WO2004055757A1 - Key synchronization in a visual cryptographic system - Google Patents

Key synchronization in a visual cryptographic system Download PDF

Info

Publication number
WO2004055757A1
WO2004055757A1 PCT/IB2003/005236 IB0305236W WO2004055757A1 WO 2004055757 A1 WO2004055757 A1 WO 2004055757A1 IB 0305236 W IB0305236 W IB 0305236W WO 2004055757 A1 WO2004055757 A1 WO 2004055757A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
key identification
image
identification
hash value
Prior art date
Application number
PCT/IB2003/005236
Other languages
French (fr)
Inventor
Pim T. Tuyls
Marten E. Van Dijk
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to US10/539,359 priority Critical patent/US20060210080A1/en
Priority to AU2003276597A priority patent/AU2003276597A1/en
Priority to EP03813209A priority patent/EP1576567A1/en
Priority to JP2004559984A priority patent/JP2006511114A/en
Publication of WO2004055757A1 publication Critical patent/WO2004055757A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C5/00Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/44Secrecy systems

Definitions

  • the present invention relates to key synchronization in cryptographic systems. More in particular, the present invention relates to a method of and a system for synchronizing a first key set in an encryption device and a second key set in a decryption device, the encryption device being capable of encrypting images and the decryption device being capable of decrypting images.
  • decoding decryption
  • Two types of image decrypting devices can be distinguished: transparent and non-transparent devices.
  • Transparent decrypting devices essentially mimic the transparent sheets used in the Prior Art and display one pattern ("share") of the encrypted image. As the decrypting device is at least partially transparent, the other pattern of the image can be seen through the device and the two image patterns are combined in the eye of the viewer as before.
  • the advantage of using a transparent device instead of a transparent sheet is that the device is capable of displaying a plurality of image parts rather than a single image part. Thus subsequent images can use different keys.
  • Transparent decrypting devices advantageously use LCD (Liquid Crystal Display) screens, two such screens being overlaid to "decrypt" the encrypted image so as to reconstruct the original image.
  • a suitable example of a transparent device in which LCD screens are employed is described in European Patent Application 02075527.8 [PHNL020121]. In the device of said European Patent Application, use is made of the polarization rotating effect of liquid crystal cells in a liquid crystal display. This allows a very convenient encrypting and decrypting of black-and-white images.
  • Non-transparent decrypting devices are capable of sensing the encrypted image, performing a decryption and displaying the decrypted image.
  • the decryption is carried out in the device itself and the display shows the complete, decrypted image, while the encrypted image is masked by the device.
  • An example of such a decoding device is described in European Patent Application 02079579.5 [PHNL021058].
  • the decoding device may use a key to decrypt the image.
  • An image decoding device will generally require at least one key to decrypt an image.
  • the use of a key set does, however, introduce the problem of key set synchronization. Even when a certain key sequence is predetermined, the encryption device and the decryption device may accidentally change keys at different moments, or one of the devices may not change keys at all, resulting in a loss of key synchronization. This, in turn, will result in the decryption device not being capable of decrypting the encrypted images. It is therefore an object of the present invention to provide a method and system for establishing the synchronization of an encryption device and a decryption device in a simple yet effective manner.
  • the present invention provides a method of synchronizing a first key set in an encryption device and a second key set in a decryption device, the method comprising the steps of: • the encryption device producing an encrypted image and an associated key identification using a key of the first key set,
  • the decryption device displaying the decrypted image. That is, the encryption device uses a key of its key set to encrypt the image and produces a key identification corresponding with the key used for encrypting the image. Both the encrypted image and the key identification are transmitted to the display device which allows the decryption device to detect the key identification. The decryption device uses the key identification to identify a key of its key set and then decrypts the encrypted image using the thus identified key. It is preferred that a decryption device is used of the type having both sensing means for sensing an (encrypted) image and display means for displaying a (decrypted) image.
  • a key identification By transmitting a key identification with the encrypted image, it will be possible to always maintain key synchronization. Although it is possible to transmit a key identification with every encrypted image, it may not be necessary to do so. Instead, a key identification may only be transmitted periodically, for example after a certain number of encrypted images has been transmitted, or after a certain amount of time has elapsed. Alternatively, the key identification can only be transmitted upon request. It will be understood that the step of producing a key identification can be omitted when its transmission is not required.
  • the key identification is identical to the actual key. This is, however, cryptographically not secure as the key identification may be intercepted during transmission. For this reason, it is preferred that the key identification is a code associated with the key, for example a key number. It is further preferred that the key identification is a code derived from the key. This provides a degree of tamper protection.
  • the key identification is a hash value.
  • Hash values are values which can be derived from a source value such as a cryptographic key using a hash function, a type of function which is well known in the field of cryptography.
  • a hash function is a one-way function, that is, a function for which it is not feasible to determine the inverse function.
  • the hash value of the key can be readily determined, but it is not feasible to derive the key from the hash value. In this way, interception of the key identification does not compromise the key itself.
  • any (unauthorized) alteration of a key will result in a different hash value and will prevent the unauthorized decryption of the encrypted image.
  • the step of the decryption device detecting the key identification involves the sub-steps of: -
  • the decryption device detecting the hash value and storing it as a detected hash value, • the decryption device calculating the hash values of the second key set and comparing each calculated hash value with the detected hash value until a match is found. By matching a hash value of the decryption device's key set with the detected hash value the correct key can readily be found.
  • hash values of the second key set in the decryption device It is of course possible to pre-calculate and store the hash values of the second key set in the decryption device. This requires, however, a substantial amount of memory space. It has been found that hash values can be calculated quickly and therefore it is preferred not the store the hash values.
  • the key identification can be transmitted separately, it is preferred that the key identification is part of the encrypted image. This provides both a simple transmission of the key identification and an easy detection by the decryption device.
  • the key identification can form a sub-image of the encrypted image. This sub-image can be a symbol, a code or the like.
  • the sub-image can also be encrypted using an additional key which is preferably the same for a series of images.
  • the key identification is displayed on the display device as a bar code.
  • a bar code can easily be recognized and read by the decryption device.
  • Other types of codes however, can also be used.
  • a time multiplexed code may be used where parts of the code are sequentially displayed. These parts, in turn, may or may not be constituted by bar codes.
  • the images used for synchronization according to the present invention may be monochrome images or color images. Although various techniques may be used for rendering color images in visual cryptography and similar applications, the liquid crystal display techniques described in European Patent Application 02078660.4 [PHNL020804EPP] are particularly suitable.
