Imaging device, control method for imaging device, and program

Abstract

According to the present invention, an imaging device is provided with: an imaging unit; and a generation unit capable of generating image data based on imaging data captured by the imaging unit, and certification data for certifying authenticity of the image data. The certification data includes data obtained by encrypting a visual recognition image for visually recognizing an image indicated by the imaging data on which first processing is not performed, and recording data including a record of processing on the imaging data.

Description

Imaging Device, Control Method for Imaging Device, and Program 【0001】 The present disclosure relates to an imaging device, a control method for an imaging device, and a program. 【0002】 In recent years, information sharing via the Internet and SNS has become active, and we have entered an era in which anyone can view and transmit information. In addition, in recent years, digital image processing technology has evolved. Under such circumstances, it has become difficult for information viewers to view processed digital images and confirm the authenticity of the viewed content, and as a result, problems such as fake news have become more serious. Therefore, a technique for proving the authenticity of an image by attaching a digital signature to the image is known. In addition, in Patent Document 1, an imaging device equipped with a shooting mode for proving such authenticity has been developed. 【0003】 Japanese Patent Application Laid-Open No. 2008-5421 【0004】 In recent digital cameras, various processing operations are performed on the captured data between when the user gives an instruction to shoot and when the data is saved as image data. However, Patent Document 1 does not describe at which stage of the images from shooting to saving of the image data a digital signature for proving authenticity is attached. Therefore, when the image with the digital signature is, for example, an image after various processing operations have been performed, there is a suspicion that the image itself with the digital signature is an image with distorted facts. Therefore, the authenticity of the captured image may not be proven. 【0005】 An object according to one aspect of the present disclosure is to provide a technique for proving the authenticity of image data captured by an imaging device. 【0006】 One aspect of the present disclosure is an imaging device including: an imaging unit; and a generation unit capable of generating image data based on imaging data captured by the imaging unit and proof data for proving the authenticity of the image data, wherein the proof data includes data obtained by encrypting a visual image for viewing an image indicated by the imaging data before a first process is executed and recording data including a record of processing on the imaging data. 【0007】 According to this disclosure, the authenticity of image data captured by the imaging device can be proven. 【0008】 Other features and advantages of the technical ideas derived from this disclosure will become apparent from the following description with reference to the attached drawings. In the attached drawings, the same or similar components are given the same reference numeral. 【0009】 The attached drawings are included in the specification and constitute part thereof, illustrating embodiments in this disclosure and are used together with the description to explain the technical ideas derived from this disclosure. 【0010】 External view of the imaging device according to one embodiment External view of the imaging device according to one embodiment Block diagram of the imaging device according to one embodiment Configuration diagram of the image data according to one embodiment Configuration diagram of the image data according to one embodiment Configuration diagram of the image data according to one embodiment Rear view of the camera according to one embodiment Explanation diagram of the method for recording authenticity verification data according to one embodiment Explanation diagram of the method for recording authenticity verification data according to one embodiment 【0011】 The embodiments will be described in detail below with reference to the attached drawings. Note that the following embodiments do not limit the scope of the claims. While the embodiments describe multiple features, not all of these features are necessary, and the features may be combined in any way. Furthermore, in the attached drawings, identical or similar configurations are given the same reference numerals, and redundant descriptions are omitted. 【0012】 Using Figures 1A and 1B, a digital camera 100 will be described as an example of a device to which this embodiment can be applied. Figure 1A is a front perspective view of the digital camera 100, and Figure 1B is a rear perspective view of the digital camera 100. A display unit 28 for displaying images and various information is provided on the back of the digital camera 100. In addition, an external viewfinder display unit 43 for displaying various camera settings, including shutter speed and aperture, is provided on the top surface of the digital camera 100. 【0013】The digital camera 100 is also equipped with a shutter button 61, a mode selector switch 60, a terminal cover 40, a main electronic dial 71, a power switch 72, a sub electronic dial 73, a cross key 74, and a SET button 75. The shutter button 61 is an operation unit for issuing a shooting command. The mode selector switch 60 is an operation unit for switching between various modes. The terminal cover 40 is a cover that protects connectors (not shown) such as connection cables that connect external devices to the digital camera 100. 【0014】 The main electronic dial 71 is a rotary control unit included in the control unit 70, and by rotating this main electronic dial 71, settings such as shutter speed and aperture can be changed. The power switch 72 is an operating component that switches the power of the digital camera 100 ON and OFF. The sub electronic dial 73 is a rotary dial included in the control unit 70. By operating this sub electronic dial 73, the user can move the selection frame, advance images, etc. The directional pad 74 is included in the control unit 70 and is a directional pad (four-way key) with up, down, left, and right sections that can be pressed. The user can perform operations according to the part of the directional pad 74 that is pressed. The SET button 75 is included in the control unit 70 and is a push button, mainly used to confirm selection items. 