Image processing device, imaging device, control method, and program
The image processing apparatus ensures authenticity assurance information is only added to edited image files if the original image data is verified, addressing the issue of unreliable authenticity in existing systems by enhancing data integrity.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- CANON KK
- Filing Date
- 2024-12-19
- Publication Date
- 2026-07-01
AI Technical Summary
Existing image processing systems fail to adequately ensure the authenticity of edited content, as authenticity assurance information is added regardless of whether the original content has been tampered with, compromising reliability.
An image processing apparatus that verifies the authenticity of original image data before adding authenticity assurance information to edited image files, ensuring that authenticity information is only included if the verification is successful.
Prevents the inclusion of authenticity assurance information in edited image files if the authenticity of the original image data fails to verify, thereby enhancing the reliability of image data integrity.
Smart Images

Figure 2026109300000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to an image processing apparatus, an imaging apparatus, a control method, and a program.
Background Art
[0002] Conventionally, true guarantees for ensuring that an image has not been tampered with have been required in various scenarios. For example, scenarios where it is guaranteed that images handled by the police have not been tampered with, or where it is guaranteed that images published in newspapers or online news have not been tampered with.
[0003] Patent Document 1 discloses a technique that enables verification of whether original content has been tampered with and also enables identification of all editing processes by adding an editing history.
[0004] In recent years, a technical standardization group called C2PA has been established for the purpose of developing technical specifications that can guarantee the origin and reliability of content, enabling publishers, creators, and consumers to track the origin of media. The need for true guarantees has been attracting renewed attention. According to the C2PA standard, a Manifest can be saved in an image generated during shooting or editing as C2PA data. The Manifest can store an Actor (the name of the camera or software that generated the image), a hash value, a claim signature (digital signature), a thumbnail image, etc.
Prior Art Documents
Patent Documents
[0005]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0006] According to Patent Document 1, since authenticity assurance information is added during editing regardless of whether the original content has been tampered with or not, it is difficult to say that the reliability of the edited content is sufficiently guaranteed.
[0007] This invention has been made in view of the above circumstances, and aims to provide a technique that refrains from including authenticity assurance information in an image file containing edited image data if the verification of the authenticity of the original image data fails. [Means for solving the problem]
[0008] To solve the above problems, the present invention provides A generation means that generates a second image file containing a second image file in which the image editing process has been applied by performing an image editing process on a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a first Verification means for verifying the authenticity of the first image data based on the first authenticity information, provided that the first image file contains first authenticity information configured to guarantee the authenticity of the first image data, A control means, If the verification of the authenticity of the first image data is successful, the second image file is to include second authenticity assurance information configured to guarantee the authenticity of the second image data. If the verification of the authenticity of the first image data fails or the first authenticity assurance information is not included in the first image file, the second authenticity assurance information will not be included in the second image file. A control means that controls in this manner, The present invention provides an image processing apparatus characterized by comprising the following features. [Effects of the Invention]
[0009] According to the present invention, if the verification of the authenticity of the original image data fails, it becomes possible to refrain from including authenticity assurance information in the image file containing the edited image data.
[0010] Further features and advantages of the present invention will become clearer from the accompanying drawings and the description of the embodiments for carrying out the invention below. [Brief explanation of the drawing]
[0011] [Figure 1] A block diagram showing an example configuration of digital camera 100. [Figure 2A] A diagram showing an example of image file structure. [Figure 2B] A diagram showing an example of an image file containing an authenticity assurance information area 207 that includes multiple authenticity assurance information. [Figure 3] A flowchart of the process for adding authenticity assurance information during image editing, according to the first embodiment. [Figure 4] Figure 3 illustrates an example of how an image file changes during processing. [Figure 5] A flowchart of the process for adding authenticity assurance information during image editing, according to the second embodiment. [Figure 6] Figure 5 illustrates an example of how an image file changes during processing. [Modes for carrying out the invention]
[0012] The embodiments will be described in detail below with reference to the attached drawings. Note that the following embodiments do not limit the invention as defined in the claims. While the embodiments describe multiple features, not all of these features are essential to the invention, and the features may be combined in any way. Furthermore, in the attached drawings, identical or similar configurations are given the same reference numerals, and redundant descriptions are omitted.
[0013] [First Embodiment] Figure 1 is a block diagram showing an example configuration of a digital camera 100. The digital camera 100 is an example of an imaging device equipped with an image processing device. The imaging device may be, for example, a smartphone. Furthermore, a personal computer (PC) without a camera can perform the role of the image processing device in this embodiment.
[0014] The barrier 10 is a protective member that covers the imaging unit including the shooting lens 11 of the digital camera 100 to prevent the imaging unit from being soiled or damaged, and its operation is controlled by the barrier control unit 43. The shooting lens 11 forms an optical image on the imaging surface of the image sensor 13. The shutter 12 has an aperture function. The image sensor 13 is composed of, for example, a CCD, a CMOS sensor, etc., and converts the optical image formed on the imaging surface by the shooting lens 11 via the shutter 12 into an electrical signal.
[0015] The A / D converter 15 converts the analog image signal output from the image sensor 13 into a digital image signal. The digital image signal converted by the A / D converter 15 is written into the memory 25 as so-called RAW image data. At the same time, development parameters corresponding to each RAW image data are generated based on the information at the time of shooting and written into the memory 25. The development parameters are composed of various parameters used in image processing for recording images in the JPEG format, such as exposure settings, white balance, color space, contrast, etc.