  • the present invention further provides a system for synchronizing a first key set in an encryption device and a second key set in a decryption device, the system comprising:
  • a decryption device for detecting the key identification, decrypting the encrypted image using a key of the second key set corresponding with the key identification, and displaying the decrypted image.
  • the present invention also provides a decryption device for use in a system as defined above, the device comprising sensor means for sensing an encrypted image including a key identification, key selection means for selecting a key on the basis of the sensed key identification, decryption means for decrypting a sensed encrypted image using the selected key, and display means for displaying a decrypted image.
  • the sensor means are part of an LED (Light Emitting Diode) circuit, preferably an OLED (Organic Light Emitting Diode) circuit.
  • LED Light Emitting Diode
  • OLED Organic Light Emitting Diode
  • Fig. 1 schematically shows a cryptographic system according to the present invention.
  • Fig. 2 schematically shows, in cross-section, a decryptor for use in the system of Fig. 1.
  • Fig. 3 schematically shows an example of an image used in the system and method according to the present invention.
  • the system shown merely by way of non-limiting example in Fig. 1 comprises a server 1, a terminal 2, a decryptor (or decoder) 3 and a communication network 4.
  • the server 1 produces and encrypts images which are transmitted via the communication network 4 to the terminal 2.
  • the communication network 4 may be constituted by a dedicated network such as a LAN, a telephone network (POTS), the Internet, or a simple cable or wire.
  • Both the server 1 and the terminal 2 may be dedicated devices or may be constituted by general purpose computers with, at least in the case of terminal 2, a display screen 21.
  • the decryptor 3 is a cryptographic device which will be discussed in more detail below.
  • the server 1 and the decryptor 3 are both provided with at least one key set consisting of a plurality of cryptographic keys.
  • the decryptor 3 is a decryption device which may include sensors 31 for sensing a displayed image, a processor 32 with an associated memory for performing cryptographic operations on the sensed image, and display elements 33 forming a display screen (34 in Fig. 1) for displaying the decrypted image. Electrical conductors or optical fibers connect the sensors 31, the processor 32 and the display elements 33. A set of cryptographic keys is stored in the processor memory. The decryptor 3 therefore is capable of sensing an encrypted image, decrypting the image, and displaying the resulting decrypted image.
  • the decryptor 3 is a trusted device which is preferably carried by its user and stored in a safe place when not in use. In this way the keys stored in the decryptor are not compromised.
  • the synchronization of key sets in the system of Fig. 1 is accomplished as follows.
  • the server (encryption device) 1 encrypts an image using a key of its key set. This image is transmitted to the terminal (display device) 2 which displays the image. As the terminal 2 is not in possession of the keys, it is not able to decrypt the encrypted image.
  • the displayed encrypted image contains no perceptible information and may have the appearance of a random image ("snow").
  • the user positions her decryptor (decryption device) 3 in such a way that the decryptor can sense the image.
  • the encrypted image schematically shown in Fig. 3 has two image portions, a first image portion 5 containing the encrypted image and a second image portion 6 containing the key identification.
  • the decryptor 3 senses both images preferably simultaneously and is preferably arranged for determining which part of the image shown on display screen 21 is the second image portion 6.
  • a section of the screen 21 is assigned to the second (key identification) image portion 6 and therefore this image portion is recognized on the basis of its location.
  • the second image portion 6 contains a bar code. It is possible for the decryptor 3 to "scan" the display 21 and detect a bar code using well-known electronic image scanning techniques. In that case, it would not be necessary to assign a particular position to the second image portion. Instead of a bar code, other codes or (combination of) symbols could be used. It is further possible that such codes are recognized by the decryptor 3 using pattern recognition techniques. It is not necessary for the entire code to be displayed at a single moment and so-called time multiplexed codes may be used in which parts of the code are displayed sequentially, that is, at different moments in time. This may be accomplished by the temporary lighting up (or flashing) of certain display elements. The said parts of the code may themselves be represented by bar codes or any other suitable codes.
  • the decryptor 3 recognizes and decodes the bar code contained in the second image portion 6 so as to obtain the key identification or a code representing the key identification.
  • the (bar) code contained in the second image portion 6 is the hash value of the key.
  • the decryptor 3 then tries to match this detected hash value with one of the keys of its key set by computing the hash value of a key, comparing it with the detected hash value, and continuing with the next key if the detected hash value and the calculated hash value do not match. If no match is found, an error must have occurred. If a match is found, the decryptor then uses the key concerned to decrypt the first image portion 5 and to display the resulting decrypted image. In the position of the second image portion 6 a masking area (e.g. a blank area) may be inserted by the decryptor to mask the key identification.
  • a masking area e.g. a blank area
  • the actual key identification may optionally be extended with a CRC (Cyclical Redundancy Check) value or similar check value which allows error detection.
  • CRC Cyclical Redundancy Check
  • the key sets of the server and the decryptor are effectively identical, that is, each key of the server key set, when used in the server encryption process, produces an image which can be decrypted using an associated key in the decryptor key set, when used in the decryptor decryption process.
  • the server key set and the decryptor key set will be identical, but this is not necessarily the case.
  • the relationship between the keys may be illustrated as follows:
  • K is a key of the first key set
  • KID is the corresponding key identification
  • K' is the key of the second key set identified by the key identification.
  • KID is the key identification
  • K' is the key of the second key set identified by the key identification.
  • KID is produced which is used by the decryptor to identify its corresponding key K'.
  • K and K' will be identical.
  • the decryptor (decryption device) 3 displays the entire decrypted image. This is not necessarily the case and embodiments can be envisaged in which the decryptor 3 only displays part of the image to allow "visual cryptography” techniques as disclosed in e.g. European Patent Application EP 0 260 815 mentioned above.
  • the decryptor 3 is at least partially transparent, one part or "share” of the image being displayed by the decryptor, the other part or “share” being displayed by the terminal display 21.
  • a suitable example of a transparent device in which LCD screens are employed is described in European Patent Application 02075527.8 [PHNL020121].
  • the present invention is based upon the insight that information identifying a key can be displayed in an encrypted image, allowing this information to be detected by a decoding device.
  • the present invention is additionally based upon the further insight that an untrusted device (i.e. the display device) can be used to provide information pertaining to keys, as the untrusted device has no knowledge of the keys themselves.
  • the present invention is in particular applicable in systems for cryptographically transferring images, such as "visual cryptography", it can also be applied in other cryptographic systems where other data items than images are cryptographically protected. It can be envisaged, for instance, that the present invention be applied in computer systems where encrypted data (files) are transferred between computers, the computer screens being used for key synchronization. It is noted that any terms used in this document should not be construed so as limit the scope of the present invention, hi particular, the words “comprise(s)” and “comprising” are not meant to exclude any elements not specifically stated. Single (circuit) elements may be substituted with multiple (circuit) elements or with their equivalents.

