1. Field of the Invention
The invention relates to digital image data security structures and their use. More specifically, the invention concerns embedding all necessary verification data with the image""s data file thereby rendering the file autonomously secured.
2. Background Art
Banks, credit unions and other financial institutions often image checks, deposit slips and other types of bank documents in order to process financial transactions efficiently. The more confidence a financial institution has in the integrity and point-of-origin of an image, the more it can rely on a document image in lieu of the original paper document. When images are used to facilitate financial transactions, care must be taken to ensure that image data is tamper-evident. It is also advisable to link images with the institution that produced them. When data and integrity can be guaranteed and point-of-origin can be deduced, images can grow in their importance in facilitating financial transactions.
Point-of-origin identification and data integrity authentication for financial images can be realized through the use of public key cryptography. Assuming cryptographic key management techniques are utilized, digitally signed images are tamper evident and origin traceable. Examples of signature algorithms that may be used to sign financial images include RSA (see RSA Laboratories. PKCS #1v2.0:RSA Cryptography Standard, July 1998), DSA (see U.S. Department Of Commerce/N.I.S.T., National Technical Information Service, Springfield, Va. Federal Information Processing Standards (FIPS) 186 Digital Signal Standard, 1994), and ECDSA (see Alfred J. Menezes. Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, 1993). These digital signature schemes require a public/private key pair. The method for generating such a key pair varies with the particular scheme used. However, it is always the case that the private portion of such a key pair and the image itself are used to actually calculate an image""s digital signature. In other words, both the image and the private key are required to produce a digital signature. On the other hand, typically the purported original image itself and invariably the public portion of the key pair are required to verify a given digital signature on the image. Thus, the public key part of the key pair verifies what the private key signs. An important property of public/private key systems which produce digital signatures is that disclosure of the public key does not reveal the private key which produces the signatures in the first place.
If verification using the appropriate public key portion of the key pair succeeds, the image must be as it was when the signature was produced. Since only the private key portion of the key pair can calculate the signature, successful verification also means that the image was signed by the possessor of the private key. Under normal circumstances, the private portion of a signing key pair is known only to the key pair owner. Therefore, if a signature verifies, the point-of-origin of the signed image must have been the owner of the private key that produced the digital signature. The act of verifying an image signature in no way reveals any information about the private key that produced the signature. Only the public key and possibly the original image are used in the verification process. Knowledge of the public key does not imply knowledge of the private key, and only the public key which is companion to the private key used to produce the signature will successfully verify the image/signature combination. Another party""s public key will not succeed in verifying the image""s signature.
Public keys must be provably linked to that key""s owner in order to achieve true origin traceability and tamper detection capabilities. Verifying a signature using a public key of unknown origin does not prove origin or data integrity.
Public key certificates provide a mechanism for assuring the authenticity of a public key""s owner. A public key certificate includes at least three items. First, is the public key itself. Second is identity information for the owner of the public key, and third, a digital signature issued by a trusted third party.
A public key certificate binds the identity of a public key""s owner to the public key itself. A trusted third party, called a certification authority, issues certificates. Before creating a certificate, the certification authority takes appropriate measures to verify the claimed identity information of the entity requesting the certificate. Once the identity information is verified, the certification authority will digitally sign a document containing the public key data and identity information. This signed document becomes the certificate.
Tile certification authority""s public key, used for verifying signatures on certificates it issues, is widely distributed, for example on the internet or sent by secure courier to parties wishing to verify certificates. Once issued, a public key certificate may be used to prove the authenticity and ownership of a public key.
In known security and authentication arrangements for image data files, the public key certificate, the public key itself and often most of the other data items required for conducting a validation process are separate entities from the image data file itself. With this prior art arrangement, large data bases of public key certificates (or at the very least a database of uncertified public keys) must be consulted prior to the authentication process. There is, therefore, seen to be a need in the prior art for an image data file arrangement enabling autonomous security and authentication of the image data without resort to external data sources.
In a first aspect of the invention a method for autonomously securing an image data file comprises the steps of selecting a format for the image data file capable of identifying a predetermined subset of data residing in the data file and capable of storing non-image data in preselected locations in the data file with the image data. Next, authentication data is placed in the preselected locations of the data file, the authentication data comprising data related to a public key certificate and a digital signature.
In a second aspect of the invention a data file format structure for use with image data stored on a computer-readable medium comprises at least one directory entry defining a location within the data file of the image data, a directory entry defining a location within the data file of a public key certificate identifier, and a directory entry defining a location within the data file of a digital signature. With this integral organization, the image data file can be authenticated autonomously by data resident in the image data file itself.