DE102021129600A1 - Computer-implemented method and system for transmission and limited manipulation of digitally signed images - Google Patents

Abstract

A computer-implemented method for the transmission and limited processing of digitally signed images while ensuring the authenticity of the images is specified, having the following steps: receiving a digitally signed original image A' from a recording device 10; Transmission of the digitally signed original image A' to a cloud memory 20 in a cloud 100; Providing the digitally signed original image A' to a front end 40 in the cloud 100 for generating a forwarded image B from the digitally signed original image A' by executing predetermined image processing operations; digitally signing the relay image B in the cloud 100; Providing the digitally signed forwarding image B' for a user-side download from the cloud 100. Furthermore, a corresponding system for the transmission and limited processing of digitally signed images while ensuring the authenticity of the images is specified.

Description

The invention relates to a computer-implemented method for the transmission and limited processing of digitally signed images while ensuring the authenticity of the images according to the subject matter of claim 1, and a corresponding computer-readable storage medium according to the subject matter of claim 8 and a system according to the subject matter of claim 9.

As long as photography has existed, images have been manipulated. Even in analog photography, attempts were made to make changes to the images, especially during the development and copying process. With the appearance of digital photography and the increasing possibilities of digital image processing, the questions of image manipulation are increasingly coming to the fore and new techniques of artificial intelligence increase these possibilities enormously.

As long as an image is manipulated from an artistic point of view or to optimize the image, it is up to the photographer or the user of the image to decide whether this image processing is desired or accepted.

• - Bilder für gerichtsfeste Nutzung / Gutachten,
• - Sicherung der Urheberschaft von Bildern für eine Veröffentlichung oder einen Verkauf, oder
• - Bilder für hoheitliche Dokumente.

A completely different situation arises, however, when authentic images are required for which image processing after taking them is not allowed or only to a limited extent. Ensuring the authenticity of images can be desirable or required in the following areas, for example:

• - Images for court-proof use / reports,
• - Securing the authorship of images for publication or sale, or
• - Images for official documents.

The addition, extraction or replacement of people or objects in an image is to be regarded as a particularly critical image manipulation that must be prevented. In this context, so-called deepfakes have emerged in recent years, which are media content manipulated with the help of artificial intelligence that appear particularly realistic to the human eye.

Existing solutions for ensuring the authenticity of the images, such as digital watermarks, the use of metadata or the encryption of images, are problematic in several respects. Pure encryption of images cannot prevent image manipulation, since image manipulations can generally be carried out on the ciphertext itself, i.e. on the encrypted image file.

Digital signature methods are known from cryptography to ensure the authenticity and integrity (i.e. integrity) of data. Digital signature methods are based on the concept of asymmetric encryption, in which each participant has a public key and an associated private key. While the private key may only be known to its respective owner, the public key is communicated to the public or to any other participant. To digitally sign a document, the sender of the document uses their private key to create a document-specific value called the document's digital signature. The document can then be transmitted or made available together with the digital signature. Anyone who knows the sender's public key can now verify the authenticity and integrity of the document. To do this, it creates a comparison value from the document and the sender's public key in accordance with the underlying signature process and compares this with the digital signature. If the document has been manipulated in the meantime, the comparison value does not match the signature.

With the concept of digital signatures, it is in principle possible to uncover manipulation of image data after the time of a first signature. It would therefore make sense for the image data to be digitally signed immediately after it was recorded. However, the authenticity of images is often not to be determined once, but rather to be ensured over the duration of a certain work process (hereinafter referred to as workflow). The workflow begins with the transfer of an image from a capture device's memory and ends with the delivery of the image to the intended user.

A special challenge also arises when certain image processing operations have to be carried out during the workflow. For example, when taking a picture for an insurance report, it may be necessary to adjust the brightness of the picture to a certain extent in order to subsequently optimize the lighting conditions at the location where the picture was taken. Replacing an image area in the recording should be avoided under all circumstances, as this can remove a relevant detail. Such impermissible image manipulations must therefore be distinguished from permitted image processing operations. In addition, the problem arises that even permitted image manipulations change the image data, so that a previously created digital signature becomes invalid.

In this respect, the invention is based on the object of specifying an improved computer-implemented method and a system for transmitting images while ensuring the authenticity of the images. In particular, an improved possibility for the transmission of images without media discontinuity and without manipulation is to be specified, which nevertheless allows limited processing of the images during a workflow specified within the framework of the transmission.