【0015】 The digital camera 100 is also equipped with an LV button 76, a zoom in button 77, a zoom out button 78, a playback button 79, a quick-return mirror 12, a communication terminal 10, an eyepiece viewfinder 16, a cover 202, and a grip section 90. The LV button 76 is included in the operation section 70 and is a button that allows switching the live view (hereinafter referred to as LV) ON and OFF in the menu button. In video recording mode, the LV button 76 is used to instruct the start and stop of video recording. The zoom in button 77 is included in the operation section 70 and is an operation button for turning the zoom mode ON and OFF and changing the magnification ratio in the live view display in shooting mode. In playback mode, the zoom in button 77 functions as a zoom button to enlarge the playback image and increase the magnification ratio. 【0016】The minimizing button 78 is included in the operation unit 70 and is a button that reduces the magnification ratio of the enlarged playback image, thereby shrinking the displayed image. The playback button 79 is also included in the operation unit 70 and is an operation button that switches between shooting mode and playback mode. By pressing the playback button 79 while in shooting mode, the user can switch to playback mode and display the latest image from the images recorded on the recording medium 200 on the display unit 28. The quick-return mirror 12 is raised and lowered by an actuator (not shown) instructed by the system control unit 50. The communication terminal 10 is a communication terminal for the digital camera 100 to communicate with the lens side (detachable). The eyepiece viewfinder 16 is a look-through type viewfinder for the user to check the focus and composition of the optical image of the subject obtained through the lens unit 150 by observing the focusing screen 13. The cover 202 is the cover of the slot that stores the recording medium 200. The grip part 90 is a holding part that is shaped to be easily gripped by the user with their right hand when holding the digital camera 100. 【0017】 The block configuration of the digital camera 100 will be explained using Figure 2. The digital camera 100 consists of a lens unit 150, communication terminals (6, 10), a system control unit 50, a lens system control circuit 4, an aperture drive circuit 2, an aperture 1, an AF drive circuit 3, and a lens 103. The lens unit 150 is a lens unit that is equipped with an interchangeable photographic lens. The lens 103 is usually composed of multiple lenses, but here it is shown as a single lens for simplicity. Communication terminal 6 is a communication terminal for the lens unit 150 to communicate with the digital camera 100. Communication terminal 10 is a communication terminal for the digital camera 100 to communicate with the lens unit 150. The lens unit 150 communicates with the system control unit 50 via these communication terminals (6, 10). The internal lens system control circuit 4 controls the aperture 1 via the aperture drive circuit 2 and focuses by displacing the position of the lens 103 via the AF drive circuit 3. 【0018】The digital camera 100 also includes an AE sensor 17, a focus detection unit 11, a quick-return mirror 12, an imaging unit 22, an eyepiece viewfinder 16, a pentaprism 14, a focusing screen 13, a shutter 101, and an A / D converter 23. The AE sensor 17 measures the brightness of the subject through the lens unit 150. The focus detection unit 11 outputs defocus amount information to the system control unit 50. The system control unit 50 uses this defocus amount information to control the lens unit 150 and perform phase-detection autofocus. The quick-return mirror 12 (hereinafter also referred to as mirror 12) is raised and lowered by an actuator (not shown) at the instruction of the system control unit 50 during exposure, live view shooting, and video shooting. 【0019】 Mirror 12 is a mirror that switches the light beam incident from lens 103 between the eyepiece viewfinder 16 side and the image sensor 22 side. Normally, mirror 12 is positioned to reflect the light beam to guide it towards the eyepiece viewfinder 16, but when shooting is performed or live view is displayed, it flips up and moves out of the way of the light beam to guide it towards the image sensor 22 (mirror up). In addition, the central part of mirror 12 is a half-mirror that allows some light to pass through, and transmits a portion of the light beam so that it enters the focus detection unit 11 for focus detection. 【0020】 The photographer can check the focus and composition of the optical image of the subject obtained through the lens unit 150 by observing the focusing screen 13 through the pentaprism 14 and eyepiece viewfinder 16. The shutter 101 is a focal-plane shutter that can freely control the exposure time of the imaging unit 22 under the control of the system control unit 50. The imaging unit 22 is an image sensor composed of a CCD or CMOS element that converts an optical image into an electrical signal. The A / D converter 23 converts the analog signal into a digital signal. The A / D converter 23 is used to convert the analog signal output from the imaging unit 22 into a digital signal. 【0021】The digital camera 100 also includes an image processing unit 24, a memory control unit 15, a memory 32, a D / A converter 19, a display unit 28, a liquid crystal display unit 41 in the viewfinder, and a viewfinder display unit drive circuit 42. The digital camera 100 also includes an external display unit 43 and an external display unit drive circuit 44. The image processing unit 24 performs resizing and color conversion processing, such as predetermined pixel interpolation and reduction, on data from the A / D converter 23 or data from the memory control unit 15. The image processing unit 24 also performs predetermined calculation processing using the captured image data. The system control unit 50 performs exposure control and distance measurement control using the calculation results obtained by the image processing unit 24. This enables TTL (through-the-lens) AF (autofocus), AE (automatic exposure), and EF (flash pre-flash) processing. The image processing unit 24 further performs predetermined calculation processing using the captured image data and performs TTL (auto white balance) processing using the obtained calculation results. 