprising: controlling erasure of key data held in the memory according to a photographing process and a photographing mode of the image photographing means.   10. A computer program for controlling a computer device to function as each unit of the image processing device according to claim 1.   12. A computer-readable storage medium in which the computer program according to claim 11 is recorded.

Images