[0016] The timing generator 14 is controlled by the memory control unit 22 and the system control unit 50, and supplies clock signals and control signals to the image sensor 13, the A / D converter 15, and the D / A converter 21.
[0017] The image processing unit 20 performs various image processes such as predetermined pixel interpolation processing, color conversion processing, correction processing, resizing processing, and image composition processing on the data from the A / D converter 15 or the data from the memory control unit 22. In addition, the image processing unit 20 performs predetermined image processing and arithmetic processing using the captured image data, and provides the obtained arithmetic result to the system control unit 50. The system control unit 50 controls the exposure control unit 40 and the focus control unit 41 based on the provided arithmetic result to realize autofocus (AF) processing, automatic exposure (AE) processing, and flash pre-emission (EF) processing.
[0018] Furthermore, the image processing unit 20 performs predetermined calculations using the image data obtained from the capture, and also performs auto white balance (AWB) processing based on the obtained calculation results. In addition, the image processing unit 20 reads the image data stored in the memory 25 and performs compression or decompression processing using JPEG, MPEG-4 AVC, High Efficiency Video Coding (HEVC), or a lossless compression method for uncompressed RAW data. Finally, the image processing unit 20 writes the processed image data to the memory 25.
[0019] Furthermore, the image processing unit 20 performs predetermined calculations using the image data obtained by capturing, and performs various image data editing processes. Specifically, it can perform cropping, which adjusts the display range and size of the image by hiding unnecessary parts around the image data, and resizing, which changes the size of the image data or screen display elements by enlarging or reducing them. In addition, the image processing unit 20 can perform RAW development, which adds image processing such as color conversion to data that has been compressed or decompressed using a lossless compression method for uncompressed RAW data, and converts it into JPEG or HEVC format data to create image data. Furthermore, the image processing unit 20 can perform video extraction, which extracts a specified frame from a video format such as MPEG-4, converts it into JPEG format data, and saves it.
[0020] Furthermore, the image processing unit 20 performs predetermined calculations using the image data and performs image comparison processing of various image data. Specifically, it performs decompression processing according to the compression method of the image data to be compared and compares the decompressed images. The image processing unit 20 can determine whether the images match or not, and how much the difference is.
[0021] Furthermore, the image processing unit 20 also performs processing such as overlaying an On-Screen Display (OSD) such as a menu or arbitrary characters to be displayed on the display unit 23, along with the image data for display.
[0022] Furthermore, the image processing unit 20 uses the input image data and distance information to the subject obtained from the image sensor 13 during shooting to detect subjects present in the image data and performs subject detection processing to detect the subject's region. The detectable information includes region information such as position and size within the image, as well as detection information such as tilt and certainty.
[0023] Furthermore, the image processing unit 20 includes a synthesis processing circuit for synthesizing multiple image data. In this embodiment, the image processing unit 20 may synthesize images by overwriting pixels, or by weighted addition. Weighted addition can produce an image in which the background is transparent. The image processing unit 20 can also perform a comparative light synthesis process or a comparative dark synthesis process, which selects the image with the brightest or darkest value in each region of the image data to be synthesized, and synthesizes the selected image for each pixel to generate a single image data.
[0024] The memory control unit 22 controls the A / D converter 15, timing generator 14, image processing unit 20, image display memory 24, D / A converter 21, and memory 25. The RAW image data generated by the A / D converter 15 is written to the image display memory 24 or memory 25 via the image processing unit 20 and the memory control unit 22, or directly via the memory control unit 22.
[0025] Image data for display written to the image display memory 24 is displayed on the display unit 23, which is composed of a TFT LCD or the like, via the D / A converter 21. By sequentially displaying the image data obtained by imaging using the display unit 23, it is possible to realize an electronic viewfinder function that displays live images.
[0026] Memory 25 has sufficient storage capacity to store a predetermined number of still images and a predetermined amount of video footage, and stores the captured still images and video footage. Memory 25 can also be used as a workspace for the system control unit 50.
[0027] The exposure control unit 40 controls the shutter 12, which has an aperture function. The exposure control unit 40 also has a flash metering function by working in conjunction with the flash 44. The focus control unit 41 adjusts the focus by driving a focus lens (not shown) included in the photographic lens 11 based on instructions from the system control unit 50. The zoom control unit 42 controls zooming by driving a zoom lens (not shown) included in the photographic lens 11. The flash 44 has an AF assist light projection function and a flash metering function.
[0028] The system control unit 50 controls the entire digital camera 100. The non-volatile memory 51 is an electrically erasable and recordable non-volatile memory, such as an EEPROM. The non-volatile memory 51 stores not only programs but also map information and other data.
[0029] The shutter switch 61 (SW1) turns ON during the operation of the shutter button 60 and instructs the start of operations such as AF processing, AE processing, AWB processing, and EF processing. The shutter switch 62 (SW2) turns ON when the operation of the shutter button 60 is completed and instructs the start of a series of shooting operations including exposure processing, development processing, and recording processing. In the exposure processing, the system control unit 50 controls the system to write the signal read from the image sensor 13 to the memory 25 as RAW image data via the A / D converter 15 and the memory control unit 22. In the development processing, the system control unit 50 uses calculations in the image processing unit 20 and the memory control unit 22 to develop the RAW image data written to the memory 25 and controls the system to write it to the memory 25 as image data. In the recording processing, the system control unit 50 reads the image data from the memory 25, compresses it using the image processing unit 20, stores the compressed image data in the memory 25, and then controls the system to write it to the external recording medium 91 via the card controller 90.
