ISO/IEC 19566-4:2020
(Main)Information technologies — JPEG systems — Part 4: Privacy and security
Information technologies — JPEG systems — Part 4: Privacy and security
This document specifies privacy and security features which contribute to a system layer for JPEG standards. It defines generic structures that can be applied in all JPEG box-based file formats. In particular, this document specifies a signalling syntax supporting privacy and security features. The framework in this document is backwards-compatible with existing JPEG standards.
Titre manque — Partie 4: Titre manque
General Information
Buy Standard
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 19566-4
First edition
2020-03
Information technologies — JPEG
systems —
Part 4:
Privacy and security
Reference number
©
ISO/IEC 2020
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Definitions . 1
3.2 Abbreviated terms . 2
4 Conventions . 2
4.1 Conformance language . 2
4.2 Naming conventions for numerical values . 3
4.3 Boxes and superboxes. 3
4.4 Graphical descriptions . 4
5 Organization of the document . 4
Annex A (normative) Content protection and replacement . 5
Annex B (informative) Usage examples .14
Bibliography .29
© ISO/IEC 2020 – All rights reserved iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 29, Coding of audio, picture, multimedia and hypermedia information.
A list of all parts in the ISO/IEC 19566 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved
Introduction
This document contributes to the specification of system-level functionalities. In particular, it
specifies functionalities to provide a degree of trust while sharing image content and metadata, which
simultaneously also allow the signalling of the associated access policies.
A huge number of images are distributed over the internet on a daily basis. For social media alone,
this already accounts for over 3 billion pictures. These photos are often shared with many people
without protection for personal information or access control. In addition, many portable devices have
communication functionality that allows for the immediate distribution of photos after capturing them.
In combination with the potential inclusion of GPS information in the file format, for example, the photo
might expose private and geo-location information to the world.
In order to avoid such undesirable situations, the framework in this document provides protection
mechanisms to the JPEG family of standards. For instance, encryption can be used to protect image data
The particular focus of this document is to provide codestream and file format syntax support to enable
security and privacy functionality for JPEG standards, not only in support of ISO/IEC 10918-1, but also
for standards such as ISO/IEC 15444 and ISO/IEC 18477.
© ISO/IEC 2020 – All rights reserved v
INTERNATIONAL STANDARD ISO/IEC 19566-4:2020(E)
Information technologies — JPEG systems —
Part 4:
Privacy and security
1 Scope
This document specifies privacy and security features which contribute to a system layer for JPEG
standards. It defines generic structures that can be applied in all JPEG box-based file formats. In
particular, this document specifies a signalling syntax supporting privacy and security features. The
framework in this document is backwards-compatible with existing JPEG standards.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ITU-T T.81 | ISO/IEC 10918-1, Information technology — Digital compression and coding of continuous-
tone still images: Requirements and guidelines
ISO/IEC 18477-3, Information technology — Scalable compression and coding of continuous-tone still
images box file format
ISO/IEC 10646, Information technology — Universal coded character set (UCS)
ISO/IEC 18033-3, Information technology — Security techniques — Encryption algorithms — Part 3:
Block ciphers
ISO/IEC 19566-5, Information technology — JPEG systems — Part 5: JPEG universal metadata box format
3 Terms and definitions
3.1 Definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1.1
box
binary structure that encapsulates an object embedded in a file
[SOURCE: ISO/IEC 19566-5:2019, 3.1.1]
3.1.2
codestream
sequence of bits representing a compressed image and associated metadata
[SOURCE: ISO/IEC 19566-5:2019, 3.1.2]
© ISO/IEC 2020 – All rights reserved 1
3.1.3
decrypted content
resulting data after applying the signalled decryption process on the encrypted content
3.1.4
master image
image file in which the box (3.1.1) is embedded
3.1.5
JPEG-1 image
image encoded in JPEG file format
Note 1 to entry: The image shall be encoded in compliance to ISO/IEC 10918-1.
3.1.6
box-based file format
file format whose composing elements are boxes containing structured data in compliance with ISO-
based media file format
3.1.7
JPEG XT image
image encoded in the JPEG XT file format
Note 1 to entry: the images shall be encoded in compliance to ISO/IEC 18477.
3.1.8
Replacement Data box
sequence of boxes (3.1.1) of any type embedded in a JUMBF Replacement box
3.2 Abbreviated terms
JPEG joint photographic experts group
JUMBF JPEG universal metadata box format
P&S privacy and security
ROI region of interest
TOG toggles
4 Conventions
4.1 Conformance language
In this document, the following verbal forms are used:
— “shall” indicates a requirement;
— “should” indicates a recommendation;
— “may” indicates a permission;
— “can” indicates a possibility or a capability.
