Language:
Leitz Park
Case Study

Content Credentials – Protection Against Image Manipulation in the Age of AI

The Leica M11-P is the first camera in the world to use Content Credentials to create a seamless authenticity chain from recording to publication. Many components work together: the C2PA standard for protecting digital media content, the incorporation of an individual certificate in the camera and the underlying PKI from D-Trust.

Content Credentials, C2PA and CAI

Falsified image content or completely artificially generated images and videos are becoming an ever greater problem: Fake news and disinformation are causing considerable economic damage, harming discourse and destabilising societies. With the aid of artificial intelligence, it is easier than ever to manipulate digital media content.

Numerous technology and media companies have therefore joined forces in the Content Authenticity Initiative (CAI). The aim of the CAI is to promote the industry standard Coalition for Content Provenance and Authenticity (C2PA). Its purpose is to certify the authenticity of digital content with Content Credentials. This is achieved by making the origin and change history verifiable. The CAI currently has nearly 2,000 members.

Besides Leica, other well-known media and technology companies, such as Adobe, the BBC, Google, Intel and Microsoft, are also taking part.

Pioneering Work: Leica M11-P Saves and Signs Metadata

The Leica M11-P is the first camera in the world to sign photo metadata in accordance with the C2PA standard of the Content Authenticity Initiative. The Content Credentials make subsequent image manipulation traceable. One way this is made possible is by a public key infrastructure from D-Trust, a company of the Bundesdruckerei Group.

Framework Conditions and Challenges

Media formats such as JPEG and MP4 already contain metadata, such as the date of recording, the geolocation or the recording device used. However, this metadata is not protected against changes and can be easily manipulated.

Leica camera with Content Credentials

Leica M11-P, Copyright Leica Camera AG

Our Solution at a Glance

The Content Credentials in the Leica M11-P model – also called Content Authorisations – are made possible by a public key infrastructure (PKI) provided for Leica by D-Trust.

A PKI is a system for issuing, distributing and checking digital certificates and the signatures generated with them.

The device certificates relevant for this are generated directly during each individual camera’s production process and written to the camera’s security chip.

As soon as an image is recorded, the cameras provide the corresponding content and the attached set of metadata, such as authorship, with an individual signature.

Technically, the cryptographic process behind the Content Credentials is very similar to that of the tried-and-tested qualified signatures for digital documents: A checksum of a fixed length generated from the image files, called hash value, is linked to the camera’s certificate, encoded with a private key and made available.

If the media file is forwarded, the recipient software also calculates the hash value of this file. It then decodes the hash value provided with a public key and compares the two sums.

If they are identical, then the file is original; any deviations indicate that the file has been changed in the meantime. It also compares the authenticity and trustworthiness of the certificate with a trust list for Content Credentials.

Using CAI open source tools, the image and sound material created on the Leica M11-P can be displayed together with the corresponding image attributes, proof of the authenticity of the photo and the trustworthiness of the certificate. This is of benefit not only to editors of a news programme, but also to private individuals when using the Internet.

What’s more: All image processing steps are documented in a version history if they are performed by software that also uses C2PA and corresponding certificates. The individual editing steps can also be displayed in thumbnails, such as the previous colour of the photo or whether a person has been cut out of the image.

“The Leica M11-P is the world’s first camera to store metadata by attaching Content Credentials at the time of capture to protect the authenticity of digital images. The individually generated device certificates for this come from D-Trust. The extremely high security and reliability standards of our two products here ensure the ‘perfect match'.”

Nico Köhler, Head of Product Experience, Leica Camera AG, 2024

The result: The truthfulness of image material can be verified and ensured.

  • D-Trust operates the PKI as a trust service provider (TSP).
  • The application itself is provided by the customer.
  • Practically anyone can use the C2PA scheme.
  • The product can be sealed at any time – from the creation of the medium to publication on a website.
  • The product can be validated at any time using commonly available tools and players.
  • Suitable means according to the AI Act and industry standards.

Outlook

Just as the possibilities for misusing AI are constantly evolving, Leica and its partners in the CAI are also pursuing the goal of putting a stop to media manipulation and making it transparent and traceable. A new series of cameras are therefore already in the planning stage.

About Leica

Leica Camera AG (Leica: short for Leitz'sche Camera) is a German company in the optical industry that is based in Wetzlar. Leica stands for top German engineering and a special culture of vision. Leica has long specialised in the area of perception and has developed innovative instruments that enable a special visual experience. The result is high-quality cameras and lenses along with sport optics products such as powerful binoculars, spotting scopes and laser rangefinders. You can find more information on the Leica website.

About D-Trust

D-Trust GmbH, based in Berlin, is a company of the Bundesdruckerei Group. Technologically mature solutions make it a pioneer for secure digital business processes and identities. In this way, the company strengthens the trust in digitisation. As an independent and qualified trust service provider, D-Trust has been listed as part of the eIDAS Regulation in the Federal Network Agency since 2016. The company translates trust into tangible products. It provides legally secure and certified trust services such as digital certificates and electronic signatures along with solutions for secure data management and data trustee platforms. They meet the highest security standard of modern infrastructures and enable secure digital identities for companies, governmental agencies and the private sphere.

You might also be interested in

Artikel