[0030] The control unit 63 is equipped with various buttons and touch panels. For example, the control unit 63 includes a power button, a menu button, a mode switch for switching between shooting mode / playback mode / other special shooting modes, a directional pad, a set button, a macro button, and a multi-screen playback page change button. In addition, the control unit 63 also includes, for example, a flash setting button, a single-shot / continuous-shot / self-timer switching button, a menu navigation + (plus) button, a menu navigation - (minus) button, a shooting quality selection button, an exposure compensation button, and a date / time setting button.
[0031] The metadata generation and analysis unit 70 generates various metadata, such as Exchangeable image file format (Exif) information, to be attached to the image data when recording image data to the external recording medium 91, based on the information at the time of shooting. Furthermore, when reading image data recorded on the external recording medium 91, the metadata generation and analysis unit 70 analyzes the metadata attached to the image data. Examples of metadata include various setting information at the time of shooting, image data information related to the image data, and characteristic information of the subject contained in the image data. Additionally, when recording moving image data, the metadata generation and analysis unit 70 can generate and attach metadata to each frame.
[0032] The power supply 80 consists of a primary battery such as an alkaline battery or a lithium battery, a secondary battery such as a NiCd battery, a NiMH battery, or a Li battery, or an AC adapter, etc. The power control unit 81 supplies power from the power supply 80 to each part of the digital camera 100.
[0033] The card controller 90 transmits and receives data to and from an external recording medium 91, such as a memory card. The external recording medium 91 is, for example, a memory card, and records images (still images, videos) taken by the digital camera 100.
[0034] The communication unit 71 has a communication circuit for transmitting and receiving data. Specifically, the communication circuit may be configured to perform wireless communication such as Wi-Fi or Bluetooth (registered trademark), or it may be configured to perform wired communication such as Ethernet or USB.
[0035] The hash value generation unit 72 generates (calculates) a hash value by executing a hash function on various data (e.g., image data or metadata) input via the system control unit 50. Algorithms for generating hash values include SHA256, SHA384, and SHA512. Note that the system control unit 50 may generate the hash value instead of the hash value generation unit 72. Furthermore, the hash value generation unit 72 may generate a hash value by executing a hash function on the entire image file, rather than just the image data.
[0036] The signature generation / verification unit 73 generates and verifies signature information necessary for determining authenticity. When an image is created, the signature generation / verification unit 73 generates signature information using the hash value of the image data generated by the hash value generation unit 72 and the signature generation key (private key), and records it in the image file as authenticity guarantee information. When image tampering is detected, the signature generation / verification unit 73 determines whether or not the image has been tampered with by verifying the hash value of the image data to be verified, generated by the hash value generation unit 72, and the signature recorded as authenticity guarantee information using the public key. Examples of algorithms for generating and verifying signature information include ECDSA, RSASSA-PSS, and EdDSA. Note that the system control unit 50 may perform the role of the signature generation / verification unit 73 instead of the signature generation / verification unit 73.
[0037] Figure 2A shows an example of the structure of an image file. The image file 200A recorded in this embodiment includes an area for recording metadata (Exif data 201) in accordance with the Exif standard, an area for recording compressed main image data 206, and an area for recording authenticity assurance information 217 (authenticity assurance information area 207).
[0038] For example, if the user instructs the image to be recorded in JPEG format, the thumbnail image data 205 and the main image data 206 will be recorded in JPEG format in the image file 200A. In addition, Exif data 201 will be recorded in the APP1 marker, etc., and the authenticity guarantee information area 207 will be recorded in the APP11 marker, etc.
[0039] Furthermore, if the user instructs the system to record in High Efficiency Image File Format (HEIF), the image file 200A will be recorded in HEIF format, and the Exif data 201 and authenticity information area 207 will be recorded in a MetaDataBox or similar location. Similarly, if the user instructs the system to record in RAW format, the Exif data 201 and authenticity information area 207 will also be recorded in a designated area such as a MetaDataBox.
[0040] Image file 200A may be recorded in formats other than those described above.
[0041] Exif data 201 may also record information 202 indicating the presence or absence of authenticity assurance information and a link 203 to the authenticity assurance information. Furthermore, the MakerNote 204 included in Exif data 201 may contain manufacturer-specific metadata generated using the metadata generation and analysis unit 70, which is generally kept confidential.
[0042] The authenticity assurance information area 207 includes authenticity assurance information 217 (first authenticity assurance information) which includes information to guarantee the authenticity of the image data 206. The authenticity assurance information 217 includes the actor (name of the camera or software that generated or edited the image), one or more hash values, thumbnail image data, and a signature. Here, the authenticity assurance information 217 is assumed to be information that was added (associated) with the image data 206 by the digital camera 100 when the digital camera 100 generated the image data 206.
[0043] The thumbnail image data is the thumbnail image data corresponding to the main image data 206 at the time the authenticity assurance information 217 is added to the image file 200A.