Abstract

A system for visual cryptography comprises a server (1) for encrypting a series of images using a set of keys, a terminal (2) for displaying the encrypted images, a transmission medium (4) for transmitting the encrypting images from the server to the terminal (2), and a decryption device (3) for decrypting the encrypted image displayed on the terminal. A key identification is produced by the server (1) and displayed by the terminal (2). The decryption device (3) senses the key identification and selects the corresponding key from its key set.

Description

KEY SYNCHRONIZATION IN A VISUAL CRYPTOGRAPHIC SYSTEM
The present invention relates to key synchronization in cryptographic systems. More in particular, the present invention relates to a method of and a system for synchronizing a first key set in an encryption device and a second key set in a decryption device, the encryption device being capable of encrypting images and the decryption device being capable of decrypting images.
It is well known to use key sets in cryptographic systems, subsequent messages being encrypted using different keys of the key set. The use of different keys for different messages makes it much harder for an eavesdropper to decrypt any of the messages. In addition, knowledge of a single key will only allow a single message to be decrypted, all other messages remaining secret.
It is, of course, necessary to synchronize the key sets, that is, to ensure that both the encryption device and the decryption device use the same key of the key set to encrypt or decrypt the same message. If this synchronization is lost, it will not be possible to decrypt the messages correctly.
It is further known to encrypt an image in order to prevent the image being recognized or to prevent its contents being read by unauthorized persons. One technique of encrypting an image is disclosed in, for example, European Patent Application EP 0260 815. This technique, also known as visual cryptography, employs two patterns, each of which cannot be recognized individually, which are overlaid to produce a recognizable image. To this end, the original image is transformed into two randomized parts or patterns, neither of which contains any perceptible image information. One of these patterns is printed on a transparency or displayed on an at least partially transparent display to act as a decryption key. When such patterns are overlaid, the patterns are combined and thus "decrypted" in the eye of the viewer.
Rather than working with transparencies which are cumbersome when larger amounts of individually encrypted images are to be viewed, it has been proposed to use a decoding (decryption) device. Two types of image decrypting devices can be distinguished: transparent and non-transparent devices.
Transparent decrypting devices essentially mimic the transparent sheets used in the Prior Art and display one pattern ("share") of the encrypted image. As the decrypting device is at least partially transparent, the other pattern of the image can be seen through the device and the two image patterns are combined in the eye of the viewer as before. The advantage of using a transparent device instead of a transparent sheet is that the device is capable of displaying a plurality of image parts rather than a single image part. Thus subsequent images can use different keys. Transparent decrypting devices advantageously use LCD (Liquid Crystal Display) screens, two such screens being overlaid to "decrypt" the encrypted image so as to reconstruct the original image. A suitable example of a transparent device in which LCD screens are employed is described in European Patent Application 02075527.8 [PHNL020121]. In the device of said European Patent Application, use is made of the polarization rotating effect of liquid crystal cells in a liquid crystal display. This allows a very convenient encrypting and decrypting of black-and-white images. European Patent
Application 02078660.4 [PHNL020804] describes a transparent decrypting device which also allows color images to be decrypted.
Non-transparent decrypting devices are capable of sensing the encrypted image, performing a decryption and displaying the decrypted image. The decryption is carried out in the device itself and the display shows the complete, decrypted image, while the encrypted image is masked by the device. An example of such a decoding device is described in European Patent Application 02079579.5 [PHNL021058]. The decoding device may use a key to decrypt the image.
An image decoding device will generally require at least one key to decrypt an image. However, to encrypt and decrypt multiple images in a cryptographically secure manner it is necessary to employ a key set of which different keys are used to decrypt subsequent images. The use of a key set does, however, introduce the problem of key set synchronization. Even when a certain key sequence is predetermined, the encryption device and the decryption device may accidentally change keys at different moments, or one of the devices may not change keys at all, resulting in a loss of key synchronization. This, in turn, will result in the decryption device not being capable of decrypting the encrypted images. It is therefore an object of the present invention to provide a method and system for establishing the synchronization of an encryption device and a decryption device in a simple yet effective manner.
It is another object of the present invention to provide a method and system for establishing the synchronization of an image encryption device and an image decryption device.
Accordingly, the present invention provides a method of synchronizing a first key set in an encryption device and a second key set in a decryption device, the method comprising the steps of: • the encryption device producing an encrypted image and an associated key identification using a key of the first key set,
• the encryption device transmitting the encrypted image and its associated key identification to a display device,
• the display device displaying the encrypted image and its associated key identification,
• the decryption device detecting the key identification,
• the decryption device decrypting the encrypted images using a key of the second key set corresponding with the detected key identification, and
• the decryption device displaying the decrypted image. That is, the encryption device uses a key of its key set to encrypt the image and produces a key identification corresponding with the key used for encrypting the image. Both the encrypted image and the key identification are transmitted to the display device which allows the decryption device to detect the key identification. The decryption device uses the key identification to identify a key of its key set and then decrypts the encrypted image using the thus identified key. It is preferred that a decryption device is used of the type having both sensing means for sensing an (encrypted) image and display means for displaying a (decrypted) image.
