A huge number of images compressed by JPEG (ISO/IEC 10918-1:1994) are distributed in the Internet. The photos are shared with many people without any protection for personal information. In recent years, social networks and cloud computing are accelerating the sharing of JPEG images. In addition many portable devices have communication functions that allow for the immediate distribution of photos after capturing them. In combination with for example the potentially included GPS information in the file format, the photo might expose privacy information to the world. In order to avoid such undesirable situations, encryption methodologies should - entirely and partially - protect image and metadata in JPEG files.

In this context the JPEG committee already developed a standard, JPSEC (ISO/IEC 15444-8), being part 8 of the JPEG 2000 specification, which is standardizing tools and solutions in terms of specifications in order to ensure the security of transaction, protection of contents (IPR), and protection of technologies (IP), and to allow applications to generate, consume, and exchange JPEG 2000 Secured bitstreams. Current applications addressed by JPSEC include the following examples, to mention a few:

• Encryption: JPSEC provides a flexible mechanism to allow for encryption of image content and metadata. This includes partial encryption of the latter, or encryption with different strengths.
• Source authentication: JPSEC allows for verification of authenticity of the source.
• Data integrity: JPSEC allows for data integrity verification. This includes semi-robust integrity verification, as well as mechanisms to optionally identify locations in the image content where the integrity is put into question.
• Conditional access: JPSEC allows for conditional access to portions of an image or its associated metadata. For instance, a user could be allowed to view a low resolution (preview) of an image without being able to visualize a higher resolution.
• Ownership protection: JPSEC allows for protection of the content owner rights (copyright).

This includes ownership identification mechanisms robust to malicious attacks and non-malicious processing of the JPEG 2000 bitstream and/or the image it represent.

The underlying techniques to protect the content include digital signatures, watermarking, encryption, scrambling, and key generation and management. These techniques are enabled in JPSEC by means of a registration authority. More specifically, all techniques have to be previously registered in a central repository, the registration authority, which uniquely identifies these techniques.

In the context of the JPEG Systems activity, the JPEG committee wants to extend and expand JPSEC technologies to its other compression standards such as JPEG and JPEG XR, particularly taking care that back- and forward compatibility is not broken and hence legacy codecs and applications are supported.

JPEG Privacy will support various applications such as Protection of Exif metadata, Access control list (ACL), Recursive protection by applying of various encryption tools, and Partial protection of images.

WG1 requests that all parties that are interested in this topic attend to the next WG1 meeting (61st Incheon) and join the discussion to improve Use case scenario and Requirements. Alternatively, they are invited to send a corresponding text document to Takaaki Ishikawa (takaxp at ieee.org) till 5 Apr. 2013, such that it can be considered by WG1 during the 61st meeting.