[0044] Authenticity assurance information 217 may include one or more hash values, such as the hash value of the image, the hash value of the metadata, and the hash values of both the image and the metadata. The one or more hash values included in authenticity assurance information 217 are signed.
[0045] The hash value of this image is calculated based on the image data (in the example in Figure 2A, the image data 206). Therefore, if the authenticity assurance information 217 includes the hash value of this image, it can be said that the authenticity assurance information 217 is configured to guarantee the authenticity of the image data 206.
[0046] The metadata hash value is a hash value calculated based on the metadata (Exif data 201 in the example in Figure 2A). Therefore, if the authenticity assurance information 217 includes the metadata hash value, it can be said that the authenticity assurance information 217 is configured to guarantee the authenticity of the metadata (Exif data 201).
[0047] The hash values of the image and metadata are calculated based on the combination of the image data and metadata (in the example in Figure 2A, the combination of the image data 206 and the Exif data 201). Therefore, if the authenticity assurance information 217 includes the hash values of the image and metadata, it can be said that the authenticity assurance information 217 is configured to integrally guarantee the authenticity of the image data 206 and the metadata (Exif data 201).
[0048] Furthermore, if the authenticity verification based on the hash values of the image and metadata is successful, both the image data 206 and the metadata (Exif data 201) are considered authentic. Therefore, the authenticity assurance information 217, which includes the hash values of the image and metadata, is included in the example of authenticity assurance information configured to guarantee the authenticity of the image data 206, similar to the authenticity assurance information 217, which includes the hash value of the image. In addition, the authenticity assurance information 217, which includes the hash values of the image and metadata, is included in the example of authenticity assurance information configured to guarantee the authenticity of the metadata (Exif data 201), similar to the authenticity assurance information 217, which includes the hash value of the metadata.
[0049] In the example in Figure 2A, the authenticity assurance information 217 includes only the hash value of the image as one or more hash values. However, the authenticity assurance information 217 may include the hash values of the image and metadata instead of the hash value of the image, or it may include two or more types of hash values. For example, the authenticity assurance information 217 may include the hash value of the image and the hash value of the metadata separately. In this case, the authenticity assurance information 217 can be said to be configured to individually guarantee the authenticity of the image data 206 and the metadata (Exif data 201). The authenticity assurance information 217, which includes the hash value of the image and the hash value of the metadata separately, is included in the example of authenticity assurance information configured to guarantee the authenticity of the image data 206, and is also included in the example of authenticity assurance information configured to guarantee the authenticity of the metadata.
[0050] In the example in Figure 2A, the authenticity information area 207 contains one piece of authenticity information (authenticity information 217). However, the authenticity information area 207 may also contain multiple pieces of authenticity information.
[0051] Figure 2B shows an example of an image file that includes an authenticity assurance information area 207 containing multiple authenticity assurance information. The image file 200B in Figure 2B is an image file generated by performing image editing processing on image file 200A using an image editing application. Therefore, the content of the main image data 206 (second image data) of image file 200B (second image file) is different from the content of the main image data 206 (first main image data) of image file 200A (first image file).
[0052] Image editing processes may include processes that cause changes in metadata. For example, if metadata includes information indicating the orientation of an image, and image editing processes that include rotating the image are performed, the information indicating the orientation of the image included in the metadata will change. Therefore, the content of Exif data 201 (second metadata) of image file 200B (second image file) will be different from the content of Exif data 201 (first metadata) of image file 200A (first image file).
[0053] In Figure 2B, the authenticity assurance information area 207 includes authenticity assurance information 217 in addition to authenticity assurance information 218. Authenticity assurance information 218 is information that was added (associated) with the edited main image data 206 (image data reflecting the image editing process) by the image editing application when the edited main image data 206 was recorded.
[0054] The hash value of the image included in the authenticity guarantee information 218 is the hash value calculated based on the image data 206 at the time the authenticity guarantee information 218 was added to the image file 200B. Therefore, the hash value of the image included in the authenticity guarantee information 218 is different from the hash value of the image included in the authenticity guarantee information 217.
[0055] The thumbnail image data included in the authenticity guarantee information 218 is the thumbnail image data corresponding to the main image data 206 at the time the authenticity guarantee information 218 was added to the image file 200B.
[0056] In the example in Figure 2B, the most recent authenticity information is the second (bottommost) authenticity information 218. When the system control unit 50 records authenticity information in the authenticity information area 207, it may also store management information at the beginning of the authenticity information area 207, such as a link to the authenticity information, the rank of the authenticity information (the order in which it was recorded), and the total number of recorded authenticity information entries.
[0057] Since image file 200B includes authenticity assurance information 217 and 218, the digital camera 100 can verify the authentic origin of this image data 206.
[0058] In this embodiment, if predetermined conditions (details described later) are met, new authenticity assurance information is added each time the image data 206 is edited and recorded.
[0059] Figure 3 is a flowchart of the process for adding authenticity assurance information during image editing according to the first embodiment. Here, the digital camera 100 acts as an image processing device, and the user performs image editing on the image file 200A using the digital camera 100's image editing application. The main image data 206 of the image file 200A corresponds to an image captured using the image sensor 13. The function of the image editing application is realized by the system control unit 50 executing the image editing application program stored in the non-volatile memory 51. When executing the image editing application program, the system control unit 50 uses the memory 25 as a working area.
