1. Field of the Invention
The present invention relates to an electronic image data verification program, an electronic image data verification system, and an electronic image data verification method by which presence or absence of a change made to image information such as a JPEG (Joint Photographic Experts Group), GIF (Graphics Interchange Format) or Bitmap (Microsoft Windows Bitmap) image is detected, a changed portion (the position of a change) if present is specified, and the presence or absence and the changed portion are made provable to a third party.
2. Description of the Related Art
As IT has been progressing in recent years, forms of administrative information, account ledgers in private companies, and contract documents have been being varied from conventional management and storage of paper documents to electronic (digital) documents. For example, as scanners have prevailed, documents conventionally stored as paper sheets can be converted into electronic data with ease. Further, as scanners having a high-resolution have been put into practice, electronic storage of paper documents which has not been accepted before is acceptable as far as particular security requirements are satisfied (e-Document Law: enforced in April 2005). Further, in place of the silver halide photography, image input apparatuses such as a digital camera for digitizing photograph information to record the digitized information as electronic data in a recording medium or the like have been put to practical use.
On the other side, needs for techniques of storing and managing electronic data safely have heightened as requests for this kind of electronic storage of documents and images have increased. In order that documents which are conventionally stored as paper sheets are stored electronically with evidence admissibility kept equivalent to paper sheets, technical requirements such as “detection/prevention of falsification”, “identification of authors”, “access management/control”, “history management”, and the like are said to be necessarily satisfied. To satisfy these requirements, conventional document management systems have too poor functions. Recently, rapid progress have been made in developments of an “originality guarantee system” which satisfies these requirements and introduction of the system into market.
In this “originality guarantee system”, a security element technique which is used most generally is an electronic signature. The electronic signature is a technique capable of specifying or identifying the author of a document (originality) and simultaneously proving and convincing a third party that no changes have been made since the document was created (non-alteration). Three relevant conventional techniques will be cited below (e.g., Jpn. Pat. Appln. Laid-Open Publications No. 2000-285024 and No. 2001-117820, and non-patent report of Information Processing Society of Japan/Computer Security Group (CSEC) “Electronic Document Black-Overpainting Problem (Jul. 17, 2003) (2003-CSEC-22-009)”.
The former two patent publications disclose techniques for maintaining originalities of electronic documents, as techniques for storing and managing original electronic documents.
The last non-patent report discloses a technique of solving a problem of black-overpainting on an electronic document as an electronic document paining technique.
In addition to the relevant techniques as described above, an SCIS 2004 report “Electronic Document Black-Overpainting Technique Capable of Controlling Disclosure Conditions” has proposed an electronic document black-overpainting technique by which whether additional black-overpainting on a disclosed part is possible or not is controllable. Further, as a consideration about application of this technique to an image file, an SCIS 2005 report “A Consideration into Application of Electronic Document Black-Overpainting Technique to Image Files” has been proposed.
Known as a digital watermarking technique is a technique capable of embedding an electronic watermark which satisfies particular regularity, in electronic data itself, and verifying whether the particular regularity is satisfied, thereby to detect whether the electronic data has been altered or not and the position of an alteration.
The conceptions of originality guarantee as disclosed in the former two patent publications target such a document that has a clear location of an original, like in the case that a document in a fixed final form is safely managed as an original, as it were, a paper document is stored in a locker with a lock. In a circumstance of this kind, an electronic signature is a very effective technique for guaranteeing identity or non-alteration. However, suppose guarantee of originality of a document, like an application form or an approval document, to which partial operations or modifications such as additions, corrections, concealments, and the like are directly made. In this case, a general electronic signature scheme does not permit any processing at all due to the nature thereof and therefore inversely becomes an obstacle. That is, conventional techniques and products do not take into consideration the points as described above but most of conventional techniques are techniques for storing electric data, kept in complete forms, with use of an electronic signature.
Problems in the techniques disclosed in the above two patent publications will be described below.
The original electronic document storage techniques disclosed in the above two patent publications provide a technique by which electronic information is given the nature inherent to a paper original when storing electronic data and also a technique of protecting electronic data from being altered. That is, the inventions of these patent publications pay attention to the mechanism of storing and managing electronic documents in fixed final forms, as originals, i.e., how to safely store originals whose locations are clear and which can be accumulated in one organization. In this kind of circumstance of storing originals, if a correction is made to an electronic document, the correction is recognized as an “alteration” when the electronic document is only partially corrected.
Suppose, for example, a “correction to paper contract document”. At the time of correction, a processing is performed: “cancel letters with a double line in a portion to be corrected, write correct letters into a blank space just above the line, and press a stamp of the corrector”. However, even after a correction is made, the document is nothing more than the original of the contract document. Behavior of this kind in paper culture is publicly determined as a correction which has been made through due process, and is hence provable to a third party. In contrast, in case of an electronic document, the following problem arises if a conventional original storage technique is applied from the view point of evidence admissibility. That is, whether a corrected portion is of an alteration or a valid correction through due process cannot be determined. This can be understood from the view point of features of electronic signatures at present which are designed such that any changes to electronic data can be detected.
