Method and system for authenticating a data stream

US 10,263,783 B2
Filed: 08/23/2013
Issued: 04/16/2019
Est. Priority Date: 08/23/2013
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating, using data transmitted via a secure channel, at least a portion of a data stream transmitted by a sender via an unsecure channel, wherein the sender includes secure hardware storing a secret signing key, the method comprising:

receiving, by a verifier from the sender via the unsecure channel, the portion of the data stream transmitted by the sender, wherein the portion of the data stream transmitted by the sender includes a plurality of data fragments on different granularity levels;

receiving, by the verifier from the sender via the secure channel, a root, signed with a digital signature corresponding to the secret signing key, of a hierarchical authentication structure,wherein the hierarchical authentication structure includes elements representing hash values of the data fragments of the data stream on the different granularity levels,wherein a hash value for a data fragment on a higher granularity level is based on the hash values of the data fragments on a lower granularity level;

receiving, by the verifier from the sender via the secure channel, a portion of the hash values of the data fragments from the hierarchical authentication structure;

reconstructing, by the verifier, a top granularity level value of the hierarchical authentication structure by computing the hash values of the plurality of data fragments of the portion of the data stream received by the receiver from the sender via the unsecure channel and using the portion of the hash values received from the sender via the secure channel, andperforming authentication of the portion of the data stream received by the verifier from the sender via the unsecure channel by comparing the reconstructed top granularity level value of the hierarchical authentication structure with the root of the generated hierarchical authentication structure signed with the digital signature,wherein an erasure code is used for transmitting partitions of the portion of the hash values received from the sender, andwherein the data stream is analyzed, and based on a result, the erasure code and/or the different granularity levels are determined.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a data stream includes selecting a number of data fragments of the data stream, defining at least two granularity levels for the selected data fragments, dividing each of the selected data fragments according to the granularity levels, generating a hierarchical authentication structure including elements representing hash values of the divided selected data fragments on the different granularity levels, selecting at least a portion of the hash values of the hierarchical authentication structure for transmission to a receiver, reconstructing the granularity value on the top level of the hierarchical authentication structure based on the transmitted hash values, and performing authentication of the data fragments of the data stream based on comparing the reconstructed value on the top granularity level of the hierarchical authentication structure with the signed value on the top granularity level of the generated hierarchical authentication structure.

Citations

8 Claims

1. A method for authenticating, using data transmitted via a secure channel, at least a portion of a data stream transmitted by a sender via an unsecure channel, wherein the sender includes secure hardware storing a secret signing key, the method comprising:
- receiving, by a verifier from the sender via the unsecure channel, the portion of the data stream transmitted by the sender, wherein the portion of the data stream transmitted by the sender includes a plurality of data fragments on different granularity levels;
  
  receiving, by the verifier from the sender via the secure channel, a root, signed with a digital signature corresponding to the secret signing key, of a hierarchical authentication structure,wherein the hierarchical authentication structure includes elements representing hash values of the data fragments of the data stream on the different granularity levels,wherein a hash value for a data fragment on a higher granularity level is based on the hash values of the data fragments on a lower granularity level;
  
  receiving, by the verifier from the sender via the secure channel, a portion of the hash values of the data fragments from the hierarchical authentication structure;
  
  reconstructing, by the verifier, a top granularity level value of the hierarchical authentication structure by computing the hash values of the plurality of data fragments of the portion of the data stream received by the receiver from the sender via the unsecure channel and using the portion of the hash values received from the sender via the secure channel, andperforming authentication of the portion of the data stream received by the verifier from the sender via the unsecure channel by comparing the reconstructed top granularity level value of the hierarchical authentication structure with the root of the generated hierarchical authentication structure signed with the digital signature,wherein an erasure code is used for transmitting partitions of the portion of the hash values received from the sender, andwherein the data stream is analyzed, and based on a result, the erasure code and/or the different granularity levels are determined.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the portion of the hash values received from the sender via the secure channel are hash values on a granularity level selected by the sender.
  - 3. The method according to claim 1, wherein the granularity levels are at least partially defined based on a semantic representation of the data stream.
  - 4. The method according to claim 2, wherein the granularity level selected by the sender is adapted during transmission of the data stream via the unsecured channel according to transmission properties between the sender and receiver of the data stream.
  - 5. The method according to claim 4, wherein packet loss and/or bandwidth between sender and receiver is determined for providing the transmission properties.
  - 6. The method according to claim 1, wherein a linear error correcting code and/or a cyclic error correcting code is used as the erasure code.
  - 7. The method according to claim 1, wherein sender identity information is generated and used for authentication of the portion of the data stream received by the verifier.

8. A system for authenticating, using data transmitted via a secure channel, at least a portion of a data stream transmitted by a sender via an unsecure channel, the system comprising:
- the sender, wherein the sender includes secure hardware storing a secret signing key;
  
  and a verifier, wherein the verifier includes a hardware processor, wherein the sender is configured to;
  
  analyze the data stream, and based on a result, determine an erasure code and/or different granularity levels of the data stream,generate a hierarchical authentication structure including elements representing hash values of data fragments of the data stream on different granularity levels, wherein the hash values for the data fragments on higher granularity levels are based on the hash values of data fragments on lower granularity levels,select at least a portion of the hash values of the hierarchical authentication structure for transmission, via the secure channel, to the verifier,transmit, to the verifier via the secure channel and using the erasure code, the selected portion of the hash values and a root of the hierarchical authentication structure signed with a digital signature corresponding to the secret signing key,transmit, to the verifier via the unsecure channel, the data stream, and wherein the verifier is configured to;
  
  receive, from the sender via the unsecure channel, the portion of the data stream transmitted by the sender, wherein the portion of the data stream transmitted by the sender includes a plurality of the data fragments on different granularity levels,receive, from the sender via the secure channel, the selected portion of the hash values of the data fragments and the root of the hierarchical authentication structure signed with the digital signature corresponding to the secret signing key,reconstruct a top granularity level value of the hierarchical authentication structure by computing the hash values of the plurality of the data fragments of the portion of the data stream received by the receiver from the sender via the unsecure channel and using the selected portion of the hash values transmitted by the sender via the secure channel, andauthenticate the portion of the data stream by comparing the reconstructed top granularity level value of the hierarchical authentication structure with the root of the hierarchical authentication structure signed with the digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Bohli, Jens-Matthias, Li, Wenting
Primary Examiner(s)
Arani, Taghi T
Assistant Examiner(s)
Champakesan, Badri Narayanan

Application Number

US14/913,387
Publication Number

US 20160204942A1
Time in Patent Office

2,062 Days
Field of Search

713168
US Class Current
CPC Class Codes

G06F 21/64 Protecting data integrity, ...

H04L 9/3236 using cryptographic hash fu...

Method and system for authenticating a data stream

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authenticating a data stream

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links