[0060] Note that the image processing device that runs the image editing application is not limited to the digital camera 100. For example, a PC may act as the image processing device, and a user may edit the main image data 206 of the image file 200A using an image editing application on the PC. In this case, the PC will perform the process shown in Figure 3.
[0061] In S301, the system control unit 50 reads the image file 200A from the external recording medium 91 and loads it into the memory 25. Then, the system control unit 50 performs image editing processing on the memory 25 according to user instructions via the operation unit 63. The contents of various data (such as the main image data 206 or Exif data 201) of the image file 200A loaded into the memory 25 are changed according to the editing content instructed by the user. When the user instructs that editing is complete, the process proceeds to S302. In S301, the system control unit 50 may use the image processing unit 20 to perform image editing processing as needed.
[0062] In S302, the system control unit 50 determines whether the original (unedited) image file 200A stored on the external recording medium 91 contains authenticity assurance information configured to guarantee the authenticity of the image data 206. If the original image file 200A contains authenticity assurance information, the process proceeds to S303; otherwise, the process proceeds to S305. In the example in Figure 2A, the image file 200A contains authenticity assurance information 217 configured to guarantee the authenticity of the image data 206, so the process proceeds to S303.
[0063] In S303, the system control unit 50 verifies the authenticity of the main image data 206 (original main image data) of the original image file 200A based on the authenticity assurance information 217, and determines whether the verification was successful or not. To verify authenticity, the system control unit 50 uses the hash value generation unit 72 and the signature generation / verification unit 73 to determine whether the hash value of the main image stored in the authenticity assurance information 217 matches the hash value recalculated based on the original main image data 206. If these two hash values match, the system control unit 50 determines that the authenticity verification was successful and proceeds to S304. If these two hash values do not match, the system control unit 50 determines that the authenticity verification failed and proceeds to S305. In the following explanation, the success of the authenticity verification based on the authenticity assurance information may be expressed as "the authenticity assurance information is correct," and the failure of the authenticity verification may be expressed as "the authenticity assurance information is incorrect."
[0064] In S304, the system control unit 50 adds new authenticity assurance information (for example, authenticity assurance information 218 shown in Figure 2B) configured to guarantee the authenticity of the edited image data 206 to the edited image file stored in the memory 25.
[0065] In S305, the system control unit 50 writes the edited image file (for example, the image file 200B shown in Figure 2B) containing the edited image data to the external recording medium 91. At this time, the system control unit 50 may perform what is called "overwrite saving," which replaces the original image file with the edited image file, or it may perform what is called "save as," which saves the edited image file in addition while leaving the original image file intact.
[0066] Thus, if the S304 process is performed (i.e., the authenticity information of the original image file is correct), new authenticity information (for example, authenticity information 218 shown in Figure 2B) is added to the edited image file. On the other hand, if the S304 process is not performed (i.e., the authenticity information of the original image file is incorrect, or the original image file does not contain authenticity information), new authenticity information is not added to the edited image file.
[0067] Here, with reference to Figure 4, an example of how image files change as a result of the processing shown in Figure 3 is explained. In Figure 4, image file 200A is the image file before editing (the first image file), and image files 200B and 200C are the image files after editing (the second image files). The main image data 206 (second image data) of image files 200B and 200C is the image data that has been processed after the image editing process (i.e., the main image data 206 (first image data) of image file 200A has been modified).
[0068] If the process proceeds to S305 via S304 (and the authenticity guarantee information 217 of the original image file 200A is correct), an edited image file 200B is generated with the new authenticity guarantee information 218 added.
[0069] On the other hand, if the process proceeds from S303 to S305 without going through S304 (i.e., the authenticity guarantee information 217 of the original image file 200A is incorrect), an image file 200C is generated that does not have new authenticity guarantee information 218. In this case, the system control unit 50 may add a flag to the header of the image file 200C indicating that the authenticity guarantee information 217 is outdated.
[0070] Furthermore, although not shown in the diagram, if the original image file 200A does not contain authenticity assurance information 217 (i.e., if the process transitions directly from S302 to S305), an edited image file without authenticity assurance information 218 will be generated.
[0071] It is also possible to perform the processing shown in Figure 3 using an image file containing multiple authenticity assurance pieces of information as the original image file. For example, consider the case where image file 200B is the original image file. In this case, in S303, the system control unit 50 verifies the authenticity of the main image data 206 of the original image file 200B based on the authenticity assurance information 218 and determines whether the verification was successful or not. If the verification is successful, in S304, the system control unit 50 adds new authenticity assurance information configured to guarantee the authenticity of the edited main image data 206 to the edited image file stored in memory 25. As a result, an image file containing three authenticity assurance pieces of information is generated.
[0072] As described above, according to the first embodiment, the digital camera 100 performs image editing processing on a first image file containing first image data (for example, the main image data 206 of image file 200A), thereby generating a second image file containing second image data (for example, the main image data 206 of image file 200B or 200C) that has been edited. Furthermore, if the first image file contains first authenticity assurance information (for example, authenticity assurance information 217 for image file 200A) configured to guarantee the authenticity of the first image data, the digital camera 100 verifies the authenticity of the first image data based on the first authenticity assurance information. If the verification of the authenticity of the first image data is successful, the digital camera 100 controls the inclusion of second authenticity assurance information (for example, authenticity assurance information 218 for image file 200B) configured to guarantee the authenticity of the second image data in the second image file. If the verification of the authenticity of the first image data fails or the first authenticity assurance information is not included in the first image file, the digital camera 100 controls itself to refrain from including the second authenticity assurance information in the second image file.