This object is achieved by a computer-implemented method according to patent claim 1, by a computer-readable storage medium according to patent claim 8 and by a system according to patent claim 9. Further advantageous developments of embodiments result from the dependent claims.

• - Empfangen eines digital signierten Originalbildes von einem Aufnahmegerät;
• - Übertragen des digital signierten Originalbildes an einen Cloudspeicher in einer Cloud;
• - Bereitstellen des digital signierten Originalbildes an einem Frontend in der Cloud zur Erzeugung eines Weitergabebildes aus dem digital signierten Originalbild mittels Ausführung vorgegebener Bildbearbeitungsoperationen;
• - Digitales Signieren des Weitergabebildes in der Cloud;
• - Bereitstellen des digital signierten Weitergabebildes für einen nutzerseitigen Download aus der Cloud.

In particular, the object is achieved by a computer-implemented method for the transmission and limited processing of digitally signed images while ensuring the authenticity of the images, which has the following steps:

• - receiving a digitally signed original image from a recording device;
• - transferring the digitally signed original image to cloud storage in a cloud;
• - Providing the digitally signed original image at a front end in the cloud to generate a transfer image from the digitally signed original image by executing predetermined image processing operations;
• - Digitally sign the share image in the cloud;
• - Provision of the digitally signed transfer image for a user-side download from the cloud.

An essential aspect of the invention is that an original image, which is to be transmitted and processed by the method, is received by a recording device already digitally signed. This ensures the authenticity of the original image received. The recording device can be, for example, a digital camera with an integrated or external hardware security module that digitally signs the recorded image. For this purpose, the manufacturer can provide the hardware security module with a pair of private and public keys. Alternatively, the recording device can be configured with a predefined pair of keys.

The original image digitally signed in this way is then transferred to cloud storage in a cloud. In this case, the digital signature of the original image can be checked in order to ensure the authenticity of the transmitted original image.

An essential aspect of the process is that the digitally signed original image is made available at a front end in the cloud. The frontend allows the execution of predefined image processing operations, which are image processing operations that are enabled for the respective image. By performing at least some of these predetermined image processing operations, a relay image results from the digitally signed original image.

The image processing operations are defined in such a way that they do not allow any manipulation of the image that could affect the authenticity of the image after the processing has been carried out. Because the image processing operations can be specified on the cloud side and the original image is processed exclusively in the cloud, the authenticity of the processed image can be ensured throughout the entire processing process. The user who uses the frontend for image processing never has access to the (pixel-based) basic information of the original image, but the original image can only be processed within the framework of predetermined, preferably parameter-based, image processing operations.

Since the forwarding image has different image data than the digitally signed original image as a result of the image processing operations carried out, the digital signature of the original image is invalid in relation to the forwarding image. For this reason, the method described above provides for the creation of a digital signature of the transfer image in the cloud.

Finally, the digitally signed release image is made available for user download from the cloud. Finally, based on the digital signature of the forwarding image, it can be verified that the forwarding image provided from the cloud has not been manipulated.

The method described thus ensures the authenticity of an original image throughout the entire workflow, with the possibility of limited image processing, i.e. within the framework of the specified image processing operations, being given.

In a preferred embodiment, the digitally signed original image has no image manipulations compared to a corresponding first recording that is created by the recording device. This ensures that the recording device does not carry out any image manipulations between the storage of the first recording in a memory of the recording device and the signing of this image file. In other words, it ensures that the digitally signed original image itself is authentic.

It should also be noted that all image manipulations during the workflow, in particular image manipulation of the digitally signed original image up to provision at the frontend or image manipulation of the digitally signed transfer image after download from the cloud, invalidate the respective digital signatures. In this way, the authenticity of the images can be ensured throughout the entire workflow.

• - die Authentizität des öffentlichen Schlüssels, der zur Signatur des digital signierten Originalbildes verwendet wird, durch ein erstes digitales Zertifikat bestätigt; und/oder
• - die Authentizität des öffentlichen Schlüssels, der zur Signatur des digital signierten Weitergabebildes verwendeten wird, durch ein zweites digitales Zertifikat bestätigt.

In one embodiment of the method

• - confirms the authenticity of the public key used to sign the digitally signed original image by a first digital certificate; and or
• - the authenticity of the public key used to sign the digitally signed distribution image is confirmed by a second digital certificate.

The first digital certificate and/or the second digital certificate are/is preferably issued within a public key infrastructure.

