JP2005236809A - Method and device for decrypting image data - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce the load of processing by a self-device without damaging security property in the case of receiving encrypted image data and decrypting the image data. <P>SOLUTION: The image data 111 encrypted with a common key 103 and an encrypted common key 110 are received from an image generating device 150 for generating image data, and the encrypted common key 110 is transferred to an information terminal device 101. The information terminal device 101 receives a common key 124 obtained by decrypting the encrypted common key 110 by using a secret key 108, and decrypts the image data 111 encrypted by using the decrypted common key 124 to obtain an image 126. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an image data decoding method and an image data decoding device for securely receiving generated image data via a network and decoding the image data.

  In the case of transmitting information via a network or the like, it is difficult to ensure security because the password is easily guessed or eavesdropped only by the conventional identity verification using only the ID and password.

  For this reason, as a “strong authentication” system based on encryption technology, securing of security by electronic signature of public key encryption technology is currently attracting attention and put into practical use. This public key cryptosystem uses two key pairs that have the special property that "information encrypted with one key (public key) can only be decrypted with the other key (private key)" This is a method for securely transmitting keys, signatures, etc.

  By applying digital signatures (digital signatures), it is possible to have something equivalent to real-world signatures and seals in cyberspace. This electronic signature has two effects: (1) tampering detection and (2) confirmation of the identity of the person.

  In order to sign an electronic document, the sender only has to encrypt the document with his / her private signature key (secret key). If the recipient can open the document with the verification key (public key) released by the sender, the receiver can reliably verify that this document is actually the document sent by the sender. . In addition, by comparing digests as electronic fingerprints, it is possible to confirm whether or not tampering has occurred.

FIG. 5 is a diagram for explaining a security ensuring method using an electronic signature of public key cryptography.
In FIG. 5, 801 is a personal computer (PC) of user A (Mr. A) who transmits information, 802 is a PC of user B (Mr. B) who receives information, and 800 is a network connecting PC 801 and PC 802. .

  In the PC 801, the plaintext 805 that is raw information is encrypted with the common key 803 in the common key encryption unit 806, and a ciphertext 811 is generated. Here, the reason why the public key method is not used for encryption is that the public key method has a heavy processing load. Of course, the encrypted data cannot be decrypted without the common key 803.

  The common key 803 is encrypted by Mr. B's public key 802 and public key encryption means 804. Here, the encrypted common key data cannot be decrypted even with Mr. B's public key 802.

  On the other hand, from the plaintext 805, a digest 807 converted based on the content of the plaintext is generated. The data size of the digest may be as small as possible to be a signature of plain text 805. The digest is encrypted in the public key encryption means 808 by Mr. A's private key 809.

  The encrypted common key data 810, the ciphertext 811, and the encrypted digest 812 are transmitted to Mr. B's PC 802 via the network 800. In Mr. B's PC 802, the common key data 810 is decrypted with Mr. B's secret key 822, and a common key 824 is generated. Further, the ciphertext 811 is decrypted with the decrypted common key 824 to obtain a plaintext 826. Mr. B's secret key 822 is never communicated, and therefore cannot be decrypted even if a third party intercepts the communication.

  The encrypted digest 812 is received by Mr. B's personal computer 802 and decrypted by Mr. A's public key 829 to generate a digest 828. By matching the plaintext 826 previously decrypted with the digest 828, it can be determined whether the digest 828 was originally generated by the plaintext 826. Since the encrypted digest 812 can be created only with Mr. A's secret key, it can be confirmed that the portion 826 is created by Mr. A. The above is the method for transmitting information using the public key method.

Next, a case where the information that Mr. A wants to transmit is an image of a document will be described.
FIG. 6 is a diagram illustrating a procedure for transmitting a document image.
In FIG. 6, reference numeral 901 denotes a PC of a user A (Mr. A) who transmits information, 902 denotes a PC of a user B (Mr. B) who receives information, 950 denotes a multifunction printer (MFP), 900 denotes a PC 901, PC 902, and MFP 950. Is the network to which is connected.