【0022】 The output data from the A / D converter 23 is written to the memory 32 via the image processing unit 24 and the memory control unit 15, or directly via the memory control unit 15. The memory 32 stores image data obtained by the imaging unit 22 and converted into digital data by the A / D converter 23, as well as image data for display on the display unit 28. The memory 32 has sufficient storage capacity to store a predetermined number of still images, a predetermined amount of video footage, and audio. The memory 32 also serves as a memory for image display (video memory). The D / A converter 19 converts the image display data stored in the memory 32 into an analog signal and supplies it to the display unit 28. In this way, the display image data written to the memory 32 is displayed by the display unit 28 via the D / A converter 19. 【0023】The display unit 28 displays information on an LCD or other display device in accordance with the analog signal from the D / A converter 19. The display unit 28 converts the digital signal, which has been temporarily stored in the memory 32 by the A / D converter 23, into an analog signal using the D / A converter 19. The display unit 28 then sequentially transfers the converted analog signal to the display unit 28 for display, thereby functioning as an electronic viewfinder and enabling through-image display (live view display (LV display)). Hereafter, the image displayed in live view will also be referred to as the LV image. The in-finder liquid crystal display unit 41 displays, via the in-finder display unit drive circuit 42, a frame indicating the AF frame (autofocus frame) indicating the metering point where autofocus is currently being performed, and icons indicating the camera's settings. The external display unit 43 displays various camera settings, including shutter speed and aperture, via the external display unit drive circuit 44. 【0024】 The digital camera 100 also includes a non-volatile memory 56, a system timer 53, a mode selector switch 60, a shutter button 61, a first shutter switch 62, a second shutter switch 64, a system memory 52, and an operation unit 70. The non-volatile memory 56 is an electrically erasable and recordable memory, such as an EEPROM. The non-volatile memory 56 stores constants and programs for the operation of the system control unit 50. Here, "program" refers to a program for executing various flowcharts described later. The system control unit 50 is a control unit comprising at least one processor and / or at least one circuit, and controls the entire digital camera 100. The system control unit 50 realizes the various processes described later by executing the program stored in the non-volatile memory 56. For example, RAM is used for the system memory 52, and constants and variables for the operation of the system control unit 50, programs read from the non-volatile memory 56, etc. are stored there. Furthermore, the system control unit 50 also performs display control by controlling the memory 32, the D / A converter 19, and the display unit 28, etc. 【0025】The system timer 53 is a timing unit that measures the time used for various controls and the time of the built-in clock. The mode switch 60, shutter button 61, first shutter switch 62, second shutter switch 64, and operation unit 70 are means for inputting various operation instructions to the system control unit 50. More specifically, the mode switch 60 switches the operation mode of the system control unit 50 to one of the modes such as still image recording mode, video recording mode, and playback mode. Modes included in the still image recording mode include auto shooting mode, auto scene detection mode, manual mode, aperture priority mode (Av mode), shutter speed priority mode (Tv mode), and program AE mode. Modes included in the still image recording mode include various scene modes that are shooting settings for different shooting scenes, or custom modes. The user can directly switch the operation mode to one of these modes using the mode switch 60. Alternatively, the user may switch the display to a list of shooting modes using the mode switch 60, select one of the displayed modes, and then switch the operation mode using the other operation unit. Similarly, video recording modes may also include multiple modes. 【0026】 The first shutter switch 62 turns ON when the shutter button 61 on the digital camera 100 is partially pressed (instruction to prepare for shooting), generating the first shutter switch signal SW1. The first shutter switch signal SW1 initiates operations such as AF (autofocus), AE (automatic exposure), AWB (auto white balance), or EF (flash pre-flash). The second shutter switch 64 turns ON when the shutter button 61 is fully pressed (instruction to shoot), generating the second shutter switch signal SW2. The system control unit 50 initiates a series of shooting operations, from reading the signal from the imaging unit 22 to writing the image data to the recording medium 200, in response to the second shutter switch signal SW2. 【0027】Each operation button of the operation unit 70 is assigned a function as appropriate for each situation by the user selecting various function icons displayed on the display unit 28, and acts as a function button. Examples of function buttons include an exit button, a back button, an image forward button, a jump button, a filter button, or an attribute change button. For example, when the menu button is pressed, various configurable menu screens are displayed on the display unit 28. The user can intuitively make various settings using the menu screen displayed on the display unit 28 and the four directional buttons (up, down, left, and right) and the SET button. The operation unit 70 is an input unit that accepts operations from the user. The operation unit 70 is composed of push buttons, rotary dials, or touch sensors. That is, the operation unit 70 includes at least a shutter button 61, a main electronic dial 71, a power switch 72, a sub electronic dial 73, a cross key 74, a SET button 75, an LV button 76, a zoom in button 77, a zoom out button 78, and a playback button 79. 