1. Field of the Invention
The present invention relates to an encryption/decryption method for data, and more particularly to a method, an apparatus and a program for encrypting/decrypting image data including a specified marker code in the format.
2. Related Background Art
With recent rapid progress and pervasiveness of computers and networks, digitization is spreading over various information such as character data, image data, audio data etc. While digital information is free from deterioration for example by the lapse of time and can be constantly stored in a complete state, it is easily reproducible and protection of copyright is becoming a serious issue. For this reason, security technologies for copyright protection are rapidly becoming important.
One of the technologies for copyright protection is an “encryption technology”. For encrypting digital contents such as image data, there is known a common key encryption method (also called secret key encryption method, symmetrical encryption method or common encryption method) in which a transmitter and a receiver shares a same encrypting key in secret. Such common key encryption method can be divided into a block encryption in which every character train (block) of an appropriate length is encrypted by a same key, and a stream encryption in which the key is changed for every character train or every bit. Among the block encryption methods, there are well known DES (data encryption standard) and AES (advanced encryption standard).
Among the stream encryption methods, there are known Vigenere cipher utilizing a polyalphabetic substitution, Vernam cipher utilizing a one time pad etc. (Ikeno and Koyama, “Modern Cipher Theory”, Electronic Information Communication Society (1986), Chapters 2 and 4). Therefore, the copyright protection by encryption of the entire image data can be easily achieved by one of these common key encryption methods. More specifically, the transmitter and the receiver share an encryption key, and the image data encrypted by the transmitted are decrypted with such key by the receiver.
On the other hand, as a high efficiency encoding method for compressing image data, there is widely employed the JPEG method recommended by ISO and ITU-T as an international standard encoding method for a still image. The JPEG method is based on a discrete cosine transformation, but is associated with a drawback that a block-shaped distortion is generated when the compression rate is increased. Therefore, in order to meet a requirement for a higher resolution of the image and to realize a higher compression rate, an encoding method utilizing a discrete wavelet transformation, different from the aforementioned discrete cosine transformation, is proposed and is being standardized as JPEG 2000.
FIG. 1 is a functional block diagram of a JPEG 2000 encoder. An input image is at first subjected to a subband decomposition by a discrete wavelet transformation (DWT) (101), and is then quantized (102). FIG. 2 shows an example of a subband decomposition with a decomposition level of 2 (resolution level=3), and the resolution levels exist from level 0 to level 2. A coefficient belonging to a lower resolution level contains information of a lower frequency. A quantized wavelet coefficient is encoded by an EBCOT algorithm. Such algorithm will be explained in the following in following five parts of a code block division (103), a coefficient modeling (104), an arithmetic encoding, (105) and a rate control (106), a layer formation (107), and a packet generation (108).
(1) Code Block Division
Each subband is divided into square blocks (for example 64×64), called code blocks. Such code blocks are independently encoded.
(2) Coefficient Modeling
For a wavelet coefficient stream of each code block, a coefficient modeling is executed based on a bit plane. In this manner there is generated an embedded code stream in which coefficient bits are arranged in an order of importance. Each of all the bit planes from MSB to LSB is decomposed into three subbit planes (paths) according to the context. A boundary of each subbit plane is called a truncation point, which constitutes a minimum unit for data discarding later.
(3) Arithmetic Encoding and Rate Control
An adaptive arithmetic encoding is executed on the embedded code stream generated by the coefficient modeling. Thereafter, the arithmetic coded stream is suitably cut off at the truncation point constituting the boundary of the subbit plane, thereby obtaining a desired bit rate.
(4) Layer Formation
In case display is required in succession in plural image qualities, namely in case an NSR scalable property is required, a layer formation of the codes is then executed. Each layer includes a part of the embedded codes of each code block. A higher layer includes a more important portion in the image reproduction.