  Prior to working on the personal computer, Mr. A uses the reading unit 951 built in the MFP 950 to convert the document 930 into digital data. Further, the MFP 950 is operated to transfer the image data to the PC 901 that is its own PC.

  The image data is encrypted with the common key 903 by the common key encryption unit 905 of the PC 901. Here, the reason why the public key method is not used for encryption is that the public key method has a heavy processing load. Of course, the encrypted data cannot be decrypted without the common key 903.

  The common key 903 is encrypted by Mr. B's public key 902 and public key encryption means 904. Here, the encrypted common key data cannot be decrypted even with Mr. B's public key 902.

  On the other hand, from the image data 905, a digest 907 converted according to a certain rule based on the content is generated. The data size of the digest may be as small as possible as a signature of the image data 905. The digest is encrypted by the public key encryption means 908 with Mr. A's private key 909.

The encrypted common key data 910, the ciphertext 911, and the encrypted digest 912 are transmitted to Mr. B's PC 902 via the network 900.
In Mr. B's PC 902, the common key data 910 is decrypted with Mr. B's secret key 922, and a common key 924 is generated. Further, the ciphertext 911 is decrypted with the decrypted common key 924 to obtain image data 926. Since Mr. B's private key 922 is never communicated, even if a third party intercepts the communication, it cannot be decrypted.

  The encrypted digest 912 is received by Mr. B's personal computer 902 and decrypted by Mr. A's public key 929 to generate a digest 928. By comparing the previously decoded image data 926 and the digest 928, it can be determined whether the digest 928 was originally generated by the image data 926. Here, since the encrypted digest 912 can be created only with Mr. A's private key, it can be confirmed that the flat portion 926 is created by Mr. A.

  However, in the image data decoding apparatus shown in the conventional example, since the image encoding / decoding, the common key decoding, etc. are all performed by one apparatus, the load is very heavy. Further, in order to print the received image data, the image data has to be sent again to the printing apparatus, which makes the operation troublesome. In addition, in order to perform all reception and decryption processing by a device such as an MFP, the recipient's private key must be registered in the MFP, which is not preferable in terms of security.

  The present invention has been made in view of the above-described problems. When receiving encrypted image data and decrypting the image data, the processing of the device itself is not impaired without sacrificing security. It is an object of the present invention to provide an image data decoding method and an image data decoding device with a reduced load.

  In order to solve the above-described problem, the present invention provides a reception step of receiving the image data encrypted with a common key and the encrypted common key from an image generation device that generates image data, and the encryption Transferring the encrypted common key to the information terminal device, receiving the common key obtained by decrypting the encrypted common key using a secret key in the information terminal device, and receiving the decrypted common key And a decrypting step of decrypting the encrypted image data by using the image data decrypting method.

  According to the present invention, when encrypted image data is received and the image data is decrypted, it is possible to reduce the processing load on the own device without impairing security. Also, since the private key for decryption is managed only by the recipient's device and does not need to be managed by the image generating device that generates the image data, when transmitting / receiving data via a communication line etc. In addition, the possibility that the secret key is leaked can be reduced.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

FIG. 1 is a schematic configuration diagram of a system including an image data decoding device according to an embodiment of the present invention.
In FIG. 1, 101 is a personal computer (PC) owned by user A (Mr. A), 120 is PC of user B (Mr. B) corresponding to the image data decoding apparatus of the present invention, and 150 is a multifunction printer (MFP). , 100 is a network connecting the PC 101, the PC 120, and the MFP 150.

  Prior to working on the personal computer, Mr. A converts the document 130 into digital data by the reading unit 151 built in the MFP 150.

  The MFP 150 holds a transmission destination list and public key data of the transmission destination user corresponding to the transmission destination list, and presents the transmission destination list to the sender A using a graphical user interface (GUI). Mr. A selects a transmission destination from the list and activates an image transmission operation via the GUI.