【0028】 The digital camera 100 also includes a power control unit 80, a power supply unit 30, a recording medium interface 18, a communication unit 54, and a posture detection unit 55. The power control unit 80 is composed of a battery detection circuit, a DC-DC converter, and a switch circuit for switching which blocks are energized, and detects whether a battery is installed, the type of battery, or the remaining battery level. The power control unit 80 also controls the DC-DC converter using the detection results and instructions from the system control unit 50, and supplies the necessary voltage to each part, including the recording medium 200, for the required period of time. The power supply unit 30 is composed of primary batteries such as alkaline batteries and lithium batteries, secondary batteries such as NiCd batteries, NiMH batteries, and lithium-ion batteries, and an AC adapter, etc. 【0029】The recording medium I / F 18 is an interface to the recording medium 200, such as a memory card or hard disk. The recording medium 200 is a recording medium such as a memory card for recording captured images, and can be a semiconductor memory or a magnetic disk. The communication unit 54 is configured to include a communication module. The communication unit 54 is connected wirelessly or via a wired cable and transmits and receives video signals and audio signals. The communication unit 54 can also be connected to a wireless LAN (Local Area Network) or the Internet. Furthermore, the communication unit 54 can communicate with external devices using Bluetooth® or Bluetooth Low Energy. The communication unit 54 can transmit images (including LV images) captured by the imaging unit 22 and images recorded on the recording medium 200, and can also receive images and other various information from external devices. 【0030】 The attitude detection unit 55 detects the orientation of the digital camera 100 relative to the direction of gravity. Using the detected orientation, the attitude detection unit 55 determines whether the image captured by the imaging unit 22 was taken with the digital camera 100 held horizontally or vertically. The system control unit 50 can add orientation information corresponding to the orientation detected by the attitude detection unit 55 to the image data captured by the imaging unit 22, or rotate the image and store it in the storage medium. For example, an acceleration sensor or a gyroscope can be used as the attitude detection unit 55. Furthermore, if an acceleration sensor or a gyroscope is used in the attitude detection unit 55, the attitude detection unit 55 can also detect the movement of the digital camera 100 (pan, tilt, lift, and whether it is stationary or not). 【0031】Figures 3A to 3C illustrate the image generation process and the authenticity verification mechanism when shooting in authenticity verification mode. Figure 3A illustrates the data structure of an image file shot in normal shooting mode. Image file 301 represents the entire file containing the captured image data. Image file 301 includes metadata 302 and main image data 303. Metadata 302 represents an area for recording metadata corresponding to image file 301, and parameters such as settings at the time of shooting are stored there. Main image data 303 is an area where the captured main image data is stored. 【0032】 On the other hand, Figures 3B and 3C illustrate the data structure of an image file containing image data captured in authenticity verification mode. The image file 310 includes a metadata area, authenticity verification data 304 (an example of "verification data"), and a main image data area. The authenticity verification data 304 is information for verifying the authenticity of the image file 301 and is used when verifying the source and history of the image file 301. The authenticity verification data 304 has a structure generated in accordance with a predetermined technical standard (for example, C2PA (Coalition for Content Provenance and Authenticity)). More specifically, the authenticity verification data 304 includes provenance information (Assertion) 305 (an example of "record data"), a hash value 308 to guarantee the authenticity verification data 304, and a digital signature 309 obtained by encrypting the hash value 308. The provenance information 305 stores provenance identification information (Manifest ID) for uniquely identifying the provenance, provenance metadata 306 which stores editing history showing the editing content of the image file 301, and a thumbnail image 307 corresponding to the main image data 303. This thumbnail image 307 may be a copy of the main image data 303 or it may be a resized version. 【0033】The hash value 308 includes the value obtained by inputting the metadata 302, the main image data 303, and the provenance information 305 into a hash function. The digital signature 309 includes the signature value generated by encrypting the hash value 308 using a pre-prepared private key. The public key that pairs with the private key used here is also stored in the authenticity verification data 304 together with the digital signature 309. The provenance information 305, the hash value 308, and the digital signature 309 are all stored in the authenticity verification data 304. The generated authenticity verification data 304 is then inserted into a predetermined position in the data structure of the image file 301, thereby generating the image file 310 (Figure 3C) taken in authenticity verification shooting mode. 【0034】 To verify whether this image has been tampered with, the hash value obtained by decrypting the digital signature 309 with a public key is compared with the hash value obtained by inputting the metadata 302, the main image data 303, and the provenance information 305 into a hash function. If the two hash values ​​match, the verification is considered successful. On the other hand, if the two hash values ​​do not match, it means that one of the data input into the hash function has been changed since the time the hash value was obtained, indicating the possibility of data tampering. 