ITU-T T.807 (V2) (02/2023) Information technology – JPEG 2000 image coding system: Secure JPEG 2000
Summary
FOREWORD
CONTENTS
Introduction
1 Scope
2 Normative references
3 Definitions
4 Symbols and abbreviations
5 JPSEC syntax
     5.1 JPSEC framework overview
     5.2 JPSEC security services
     5.3 Comments on design and implementation of secure JPSEC systems
     5.4 Byte aligned segment (BAS)
          5.4.1 Byte aligned segment
          5.4.2 Field BAS (FBAS)
          5.4.3 Range BAS (RBAS)
     5.5 Main security marker (SEC)
          5.5.1 Security marker segments
          5.5.2 Application of multiple JPSEC tools
     5.6 JPSEC tools
          5.6.1 JPSEC tool syntax
          5.6.2 JPSEC normative tool
          5.6.3 JPSEC non-normative tool
     5.7 Zone of Influence (ZOI) syntax
          5.7.1 Introduction
          5.7.2 ZOI syntax
          5.7.3 Zone syntax
               5.7.3.1 Byte range fields
               5.7.3.2 Distortion field and relative importance field
                    5.7.3.2.1 One-byte distortion field
                    5.7.3.2.2 Two-byte distortion field
                    5.7.3.2.3 Relative importance field
                    5.7.3.2.4 Additional comments on distortion field and relative importance field
                    5.7.3.2.5 Joint use of distortion field and relative importance field
               5.7.3.3 Bit-rate field
          5.7.4 Relationship between multiple parameters
               5.7.4.1 Global
               5.7.4.2 Examples
          5.7.5 Protecting any data that follows the SEC marker
          5.7.6 Zone description parameter syntax (Pzoi)
     5.8 Protection method template syntax (T)
          5.8.1 General
          5.8.2 Decryption template (T = Tdecry, if Ttype = 0 and ID = 1)
               5.8.2.1 Block cipher template (CPdecry for block ciphers)
               5.8.2.2 Stream cipher template (CPdecry for stream ciphers)
               5.8.2.3 Asymmetric cipher template (CPdecry for asymmetric ciphers)
          5.8.3 Authentication template (T = Tauth, if Ttype = 0 and ID = 2)
               5.8.3.1 Hash-based authentication (Pauth for hash-based MAC)
               5.8.3.2 Cipher-based authentication template (Pauth for cipher-based MAC)
               5.8.3.3 Digital signature template (Pauth for digital signatures)
          5.8.4 Hash template (T = Thash, if Ttype = 0 and ID = 3)
          5.8.5 Key information template (KT)
          5.8.5.1 ITU-T X.509 certificate template
     5.9 Processing domain syntax (PD)
     5.10 Granularity syntax (G)
     5.11 Value list syntax (V)
     5.12 Relationships among ZOI, Granularity (G) and Value List (VL)
     5.13 In-codestream security marker (INSEC)
6 Normative-syntax usage examples (informative)
     6.1 ZOI examples
          6.1.1 Example 1
          6.1.2 Example 2
          6.1.3 Example 3
          6.1.4 Example 4
          6.1.5 Example 5
          6.1.6 Example 6
     6.2 Key information template examples
          6.2.1 Example 1
          6.2.2 Example 2
          6.2.3 Example 3
          6.2.4 Example 4
     6.3 JPSEC normative tool examples
          6.3.1 Example 1
          6.3.2 Example 2
     6.4 Distortion field examples
          6.4.1 Example 1
          6.4.2 Example 2
Annex A  Guidelines and use cases
     A.1 A class of JPSEC applications
          A.1.1 Introduction
          A.1.2 Overview of a secure JPEG 2000 image distribution
               Step 1: JPSEC codestream creation
               Step 2: JPSEC codestream delivery
               Step 3: JPSEC codestream consumption rendering
          A.1.3 Encryption end description procedure
          A.1.4 Signature generation and authentication procedure
          A.1.5 Integrity check value (ICV) generation and integrity check procedure
Annex B  Interoperability
     B.1 Rec. ITU-T T.800 | ISO/IEC 15444-1 – Core coding system
     B.2 Rec. ITU-T T.808 | ISO/IEC 15444-9 – JPIP
          B.2.1 General relationship between JPIP and JPSEC
          B.2.2 Specific issues on interactivity between JPIP and JPSEC
          B.2.3 Summary
     B.3 Rec. ITU-T T.810 | ISO/IEC 15444-11 – JPWL
          B.3.1 General relationship between JPWL and JPSEC
          B.3.2 Specific issues on interoperability between JPWL and JPSEC
Annex C  File format security
     C.1 Scope
     C.2 Introduction
          C.2.1 Security protection at file format level
          C.2.2 Item-based protection