The MFP 150 executes a series of processes described below as an image transmission operation.
That is, the common key 103 is generated by an appropriate means, and the image data 105 is encrypted using the encryption means 106 using the common key 103 as a key. The common key 103 is encrypted by the encryption unit 104 using the public key 102 of Mr. B that has been registered in advance. In addition, Mr. B's public key 102 is stored in the MFP 150 in association with the destination list. In another process, a digest 107 is generated from the image 105 and is converted into an encrypted digest 113 by Mr. A's private key.

  Finally, the encrypted common key 110, the encrypted image data 111, and the encrypted digest 112 are transmitted to Mr. B's PC 121 via the network 100.

  The receiving operation from the MFP 150 represents the feature of the present invention and will be described with reference to the flowcharts of FIGS.

  First, in step S201, the PC 120 receives the encrypted common key 110, the encrypted image data 111, and the encrypted digest 112 from the MFP 150 via the network.

  Subsequently, in step S202, the panel display data is updated. This panel display data is displayed when the user inquires about the reception status of the PC 120 through the panel or the network. For example, as shown in FIG. 4, it is display data such as an ID for data identification, a transmission destination, and a processing status.

  Subsequently, in step S203, the PC 120 transfers the received encrypted common key to the PC 101, and proceeds to step S204 where the reception of the decrypted common key is awaited.

Here, the processing of the PC 101 that has received the encrypted common key will be described with reference to FIG.
FIG. 3 is a flowchart showing processing of the PC 101.
First, in step S301, the PC 101 is activated, and then, in step S302, it is determined whether an encrypted common key has been received. As a result of this determination, if it is determined that the encrypted common key has not been received, the process waits in step S302. On the other hand, if it is determined in step S302 that the encrypted common key has been received, the process proceeds to step S303.

  In step S303, the encrypted common key is decrypted using the secret key 108. Subsequently, in step 304, the decrypted common key is transmitted to the PC 120. Thereafter, the process ends.

  In step S205, the PC 120 that has received the common key 124 decrypted from the PC 101 decrypts the encrypted image data 111 received from the MFP 150 using the common key 124 to obtain an image 126.

  Subsequently, in step S206, the received encrypted digest 112 is decrypted using the public key 129 of Mr. A to obtain a digest 128.

  Subsequently, in step S207, the digest 128 and the image 126 are added together to authenticate the image 126, and the authentication result is updated to panel display data. Thereafter, the process ends.

It is a schematic block diagram of the system containing the image data decoding apparatus in embodiment of this invention. It is a flowchart of the process in the image data decoding apparatus in embodiment of this invention. It is a flowchart of the process in a personal computer (PC101). It is the figure which illustrated one example of the display panel of the image data decoding apparatus in embodiment of this invention. It is a schematic block diagram for demonstrating the data decoding method of a prior art example. It is a schematic block diagram for demonstrating the image data decoding method of a public key system.

Explanation of symbols

100 Network 101 PC of user A (Mr. A)
102, 129 Public key 103, 124 Common key 104, 106, 109, 125, 127 Decryption means 107, 128 Digest 105, 126 Image 108 Private key 110 Encrypted common key 111 Encrypted image data 112 Encryption Digest 113 encrypted digest 120 User B (Mr. B) 's PC (image data decryption device)
123 Receiver 130 Document 150 MFP
151 Reading means

Claims (3)

A receiving step of receiving the image data encrypted with a common key and the encrypted common key from an image generation device that generates image data;
A transfer step of transferring the encrypted common key to the information terminal device;
A decryption step of receiving a common key obtained by decrypting the encrypted common key using a secret key in the information terminal device and decrypting the encrypted image data using the decrypted common key An image data decoding method comprising: Receiving means for receiving the image data encrypted with a common key and the encrypted common key from an image generation device for generating image data;
Transfer means for transferring the encrypted common key to the information terminal device;
Decrypting means for receiving the common key obtained by decrypting the encrypted common key using a secret key in the information terminal device and decrypting the encrypted image data using the decrypted common key An image data decoding device comprising:   The image data decoding apparatus according to claim 2, wherein the image generation apparatus is a multifunction peripheral.

Images