【0035】 As described above, Figures 3A to 3C illustrate the mechanism for creating authenticity verification data for an image file, embedding it within the image file, and verifying its authenticity. Here, the thumbnail image 307 corresponds to the main image data 303 and can be said to be an image that has undergone various image processing during shooting. Therefore, it is difficult to determine whether the image represents the actual scene captured by the digital camera 100 or whether it is an image that has been processed and distorted. Thus, using Figures 4, 5A, and 5B, we will explain a method for determining whether the thumbnail image 307 represents the actual scene captured by the digital camera 100 or whether it is an image that has been processed and distorted. 【0036】<Processing Example> Figures 4 and 5A illustrate the processing flow from the start of shooting to the creation of authenticity verification data and the generation of an image file. Each step is realized by the system control unit 50 loading the program stored in the non-volatile memory 56 into the memory 32 and executing it. The shooting process in Figure 4 is executed when the system control unit 50 receives a shooting start operation, such as when the photographer presses the shutter button 61 on the digital camera 100. 【0037】 In S401, the system control unit 50 drives the shutter to control the exposure time. In S402, the system control unit 50 performs imaging processing, converting the light received from the subject by the imaging unit 22 into an electrical signal. In S403, the system control unit 50 causes the A / D converter 23 to convert the electrical signal (analog signal) output from the imaging unit 22 into a digital signal. In S404, the system control unit 50 generates imaging data by performing basic development processing (an example of "second processing") such as color and gradation correction and optical correction on the data represented by the digital signal generated in S403. Then, the system control unit 50 writes the generated imaging data to the memory 32. Specifically, the processing in S404 consists of a group of image processing operations that are always performed when the shutter is pressed, regardless of user settings. 【0038】 In S405, the system control unit 50 (an example of a "determination unit") reads the setting value related to the shooting mode from the non-volatile memory 56 and determines whether the shooting mode is set to normal mode or authenticity verification shooting mode. If the system control unit 50 determines that the shooting mode is set to normal mode, the process proceeds to S406. On the other hand, if the system control unit 50 determines that the shooting mode is set to authenticity verification shooting mode, the process proceeds to S411. In S406, the system control unit 50 reads the setting value related to the image processing process from the non-volatile memory 56 and determines whether the image processing process is set or not. If the system control unit 50 determines that the image processing process is set, the process proceeds to S407; otherwise, the process proceeds to S408. 【0039】In S407, the system control unit 50 performs the image processing set on the image data expanded in the memory 32. In S408, the system control unit 50 compresses the image data expanded in the memory 32 into JPEG format or the like to create the main image data 303. In S409, the system control unit 50 creates metadata 302 and writes it to the memory 32. In S410, the system control unit 50 combines the metadata 302 created in S409 and the main image data 303 created in S408 to create a single recorded image file, and records this recorded image file to the recording medium 200. Then the processing is completed. These steps S406 to S410 are the processing performed when the operating mode of the digital camera 100 is the normal shooting mode, not the authenticity verification shooting mode. 【0040】 On the other hand, the following will explain the processing flow in authenticity verification shooting mode and the method for generating the recorded image file 509 using S411 to S419 and Figure 5A. If the system control unit 50 determines in S405 that authenticity verification shooting mode is set, in S411 the system control unit 50 generates a compressed image before the image processing, which is not the timing for generating a compressed image in normal mode. That is, in S404 the system control unit 50 resizes the image data written to the memory 32 as needed, compresses it to JPEG format, etc., and creates a thumbnail image 501. In this way, in authenticity verification shooting mode, the compressed image data is created in a state before image processing is performed. This makes it possible to use the image before the image processing in S413 is executed as an image to be saved in the history. The thumbnail image 501 is an example of a "viewing image for viewing the image shown by the image data in which the first processing has not been performed". 【0041】In S412, the system control unit 50 reads setting values ​​related to image processing from the non-volatile memory 56 and determines whether or not image processing is set. If the system control unit 50 determines that image processing is set, the process proceeds to S413; otherwise, the process proceeds to S415. In S413, the system control unit 50 performs image processing (an example of "first processing") on the image data expanded in the memory 32. This image processing is the same as the processing in S407. In S414, the system control unit 50 resizes the image data after image processing, which was written to the memory 32 in S413, as needed, compresses it to JPEG format, etc., and creates a thumbnail image 502. This thumbnail image 502 is an image that is recorded in the authenticity verification data as an image that is in the same state as the main image after image processing. 【0042】 In S415, the system control unit 50 compresses the image data after image processing, which was written to the memory 32 in S413, into JPEG format or the like, to create the main image data 503. If the system control unit 50 determines in S412 that image processing is not set, the system control unit 50 compresses the image data written to the memory in S404 into JPEG format or the like, to create the main image data 503. In S416, the system control unit 50 creates image metadata to be stored in the metadata area 504. In S417, the system control unit 50 inputs the metadata area 504, the main image data 503, and the provenance information 505 into a hash function to generate a hash value 506. In S418, the system control unit 50 encrypts the hash value 506 using a pre-prepared secret key to create a digital signature 507. 