According to this embodiment, another reasonable basic assumption for the trustworthiness of the issued digital signatures is ensured, namely the authenticity of the public key. In this context, the authenticity of a public key can be understood to mean that it is actually assigned to the trustworthy sender (e.g. the recording device or the institution that operates the system according to the invention). Likewise, the associated private key should only be known to the same sender. In practice, such proof of the binding of a public key to an entity is provided by a digital certificate. In a public key infrastructure, such digital certificates can be efficiently and securely issued, checked and managed by concatenating digital certificates.

According to a possible preferred embodiment, the predefined image processing operations can include a brightness adjustment, a contrast adjustment and/or a selection of an image section. If, for example, there are formal specifications for the transfer image for further use (e.g. sufficient brightness, sufficient contrast and/or a specified aspect ratio), these image processing operations allow the original image to be adapted to these specifications. At the same time, it is not possible to perform unwanted image manipulations (e.g. exchanging an image section). The image processing operations mentioned allow the original image to be optimized without influencing its information content. In addition, the image processing operations mentioned can be recorded by specifying fewer processing parameters or (image processing) instructions, so that the actual image processing can take place within the secure cloud.

• - Bereitstellen einer Originalbildkopie an dem Frontend;
• - Erfassen von Instruktionen zur Bildbearbeitung;
• - Erzeugen des Weitergabebildes durch Ausführen derjenigen Instruktionen, die zu den vorgegebenen Bildbearbeitungsoperationen gehören, an dem digital signierten Originalbild in der Cloud.

In a further embodiment, providing the digitally signed original image to the front end in the cloud includes the following steps:

• - providing an original image copy to the frontend;
• - Capture instructions for image processing;
• - Generate the relay image by executing those instructions pertaining to the specified image processing operations on the digitally signed original image in the cloud.

In this embodiment, the digitally signed original image is provided in the form of an original image copy at the front end. In particular, the original image copy itself does not have to be digitally signed and can have a reduced image resolution and/or image quality and/or be marked as an original image copy. The copy of the original image is used in the frontend as a preview image for image processing, without the image data of the digitally signed original image having to be transferred to the frontend itself. During processing, instructions are recorded that correspond to the image processing that the user carries out via the frontend. Finally, the relayed image can be generated in the cloud by executing those instructions on the digitally signed original image that pertain to the specified image processing operations. This means that the image processing entered by the user via the frontend is not used without being checked, but only those instructions that correspond to the specified image processing operations are carried out.

This embodiment offers the advantage that the image data of the digitally signed original image itself does not have to be transmitted to the front end.

Instead, after the user input is complete, only the instructions recorded in the frontend are transferred to the cloud, where the Wei output image can be constructed from the digitally signed original image and the captured instructions. This allows the original image to be protected from unwanted, unauthorized editing by external users. It can thus be ensured that the original image is only subjected to specified image processing that is classified as harmless for the authenticity of the image content. In addition, the procedure of working with an original image copy instead of the original image in the frontend enables fast and data-efficient processing, especially if the original image copy has a reduced image resolution. This results in further advantages, especially with a slow and/or data volume-limited Internet connection.

• - Protokollieren der ausgeführten Bildbearbeitungsoperationen zur Erstellung eines Bearbeitungsprotokolls; und
• - Ablegen des Bearbeitungsprotokolls im Cloudspeicher.

In a further embodiment, a method further comprises the following steps:

• - logging of the executed image processing operations to create a processing log; and
• - Storage of the processing log in cloud storage.

In particular, in addition to a list of the image processing operations carried out and their parameters, the processing log can contain further information, in particular the time of processing and an identifier of the executing user. By creating the processing log and storing the same in cloud storage, relevant details of the image processing carried out can be easily traced at a later point in time.

According to a further embodiment, it can be provided that a common token for identification is assigned to the digitally signed original image and the digitally signed forwarded image. Such a token can include a unique identifier for the original image and the associated forwarding image, which in particular simplifies the provision of the digitally signed forwarding image for download from the cloud. Such a token can also be used as a reference in a processing log according to the embodiment described above.

The object of the invention is further achieved by a computer-readable storage medium according to the subject matter of claim 8. This contains instructions which cause at least one processor to implement a method as described above when the instructions are executed by the at least one processor.

It should be pointed out that features of the method according to the invention can be transferred to the computer-readable storage medium according to the invention (and vice versa).

• - einem Cloudspeicher;
• - einem Zertifikatsserver; und
• - einem Frontend.

