Secure file verification station for ensuring data integrity

US 20030188180A1
Filed: 03/28/2002
Published: 10/02/2003
Est. Priority Date: 03/28/2002
Status: Abandoned Application

First Claim

Patent Images

1. A secure file verification station for verifying data integrity of a data file comprising:

a secure memory unit for receiving the data file from a trusted source and for securely storing the data file;

a processor coupled to the secure memory unit configured to generate a unique encryption key for the data file, to apply hashing functions to the data file and to apply encryption and decryption functions that use the unique encryption key derived from the data file; and

a network interface for transmitting the data file and encrypted data derived from the data file over a network to at least one client and for receiving the data file from the at least one client subsequently, wherein the processor verifies data integrity of the data file subsequently received from the at least one client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure file verification station receives and stores a data file received from a trusted source. The verification station applies a hashing function to the data file, and then encrypts the hash using a unique symmetric encryption key derived from a seed value that is maintained securely within the verification station. The encrypted hash is then appended to the data file. The station is networked to client workstations to which it delivers data files. To verify the integrity of a data file it has received from the verification station, a client workstation sends back the data file to the station, where the encrypted hash is decrypted using the unique symmetric key that is again generated from the seed value. A recomputed hash of the data is compared to the decrypted hash value. If the two hash values are equal, the integrity of the data is verified; otherwise the file has been modified in some way. The verification station sends a message to the client workstation indicating whether or not the integrity of the data file has been verified.

Citations

28 Claims

1. A secure file verification station for verifying data integrity of a data file comprising:
- a secure memory unit for receiving the data file from a trusted source and for securely storing the data file;
  
  a processor coupled to the secure memory unit configured to generate a unique encryption key for the data file, to apply hashing functions to the data file and to apply encryption and decryption functions that use the unique encryption key derived from the data file; and
  
  a network interface for transmitting the data file and encrypted data derived from the data file over a network to at least one client and for receiving the data file from the at least one client subsequently, wherein the processor verifies data integrity of the data file subsequently received from the at least one client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The secure file verification station of claim 1, wherein the encryption key is a symmetric key.
  - 3. The secure file verification station of claim 2, wherein the encryption and decryption functions are based on elliptical curves.
  - 4. The secure file verification station of claim 1, wherein the secure memory unit stores a seed value for generating the encryption key for the data file, and the processor generates a unique symmetric key for the data file based on the seed value and information specific to the data file.
  - 5. The secure file verification station of claim 4, wherein the seed value is 1024 bits in length.
  - 6. The secure file verification station of claim 4, further comprising:
    - a secure serial connection coupled to the secure memory unit operable by a secure mechanism through which an authorized operator can modify the seed value stored in the secure memory unit.
  - 7. The secure file verification station of claim 1, wherein the processor generates a message for transmission to the at least one client over the network indicating whether the data integrity of the data file has been verified.
  - 8. The secure file verification station of claim 7, wherein the processor computes an encrypted hash digest and appends the encrypted hash digest to the data file before the data file is transmitted to the at least one client.
  - 9. The secure file verification station of claim 8, wherein the processor verifies data integrity of the data file by decrypting the encrypted hash digest appended to the data file and comparing a new hash digest for the data file with the decrypted hash digest derived from the received file.

10. A mass spectrometry instrumental system coupled to at least one client workstation over a network comprising:
- an analyte ion source;
  
  a mass spectrometer for receiving analyte ions from the analyte ion source and selecting specific ions among the analyte ions for transmission;
  
  an ion detector for detecting the selected ions and transmitting an electrical signal in response to detection;
  
  a data acquisition and analysis unit for receiving signals transmitted by the ion detector, analyzing the received signals, and producing data files containing results of analysis and identification information; and
  