[0073] Thus, according to this embodiment, if the authenticity verification of the original image data is successful, new authenticity assurance information for the edited image data is added to the edited image file. On the other hand, if the authenticity verification of the original image data fails or authenticity assurance information for the original image data is unavailable, no new authenticity assurance information is added to the edited image file. Therefore, for example, if the authenticity verification of the main image data 206 of image file 200B is successful based on the authenticity assurance information 218, it can be assumed that the main image data before editing was also authentic. Accordingly, according to this embodiment, the reliability of image data accompanied by authenticity assurance information is improved.
[0074] [Second Embodiment] In the second embodiment, an example of processing will be described when the authenticity assurance information is configured to individually guarantee the authenticity of the image data and metadata (for example, when the authenticity assurance information includes the hash value of the image and the hash value of the metadata). In the second embodiment, the basic configuration of the digital camera 100 is the same as in the first embodiment. The following mainly describes the differences from the first embodiment.
[0075] Figure 5 is a flowchart of the process for adding authenticity assurance information during image editing according to the second embodiment. Here, the digital camera 100 acts as an image processing device, and the user performs image editing on the image file 600A shown in Figure 6 using the image editing application of the digital camera 100. The functions of the image editing application are realized by the system control unit 50 executing the image editing application program stored in the non-volatile memory 51. When executing the image editing application program, the system control unit 50 uses the memory 25 as a working area. As in the first embodiment, a PC may also act as an image processing device.
[0076] The authenticity assurance information 617 of the image file 600A includes the hash value of the image and the hash value of the metadata. Therefore, the authenticity assurance information 617 is configured to individually guarantee the authenticity of the image data 206 and the metadata (Exif data 201). The image data 206 of the image file 600A corresponds to an image captured using the image sensor 13.
[0077] The processes in S501 and S502 are the same as those in S301 and S302 in Figure 3.
[0078] In S503, the system control unit 50 verifies the authenticity of the main image data 206 (original main image data) of the original image file 600A based on the authenticity assurance information 617, and determines whether the verification was successful or not. To verify authenticity, the system control unit 50 uses the hash value generation unit 72 and the signature generation / verification unit 73 to determine whether the hash value of the main image stored in the authenticity assurance information 617 matches the hash value recalculated based on the original main image data 206. If these two hash values match, the system control unit 50 determines that the authenticity verification was successful and proceeds to S504. If these two hash values do not match, the system control unit 50 determines that the authenticity verification failed and proceeds to S507.
[0079] In S504, the system control unit 50 verifies the authenticity of the metadata (Exif data 201) of the original image file 600A based on the authenticity assurance information 617 and determines whether the verification was successful. To verify authenticity, the system control unit 50 uses the hash value generation unit 72 and the signature generation / verification unit 73 to determine whether the hash value of the metadata stored in the authenticity assurance information 617 matches the hash value recalculated based on the original metadata (Exif data 201 of the image file 600A). If these two hash values match, the system control unit 50 determines that the authenticity verification was successful and proceeds to S506. If these two hash values do not match, the system control unit 50 determines that the authenticity verification failed and proceeds to S505.
[0080] In S505, the system control unit 50 adds new authenticity assurance information (e.g., authenticity assurance information 618C) configured to guarantee the authenticity of the edited main image data 206 to the edited image file (e.g., image file 600C in Figure 6) stored in memory 25. The authenticity assurance information 618C includes the hash value of the main image, but does not include the hash value of the metadata. The hash value of the main image is calculated based on the edited main image data 206. Therefore, the authenticity assurance information 618C is configured to guarantee the authenticity of the main image data 206 of the image file 600C without guaranteeing the authenticity of the metadata (Exif data 201) of the image file 600C.
[0081] In S506, the system control unit 50 adds new authenticity assurance information (e.g., authenticity assurance information 618B) configured to guarantee the authenticity of the edited main image data 206 to the edited image file (e.g., image file 600B in Figure 6) stored in memory 25. The authenticity assurance information 618B includes both the hash value of the main image and the hash value of the metadata. The hash value of the main image is calculated based on the edited main image data 206. The hash value of the metadata is calculated based on the edited metadata. Therefore, the authenticity assurance information 618B is configured to individually guarantee the authenticity of the main image data 206 and metadata (Exif data 201) of the image file 600C.
[0082] In S507, the system control unit 50 writes the edited image file (for example, image file 600B or 600C shown in Figure 6) containing the edited image data to the external recording medium 91. At this time, the system control unit 50 may perform a so-called "overwrite save" which replaces the original image file with the edited image file, or it may perform a so-called "save as" which saves the edited image file in addition while leaving the original image file intact.