          C.2.3 Sample-based protection of scalable media
     C.3 Extension to ISO base media file format
          C.3.1 Overview
          C.3.2 Incorporate JPSEC codestream into ISO-driven file format
          C.3.3 Protected file format brand
          C.3.4 Summary of boxes used
          C.3.5 Decryption scheme
          C.3.6 Authentication scheme
          C.3.7 ItemDescriptionBox
          C.3.8 ScalableSampleDescriptionEntry Box
          C.3.9 ScalableSampleGroupEntry Box
          C.3.10 Generic Protected Box
               C.3.10.1 Definition
               C.3.10.2 Syntax
               C.3.10.3 Semantics
     C.4 Elementary stream and sample definitions
          C.4.1 Overview
          C.4.2 In-stream structures
     C.5 Protection at file format level
          C.5.1 Overview
          C.5.2 Item-based protection for ISO base file format and JPEG family file formats
          C.5.3 Additional requirements for item-based protection for JPEG family file formats
          C.5.4 Sample-based protection
     C.6 Examples (Informative)
          C.6.1 Example 1
          C.6.2 Example 2
               C.6.2.1 Transcoding to resolution 1
          C.6.3 Example 3
               C.6.3.1 Transcoding to resolution 1
          C.6.4 Example 4
          C.6.4.1 Transcoding to layer 1
          C.6.5 Example 5
               C.6.5.1 Example 5: Transcoding to shorter time length
          C.6.6 Example 6
          C.6.7 Example 7
          C.6.8 Example 8
     C.7 Boxes defined in ISO/IEC 14496-12 (informative)
Annex D  Technology examples
     D.1 Introduction
     D.2 A flexible access control scheme for JPEG 2000 codestreams
          D.2.1 Security service
          D.2.2 Typical application
          D.2.3 Motivation
          D.2.4 Technical overview
          D.2.5 Codestream syntax
          D.2.6 Conclusion
     D.3 A unified authentication framework for JPEG 2000 images
          D.3.1 Operational description
          D.3.2 Technical overview
          D.3.3 Conclusions
     D.4 A simple packet-based encryption method for JPEG 2000 codestreams
          D.4.1 Operational description
          D.4.2 Technical overview
               D.4.2.1 Signalling example
          D.4.3 Conclusion
     D.5 Encryption tool for JPEG 2000 access control
          D.5.1 Security services addressed
          D.5.2 Typical applications
          D.5.3 Potential users, implementation model and motivations
          D.5.4 Technical overview
          D.5.5 Signalling method
          D.5.6 Conclusion
     D.6 Key generation tool for JPEG 2000 access control
          D.6.1 Security services addressed
          D.6.2 Typical applications
          D.6.3 Potential users, implementation model and motivations
          D.6.4 Technical overview
          D.6.5 Signalling method
          D.6.6 Conclusion
     D.7 Wavelet and bitstream domain scrambling for conditional access control
          D.7.1 Summary
          D.7.2 Technical overview
          D.7.3 Codestream syntax
               D.7.3.1 Syntax for SEC marker segment
               D.7.3.2 Syntax for INSEC marker segment
          D.7.4 Conclusions
     D.8 Progressive access for JPEG 2000 codestream
          D.8.1 Security services addressed
          D.8.2 Typical applications
          D.8.3 Potential users, implementation model and motivations
          D.8.4 Technical overview
          D.8.5 Signalling method
          D.8.6 Conclusion
     D.9 Scalable authenticity of JPEG 2000 codestreams
          D.9.1 Security service
          D.9.2 Typical application
          D.9.3 Motivation
          D.9.4 Technical overview
               D.9.4.1 Signing module
               D.9.4.2 Transcoding module
               D.9.4.3 Verifying module
          D.9.5 Codestream syntax
          D.9.6 Conclusion
     D.10 JPEG 2000 data confidentiality and access control system based on data splitting and luring
          D.10.1 Operational description
               D.10.1.1 Security services addressed
               D.10.1.2 Typical applications
               D.10.1.3 Potential users, implementation model and motivations
          D.10.2 Technical overview
     D.11 Secure scalable streaming and secure transcoding
          D.11.1 Summary and motivation
          D.11.2 Operational description and two example usages
          D.11.3 Codestream syntax
          D.11.4 Conclusions
Bibliography