The electronic document black-overpainting technique disclosed in the last non-patent report proposes a technique of black-making electronic documents which solves, by a signature put on a document, the problem that verification is disabled by hiding a part of a document. By applying the electronic document black-overpainting technique according to this report, verification of a signature is possible even in a state where black-overpainting is effected on a signed electronic document, and no alteration having been made except the portion marked black is provable to third parties. Accordingly, proof to third parties in a state where the contents are partially hidden (black-overpainted)” is possible. According to the electronic document black-overpainting technique of this report, the creator of an original document is certified although who has conducted black-overpainting cannot be clearly identified. Further, the problem of black-overpainting on electronic documents in an information disclosure system is dealt with as a scene of use. However, no consideration has been taken into an idea that a partially black-overpainted document is distributed among plural entities to make further use of the document.
Another technique, i.e., the electronic watermarking provides a technique of embedding an electronic watermark that satisfies particular regularities, in electronic data. By verifying whether the particular regularities are satisfied or not, presence or absence of an alteration to the electronic data or the position of an alteration can be detected. However, this technique merely detects presence or absence of an alteration or the position thereof but does not consider proof to third parties.
On the other side, the same can be said for image information subjected to a scanning processing by use of a scanner or image information generated by a digital camera, personal computer, or the like. Image information may also be partially processed and presented to a third parity, in some cases. For example, there is a case of presentation with personal information (name, residence address, and the like) hidden (protected) by black-overpainting or the like based on the information disclosure low. Another case is that an additional description is added to a medical chart digitized by a doctor or the like when electronic medical charts (image information) or the like are shared among plural hospitals or medical departments. In these cases, the range of responsibility to black-overpainting or an additional operation is requested to be clarified as to “who has written what comment at which portion”. In addition, these additional operations is also requested to be proved to third parties.
As has been described previously, the e-document law enforced in April 2005 permits conventional paper ledger sheets to be stored as electronically signed electronic data by scanning processing as far as data satisfies particular security requirements. However, according to the conventional techniques as described above, all electronic data including image information cannot clear three requirements of “e-Document Law+Information Disclosure Law+Personal Information Protection Law”. This means, for example, that originality and completeness cannot be secured except hidden portions if electronically signed electronic data created under the requirement of the e-document law is protected/presented with personal information (name, residential address, and the like) hidden (black-overpainted) on the basis of the information disclosure law.
More specifically, by detecting an act of alteration or specifying an alteration position with personal information (name, residential address, and the like) protected, it is not possible to prove that, at the same time when performing a black-overpainting processing, the person who conducted black-overpainting or a malevolent third party altered portions which were not allowed to be changed. Simultaneously, the fact of an operation having been effected on those portions cannot be proved to third parties.
That is, single one of conventional techniques or a combination thereof cannot satisfy the requirements (A) to (E) below.
(A) Ability to prove that changed portions and the other portions can be distinguished from each other and the other portions have not been altered.
(B) Ability to specify/prove the person who made a change (black-overpainting or a correction).
(C) Ability to prove that portions other than hidden portions have not been altered even if a partial alteration has been hidden.
(D) Ability to prove the creator of an unhidden part even if another part is hidden.
(E) Ability to prove a history process (e.g., when, who, which portions, and how) from an original (first edition).
Next, problems specific to compressed image information will be described, paying attention to JPEG as one of data compression schemes for electronic image information. JPEG image information is an irreversible compression image format and can cover 24-bit colors (16,700,000 colors). Therefore, JPEG image information is said to be suitable for expressions such as photographs and the like which require a lot of colors. In compression of JPEG image information, the information quantity is reduced by cutting off a part of data concerning changes in color tones, exploiting the characteristics of human eyes which are said to be not so sensitive to changes in color tones as compared to changes in brightness. JPEG image information is divided into pixel units having an equal size (8×8 pixels), and is constituted by a set of blocks gathering up the pixel units. From the nature of keeping block units, this can be easily estimated to be a format structure suitable for specifying partial corrections, changes, and the like.
However, in the process of encoding after blocking an image into blocks, blocks as targets to be subjected to compression transformation are influenced by the other targets. A change to a block influences other blocks and causes a situation that an intended result cannot be obtained. This problem is pointed out in the report “A Consideration into Application of Electronic Document Black-Overpainting Technique to Image Files” of the “Symposium on Cryptopraphy and Information Security 2005 (SCIS 2005)”. This report particularly targets black-overpainting to the JPEG compression image format and enables application of the electronic document black-overpainting technique (SUMI-4) in units of blocks. However, SUMI-4 is realized by embedding hush information in a black-overpainted block. Hence, whether a corresponding portion is image information or hush information cannot be distinguished even if the contents of data are analyzed. There still remains a problem that SUMI-4 is not suitable for the image format. This problem occurs because both of image information and hush information are binary information. Consequently, application of SUMI-4 to JPEG image files can be presumed to be difficult.
The present invention has been made to solve the problems described above and has an object of detecting presence or absence of a change, specifying portions of changes, and making those changes provable to third parties, by generating partial signature information separately from electronic image information to be registered, by dividing and maintaining the partial signature information, and by clearly separating functions/roles of the electronic image information (original information) and the partial signature information (verification information).