By transmitting a key identification with the encrypted image, it will be possible to always maintain key synchronization. Although it is possible to transmit a key identification with every encrypted image, it may not be necessary to do so. Instead, a key identification may only be transmitted periodically, for example after a certain number of encrypted images has been transmitted, or after a certain amount of time has elapsed. Alternatively, the key identification can only be transmitted upon request. It will be understood that the step of producing a key identification can be omitted when its transmission is not required.
It is possible for the key identification to be identical to the actual key. This is, however, cryptographically not secure as the key identification may be intercepted during transmission. For this reason, it is preferred that the key identification is a code associated with the key, for example a key number. It is further preferred that the key identification is a code derived from the key. This provides a degree of tamper protection.
In a preferred embodiment the key identification is a hash value. Hash values are values which can be derived from a source value such as a cryptographic key using a hash function, a type of function which is well known in the field of cryptography. Typically a hash function is a one-way function, that is, a function for which it is not feasible to determine the inverse function. As a result, the hash value of the key can be readily determined, but it is not feasible to derive the key from the hash value. In this way, interception of the key identification does not compromise the key itself. In addition, any (unauthorized) alteration of a key will result in a different hash value and will prevent the unauthorized decryption of the encrypted image.
In a particularly advantageous embodiment, the step of the decryption device detecting the key identification involves the sub-steps of: -
• the decryption device detecting the hash value and storing it as a detected hash value, • the decryption device calculating the hash values of the second key set and comparing each calculated hash value with the detected hash value until a match is found. By matching a hash value of the decryption device's key set with the detected hash value the correct key can readily be found.
It is of course possible to pre-calculate and store the hash values of the second key set in the decryption device. This requires, however, a substantial amount of memory space. It has been found that hash values can be calculated quickly and therefore it is preferred not the store the hash values.
Although the key identification can be transmitted separately, it is preferred that the key identification is part of the encrypted image. This provides both a simple transmission of the key identification and an easy detection by the decryption device. The key identification can form a sub-image of the encrypted image. This sub-image can be a symbol, a code or the like. The sub-image can also be encrypted using an additional key which is preferably the same for a series of images. In a preferred embodiment, the key identification is displayed on the display device as a bar code. A bar code can easily be recognized and read by the decryption device. Other types of codes, however, can also be used. In particular, a time multiplexed code may be used where parts of the code are sequentially displayed. These parts, in turn, may or may not be constituted by bar codes.
The images used for synchronization according to the present invention may be monochrome images or color images. Although various techniques may be used for rendering color images in visual cryptography and similar applications, the liquid crystal display techniques described in European Patent Application 02078660.4 [PHNL020804EPP] are particularly suitable.
The present invention further provides a system for synchronizing a first key set in an encryption device and a second key set in a decryption device, the system comprising:
• an encryption device for producing an encrypted image and an associated key identification using a key of the first key set and transmitting the encrypted image and the associated key identification to a display device,
• a display device for displaying the encrypted image and its associated key identification, and
• a decryption device for detecting the key identification, decrypting the encrypted image using a key of the second key set corresponding with the key identification, and displaying the decrypted image. With a system of this type, a synchronization of the keys sets can be readily achieved.
The present invention also provides a decryption device for use in a system as defined above, the device comprising sensor means for sensing an encrypted image including a key identification, key selection means for selecting a key on the basis of the sensed key identification, decryption means for decrypting a sensed encrypted image using the selected key, and display means for displaying a decrypted image.
Advantageously, the sensor means are part of an LED (Light Emitting Diode) circuit, preferably an OLED (Organic Light Emitting Diode) circuit.
The present invention will further be explained below with reference to exemplary embodiments illustrated in the accompanying drawings, in which: Fig. 1 schematically shows a cryptographic system according to the present invention.
Fig. 2 schematically shows, in cross-section, a decryptor for use in the system of Fig. 1. Fig. 3 schematically shows an example of an image used in the system and method according to the present invention.
The system shown merely by way of non-limiting example in Fig. 1 comprises a server 1, a terminal 2, a decryptor (or decoder) 3 and a communication network 4. The server 1 produces and encrypts images which are transmitted via the communication network 4 to the terminal 2. The communication network 4 may be constituted by a dedicated network such as a LAN, a telephone network (POTS), the Internet, or a simple cable or wire. Both the server 1 and the terminal 2 may be dedicated devices or may be constituted by general purpose computers with, at least in the case of terminal 2, a display screen 21. The decryptor 3 is a cryptographic device which will be discussed in more detail below. The server 1 and the decryptor 3 are both provided with at least one key set consisting of a plurality of cryptographic keys. These keys are used in a suitable cryptographic process, such as DES. The particular cryptographic process used is not essential. As shown in the exemplary embodiment of Fig. 2, the decryptor 3 is a decryption device which may include sensors 31 for sensing a displayed image, a processor 32 with an associated memory for performing cryptographic operations on the sensed image, and display elements 33 forming a display screen (34 in Fig. 1) for displaying the decrypted image. Electrical conductors or optical fibers connect the sensors 31, the processor 32 and the display elements 33. A set of cryptographic keys is stored in the processor memory. The decryptor 3 therefore is capable of sensing an encrypted image, decrypting the image, and displaying the resulting decrypted image. While the terminal 2 is a non-trusted device, the decryptor 3 is a trusted device which is preferably carried by its user and stored in a safe place when not in use. In this way the keys stored in the decryptor are not compromised. The synchronization of key sets in the system of Fig. 1 is accomplished as follows. The server (encryption device) 1 encrypts an image using a key of its key set. This image is transmitted to the terminal (display device) 2 which displays the image. As the terminal 2 is not in possession of the keys, it is not able to decrypt the encrypted image. The displayed encrypted image contains no perceptible information and may have the appearance of a random image ("snow").