Information marked as “NOTE” is intended to assist the understanding or use of the document. “Notes
to entry” used in Clause 3 provide additional information that supplements the terminological data and
can contain provisions relating to the use of a term.
2 © ISO/IEC 2020 – All rights reserved
The keyword "reserved" indicates a provision that is not specified at this time, shall not be used, and
may be specified in the future. The keyword "forbidden" indicates "reserved" and in addition indicates
that the provision will never be specified in the future.
4.2 Naming conventions for numerical values
Integer numbers are expressed as bit patterns, hexadecimal values, or decimal numbers. Bit patterns
and hexadecimal values have both a numerical value and an associated particular length in bits.
Hexadecimal notation, indicated by prefixing the hexadecimal number by "0x", may be used instead of
binary notation to denote a bit pattern having a length that is an integer multiple of 4. For example, 0x41
represents an eight-bit pattern having only its second most significant bit and its least significant bit
equal to 1. Numerical values that are indicated as "binary" are bit pattern values (specified as a string
of digits equal to 0, 1 or x in which the left-most bit is considered the most-significant bit and 'x' means
either 0 or 1). Other numerical values not prefixed by "0x" are decimal values. When used in expressions,
a hexadecimal value is interpreted as having a value equal to the value of the corresponding bit pattern
evaluated as a binary representation of an unsigned integer (i.e., as the value of the number formed by
prefixing the bit pattern with a sign bit equal to 0 and interpreting the result as a two's complement
representation of an integer value). For example, the hexadecimal value 0xF is equivalent to the 4-bit
pattern '1111' and is interpreted in expressions as being equal to the decimal number 15.
4.3 Boxes and superboxes
Annex A shall be used for the specification of boxes. The details for embedding boxes in specific file
formats are defined in the particular specifications, for example, ISO/IEC 15444-1 for JPEG 2000,
ISO/IEC 18477-3 for JPEG-1 and JPEG XT or the more generic ISO/IEC 14496-12 ISO base media file
format (ISOBMFF).
In general, each object in the file is encapsulated within a binary structure called a box. A box that only
contains other boxes is called a superbox. The binary structure is given in Figure 1.
Figure 1 — Binary structure of a box
— LBox: Box length. This field specifies the length of the box, stored as a 4-byte big-endian unsigned
integer. This value includes all of the fields of the box, including the length and type. If the value of
this field is 1, then the XLBox field shall exist and the value of that field shall be the actual length of
the box. If the value of this field is 0, then the length of the box was not known when the LBox field
was written. In this case, this box contains all bytes up to the end of the file. If a box of length 0 is
contained within another box (its superbox), then the length of that superbox shall also be 0. This
means that this box is the last box in the file. The
...
INTERNATIONAL ISO/IEC
STANDARD 19566-4
First edition
2020-03
Information technologies — JPEG
systems —
Part 4:
Privacy and security
Reference number
©
ISO/IEC 2020
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Definitions . 1
3.2 Abbreviated terms . 2
4 Conventions . 2
4.1 Conformance language . 2
4.2 Naming conventions for numerical values . 3
4.3 Boxes and superboxes. 3
4.4 Graphical descriptions . 4
5 Organization of the document . 4
Annex A (normative) Content protection and replacement . 5
Annex B (informative) Usage examples .14
Bibliography .29
© ISO/IEC 2020 – All rights reserved iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 29, Coding of audio, picture, multimedia and hypermedia information.
A list of all parts in the ISO/IEC 19566 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved
Introduction
This document contributes to the specification of system-level functionalities. In particular, it
specifies functionalities to provide a degree of trust while sharing image content and metadata, which
simultaneously also allow the signalling of the associated access policies.
A huge number of images are distributed over the internet on a daily basis. For social media alone,
this already accounts for over 3 billion pictures. These photos are often shared with many people
without protection for personal information or access control. In addition, many portable devices have
communication functionality that allows for the immediate distribution of photos after capturing them.
In combination with the potential inclusion of GPS information in the file format, for example, the photo
might expose private and geo-location information to the world.
In order to avoid such undesirable situations, the framework in this document provides protection
mechanisms to the JPEG family of standards. For instance, encryption can be used to protect image data
The particular focus of this document is to provide codestream and file format syntax support to enable
security and privacy functionality for JPEG standards, not only in support of ISO/IEC 10918-1, but also
for standards such as ISO/IEC 15444 and ISO/IEC 18477.
