Content credentials: Cloudflare supports authentication of images
Cloudflare allows its customers to protect images with C2PA metadata. Consumers should thus be able to trace their origin and recognize counterfeits.
(Image: agsandrew / shutterstock.com)
The US internet service provider Cloudflare supports digital watermarks for the origin of image files. This enables customers to permanently save the digital history of images within the Content Delivery Network (CDN) at the click of a mouse. To this end, the company is implementing so-called content credentials in accordance with the Coalition for Content Provenance and Authenticity (C2PA) standard. These should make it possible to check images for origin and changes and to determine authorship. At the same time, Cloudflare joined the Content Authenticity Initiative.
Users can trace images back to the original
Cloudflare's platform automatically recognizes whether an image file has embedded content credentials and offers users the option of saving them before processing the image. Only then, for example, is the image automatically scaled, with the service creating several files with different resolutions that are played out on different devices via the CDN. Each file is assigned its own content credentials, which can be used to identify the original image.
With the implementation of content credentials, it should be possible to assign digital content to its creators so that they can receive remuneration for their work and assert legal claims. Users should also be able to verify the authenticity of an image by tracing images on the internet and recognizing AI-generated images. Journalists should also benefit from the protected metadata. Cloudflare wants to "give publishers the tools they need to maintain their trustworthiness and relevance in the AI age", says CEO Matthew Prince.
Hash values show manipulation
The content credentials follow an open standard of the C2PA, which is a project of the non-profit Joint Development Foundation. This involves the metadata itself, such as the author, camera model or editing software, and a signature generated with a private key that contains a unique hash value. These are available together with the public certificate or a reference to it in machine-readable JSON format and are stored in the JPEG Universal Metadata Box Format (JUMBF) together with the actual image content.
If edits are made in accordance with the C2PA standard, the content credentials are supplemented with information on the changes made and are each given their signature with a corresponding hash value. A reference to the previous version allows all editing steps to be traced back to the original recording. Open-source verification tools can be used to recalculate the hash to validate it against the signature and check the certificate chain. If such validation fails, this indicates that the metadata has been manipulated.
Videos by heise
The Content Authenticity Initiative is an association led by Adobe with around 4000 members. It has set itself the goal of establishing content credentials as an industry standard that can be used to check the origin and authenticity of digital content. In addition to companies from the technology sector, members also include media companies and photo agencies. Various camera manufacturers and image editing programs currently support the protected metadata. Generative AI tools and social networks such as TikTok also use content credentials to identify their content.
(sfe)