The user positions her decryptor (decryption device) 3 in such a way that the decryptor can sense the image. The encrypted image schematically shown in Fig. 3 has two image portions, a first image portion 5 containing the encrypted image and a second image portion 6 containing the key identification. The decryptor 3 senses both images preferably simultaneously and is preferably arranged for determining which part of the image shown on display screen 21 is the second image portion 6. In a preferred embodiment a section of the screen 21 is assigned to the second (key identification) image portion 6 and therefore this image portion is recognized on the basis of its location.
In the example shown, the second image portion 6 contains a bar code. It is possible for the decryptor 3 to "scan" the display 21 and detect a bar code using well-known electronic image scanning techniques. In that case, it would not be necessary to assign a particular position to the second image portion. Instead of a bar code, other codes or (combination of) symbols could be used. It is further possible that such codes are recognized by the decryptor 3 using pattern recognition techniques. It is not necessary for the entire code to be displayed at a single moment and so-called time multiplexed codes may be used in which parts of the code are displayed sequentially, that is, at different moments in time. This may be accomplished by the temporary lighting up (or flashing) of certain display elements. The said parts of the code may themselves be represented by bar codes or any other suitable codes.
It is further possible to time multiplex the actual images and the key identification, that is, to show the first image 5 and the second image 6 not simultaneously but, for example, alternatingly. In the embodiment shown the decryptor 3 recognizes and decodes the bar code contained in the second image portion 6 so as to obtain the key identification or a code representing the key identification. In the preferred embodiment, the (bar) code contained in the second image portion 6 is the hash value of the key.
The decryptor 3 then tries to match this detected hash value with one of the keys of its key set by computing the hash value of a key, comparing it with the detected hash value, and continuing with the next key if the detected hash value and the calculated hash value do not match. If no match is found, an error must have occurred. If a match is found, the decryptor then uses the key concerned to decrypt the first image portion 5 and to display the resulting decrypted image. In the position of the second image portion 6 a masking area (e.g. a blank area) may be inserted by the decryptor to mask the key identification.
To allow for small read or transmission errors, it could be decided that a "match" is found even if the detected hash value and the calculated value are not identical but are sufficiently similar. This can be determined by determining a suitable maximum acceptable "distance" between the detected and the calculated value, for example using the well-known Hamming distance measure. In the preferred embodiment, however, the distance equals zero, thus requiring the said values to be equal.
In order to provide protection against any transmission errors that may cause an incorrect key identification to be displayed, the actual key identification may optionally be extended with a CRC (Cyclical Redundancy Check) value or similar check value which allows error detection.
The key sets of the server and the decryptor are effectively identical, that is, each key of the server key set, when used in the server encryption process, produces an image which can be decrypted using an associated key in the decryptor key set, when used in the decryptor decryption process. In most embodiments the server key set and the decryptor key set will be identical, but this is not necessarily the case. The relationship between the keys may be illustrated as follows:
K => KED => K'
where K is a key of the first key set, KID is the corresponding key identification, and K' is the key of the second key set identified by the key identification. On the basis of the first key K a key identification KID is produced which is used by the decryptor to identify its corresponding key K'. In most cryptographic systems K and K' will be identical.
In the above discussion it was assumed that the decryptor (decryption device) 3 displays the entire decrypted image. This is not necessarily the case and embodiments can be envisaged in which the decryptor 3 only displays part of the image to allow "visual cryptography" techniques as disclosed in e.g. European Patent Application EP 0 260 815 mentioned above. In such embodiments the decryptor 3 is at least partially transparent, one part or "share" of the image being displayed by the decryptor, the other part or "share" being displayed by the terminal display 21. A suitable example of a transparent device in which LCD screens are employed is described in European Patent Application 02075527.8 [PHNL020121]. European Patent Application 02078660.4 [PHNL020804] describes a transparent decrypting device which also allows color images to be decrypted. These transparent devices should, however, also be provided with sensors (31 in Fig. 2) or other suitable sensing means for sensing the displayed key identification.
The present invention is based upon the insight that information identifying a key can be displayed in an encrypted image, allowing this information to be detected by a decoding device. The present invention is additionally based upon the further insight that an untrusted device (i.e. the display device) can be used to provide information pertaining to keys, as the untrusted device has no knowledge of the keys themselves.
Although the present invention is in particular applicable in systems for cryptographically transferring images, such as "visual cryptography", it can also be applied in other cryptographic systems where other data items than images are cryptographically protected. It can be envisaged, for instance, that the present invention be applied in computer systems where encrypted data (files) are transferred between computers, the computer screens being used for key synchronization. It is noted that any terms used in this document should not be construed so as limit the scope of the present invention, hi particular, the words "comprise(s)" and "comprising" are not meant to exclude any elements not specifically stated. Single (circuit) elements may be substituted with multiple (circuit) elements or with their equivalents.
It will be understood by those skilled in the art that the present invention is not limited to the embodiments illustrated above and that many modifications and additions may be made without departing from the scope of the invention as defined in the appending claims.