【0043】In S419, the system control unit 50 (an example of the "generation unit capable of generating image data and authentication data") synthesizes the history information 505, hash value 506, and digital signature 507 generated up to S418 as the authenticity proof data 508. Then, the process proceeds to S410, where the metadata area 504, main image data 503, and authenticity proof data 508 are synthesized to create a recorded image file 509, which is recorded on the recording medium 200. Then, the process ends. By doing so, when image processing is performed on the captured data before the metadata 302 and the main image data 303 are saved in the recorded image file in one shooting, the following process is executed. That is, two thumbnail images before (S411) and after (S414) the image processing are included in the history information. Therefore, the image before the image processing in S413 can be visually confirmed in another process that handles the recorded image file. 【0044】 Note that when the system control unit 50 determines that no image processing is set in S412, there is no need to leave the thumbnail image before the image processing. Therefore, in S415, the authenticity proof data has one thumbnail image like the authenticity proof data 304 (Fig. 3B). Also, the recorded image file 509 generated in S410 has the same structure as the image file 310 (Fig. 3C). 【0045】 Here, the basic development process of S404 and the image processing of S413 are supplemented. The thumbnail image generated in S411 needs to be an image that can prove that it was taken by the digital camera 100. Therefore, in the basic development process of S404 executed before S411, a process that distorts the facts to the extent that it cannot be proven that the image was taken by the digital camera 100 is not executed. On the other hand, in the image processing in S412 after S411, since the thumbnail images before and after the image processing and the history of the process are recorded, a process with a large degree of processing may also be executed in the development process of S404. Hereinafter, three examples of the basic development process of S404 and the pattern of the image processing of S413 are described. 【0046】In the first example, the basic development process in S404 is debayering, and the processing in S413 is image processing other than debayering. In the second example, the basic development process in S404 is image processing that automatically executes the default settings of the digital camera 100. That is, for example, the basic development process in S404 is debayering, noise reduction, white balance adjustment, or color correction. Alternatively, for example, the basic development process in S404 is brightness adjustment including tone mapping and gamma correction, contrast adjustment, sharpness correction, color space conversion, resizing to match the recorded image size, sensor correction, or optical correction. These processes are performed automatically according to algorithms implemented by the camera manufacturer that manufactured the digital camera 100. The processing in S413 is image processing (black and white, skin tone correction, manual white balance, etc.) that is performed according to the settings when the user changes the camera settings (an example of "according to user settings"). Although the above explanation described white balance and color correction as basic development processes of S404, if the user sets these parameters, they may be treated as image processing of S413. 【0047】 The third example is image processing in S413, which involves processing that changes the shape or color of the image. Specifically, image processing in S413 includes processing that combines multiple images, such as fisheye, toy camera, diorama, oil painting, watercolor, HDR (High Dynamic Range) photography, and multiple exposure photography, processing that involves AI-based image generation, or manipulation of objects such as faces. The basic development processing in S404 is image processing other than that in S413. It should be noted that there is also a design philosophy in which optical correction, noise reduction, and sharpness are considered to be processes that change the shape. If this design philosophy is adopted, these processes may also be considered image processing in S413. Furthermore, there is also a design philosophy in which white balance, color correction, and brightness adjustment are considered to be processes that change the color. If this design philosophy is adopted, these processes may also be considered image processing in S413. 【0048】<One aspect of the function and effect> According to the digital camera 100 as described above, even when the image processing in S413 is executed, the recorded image file 509 includes the thumbnail image indicated by the imaging data before the processing in S413. Therefore, the user can confirm the authenticity of the main image data included in the recorded image file 509 by visually recognizing this thumbnail image. Further, the recorded image file 509 includes the history metadata and the thumbnail image indicated by the imaging data after the processing in S413. Therefore, the user can confirm that the processing in S413 is not tampering processing by visually recognizing the thumbnail images before and after the processing in S413 and the history metadata. 【0049】 Further, according to the digital camera 100, the metadata 302, the main image data 303, and the history information 305 are converted into hash values. Therefore, it is possible to determine whether the image has been tampered with using this hash value. Further, since such conversion has uniqueness and irreversibility, the credibility of the determination is ensured. Further, according to the digital camera 100, such a hash value is converted into a digital signature 309 using a private key. Therefore, the secrecy of the hash value is ensured. Thus, the determination of whether the image has been tampered with becomes more reliable. 