In addition, the object is achieved by a system for the transmission and limited processing of digitally signed images while ensuring the authenticity of the images according to the subject matter of claim 9. The system preferably uses a method as described above for this purpose. The system includes a cloud with

• - a cloud storage;
• - a certificate server; and
• - a front end.

The cloud memory is designed to receive an original image with a first digital signature from a recording device and to store this, preferably together with associated processing protocols and/or tokens. The front end is designed to provide the digitally signed original image for generating a forwarding image from the digitally signed original image by executing specified image processing operations. The certificate server is designed to check the first digital signature and to create a second digital signature for the forwarding image to generate a digitally signed forwarding image.

Thus, the system described is designed overall to implement a computer-implemented method for the transmission and limited processing of digitally signed images as described above. Similar advantages result as have already been described in connection with the methods according to the invention.

In one embodiment of the system, the cloud has a computing device that is designed to carry out one or more steps of a method as described above. This embodiment has the advantage that critical method steps can be performed on hardware that is part of the cloud environment. In this way, special data protection and data security requirements can be met by carrying out the relevant procedural steps on hardware that is under the control of the relevant provider.

In a further embodiment, the system further comprises a client configured to receive a digitally signed delivery image from the cloud and to verify a signature of the digitally signed delivery image. In particular the client can represent an end device of a user who is to be provided with the transfer image for the intended use.

The public key of the certificate server is preferably available to the client for checking the digital signature, so that the check can be carried out on the client side. Alternatively, the certificate server can be designed to receive a digitally signed forwarding image from the client and to check the digital signature.

In a further embodiment, the front end of the system has a graphical user interface with operating elements, by means of which the specified image processing operations can be carried out on the digitally signed original image or an original image copy. The graphical user interface provides the user with an easy-to-use way of entering one or more predetermined image manipulation operations. At this point it should be clarified again that the image processing at the frontend only includes the recording of instructions for image processing. The image processing itself, i.e. the generation of the transfer image based on the digitally signed original image, is carried out in the cloud.

• - die Authentizität des öffentlichen Schlüssels, der zur ersten Signatur verwendet wird, durch ein erstes digitales Zertifikat bestätigt; und/oder
• - die Authentizität des öffentlichen Schlüssels, der zur zweiten Signatur des digital signierten Weitergabebildes verwendet wird, durch ein zweites digitales Zertifikat bestätigt.

In a further embodiment of the system

• - the authenticity of the public key, which is used for the first signature, confirmed by a first digital certificate; and or
• - the authenticity of the public key, which is used for the second signature of the digitally signed distribution image, confirmed by a second digital certificate.

The first digital certificate and/or the second digital certificate are/is preferably issued within a public key infrastructure. The same advantages result as were described in connection with the corresponding embodiment of the method.

It goes without saying that the features and the advantages that can be achieved with them, which have been described in relation to the computer-implemented method, can be applied or transferred to the system according to the invention and vice versa. Specifically, in the context of the present description of the invention, the components of the system are designed to carry out the method steps according to the invention. The functions of the components of the system according to the invention described above can also be used as method steps of the method according to the invention.

• 1 eine schematische Darstellung eines Verfahrens nach einem Ausführungsbeispiel der vorliegenden Erfindung;
• 2 ein Frontend des Ausführungsbeispiels nach 1 zur Erfassung von Instruktionen zur Bildbearbeitung;
• 3 ein Ausführungsbeispiel eines Systems gemäß der vorliegenden Erfindung zur Durchführung eines Verfahrens wie in 1-2 dargestellt;

The invention is described below using exemplary embodiments which are explained in more detail using the figures. Here show:

• 1 a schematic representation of a method according to an embodiment of the present invention;
• 2 a front end of the embodiment 1 for capturing instructions for image processing;
• 3 an embodiment of a system according to the present invention for performing a method as in 1-2 shown;

In the following description, the same reference numbers are used for the same parts and parts that work the same way.

1 shows an exemplary embodiment of a method according to the invention for the transmission and limited processing of the digitally signed original image A'. The original image A' can be a photograph for an insurance report, for example.

The original image A' is initially in a memory of the recording device 10, the original image A' already being provided with a digital signature. For example, the recording device 10 can be a digital camera with an integrated hardware security module that digitally signs the recorded images immediately after they are recorded. For this purpose, the recording device 10 is provided with a private key by the manufacturer.