  a secure file verification station coupled to the data acquisition and analysis unit and to the at least one client over the network for transmitting data files to the at least one client and for verifying integrity of data files received from the at least one client.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The mass spectrometry instrumental system of claim 10, wherein the secure file verification station is situated within the data acquisition and analysis unit and includes:
    - a secure memory unit for receiving the data file from the data acquisition and analysis unit and for securely storing the data file; and
      
      a processor coupled to the secure memory unit configured to generate a unique encryption key for the data file, to apply hashing functions to the data file and to apply encryption and decryption functions that use the unique encryption key derived from the data file.
  - 12. The mass spectrometry instrumental system of claim 10, wherein the secure file verification system is a securely maintained dedicated server remotely located from the data acquisition and analysis system.
  - 13. The mass spectrometry instrumental system of claim 11, wherein the secure memory unit stores a seed value for generating the encryption key for the data file, and the processor generates a unique symmetric key for the data file based on the seed value and the identification information in the data file.
  - 14. The mass spectrometry instrumental system of claim 13, wherein the encryption and decryption functions are based on elliptic curves.
  - 15. The mass spectrometry instrumental system of claim 14, wherein the processor computes an encrypted hash digest, appends the encrypted hash digest to the data file before the data file is transmitted to the at least one client, and verifies data integrity of the data file by decrypting the encrypted digest and comparing a new hash digest computed for the data file with the decrypted hash digest derived from the received file.

16. A method of verifying data integrity of a data file having a content portion and a header portion at a secure file verification station at which a seed value is securely stored, the method comprising:
- encrypting data from the data file using a unique symmetric key derived in part from the seed value;
  
  transmitting the data file with the encrypted data to at least one client workstation;
  
  upon a verification request, receiving the data file back from the at least one client workstation;
  
  decrypting the encrypted data from the data file; and
  
  verifying data integrity of the data file based on the decrypted data and the content portion of the received data file.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 17. The method of claim 16, further comprising:
    - hashing the content portion of the data file to generate a first hash key.
  - 18. The method of claim 17, wherein the first hash key is 160 bits in length.
  - 19. The method of claim 17, further comprising:
    - generating a unique symmetric encryption key for the data file based on the seed value and information in the header portion of the data file, wherein the unique symmetric key is not stored on any non-volatile storage medium.
  - 20. The method of claim 19, further comprising:
    - synchronizing the seed value with information in the header portion of the data file using XOR combination.
  - 21. The method of claim 17, further comprising:
    - encrypting a hash key using the unique symmetric key; and
      
      appending the encrypted hash key to the data file.
  - 22. The method of claim 21, further comprising:
    - mapping the first hash key onto a second hash key approximately 2.5 times longer than the first hash key;
      
      encrypting the second hash key using the unique symmetric key; and
      
      appending the second hash key to the data file.
  - 23. The method of claim 22, further comprising:
    - encrypting the second hash key using an encryption function based on elliptic curves.
  - 24. The method of claim 22, wherein the first hash key is mapped onto the second hash key using XOR combination.
  - 25. The method of claim 21, further comprising:
    - after receiving the data file back from the at least one client workstation, regenerating the unique symmetric key based on the seed value and information in the header portion of the data file.
  - 26. The method of claim 25, further comprising:
    - generating a new hash key from the content portion of the received data file.
  - 27. The method of claim 26, further comprising:
    - decrypting the encrypted hash key appended to the data file to recover an original hash key; and
      
      comparing the original hash key with the new hash key;
      
      determining that data integrity is verified when the original hash key is equal to the new hash key, and making an opposite determination when the original hash key is not equal to the new hash key.
  - 28. The method of claim 27, further comprising:
    - sending a message to the at least one client workstation indicating whether data integrity of the data file has been verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Agilent Technologies, Inc.
Original Assignee
Agilent Technologies, Inc.
Inventors
Overney, Gregor T.

Application Number

US10/112,473
Publication Number

US 20030188180A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

H04L 9/0869   involving random numbers or...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/3236   using cryptographic hash fu...

Secure file verification station for ensuring data integrity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Secure file verification station for ensuring data integrity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links