1、 International Telecommunication Union ITU-T T.807 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (05/2006) SERIES T: TERMINALS FOR TELEMATIC SERVICES Information technology JPEG 2000 image coding system: Secure JPEG 2000 ITU-T Recommendation T.807 ITU-T Rec. T.807 (05/2006) i INTERNATIONAL STANDAR
2、D ISO/IEC 15444-8 ITU-T RECOMMENDATION T.807 Information technology JPEG 2000 image coding system: Secure JPEG 2000 Summary The purpose of this Recommendation | International Standard is to provide a syntax that allows security services to be applied to JPEG 2000 coded image data. Security services
3、include confidentiality, integrity verification, source authentication, conditional access, and secure scalable streaming and secure transcoding. The syntax allows these security services to be applied to coded and uncoded image data in part or in its entirety. This maintains the inherent features o
4、f JPEG 2000 such as scalability and access to various spatial areas, resolution levels, colour components, and quality layers, while providing security services on these elements. Source ITU-T Recommendation T.807 was approved on 29 May 2006 by ITU-T Study Group 16 (2005-2008) under the ITU-T Recomm
5、endation A.8 procedure. An identical text is also published as ISO/IEC 15444-8. ii ITU-T Rec. T.807 (05/2006) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (ITU-T)
6、 is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four year
7、s, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the neces
8、sary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However
9、, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equi
10、valents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a c
11、laimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU ha
12、d not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database. ITU 2007 All right
13、s reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. T.807 (05/2006) iii CONTENTS Page 1 Scope. 1 2 Normative references 1 3 Terms and definitions 1 4 Symbols and abbreviated terms . 4 5 JPSEC syntax (normative) 4
14、 5.1 JPSEC framework overview 4 5.2 JPSEC security services . 6 5.3 Comments on design and implementation of secure JPSEC systems 6 5.4 Byte aligned segment (BAS) . 7 5.5 Main security marker (SEC) 9 5.6 JPSEC tools . 12 5.7 Zone of Influence (ZOI) syntax 16 5.8 Protection method template syntax (T)
15、 25 5.9 Processing domain syntax (PD) 34 5.10 Granularity syntax (G) . 35 5.11 Value list syntax (V) 36 5.12 Relationships among ZOI, Granularity (G) and Value List (VL). 37 5.13 In-codestream security marker (INSEC) 37 6 Normative-syntax usage examples (informative). 39 6.1 ZOI examples. 39 6.2 Key
16、 information template examples 44 6.3 JPSEC normative tool examples. 45 6.4 Distortion field examples 51 7 JPSEC registration authority. 53 7.1 General introduction 53 7.2 Criteria for eligibility of applicants for registration 53 7.3 Applications for registration 53 7.4 Review and response to appli
17、cations. 53 7.5 Rejection of applications 54 7.6 Assignment of identifiers and recording of object definitions. 54 7.7 Maintenance 54 7.8 Publication of the register . 55 7.9 Register information requirements 55 Annex A Guidelines and use cases 56 A.1 A class of JPSEC applications . 56 Annex B Techn
18、ology examples 64 B.1 Introduction . 64 B.2 A flexible access control scheme for JPEG 2000 codestreams 64 B.3 A unified authentication framework for JPEG 2000 images. 66 B.4 A simple packet-based encryption method for JPEG 2000 codestreams . 69 B.5 Encryption tool for JPEG 2000 access control. 72 B.
19、6 Key generation tool for JPEG 2000 access control. 74 B.7 Wavelet and bitstream domain scrambling for conditional access control. 77 B.8 Progressive access for JPEG 2000 codestream 79 B.9 Scalable authenticity of JPEG 2000 codestreams . 82 B.10 JPEG 2000 data confidentiality and access control syst
20、em based on data splitting and luring . 84 B.11 Secure scalable streaming and secure transcoding 87 iv ITU-T Rec. T.807 (05/2006) Page Annex C Interoperability. 91 C.1 Part 1 91 C.2 Part 2 91 C.3 JPIP 91 C.4 JPWL . 92 Annex D Patent statements 95 BIBLIOGRAPHY 96 ITU-T Rec. T.807 (05/2006) v Introduc
21、tion In the “Digital Age“, the Internet provides many new opportunities for rightholders regarding the electronic distribution of their work (books, videos, music, images, etc.). At the same time, new information technology radically simplifies the access of content for the user. This goes hand in h
22、and with the all pervasive problem of pirated digital copies with the same quality as the originals and “file-sharing“ in peer-to-peer networks, which gives rise to continued complaints about great losses by the content industry. World Intellectual Property Organization (WIPO) and its Member countri
23、es (170) have an important role to play in assuring that copyright, and the cultural and intellectual expression it fosters, remains well protected in the 21st century. The new Digital economy and the creative people in every country of the world depend on it. Also in December 1996, WIPO Copyright T
24、reaty (WCT) has been promulgated with two important articles (11 and 12) about technological measures and obligations concerning Right Management Information: Article 11 Obligations concerning Technological Measures Contracting Parties shall provide adequate legal protection and effective legal reme
25、dies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by l
26、aw. Article 12 Obligations concerning Rights Management Information (1) Contracting Parties shall provide adequate and effective legal remedies against any person knowingly performing any of the following acts knowing, or with respect to civil remedies having reasonable grounds to know, that it will
27、 induce, enable, facilitate or conceal an infringement of any right covered by this Treaty or the Berne Convention: (i) to remove or alter any electronic rights management information without authority; (ii) to distribute, import for distribution, broadcast or communicate to the public, without auth
28、ority, works or copies of works knowing that electronic rights management information has been removed or altered without authority. (2) As used in this Article, “rights management information“ means information which identifies the work, the author of the work, the owner of any right in the work, o
29、r information about the terms and conditions of use of the work, and any numbers or codes that represent such information, when any of these items of information is attached to a copy of a work or appears in connection with the communication of a work to the public. This treaty provides a solid foun
30、dation to protect Intellectual Property. As of 2004, about 50 countries ratified this important treaty. Therefore, it is expected that tools and protective methods that are recommended in JPEG 2000 must ensure the security of transaction, protection of content (IPR), and protection of technologies.