The digitally signed original image A' is transmitted to the cloud memory 20 of a cloud 100. In this case, the digital signature of the original image A′ can be checked in order to determine image manipulations after the time of recording. Transmission errors that have occurred during the transmission to the cloud memory 20 can also be determined in this way. The public key of the recording device 10 is stored on the certificate server 30, which is part of the cloud 100, in order to check the digital signature.

After the digital signature has been checked successfully, a token is assigned to the digitally signed original image A' for further identification in the processing process. The token can be shared with any user authorized to access the image.

In a next step, the original image A′ is made available to the front end 40 of the cloud 100 . Instructions 42 for the image processing operations can be entered via the front end those that will later be applied, at least partially, to the original image A' in the cloud. The transfer image B is generated in the cloud 100 by using the specified image processing operations under the recorded instructions 42 .

A digital signature is created for the transfer image B, for which purpose a private key of the certificate server 30 is used. A digitally signed forwarding image B′ is thus present in the cloud memory 20 . The token of the original image A' is assigned to this.

The digitally signed forwarding image B' is then made available for the user to download. For this purpose, the user can be provided with a link generated using the token in order to carry out the download from the cloud 100.

If the user knows the public key of the certificate server 30, then the user can independently verify the digital signature of the transfer image B' after the download and thus convince himself of the authenticity of the image.

2 12 shows the front end 40 of the exemplary embodiment 1 and acquiring instructions 42 for image processing.

For this purpose, the digitally signed original image A′, which is stored in the cloud memory 20 , is made available to the frontend 40 in the form of the original image copy A″. Compared to the original image A', the original copy A" has a reduced image resolution and therefore a smaller file size.

The front end 40 has a graphical user interface with buttons 41, by means of which at least the specified image processing operations can be selected. in the in 2 In the exemplary embodiment illustrated, corresponding tools are provided via the buttons 41 for the specified adaptation of the original image using specified image processing operations. According to the present exemplary embodiment, the image processing operations include brightness adjustment, as well as the option of rectangular cropping, marking of an image section, and the provision of a brush tool.

in the in 2 In the exemplary embodiment shown, the image processing operation performed consists in selecting an image crop with a predetermined ratio of the edge lengths, for example a square image crop, since, for example, such an aspect ratio is required for the later use of the image. During editing, appropriate instructions 42 are recorded for the image editing operations, in this case "Image Section (0,20,50,50)", where (0,20) are the coordinates of the upper left corner of the image section and (50,50) are the dimensions of the image section.

After completion of the image processing, the forwarding image B is first generated in the cloud memory 20 by applying the instructions 42 to the original image A′ after an admissibility check. A digital signature is then generated for the relay image B (as in connection with 1 explained), so that the result is a digitally signed forwarding image B' in cloud storage 20.

3 shows an embodiment of a system for performing a method as in the embodiment of FIG 1-2 shown.

The central component of the system is the cloud 100 with the computing device 50, the cloud memory 20, the front end 40 and the certificate server 30. Outside the cloud 100 are the recording device 10 and the client 60.

The recording device 10 is a digital camera with an integrated hardware security module that can digitally sign a recorded image. For this purpose, the manufacturer provides the hardware security module with a pair of private and public keys.

The computing device 50 is designed to carry out the steps of a method as described above. In particular, the computing device 50 is set up to receive a digitally signed original image A′ from the recording device 10 and to store it in the cloud memory 20 . In addition, the computing device 50 is set up to provide the digitally signed original image A′ to the front end 40 , to provide a forwarded image B by executing specified image processing operations and to have this digitally signed by the certificate server 30 .

On the one hand, the public key of the recording device 10 is stored on the certificate server 30 so that the digital signature of the original image A′ can be verified. In addition, the certificate server 30 has its own key pair made up of a private and public key, with which the digitally signed forwarding image B′ is signed.

The front end 40 is used to record instructions for limited image processing and has features as already described in connection with the exemplary embodiment of FIG 2 have been described.

The client 60 is designed to receive a digitally signed transfer image B′ from the cloud 100 and to check its digital signature. The public key of the certificate server 30 is available to him for this purpose.

For the sake of simplicity, the embodiments described above, in particular the embodiment of FIG 1 , to a system with a single recording device 10. However, the method and the system according to the invention can easily be extended to a setting with a plurality of recording devices 10. In this case, together with the digitally signed original image A′, an identifier of the recording device 10 that created and signed the image can be transmitted. The certificate server 30 has a database which contains an assignment of identifiers of the recording devices 10 to their associated public keys. Digital certificates are preferably additionally stored on the certificate server, which confirm the binding of the public key to the respective recording devices 10 .