【0050】<Modification> In the above embodiment, the thumbnail image before image processing and the thumbnail image after image processing were described as being stored in a single authenticity verification data. However, as shown in Figure 5B, the system control unit 50 may create authenticity verification data 510 for the thumbnail image before image processing and authenticity verification data 511 for the thumbnail image after image processing. In this case, authenticity verification data 511 is recorded with the meaning of adding history information that the image has been processed to authenticity verification data 510. By doing so, authenticity verification data can be added in a common format with history addition during image editing other than at the time of shooting, and the image processing at the time of shooting can be recorded as a single history for the image file. Note that such processing is an example of "the generation unit generates recorded data for the image data before and after the execution of the first processing". 【0051】 Furthermore, while the process in S404 is an image correction process, the process in S412 may be an image conversion process or an image processing process. Image correction processes include, for example, correcting the contrast, brightness, color, etc. of an image. Image conversion processes include, for example, converting an image to a monochrome image, binarizing image data, or displaying only limited colors. Image processing processes include, for example, removing noise contained in an image, enhancing edges, or enlarging or reducing the image size. 【0052】 Furthermore, the determination in S405 as to whether the shooting mode is normal mode or authenticity verification shooting mode may be performed before the development process in S404. If the system control unit 50 determines that the shooting mode is authenticity verification shooting mode, a thumbnail image may be created before S404 using the data indicated by the digital signal generated in S403. 【0053】Furthermore, the development process in S404 may include multiple processes. In addition, as a substitute for the provenance metadata 306, record metadata that records combinations of multiple development processes may be generated. In addition, hash values ​​corresponding to combinations of development processes may be generated. With such modifications, even if the execution order of the multiple development processes is different, the generated image data can be determined to be authentic. 【0054】Furthermore, there are cases where the image processing in S413 is not performed, or even if it is performed, the changes are minor and the content of the main image generated in S415 is not significantly different from the content of the thumbnail generated in S411. To consider such cases, for example, the user may be allowed to choose not to generate a thumbnail in S411. The user may be allowed to explicitly set the ON / OFF status of thumbnail generation in S411, or thumbnail generation may be disabled when it is necessary to generate image files within a limited time, such as when high-speed continuous shooting is enabled. Alternatively, if the image processing in S413 is not performed, thumbnail generation may be disabled in S411. Or, if the degree of change due to the image processing performed in the image processing in S413 is less than a predetermined degree (such as cropping), thumbnail generation may be disabled in S411. In this case, the thumbnail image is not recorded in the thumbnail image (before processing) area 501 of the authenticity verification data 508 in Figure 5A. The same applies to the area of ​​the thumbnail image (before processing) of the authenticity verification data 510 in Figure 5B. This avoids wasting storage capacity by recording an image that is almost identical to the main image. However, in this case, no data to be recorded in the area of ​​the thumbnail image (before processing) of the authenticity verification data in Figures 5A and 5B will be generated. Therefore, taking advantage of the fact that the content is almost identical to the main image, for example, if a thumbnail is not generated in S411, information referring to the thumbnail image (after processing) generated in S414 may be added instead. This makes it possible to avoid wasting storage capacity while guaranteeing the authenticity of the image. Furthermore, even in this case, the provenance metadata of the provenance information 505 in Figure 5A will contain the same information as when a thumbnail image is recorded in the area 501 of the thumbnail image (before processing) of the authenticity verification data 508 in Figure 5A. 【0055】Furthermore, in the above embodiment, metadata 302 corresponding to the main image was recorded as metadata in the image file 301. In addition, metadata corresponding to the image before processing may also be recorded in the image file 301. The metadata corresponding to the image before processing records parameters such as the settings at the time of shooting, excluding parameters related to the image processing. The metadata corresponding to the image before processing is recorded in a dedicated area in the provenance information 505 in Figure 5A, for example. Alternatively, it is recorded in a dedicated area in the provenance information 510 in Figure 5B, for example. Note that if a thumbnail image (before processing) is not recorded, the metadata corresponding to the image before processing may not be recorded. This metadata corresponding to the image before processing may be generated at the same time as the metadata corresponding to the processed image is created in S416. Alternatively, it may be generated in parallel with the processing from S411 onwards. 【0056】 <Other Embodiments> The present invention can also be realized by supplying a program that implements one or more of the functions of the above embodiments to a system or device via a network or recording medium, and by having one or more processors in the computer of that system or device read and execute the program. It can also be realized by a circuit (for example, an ASIC) that implements one or more functions. 【0057】 The technical ideas derived from this disclosure are not limited to the exemplary embodiments disclosed, but are intended to encompass various modifications of the exemplary embodiments, or substitutions with equivalent structures or functions. The scope of the following claims should be interpreted in the broadest way to encompass all such modifications and equivalent structures and functions. 【0058】 This application claims priority based on Japanese Patent Application No. 2024-214574, filed on 9 December 2024, and all of its contents are incorporated herein by reference.