Claims

CLAIMS:
1. A method of synchronizing a first key set in an encryption device and a second key set in a decryption device, the method comprising the steps of:
• the encryption device producing an encrypted image and an associated key identification using a key of the first key set, • the encryption device transmitting the encrypted image and its associated key identification to a display device,
• the display device displaying the encrypted image and its associated key identification,
• the decryption device detecting the key identification, • the decryption device decrypting the encrypted images using a key of the second key set corresponding with the detected key identification, and
• the decryption device displaying the decrypted image.
2. The method according to claim 1, wherein the key identification is a code derived from the key.
3. The method according to claim 2, wherein the key identification is a hash value.
4. The method according to claim 3, wherein the step of the decryption device detecting the key identification involves the sub-steps of:
• the decryption device detecting the hash value and storing it as a detected hash value,
• the decryption device calculating the hash values of the second key set and comparing each calculated hash value with the detected hash value until a match is found.
5. The method according to claim 1, wherein the key identification is part of the encrypted image.
6. The method according to claim 5, wherein the key identification is displayed on the display device as a bar code and/or a time multiplexed code.
7. A system for synchronizing a first key set in an encryption device and a second key set in a decryption device, the system comprising:
• an encryption device for producing an encrypted image and an associated key identification using a key of the first key set and transmitting the encrypted image and the associated key identification to a display device,
• a display device for displaying the encrypted image and its associated key identification, and
• a decryption device for detecting the key identification, decrypting the encrypted image using a key of the second key set corresponding with the key identification, and displaying the decrypted image.
8. The system according to claim 7, wherein the key identification is a code derived from the key.
9. The system according to claim 8, wherein the key identification is a hash value.
10. The system according to claim 9, wherein the decryption device detects the key identification by:
• detecting the hash value and storing it as a detected hash value, and
• calculating the hash values of the second key set and comparing each calculated hash value with the detected hash value until a match is found.
11. The system according to claim 7, wherein the key identification is part of the encrypted image.
12. The system according to claim 7, wherein the key identification is displayed on the display device as a bar code and/or a time multiplexed code.
13. A decryption device for use in a system according to any of claims 7-12, the device comprising sensor means for sensing an encrypted image and a key identification, key selection means for selecting a key on the basis of the sensed key identification, decryption means for decrypting a sensed encrypted image using the selected key, and display means for displaying a decrypted image.
14. The decryption device according to claim 13, wherein the sensor means are constituted by photo diodes.
15. The decryption device according to claim 14, wherein the sensor means are part of an LED circuit, preferably an OLED circuit.
PCT/IB2003/005236 2002-12-18 2003-11-17 Key synchronization in a visual cryptographic system WO2004055757A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US10/539,359 US20060210080A1 (en) 2003-11-17 2003-11-17 Key synchronization in a visual cryptographic system
AU2003276597A AU2003276597A1 (en) 2002-12-18 2003-11-17 Key synchronization in a visual cryptographic system
EP03813209A EP1576567A1 (en) 2002-12-18 2003-11-17 Key synchronization in a visual cryptographic system
JP2004559984A JP2006511114A (en) 2002-12-18 2003-11-17 Key synchronization in visual cryptosystems

