1. Field of the Invention
The present invention generally relates to digital watermarks and, more particularly, to semi-fragile digital watermarks which survive incidental modifications to an attached file caused by, for example, noise, compression-decompression, or digital to analog to digital (D/A/D) conversion of the file, which do not effect the authenticity of the file.
2. Description of the Related Art
The invention is directed to imperceptible watermarking of images. We define an imperceptible watermark (hereinafter simply xe2x80x9cwatermarkxe2x80x9d), as an alteration of the data set which is for the most part, imperceptible to a human (i.e., the watermark should be invisible or almost invisible), but can be recognized by a machine such as a computer. The general principle of such watermark has been disclosed, for instance in M. M. Yeung et al., xe2x80x9cDigital Watermarking for High-Quality Imagingxe2x80x9d, Proceedings of the IEEE Signal Processing Society Multimedia Workshop, Princeton, N.J., 1997.
Here we are interested in fragile watermarks, by which we mean watermarks which allow a system to recognize that an image is authentic and has not been altered, rather than in robust watermarks which are mainly devoted to establish ownership. As the invention relates to these two different types of technologies, we first review them at the level of detail and generality needed to describe the invention.
Fragile watermarks are designed to ensure that an image has not been modified. The principle is that if the image has been modified, the watermark alerts to this fact, and to some extent can localize where this modification has been done. Watermarks are usually based on some cryptographic techniques, and either secret or public keys can be used. In the current use of fragile watermarks, it is assumed that the image is always digital, by which we mean that it is kept and circulated as a file of numbers, and visualized and manipulated using a digital machine such as a computer. Fragile watermarks can be created and detected in several formats, compressed and/or uncompressed. As long as the image is kept in numerical form, data can be hidden in the file and retrieved by appropriate algorithms. The same image may be printed or reinterpreted with an analog machine, but it is not expected that the watermark be accessible after this transfer has been done.
It is often argued that fragile watermarks can be replaced by digital signatures, because all the scenario of creation and detection takes place at the digital level. However, a digital signature is an integer number that is obtained by a digital signature algorithm applied on a number associated in some prescribed way to the image, and is mainly used to authenticate the origin and integrity of the message or image whereas, digital watermarks are data hidden in, or more generally modifying, the pixels of the image file. On the other hand, watermarks can have many uses, including, but not limited to integrity verification. For example, robust watermarks are used for claiming ownership.
Robust watermarks are designed to survive modifications of the image, and more precisely, to remain detectable when the image has been modified to some reasonable extent. Robust watermarks are usually required to be non-removable by an adverse party. They can be designed to establish ownership, or to help protecting copyrights. In several cases, one expects them to still be detectable when the image is transferred to the analog world (prints or analog signals). The argument that watermarks can be replaced by signatures does not hold in this context, as known signature schemes do not resist transfer from the digital to analog world. Because of the dual constraint of invisibility and resistance, robust watermarks detection is based on statistical analysis. That is, any individual components of a mark can be altered by attack and/or by digital/analog (or D/A) conversion so that one is reduced to check that traces of the overall mark subsist. In general terms, one can say that a robust watermark consists in a mask M(K) defined by a cryptographically designed key K: the mask is used to modify some pixels attributes according to some algorithm, which defines the modification m(i, j) of the pixel (i, j)""s attributes as a function of the mask M, the pixel""s attribute before marking A(i, j), and the attributes before marking Av(i, j) of neighboring pixels, i.e.,
m(i, j)=F(M(K), A(i, j), Av(i, j)) 
Because the image and the accompanying watermark are expected to suffer some modifications, the key K is usually chosen as a secret key.
It would be quite advantageous to be able to reap the benefits of both fragile and robust invisible watermarks, and more precisely to have imperceptible watermarks for originality check which are fragile enough to detect significant modifications of the image, yet can still be detected to authenticate the image after minor modifications or modifications which may be significant but whose statistical properties are known or can be found through experimentation, such as printing and scanning, compression/decompression and/or high quality D/A/D conversion.
It is therefore an object of the present invention to provide a semi-fragile watermark which is robust enough to provide an originality check but which is fragile enough to detect only significant modifications of the image.
