The obvious way (to me) would be:
- Crypto-hash the image and metadata;
- Sign the hash with a private key that is baked into the camera hardware;
- Store the hash and signature in a new jpeg block in the file.
Then anyone can verify the image by checking the hash and signature against the manufacturer's public key. The attack is that if you can peel the chip in any camera and get the private key, then you can generate fake photos forevermore.
But, their description on the web page makes it sound like the smarts are not in the camera, but in the CF card? This seems like a really strange way to do it. If the CF card is doing the signing (as files come in to its file system) then wouldn't the act of writing any old edited file to the card from a PC cause it to become signed?
A simpler attack is: take a photo; alter it; print it out; take a photo of that.