Claims

1. An imaging device comprising: an imaging unit; a generation unit capable of generating image data based on imaging data captured by the imaging unit; and certification data that proves the authenticity of the image data, wherein the certification data includes a viewing image for viewing the image shown by the imaging data before the first processing has been performed, and recording data including a record of the processing of the imaging data, and encrypted data.

2. The imaging apparatus according to claim 1, further comprising a processing unit that performs the first processing and a second processing before the first processing, wherein the recorded data includes the history of processing the imaging data.

3. The imaging apparatus according to claim 2, wherein the first process includes a process other than debayering, and the second process includes debayering.

4. The imaging apparatus according to claim 2, wherein the first process includes a process executed according to user settings, and the second process includes a process executed according to default settings.

5. The imaging apparatus according to claim 2, wherein the first process includes at least one of the following processes: fisheye effect, toy camera effect, diorama effect, oil painting effect, watercolor effect, HDR (high dynamic range) photography, and multiple exposure photography, and the second process includes processes other than the first process.

6. The imaging apparatus according to any one of claims 2 to 5, wherein the proof data further includes encrypted data of a viewing image for viewing the image shown by the imaging data on which the first processing has been performed.

7. The imaging apparatus according to any one of claims 1 to 6, wherein the generation unit generates the recording data for the imaging data before and after the execution of the first processing.

8. The imaging apparatus according to any one of claims 1 to 7, wherein the encrypted data includes a hash value.

9. The imaging apparatus according to claim 8, wherein the encrypted data includes a digital signature obtained by encrypting the hash value.

10. The imaging device according to any one of claims 1 to 9, further comprising a determination unit that determines whether the shooting mode is a mode for proving the authenticity of an image, wherein if the determination unit determines that the authenticity of the image is not proven, the generation unit generates the image data without generating the proof data.

11. The imaging apparatus according to any one of claims 1 to 10, wherein the generation unit compresses the imaging data on which the first processing has not been performed to generate the viewing image.

12. The imaging apparatus according to any one of claims 1 to 11, wherein the recorded data further includes the history of metadata including parameters related to imaging.

13. A method for controlling an imaging device, comprising: an imaging step in which an imaging unit takes an image; a generation step capable of generating image data based on imaging data taken by the imaging unit; and certification data that proves the authenticity of the image data, wherein the certification data includes a viewing image for viewing an image shown by the imaging data in which a first process has not been performed; recording data including a record of the processing of the imaging data; and encrypted data.

14. A program for causing a computer to execute each step in a control method for an imaging device, wherein the control method includes: an imaging step in which an imaging unit takes an image; a generation step capable of generating image data based on imaging data taken by the imaging unit; and proof data that proves the authenticity of the image data, wherein the proof data includes a viewing image for viewing the image shown by the imaging data in which the first processing has not been performed; recording data including a record of processing on the imaging data; and encrypted data, the control program for an imaging device.

Images