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP02080388 2002-12-18
EP02080388.8 2002-12-18

Publications (1)

Publication Number Publication Date
WO2004055757A1 true WO2004055757A1 (en) 2004-07-01

Family

ID=32524053

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2003/005236 WO2004055757A1 (en) 2002-12-18 2003-11-17 Key synchronization in a visual cryptographic system

Country Status (6)

Country Link
EP (1) EP1576567A1 (en)
JP (1) JP2006511114A (en)
KR (1) KR20050091732A (en)
CN (1) CN1729495A (en)
AU (1) AU2003276597A1 (en)
WO (1) WO2004055757A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011057983A1 (en) * 2009-11-12 2011-05-19 Sagem Orga Gmbh A method of assigning a secret to a security token, a method of operating a security token, storage medium and security token
US8130794B2 (en) 2005-06-27 2012-03-06 Hitachi, Ltd. Video signal transmission device, video signal transmission and receiving system, and video processing system, that transmit/receive over a clock line
US8218771B2 (en) 2007-04-05 2012-07-10 Fuji Xerox Co., Ltd. Information processing apparatus and computer readable medium
US20150278807A1 (en) * 2014-03-28 2015-10-01 Samsung Eletrônica da Amazônia Ltda. Method for authentication of mobile transactions using video encryption and method for video encryption
EP3664364A4 (en) * 2017-08-02 2021-04-21 Nippon Telegraph And Telephone Corporation Encrypted communication device, encrypted communication system, encrypted communication method, and program

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI430217B (en) * 2011-08-08 2014-03-11 Ind Tech Res Inst Verification methods and systems
CN102289869A (en) * 2011-08-30 2011-12-21 华南理工大学 Credit card antitheft method based on image sharing and system thereof
CN103873885A (en) * 2012-12-10 2014-06-18 鸿富锦精密工业(深圳)有限公司 Streaming media sharing request system and streaming media supplying system, and methods thereof
CN109727294A (en) * 2018-05-28 2019-05-07 成都信息工程大学 A kind of thresholding visual cryptography Matrix Construction Method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5185796A (en) * 1991-05-30 1993-02-09 Motorola, Inc. Encryption synchronization combined with encryption key identification
JPH05323267A (en) * 1992-05-26 1993-12-07 Toshiba Corp Liquid crystal display device
WO2000057595A1 (en) * 1999-03-22 2000-09-28 Kent Ridge Digital Labs Method and apparatus for encrypting and decrypting data
FR2806230A1 (en) * 2000-03-09 2001-09-14 France Telecom Public cybercafe area confidential document reader having stored graphically coded digital words with graphical key optical decoder activated allowing user screen viewing.
US20020120838A1 (en) * 2000-12-29 2002-08-29 Barbir Abdulkader Data encryption using stateless confusion generators

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5185796A (en) * 1991-05-30 1993-02-09 Motorola, Inc. Encryption synchronization combined with encryption key identification
JPH05323267A (en) * 1992-05-26 1993-12-07 Toshiba Corp Liquid crystal display device
WO2000057595A1 (en) * 1999-03-22 2000-09-28 Kent Ridge Digital Labs Method and apparatus for encrypting and decrypting data
FR2806230A1 (en) * 2000-03-09 2001-09-14 France Telecom Public cybercafe area confidential document reader having stored graphically coded digital words with graphical key optical decoder activated allowing user screen viewing.
US20020120838A1 (en) * 2000-12-29 2002-08-29 Barbir Abdulkader Data encryption using stateless confusion generators