(5) Packet Generation
Each layer is divided into plural units called bodies, and each is given a header information to generate a packet. Each body has information of a corresponding resolution level. Therefore a total number of the generated packets is a product of a number of layers and a number of resolution levels. The header information includes a length of the arithmetic code stream of each code block, a number of subbit planes etc. A final JPEG 2000 code stream is obtained by collecting all the packets and attaching a global header information as shown in FIG. 4. However, JPEG 2000 defines that various header information mentioned in the foregoing and the subbit plane constituting a minimum unit of the data division is a size of an integral multiple of a byte.
As explained in the foregoing, digital image data are associated with a security issue, which can be resolved, in case of encryption of the entire image, by the aforementioned encryption methods such as DES or AES. In such case, however, a decrypting operation results in a decryption of the entire image, and a partial protection cannot be obtained. It is nevertheless possible to encrypt a high resolution portion only (level 1 and higher in FIG. 2) while leaving the level 0 unencrypted, thereby disclosing the image of level 0 of a low resolution but protecting the entire image of a high resolution. In such case, however, since a portion other than the high resolution portion to be encrypted is in an ordinary code stream of JPEG 2000 format, the DES or ABS method cannot be simply applied for encrypting the high resolution portion.
This is because a partial encryption of a JPEG 2000 code stream is associated with a restriction on the marker code. The marker code is a code of a special meaning in the JPEG 2000, and a false marker code, if generated by the encryption, may hinder a proper reproduction. More specifically, in a compressed data portion (body) shown in FIG. 4, a marker code has a function similar to an inhibited code of which generation is inhibited.
In the JPEG 2000, the marker code means a marker having a value of FF90h to FFFFh and a marker segment code. The marker is a code storing definition information. It is represented by 2 bytes, of which a first byte is FFh. According to the purpose, the marker is represented by 2-byte code FFxxh. On the other hand, the market segment is constituted of a marker and an ensuing parameter. Four markers only, namely SOC (FF4Fh: start of code stream), EOC (FFD9h: end of code stream), SOD (FF93h: start of data) and EPH (FF92h: end of packet header) are independent codes, and any other marker is a part of the marker segment. Hereafter, the markers and the market segments are collectively called markers. IN JPEG 2000, a marker in a range of FF90h to FFFFh is given two particular meanings. Firstly, such marker means a partition in a code stream. It is thus possible to define a position of a packet and a packet header. Secondly, such marker does not exist in the compressed data themselves (body shown in FIG. 4). The JPEG 2000 encoder is so designed as not to generate such code. Therefore, in the aforementioned partial encryption of the JPEG 2000 data, it is necessary to avoid generation of such 2-byte marker code of FF90h-FFFFh.
Another data format in which a usable data range is restricted is PNG (portable network graphics). PNG is a new image format proposed by a standardizing organization W3C as one of image formats usable in a browser. Specifications of PNG can be found at the w3.org wetsite. A file format described by PNG is constituted of a PNG signature and an ensuing group of data clusters called chunks. An example of the PBG signature is 8-byte data “137 80 78 71 13 10 26 10” (decimal presentation) which are always attached at the beginning of the PNG file.
A chunk is constituted of a stream of four parts, which are a chunk data length (4 bytes), a chunk format code (4 bytes fixed), chunk data (unfixed length) and a CRC (4 bytes). The chunk data length information is 4-byte data indicating a number of bytes of the chunk data area. The chunk format is 4-byte code indicating a format, and data defined according to such format are stored in the chunk data area. The data length of the chunk data area may also be 0. At the end, 4-byte CRC data, calculated as padding data calculated by CRC (cyclic redundancy check) algorithm for the chunk data area, are attached.
For the chunk format code, there can only be used ASCII characters of upper case and lower case (A to Z, a to z). Stated differently, value ranges of 65 to 90 and 97 to 122 in decimal presentation. Therefore, in case of encrypting a part of the PNG code, it is necessary to cautiously handle such chunk format code, so as not to generate a code outside such value ranges.