Although the present patent application relates to the transmission and processing of images, the method and the system according to the invention can be applied to any media content, for example videos or sound recordings.

At this point it should be pointed out that all parts described above are individually - even without additional features described in the respective context, even if these have not been explicitly identified as optional features in the respective context, e.g. B. by using: in particular, preferably, for example, e.g. B., if necessary, round brackets, etc. - and in combination or any sub-combination are to be regarded as independent configurations or developments of the invention, as defined in particular in the introduction to the description and the claims. Deviations from this are possible. Specifically, it should be noted that the word in particular or round brackets do not denote any characteristics that are mandatory in the respective context.

Reference List

A'

(digitally signed) original image

A''

original image copy

B

transfer picture

B'

(digitally signed) sharing image

10

recording device

20

Cloud storage

30

certificate server

40

front end

41

controls

42

instructions

50

computing device

60

client

100

cloud

Claims (13)

Computer-implemented method for transmission and limited processing of digitally signed images while ensuring the authenticity of the images, comprising the following steps: • receiving a digitally signed original image (A') from a recording device (10); • Transmission of the digitally signed original image (A') to a cloud memory (20) in a cloud (100); • Providing the digitally signed original image (A') at a front end (40) in the cloud (100) to generate a transfer image (B) from the digitally signed original image (A') by executing specified image processing operations; • digitally signing the release image (B) in the cloud (100); • Providing the digitally signed transfer image (B') for a user-side download from the cloud (100). Computer-implemented method claim 1 , wherein the digitally signed original image (A') has no image manipulations compared to a corresponding first recording that is created by the recording device (10). A computer-implemented method according to any one of the preceding claims, wherein • the authenticity of the public key used to sign the digitally signed original image (A') is confirmed by a first digital certificate; and or • the authenticity of the public key used to sign the digitally signed forwarding image (B') is confirmed by a second digital certificate, the first digital certificate and/or the second digital certificate preferably being issued within a public-key infrastructure are or is. Computer-implemented method according to any one of the preceding claims, wherein the specified image processing operations comprise a brightness adjustment, a contrast adjustment and/or a selection of an image section. Computer-implemented method according to one of the preceding claims, wherein providing the digitally signed original image (A') to the frontend (40) in the cloud (100) comprises: • providing an original image copy (A") to the frontend (40); • detecting of instructions (42) for image processing • generating the forwarding image (B) by executing those instructions (42) that belong to the specified image processing operations on the digitally signed original image (A') in the cloud (100). A computer-implemented method according to any one of the preceding claims, further comprising • logging of the executed image processing operations to create a processing log; and • Storage of the processing log in cloud storage (20). Computer-implemented method according to one of the preceding claims, in which a common token for identification is assigned to the digitally signed original image (A') and the digitally signed forwarded image (B'). A computer-readable storage medium containing instructions that cause at least one processor to implement the method of any preceding claim when the instructions are executed by the at least one processor. System for the transmission and limited processing of digitally signed images while ensuring the authenticity of the images, preferably using a method according to one of Claims 1 until 7 , comprising a cloud (100) with • a cloud memory (20); • a certificate server (30), and • a front end (40); wherein the cloud memory (20) is designed to receive an original image (A') with a first digital signature from a recording device (10) and to store this, preferably together with associated processing protocols and/or tokens; wherein the front end (40) is designed to provide the digitally signed original image (A') for generating a transfer image (B) from the digitally signed original image (A') by executing specified image processing operations; and wherein the certificate server (30) is designed to check the first digital signature and to create a second digital signature for the forwarding image (B) to generate a digitally signed forwarding image (B'). system after claim 9 , wherein the cloud (100) further comprises a computing device (50) which is adapted to one or more steps of the method according to any one of Claims 1 until 7 to perform. system after claim 9 or 10 , further comprising a client (60) which is adapted to receive a digitally signed delivery image (B') from the cloud (100) and to check a signature of the digitally signed delivery image (B'). system according to one of the claims 9 until 11 , wherein the front end (40) has a graphical user interface with operating elements (41) by means of which the specified image processing operations on the digitally signed original image (A') or an original image copy (A'') can be undertaken. system according to one of the claims 9 until 12 , wherein • the authenticity of the public key, which is used for the first signature, is confirmed by a first digital certificate; and/or the authenticity of the public key used for the second signature is confirmed by a second digital certificate, the first digital certificate and/or the second digital certificate preferably being issued within a public key infrastructure .

Images