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
MENEZES ET AL: "Handbook of applied cryptography", HANDBOOK OF APPLIED CRYPTOGRAPHY, XX, XX, PAGE(S) 191-195,223-233, XP002224945 *
NAOR M ET AL: "Visual cryptography", ADVANCES IN CRYPTOLOGY. EUROCRYPT, XX, XX, 12 May 1994 (1994-05-12), pages 1 - 12, XP002205767 *
PATENT ABSTRACTS OF JAPAN vol. 018, no. 146 (P - 1707) 10 March 1994 (1994-03-10) *
SCHNEIER B: "Applied Cryptography;Protocols, Algorithms, and Source Code in C", APPLIED CRYPTOGRAPHY. PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C, NEW YORK, NY: JOHN WILEY & SONS, US, PAGE(S) 15,17,237,461-462, ISBN: 0-471-11709-9, XP002118740 *
SCHNEIER BRUCE: "Applied Cryptography Second Edition: protocols, algorithms, and source code in C", APPLIED CRYPTOGRAPHY. PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C, NEW YORK, JOHN WILEY & SONS, US, PAGE(S) 202-203, ISBN: 0-471-11709-9, XP002104588 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11297375B2 (en) 2005-06-27 2022-04-05 Maxell, Ltd. Video processing system for demultiplexing received compressed and non-compressed video signals and transmitting demultiplexed signals
US8130794B2 (en) 2005-06-27 2012-03-06 Hitachi, Ltd. Video signal transmission device, video signal transmission and receiving system, and video processing system, that transmit/receive over a clock line
US11863812B2 (en) 2005-06-27 2024-01-02 Maxell, Ltd. Video processing system for demultiplexing received compressed and non-compressed video signals and transmitting demultiplexed signals
US9392321B2 (en) 2005-06-27 2016-07-12 Hitachi Maxell, Ltd. Video processing system for demultiplexing received compressed and non-compressed video signals and transmitting demultiplexed signals
US9686578B2 (en) 2005-06-27 2017-06-20 Hitachi Maxell, Ltd. Video processing system for demultiplexing received compressed and non-compressed video signals and transmitting demultiplexed signals
US9906828B2 (en) 2005-06-27 2018-02-27 Hitachi Maxell, Ltd. Video processing system for demultiplexing received compressed and non-compressed video signals and transmitting demultiplexed signals
US9942596B2 (en) 2005-06-27 2018-04-10 Hitachi Maxell, Ltd. Video processing system for demultiplexing received compressed and non- compressed video signals and transmitting demultiplexed signals
US10750227B2 (en) 2005-06-27 2020-08-18 Maxell, Ltd. Video processing system for demultiplexing received compressed and non-compressed video signals and transmitting demultiplexed signals
US8218771B2 (en) 2007-04-05 2012-07-10 Fuji Xerox Co., Ltd. Information processing apparatus and computer readable medium
CN102640450A (en) * 2009-11-12 2012-08-15 莫弗卡片股份有限公司 A method of assigning a secret to a security token, a method of operating a security token, storage medium and security token
AU2010318058B2 (en) * 2009-11-12 2015-07-23 Morpho Cards Gmbh A method of assigning a secret to a security token, a method of operating a security token, storage medium and security token
WO2011057983A1 (en) * 2009-11-12 2011-05-19 Sagem Orga Gmbh A method of assigning a secret to a security token, a method of operating a security token, storage medium and security token
US9811828B2 (en) * 2014-03-28 2017-11-07 Samsung Electrônica da Amazônia Ltda. Method for authentication of mobile transactions using video encryption and method for video encryption
US20150278807A1 (en) * 2014-03-28 2015-10-01 Samsung Eletrônica da Amazônia Ltda. Method for authentication of mobile transactions using video encryption and method for video encryption
EP3664364A4 (en) * 2017-08-02 2021-04-21 Nippon Telegraph And Telephone Corporation Encrypted communication device, encrypted communication system, encrypted communication method, and program
US11388001B2 (en) 2017-08-02 2022-07-12 Nippon Telegraph And Telephone Corporation Encrypted communication device, encrypted communication system, encrypted communication method, and program

Also Published As

Publication number Publication date
CN1729495A (en) 2006-02-01
KR20050091732A (en) 2005-09-15
AU2003276597A1 (en) 2004-07-09
JP2006511114A (en) 2006-03-30
EP1576567A1 (en) 2005-09-21

Similar Documents

Publication Publication Date Title
EP1472584B1 (en) Secure data input dialogue using visual cryptography
US20090067627A1 (en) Method and System for Transmitting Data From a First Data Processing Device to a Second Data Processing Device
US20060210080A1 (en) Key synchronization in a visual cryptographic system
US20050117748A1 (en) Secure visual message communication method and device
MXPA04001193A (en) Optical out-of-band key distribution.
WO1998034403A1 (en) Apparatus and method for securing captured data transmitted between two sources
KR101608184B1 (en) Authentication server, authentication system, authentication method, and program
EP1166547A1 (en) Invisible encoding of meta-information
US20060026428A1 (en) Key synchronization in an image cryptographic systems
US20060098841A1 (en) Method and system for enabling remote message composition
WO2004055757A1 (en) Key synchronization in a visual cryptographic system
JP2007287003A (en) Magnetic card reading system
US7916863B2 (en) Security printing method and system for enhancing security printing
US20050180569A1 (en) Tamper-resistant visual encryption method and device
CN102118311B (en) Data transmission method
JP2006304199A (en) Host computer, printer, method for controlling host computer and printer, computer program, and storage medium
KR20010092752A (en) Video signal authentication system
Bowers et al. Drifting keys: Impersonation detection for constrained devices
JP2011097192A (en) Encrypted message transmission device, program, encrypted message transmission method, and authentication system
CN116644458B (en) Electronic system information security protection system
US7327845B1 (en) Transmission of encrypted messages between a transmitter and a receiver utilizing a one-time cryptographic pad
Cheng A Novel Rubbing Encryption Algorithm and the Implementation of a Web Based One-Time Password Token
Wang et al. Log-in authentication based on locating centers of a triangle
JP2010135950A (en) Device and method for encryption processing
WO2004040903A1 (en) Image decryption device and method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2003813209

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 10539359

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2004559984

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 1020057011207

Country of ref document: KR

Ref document number: 20038A66398

Country of ref document: CN

WWP Wipo information: published in national office

Ref document number: 1020057011207

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2003813209

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 10539359

Country of ref document: US

WWW Wipo information: withdrawn in national office

Ref document number: 2003813209

Country of ref document: EP