[0083] Thus, if the S506 process is performed (if the authenticity of both the original image data and metadata is successfully verified), new authenticity assurance information is added to the edited image file (e.g., image file 600B), which is configured to individually guarantee the authenticity of both the edited image data and metadata. On the other hand, if the S505 process is performed (if the authenticity of the original image data is successfully verified but the authenticity of the original metadata is not), new authenticity assurance information is added to the edited image file (e.g., image file 600C), which is configured to guarantee the authenticity of the edited image data without guaranteeing the authenticity of the edited metadata. If the S505 and S506 processes are not performed (either the authenticity of the original image data is not verified, or the original image file does not contain authenticity assurance information), no new authenticity assurance information is added to the edited image file (not shown). In this case, the system control unit 50 may add a flag to the header of the edited image file indicating that the authenticity assurance information 617 is outdated.
[0084] As described above, the second embodiment relates to an example of processing when authenticity assurance information (first authenticity assurance information) is configured to individually guarantee the authenticity of the image data and metadata, as shown in image file 600A in Figure 6. If the authenticity verification of both the original image data (first image data) and metadata (first metadata) is successful, the digital camera 100 controls the inclusion of authenticity assurance information (second authenticity assurance information), which is configured to individually guarantee the authenticity of the image data (second image data) and metadata (second metadata) that have been edited, into the edited image file (e.g., image file 600B). If the authenticity verification of the first image data is successful but the authenticity verification of the first metadata fails, the digital camera 100 controls the inclusion of authenticity assurance information (second authenticity assurance information), which is configured to guarantee the authenticity of the second image data without guaranteeing the authenticity of the second metadata, into the edited image file (e.g., image file 600C). If the verification of the authenticity of the first image data fails, or if the original image file does not contain authenticity assurance information, the digital camera 100 controls itself to refrain from including the second authenticity assurance information in the edited image file.
[0085] Therefore, according to this embodiment, when an image editing process is performed that causes changes in metadata such as image rotation but does not cause changes in image data, if the authenticity verification of the original image data is successful, it becomes possible to add new authenticity assurance information to the edited image file regardless of the result of the authenticity verification of the original metadata.
[0086] In the example in Figure 6, the hash value of the image and the hash value of the metadata are shown to be included within a single block of authenticity assurance information (e.g., authenticity assurance information 617). However, the specific arrangement of the hash value of the image and the hash value of the metadata in an image file is not limited to the example in Figure 6. For example, image file 600A may contain authenticity assurance information including the hash value of the image and authenticity assurance information including the hash value of the metadata separately. In this case, information including a combination of authenticity assurance information including the hash value of the image and authenticity assurance information including the hash value of the metadata corresponds to an example of authenticity assurance information configured to individually guarantee the authenticity of the image data and metadata.
[0087] [Other embodiments] The present invention can also be realized by supplying a program that implements one or more of the functions of the above-described embodiments to a system or device via a network or storage medium, and by having one or more processors in the computer of that system or device read and execute the program. It can also be realized by a circuit (e.g., an ASIC) that implements one or more functions.
[0088] [summary] The embodiments described above disclose, but are not limited to, the inventions shown in at least the following items. (Item 1) A generation means that generates a second image file containing a second image file in which the image editing process has been applied by performing an image editing process on a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a first Verification means for verifying the authenticity of the first image data based on the first authenticity information, provided that the first image file contains first authenticity information configured to guarantee the authenticity of the first image data, A control means, If the verification of the authenticity of the first image data is successful, the second image file is to include second authenticity assurance information configured to guarantee the authenticity of the second image data. If the verification of the authenticity of the first image data fails or the first authenticity assurance information is not included in the first image file, the second authenticity assurance information will not be included in the second image file. A control means that controls in this manner, An image processing apparatus characterized by comprising: (Item 2) The aforementioned first image file includes first metadata, The aforementioned second image file contains second metadata, The first authenticity assurance information is configured to integrally guarantee the authenticity of the first image data and the first metadata. The second authenticity assurance information is configured to integrally guarantee the authenticity of the second image data and the second metadata. The image processing apparatus according to item 1, characterized in that it is a picture processing apparatus. (Item 3) The image editing process includes a process that causes a change in the first metadata, The second metadata is metadata that has already reflected the image editing process. The image processing apparatus according to item 2, characterized in that (Item 4) The first authenticity information includes a hash value calculated based on the combination of the first image data and the first metadata. The second authenticity information includes a hash value calculated based on the combination of the second image data and the second metadata. The image processing apparatus according to item 2 or 3, characterized in that it is an image processing apparatus. (Item 5) The first authenticity assurance information includes a hash value calculated based on the first image data, The second authenticity assurance information includes a hash value calculated based on the second image data. The image processing apparatus according to item 1, characterized in that it is a picture processing apparatus. (Item 6) The aforementioned first image file includes first metadata, The image editing process includes a process that causes a change in the first metadata, The second image file includes second metadata that reflects the image editing process, The first authenticity assurance information is configured to individually guarantee the authenticity of the first image data and the first metadata. The verification means verifies the authenticity of the first metadata based on the first authenticity assurance information, If the verification of the authenticity of the first image data is successful, the control means shall If the verification of the authenticity of the first metadata is successful, the second authenticity assurance information is configured to individually guarantee the authenticity of the second image data and the second metadata. If the verification of the authenticity of the first metadata fails, the second authenticity assurance information is configured to guarantee the authenticity of the second image data without guaranteeing the authenticity of the second metadata. Control it so that The image processing apparatus according to item 1, characterized in that it is a picture processing apparatus. (Item 7) The first authenticity assurance information includes a hash value calculated based on the first image data and a hash value calculated based on the first metadata. If the authenticity verification of the first metadata is successful, the second authenticity assurance information includes a hash value calculated based on the second image data and a hash value calculated based on the second metadata. If the verification of the authenticity of the first metadata fails, the second authenticity assurance information includes the hash value calculated based on the second image data, but without including the hash value calculated based on the second metadata. The image processing apparatus according to item 6, characterized in that (Item 8) An image processing apparatus described in any one of items 1 to 7, A means for capturing an image corresponding to the first image data, An imaging device characterized by comprising: (Item 9) A control method performed by an image processing device, A generation step of generating a second image file containing a second image file in which the image editing process has been applied by performing an image editing process on a first image file containing second A verification step is performed to verify the authenticity of the first image data based on the first authenticity information, provided that the first image file contains first authenticity information configured to guarantee the authenticity of the first image data. A control process, If the verification of the authenticity of the first image data is successful, the second image file is to include second authenticity assurance information configured to guarantee the authenticity of the second image data. If the verification of the authenticity of the first image data fails or the first authenticity assurance information is not included in the first image file, the second authenticity assurance information will not be included in the second image file. A control process that controls in this manner, A control method characterized by comprising: (Item 10) A program for causing a computer to function as one of the means of an image processing apparatus as described in any one of items 1 through 7.