31、Security issues, such as authentication, data integrity, protection of copyright and Intellectual Property, privacy, conditional access, confidentiality, transaction tracing, to mention a few, are among important features in many imaging applications targeted by JPEG 2000. The technological means of
32、 protecting digital content are described and can be achieved in many ways such as digital watermarking, digital signature, encryption, metadata, authentication, and integrity checking. Part 8 of the JPEG 2000 standard intends to provide tools and solutions in terms of specifications that allow appl
33、ications to generate, consume, and exchange Secure JPEG 2000 codestreams. This is referred to as JPSEC. ISO/IEC 15444-8:2006 (E) ITU-T Rec. T.807 (05/2006) 1 INTERNATIONAL STANDARD ITU-T RECOMMENDATION Information technology JPEG 2000 image coding system: Secure JPEG 2000 1 Scope This Recommendation
34、 | International Standard specifies the framework, concepts, and methodology for securing JPEG 2000 codestreams. The scope of this Recommendation | International Standard is to define: 1) a normative codestream syntax containing information for interpreting secure image data; 2) a normative process
35、for registering JPSEC tools with a registration authority delivering a unique identifier; 3) informative examples of JPSEC tools in typical use cases; 4) informative guidelines on how to implement security services and related metadata. The scope of this Recommendation | International Standard is no
36、t to describe specific secure imaging applications or to limit secure imaging to specific techniques, but to create a framework that enables future extensions as secure imaging techniques evolve. 2 Normative references The following Recommendations and International Standards contain provisions whic
37、h, through reference in this text, constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation | International S
38、tandard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list
39、of currently valid ITU-T Recommendations. ITU-T Recommendation T.800 (2002) | ISO/IEC 15444-1:2004, Information technology JPEG 2000 image coding system: Core coding system. ITU-T Recommendation T.801 (2002) | ISO/IEC 15444-2:2004, Information technology JPEG 2000 image coding system: Extensions. 3
40、Terms and definitions For the purposes of this Recommendation | International Standard, the following definitions apply. The definitions defined in ITU-T Rec. T.800 | ISO/IEC 15444-1 clause 3 apply to this Recommendation | International Standard. 3.1 access control: Prevention of unauthorized use of
41、 a resource, including the prevention of use of a resource in an unauthorized manner. 3.2 authentication: Process of verifying an identity claimed by or for a system entity. 3.2.1 source authentication: Verification that a source entity (say, user/party) is in fact the claimed source entity. 3.2.2 f
42、ragile/semi-fragile image authentication: Process for both image source authentication and image data/image content integrity verification that should be able to detect any change in the signal and identify where it has taken place and possibly what the signal was before modification. NOTE It serves
43、 at proving the authenticity of a document. The difference between fragile and semi-fragile image authentication is that the former is to verify the image data integrity and the latter to verify the image content integrity. 3.3 confidentiality: Property that information is not made available or disc
44、losed to unauthorized individuals, entities or processes. ISO/IEC 15444-8:2006 (E) 2 ITU-T Rec. T.807 (05/2006) 3.4 data splitting: Method to protect sensitive data from unauthorized access by encrypting the data and storing different portions of the file on different servers. NOTE When split data i
45、s accessed the parts are retrieved, combined and decrypted. An unauthorized person would need to know the locations of the servers containing the parts, be able to get access to each server, know what data to combine, and how to decrypt it. 3.5 decryption, deciphering: Inverse transformation of the
46、encryption. 3.6 digital signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g., by the recipient. 3.7 encryption: Reversible transformation of data by
47、 a cryptographic algorithm to produce ciphertext, i.e., to hide the information content of the data. NOTE An alternative term for an encryption algorithm is cipher. 3.8 fingerprints: Characteristics of an object that tend to distinguish it from other similar objects to enable the owner to trace auth
48、orized users distributing them illegally. NOTE In this respect, fingerprinting is usually discussed in the context of the traitor tracing problem. 3.9 hash function: Function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties: NOTE For a given output,
49、 it is computationally infeasible to find an input which maps to this output. For a given input, it is computationally infeasible to find a second input which maps to the same output. Computational feasibility depends on the users specific security requirements and environment. 3.10 integrity: Property of being able to safeguard the accuracy and the completeness of assets. 3.10.1 image data integrity: Property that data has not been altered or destroyed in an unauthorized manner. 3.10.2 image content integrity: Assurance the image content has not been m