© ISO/IEC 2020 – All rights reserved v
INTERNATIONAL STANDARD ISO/IEC 19566-4:2020(E)
Information technologies — JPEG systems —
Part 4:
Privacy and security
1 Scope
This document specifies privacy and security features which contribute to a system layer for JPEG
standards. It defines generic structures that can be applied in all JPEG box-based file formats. In
particular, this document specifies a signalling syntax supporting privacy and security features. The
framework in this document is backwards-compatible with existing JPEG standards.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ITU-T T.81 | ISO/IEC 10918-1, Information technology — Digital compression and coding of continuous-
tone still images: Requirements and guidelines
ISO/IEC 18477-3, Information technology — Scalable compression and coding of continuous-tone still
images box file format
ISO/IEC 10646, Information technology — Universal coded character set (UCS)
ISO/IEC 18033-3, Information technology — Security techniques — Encryption algorithms — Part 3:
Block ciphers
ISO/IEC 19566-5, Information technology — JPEG systems — Part 5: JPEG universal metadata box format
3 Terms and definitions
3.1 Definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1.1
box
binary structure that encapsulates an object embedded in a file
[SOURCE: ISO/IEC 19566-5:2019, 3.1.1]
3.1.2
codestream
sequence of bits representing a compressed image and associated metadata
[SOURCE: ISO/IEC 19566-5:2019, 3.1.2]
© ISO/IEC 2020 – All rights reserved 1
3.1.3
decrypted content
resulting data after applying the signalled decryption process on the encrypted content
3.1.4
master image
image file in which the box (3.1.1) is embedded
3.1.5
JPEG-1 image
image encoded in JPEG file format
Note 1 to entry: The image shall be encoded in compliance to ISO/IEC 10918-1.
3.1.6
box-based file format
file format whose composing elements are boxes containing structured data in compliance with ISO-
based media file format
3.1.7
JPEG XT image
image encoded in the JPEG XT file format
Note 1 to entry: the images shall be encoded in compliance to ISO/IEC 18477.
3.1.8
Replacement Data box
sequence of boxes (3.1.1) of any type embedded in a JUMBF Replacement box
3.2 Abbreviated terms
JPEG joint photographic experts group
JUMBF JPEG universal metadata box format
P&S privacy and security
ROI region of interest
TOG toggles
4 Conventions
4.1 Conformance language
In this document, the following verbal forms are used:
— “shall” indicates a requirement;
— “should” indicates a recommendation;
— “may” indicates a permission;
— “can” indicates a possibility or a capability.
Information marked as “NOTE” is intended to assist the understanding or use of the document. “Notes
to entry” used in Clause 3 provide additional information that supplements the terminological data and
can contain provisions relating to the use of a term.
2 © ISO/IEC 2020 – All rights reserved
The keyword "reserved" indicates a provision that is not specified at this time, shall not be used, and
may be specified in the future. The keyword "forbidden" indicates "reserved" and in addition indicates
that the provision will never be specified in the future.
4.2 Naming conventions for numerical values
Integer numbers are expressed as bit patterns, hexadecimal values, or decimal numbers. Bit patterns
and hexadecimal values have both a numerical value and an associated particular length in bits.
Hexadecimal notation, indicated by prefixing the hexadecimal number by "0x", may be used instead of
binary notation to denote a bit pattern having a length that is an integer multiple of 4. For example, 0x41
represents an eight-bit pattern having only its second most significant bit and its least significant bit
equal to 1. Numerical values that are indicated as "binary" are bit pattern values (specified as a string
of digits equal to 0, 1 or x in which the left-most bit is considered the most-significant bit and 'x' means
either 0 or 1). Other numerical values not prefixed by "0x" are decimal values. When used in expressions,
a hexadecimal value is interpreted as having a value equal to the value of the corresponding bit pattern
evaluated as a binary representation of an unsigned integer (i.e., as the value of the number formed by
prefixing the bit pattern with a sign bit equal to 0 and interpreting the result as a two's complement
representation of an integer value). For example, the hexadecimal value 0xF is equivalent to the 4-bit
pattern '1111' and is interpreted in expressions as being equal to the decimal number 15.
4.3 Boxes and superboxes
Annex A shall be used for the specification of boxes. The details for embedding boxes in specific file
formats are defined in the particular specifications, for example, ISO/IEC 15444-1 for JPEG 2000,
ISO/IEC 18477-3 for JPEG-1 and JPEG XT or the more generic ISO/IEC 14496-12 ISO base media file
format (ISOBMFF).
In general, each object in the file is encapsulated within a binary structure called a box. A box that only
contains other boxes is called a superbox. The binary structure is given in Figure 1.
Figure 1 — Binary structure of a box
— LBox: Box length. This field specifies the length of the box, stored as a 4-byte big-endian unsigned
integer. This value includes all of the fields of the box, including the length and type. If the value of
this field is 1, then the XLBox field shall exist and the value of that field shall be the actual length of
the box. If the value of this field is 0, then the length of the box was not known when the LBox field
was written. In this case, this box contains all bytes up to the end of the file. If a box of length 0 is
contained within another box (its superbox), then the length of that superbox shall also be 0. This
means that this box is the last box in the file. The
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.