[0089] The invention is not limited to the embodiments described above, and various modifications and variations are possible without departing from the spirit and scope of the invention. Accordingly, claims are attached to disclose the scope of the invention. [Explanation of symbols]
[0090] 13…Image sensor, 20…Image processing unit, 25…Memory, 50…System control unit, 51…Non-volatile memory, 63…Operation unit, 72…Hash value generation unit, 73…Signature generation / verification unit
Claims
1. A generation means that generates a second image file containing a second image file in which the image editing process has been applied by performing an image editing process on a first image file containing second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a second image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing a first image file containing Verification means for verifying the authenticity of the first image data based on the first authenticity information, provided that the first image file contains first authenticity information configured to guarantee the authenticity of the first image data, A control means, If the verification of the authenticity of the first image data is successful, the second image file is included with second authenticity assurance information configured to guarantee the authenticity of the second image data. If the verification of the authenticity of the first image data fails or the first authenticity assurance information is not included in the first image file, the second authenticity assurance information will not be included in the second image file. A control means that controls in this manner, An image processing apparatus characterized by comprising:
2. The first image file includes first metadata, The second image file includes second metadata, The first authenticity assurance information is configured to integrally guarantee the authenticity of the first image data and the first metadata. The second authenticity assurance information is configured to integrally guarantee the authenticity of the second image data and the second metadata. The image processing apparatus according to feature 1.
3. The image editing process includes a process that causes a change in the first metadata, The second metadata is metadata that has already reflected the image editing process. The image processing apparatus according to claim 2.
4. The first authenticity information includes a hash value calculated based on the combination of the first image data and the first metadata. The second authenticity information includes a hash value calculated based on the combination of the second image data and the second metadata. The image processing apparatus according to claim 2.
5. The first authenticity assurance information includes a hash value calculated based on the first image data, The second authenticity assurance information includes a hash value calculated based on the second image data. The image processing apparatus according to feature 1.
6. The first image file includes first metadata, The image editing process includes a process that causes a change in the first metadata, The second image file includes the second metadata that reflects the image editing process, The first authenticity assurance information is configured to individually guarantee the authenticity of the first image data and the first metadata. The verification means verifies the authenticity of the first metadata based on the first authenticity assurance information, If the verification of the authenticity of the first image data is successful, the control means shall If the verification of the authenticity of the first metadata is successful, the second authenticity assurance information is configured to individually guarantee the authenticity of the second image data and the second metadata. If the verification of the authenticity of the first metadata fails, the second authenticity assurance information is configured to guarantee the authenticity of the second image data without guaranteeing the authenticity of the second metadata. Control it so that The image processing apparatus according to feature 1.
7. The first authenticity information includes a hash value calculated based on the first image data and a hash value calculated based on the first metadata. If the verification of the authenticity of the first metadata is successful, the second authenticity assurance information includes a hash value calculated based on the second image data and a hash value calculated based on the second metadata. If the verification of the authenticity of the first metadata fails, the second authenticity assurance information includes the hash value calculated based on the second image data, but without including the hash value calculated based on the second metadata. The image processing apparatus according to claim 6.
8. An image processing apparatus according to any one of claims 1 to 7, A means for capturing an image corresponding to the first image data, An imaging device characterized by comprising:
9. A control method performed by an image processing device, A generation step of generating a second image file containing a second image file in which the image editing process has been applied by performing an image editing process on a first image file containing second A verification step is performed to verify the authenticity of the first image data based on the first authenticity information, provided that the first authenticity information configured to guarantee the authenticity of the first image data is included in the first image file. A control process, If the verification of the authenticity of the first image data is successful, the second image file is included with second authenticity assurance information configured to guarantee the authenticity of the second image data. If the verification of the authenticity of the first image data fails or the first authenticity assurance information is not included in the first image file, the second authenticity assurance information will not be included in the second image file. A control process that controls in this manner, A control method characterized by comprising:
10. A program for causing a computer to function as one of the means of an image processing apparatus according to any one of claims 1 to 7.