Content authentication for digital media based recording devices
First Claim
1. A method, in a data processing system which comprises a recording device and a certificate authority terminal, of determining if a file is modified or not, said method comprising the steps of:
- generating a first public key and a first private key by the recording device;
transferring the first public key to the certificate authority terminal by the recording device;
encoding a certificate including the first public key received from the recording device by using a second private key by the certificate authority terminal;
transferring the encoded certificate to the recording device by the certificate authority terminal;
hashing said file to provide a digital signature by using the first private key in the recording device;
attaching the certificate received from the certificate authority terminal and the digital signature to said file in the recording device; and
distributing to a client terminal said file as a communication package assimilated at least said file, the digital signature and the certificate by the recording device.
1 Assignment
0 Petitions
Accused Products
Abstract
Recording apparatus (100) is described that provides for content authentication. The apparatus (100) has a first storage media (109) for storing at least a digital certificate (115) and a pair of cryptographic keys comprising a private key (113), and a public key (114) corresponding to the private key. A recording arrangement (150, 101-105) operates to record event data (112) and a second storage media (108) is configured for storing at least the recorded event data. A signing processor (107) generates a digital signature (118) using at least the stored private key (113) and the recorded event data (112). A controller (160) is arranged to cause the apparatus to supply the stored public key (114) to a certificate generating authority (560), store (119) the digital certificate (115) in at least the second storage media (108), the certificate being formed using the public key (114) and supplied to the apparatus from the certificate generating authority (560), and to record the event data (112) and to associate a digital signature (118) generated by the signing processor (107) with the event data (112), thus forming an authenticable communications package (120). Also disclosed is method of authenticating recorded data received by way of the communication package (120). The method includes verifying (417) the certificate (119) using a public key (415) of the certifying authority (560), and verifying (411) the digital signature (118) and the public key (114, 413) of the apparatus (100). If both the certificate (119) and the signature (118) positively verify, the recorded event data (112) is said to be authentic.
-
Citations
10 Claims
-
1. A method, in a data processing system which comprises a recording device and a certificate authority terminal, of determining if a file is modified or not, said method comprising the steps of:
-
generating a first public key and a first private key by the recording device;
transferring the first public key to the certificate authority terminal by the recording device;
encoding a certificate including the first public key received from the recording device by using a second private key by the certificate authority terminal;
transferring the encoded certificate to the recording device by the certificate authority terminal;
hashing said file to provide a digital signature by using the first private key in the recording device;
attaching the certificate received from the certificate authority terminal and the digital signature to said file in the recording device; and
distributing to a client terminal said file as a communication package assimilated at least said file, the digital signature and the certificate by the recording device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A processing system for determining if a file is modified or not, includes a recording device and a certificate authority terminal, said system comprising:
-
said recording device comprising;
a generator for generating a first public key and a first private key; and
a first transmitter for transferring the first public key to the certificate authority terminal;
said certificate authority terminal comprising;
an encoder for encoding a certificate including the first public key received from the recording device by using a second private key; and
a second transmitter for transferring the encoded certificate to the recording device;
said recording device further comprising;
a provider for hashing said file to provide a digital signature by using the first private key;
attaching means for attaching the certificate received from the certificate authority terminal and the digital signature to said file; and
a distributor for distributing to a client terminal said file as a communication package assimilated at least said file, the digital signature and the certificate.
-
-
7. Apparatus comprising:
-
first storage media for storing at least a digital certificate and a pair of cryptographic keys comprising a private key, and a public key corresponding to said private key;
a recording arrangement for recording event data;
second storage media for storing at least said recorded event data;
a signing processor for generating a digital signature using at least said stored private key and said recorded event data; and
a controller arranged to cause said apparatus to;
(i) supply said stored public key to a certificate generating authority;
(ii) store said digital certificate in at least said second storage media, said certificate being formed using said public key and supplied to said apparatus from said certificate generating authority; and
(iii) record event data and to associate a digital signature generated by said signing processor with said event data.
-
-
8. A device for processing data intended for subsequent authentication, said device comprising:
-
means for receiving a digital certificate generated from a private key of a certifying authority and incorporating a public key of said device;
means for generating a digital signature for said data and a private key of said device, said private key of said device complementing said public key of said device to collectively form a device key-pair; and
means for associating said data, said certificate and said digital signature as a communication package for transfer from said device.
-
-
9. A method, in a recording device, of determining if a file is modified or not, said method comprising the steps of:
-
generating a first public key and a first private key;
transferring the first public key to a certificate authority terminal;
hashing said file to provide a digital signature by using the first private key;
attaching a certificate received from the certificate authority terminal and the digital signature to said file; and
distributing to a client terminal said file as a communication package assimilated at least said file, the digital signature and the certificate by the recording device, wherein the certificate received from the certificate authority includes the first public key and is encoded by using a second private key generated in the certificate authority terminal.
-
-
10. A storage medium storing a program for executing a process of determining if a file is modified or not, said program comprising the step of:
-
generating a first public key and a first private key;
transferring the first public key to a certificate authority terminal;
hashing said file to provide a digital signature by using the first private key;
attaching a certificate received from the certificate authority terminal and the digital signature to said file; and
distributing to a client terminal said file as a communication package assimilated at least said file, the digital signature and the certificate by the recording device, wherein the certificate received from the certificate authority includes the first public key and is encoded by using a second private key generated in the certificate authority terminal.
-
Specification
-
- Resources
-
Current AssigneeCanon Kabushiki Kaisha (Canon Inc.)
-
Original AssigneeCanon Kabushiki Kaisha (Canon Inc.)
-
InventorsTonisson, Alan Valev
-
Application NumberUS10/315,033Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/156CPC Class CodesG11B 20/00086 Circuits for prevention of ...G11B 20/00166 involving measures which re...G11B 20/0021 involving encryption or dec...G11B 20/00855 involving a step of exchang...H04L 2209/60 Digital content management,...H04L 2209/805 Lightweight hardware, e.g. ...H04L 9/321 involving a third party or ...H04L 9/3247 involving digital signaturesH04L 9/3263 involving certificates, e.g...
