Method and system for authenticating a data stream
First Claim
1. A method for authenticating, using data transmitted via a secure channel, at least a portion of a data stream transmitted by a sender via an unsecure channel, wherein the sender includes secure hardware storing a secret signing key, the method comprising:
- receiving, by a verifier from the sender via the unsecure channel, the portion of the data stream transmitted by the sender, wherein the portion of the data stream transmitted by the sender includes a plurality of data fragments on different granularity levels;
receiving, by the verifier from the sender via the secure channel, a root, signed with a digital signature corresponding to the secret signing key, of a hierarchical authentication structure,wherein the hierarchical authentication structure includes elements representing hash values of the data fragments of the data stream on the different granularity levels,wherein a hash value for a data fragment on a higher granularity level is based on the hash values of the data fragments on a lower granularity level;
receiving, by the verifier from the sender via the secure channel, a portion of the hash values of the data fragments from the hierarchical authentication structure;
reconstructing, by the verifier, a top granularity level value of the hierarchical authentication structure by computing the hash values of the plurality of data fragments of the portion of the data stream received by the receiver from the sender via the unsecure channel and using the portion of the hash values received from the sender via the secure channel, andperforming authentication of the portion of the data stream received by the verifier from the sender via the unsecure channel by comparing the reconstructed top granularity level value of the hierarchical authentication structure with the root of the generated hierarchical authentication structure signed with the digital signature,wherein an erasure code is used for transmitting partitions of the portion of the hash values received from the sender, andwherein the data stream is analyzed, and based on a result, the erasure code and/or the different granularity levels are determined.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating a data stream includes selecting a number of data fragments of the data stream, defining at least two granularity levels for the selected data fragments, dividing each of the selected data fragments according to the granularity levels, generating a hierarchical authentication structure including elements representing hash values of the divided selected data fragments on the different granularity levels, selecting at least a portion of the hash values of the hierarchical authentication structure for transmission to a receiver, reconstructing the granularity value on the top level of the hierarchical authentication structure based on the transmitted hash values, and performing authentication of the data fragments of the data stream based on comparing the reconstructed value on the top granularity level of the hierarchical authentication structure with the signed value on the top granularity level of the generated hierarchical authentication structure.
-
Citations
8 Claims
-
1. A method for authenticating, using data transmitted via a secure channel, at least a portion of a data stream transmitted by a sender via an unsecure channel, wherein the sender includes secure hardware storing a secret signing key, the method comprising:
-
receiving, by a verifier from the sender via the unsecure channel, the portion of the data stream transmitted by the sender, wherein the portion of the data stream transmitted by the sender includes a plurality of data fragments on different granularity levels; receiving, by the verifier from the sender via the secure channel, a root, signed with a digital signature corresponding to the secret signing key, of a hierarchical authentication structure, wherein the hierarchical authentication structure includes elements representing hash values of the data fragments of the data stream on the different granularity levels, wherein a hash value for a data fragment on a higher granularity level is based on the hash values of the data fragments on a lower granularity level; receiving, by the verifier from the sender via the secure channel, a portion of the hash values of the data fragments from the hierarchical authentication structure; reconstructing, by the verifier, a top granularity level value of the hierarchical authentication structure by computing the hash values of the plurality of data fragments of the portion of the data stream received by the receiver from the sender via the unsecure channel and using the portion of the hash values received from the sender via the secure channel, and performing authentication of the portion of the data stream received by the verifier from the sender via the unsecure channel by comparing the reconstructed top granularity level value of the hierarchical authentication structure with the root of the generated hierarchical authentication structure signed with the digital signature, wherein an erasure code is used for transmitting partitions of the portion of the hash values received from the sender, and wherein the data stream is analyzed, and based on a result, the erasure code and/or the different granularity levels are determined. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for authenticating, using data transmitted via a secure channel, at least a portion of a data stream transmitted by a sender via an unsecure channel, the system comprising:
-
the sender, wherein the sender includes secure hardware storing a secret signing key; and a verifier, wherein the verifier includes a hardware processor, wherein the sender is configured to; analyze the data stream, and based on a result, determine an erasure code and/or different granularity levels of the data stream, generate a hierarchical authentication structure including elements representing hash values of data fragments of the data stream on different granularity levels, wherein the hash values for the data fragments on higher granularity levels are based on the hash values of data fragments on lower granularity levels, select at least a portion of the hash values of the hierarchical authentication structure for transmission, via the secure channel, to the verifier, transmit, to the verifier via the secure channel and using the erasure code, the selected portion of the hash values and a root of the hierarchical authentication structure signed with a digital signature corresponding to the secret signing key, transmit, to the verifier via the unsecure channel, the data stream, and wherein the verifier is configured to; receive, from the sender via the unsecure channel, the portion of the data stream transmitted by the sender, wherein the portion of the data stream transmitted by the sender includes a plurality of the data fragments on different granularity levels, receive, from the sender via the secure channel, the selected portion of the hash values of the data fragments and the root of the hierarchical authentication structure signed with the digital signature corresponding to the secret signing key, reconstruct a top granularity level value of the hierarchical authentication structure by computing the hash values of the plurality of the data fragments of the portion of the data stream received by the receiver from the sender via the unsecure channel and using the selected portion of the hash values transmitted by the sender via the secure channel, and authenticate the portion of the data stream by comparing the reconstructed top granularity level value of the hierarchical authentication structure with the root of the hierarchical authentication structure signed with the digital signature.
-
Specification