It is yet another object of the present invention to provide a semi-fragile watermark which is substantially imperceptible by a human and can survive digital to analog and back to digital conversion.
It is yet a further object of the present invention to provide a semi-fragile watermark which can authenticate an image after modifications which may be significant but whose statistical properties are known or can be found through experiments, such as printing and scanning, compression/decompression and/or high quality D/A/D conversion.
According to the invention the benefits of robust watermarks (resistance to small modifications) with the benefits of fragile watermarks (detection of tampering of content) are combined.
Here we distinguish between minor modifications which are acceptable and/or unavoidable modifications to the image for which the modified image is still considered authentic and significant modifications which are modifications of the intended information content of the image. For instance, in the case when fragile watermarks are used to control that a picture of a car has not been modified, the intended information is the nature of the damages or the quality of the repairs. Suppose the modification due to, say, printing and scanning, changes the colormap of the image. We know statistically how the colormap would generally change, and so we do not use this component of image in producing the watermark. Thus the image after printing and scanning defines a number which, once coded, defines the same watermark.
A digital signature is a number that is obtained by encrypting a message or image through a digital signature algorithm and is mainly used to authenticate the integrity of the message or image. Digital watermarks are data added to the pixels of the image file. On the other hand, watermarks can have many uses, including, but not limited to integrity verification. For example, robust watermarks are used for claiming ownership. The present invention is to combine the benefits of robust watermarks (resistance to small modifications) with the benefits of fragile watermarks (detection of tampering of content).
One aspect of the present invention is that digital signature schemes do not have the same benefits as the proposed semi-fragile watermarking scheme since they cannot authenticate the image after lossy compression or printing and scanning. Also disclosed is how a visible signature, possibly computed using a public digital signature scheme such as Rivest-Shamir-Adleman (RSA), is attached to an image which can authenticate the image after minor and acceptable modifications. Anyone versed in the art would readily understand how the present invention adapt as well to sound tracks and to audio visual video recordings. The marking is performed in two phases:
1. The first phase comprises extracting a digest or number N from the image so that N only (or mostly) depends on the essential information content, such that the same number N can be obtained from a scan of a high quality print of the image, from the compressed form of the image, or in general, from the image after minor modifications (introduced inadvertently by processing, noise etc.).
2. The second phase comprises the marking per se. This can be done in the form of an invisible robust watermark, or in form of some visible signature. The visible signature can be placed in an unobtrusive manner on the image, e.g., in the first few rows of the image pixels in a variety of machine readable formats such as bar codes, an alternation of very clear and very dark pixels, or optical character recognition (OCR) fonts. In the first case, using some cryptographic key K, one chooses a mask M(K(N)) constructed according to some preferred method of robust invisible watermarking. Because of the statistical nature of robust watermarks discussed earlier, the key K, or at least part of it, must be secret. In the second case, since the detection of the signature is easy, one can use a public key signature scheme. In either case, the watermark should alter the image in a minor way such that the essential information content is not changed. In particular, the number N extracted from the watermarked image should be the same (or almost the same) as the number extracted from the un-watermarked image: for instance, if visible unobstructive signature is used, one would not consider the information from the area where the signature will be displayed in the determination of N. The use of private key/public key (SK/PK) pairs and of secret encoding keys are now well known: a description of these techniques with directions on how to use several of their implementations can be found for example in Alfred J. Menezes et al, Handbook of Applied Cryptographyxe2x80x9d, CRC Press, 1997. For definiteness, each time we use a public encryption scheme, one can choose the RSA protocol, described in U.S. Pat. No. 4,405,829, as a method to generate and use a SK/PK pair in order to allow for public digital signature: several other methods could also be used (see, e.g., the xe2x80x9cHandbook of Applied Cryptographyxe2x80x9d).
Notice that when the signature computed from N is displayed in a way that allow exact recovery, instead of a mean to compute exactly N each time, it is enough to use a method that allows a system to ensure that a number close enough to N (where close enough depends on applications) will be recovered at the time of verification: more precisely, using a public signature scheme, one can recover the original N from the signature, and then compare this original N, computed at the time watermarking is performed, to the value computed at the time one performs the verification.