Lightweight authentication of information

US 20050091545A1
Filed: 02/24/2003
Published: 04/28/2005
Est. Priority Date: 03/04/2002
Status: Abandoned Application

First Claim

Patent Images

1. An information authentication method for authenticating items of information, said items of information containing lightweight authentication data relating to others of the items of information, and at least one or more of said items of information containing heavyweight authentication data respectively relating to themselves, the method comprising the steps of:

a) authenticating a first one of the items of information which contains heavyweight authentication data using said heavyweight authentication data;

b) authenticating another one of the items of information using the lightweight authentication data contained within the first item of information; and

c) iteratively repeating step b) using lightweight authentication data from the item of information which was authenticated in the previous iteration so as to authenticate one or more further of the items of information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method for linked data is provided, which does away with the conventional requirement for secure authentication of every item of data using public key encryption or Message Access Codes. A subscriber to an indexed event announcement channel can access a first item of information which contains pointers to other items of information in which the user might be interested. A hash value of the pointed-to information is also provided in addition to the pointers themselves. In order to provide for authentication of the pointed-to information, the user authenticates the first item of information using a secure heavyweight authentication technique, and then uses the hash values of the pointed-to information contained in the first item of information to authenticate the pointed-to information when the user accesses it.

Citations

39 Claims

1. An information authentication method for authenticating items of information, said items of information containing lightweight authentication data relating to others of the items of information, and at least one or more of said items of information containing heavyweight authentication data respectively relating to themselves, the method comprising the steps of:
- a) authenticating a first one of the items of information which contains heavyweight authentication data using said heavyweight authentication data;
  
  b) authenticating another one of the items of information using the lightweight authentication data contained within the first item of information; and
  
  c) iteratively repeating step b) using lightweight authentication data from the item of information which was authenticated in the previous iteration so as to authenticate one or more further of the items of information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19)
- - 2. A method according to claim 1, wherein the items of information form part of a linked graph of items of information, the linked graph comprising x layers of items of information, where x is a real number greater than 3, and wherein each item of information in layer n, where n<
    - x, respectively contains;
      
      link information referring to one or more further items of information in layer n+1; and
      
      lightweight authentication data respectively relating to the or each of the referred items of information in layer n+1;
      
      wherein step b) further comprises;
      
      d) authenticating the or each accessed items of information in the n+1th layer using the respective lightweight authentication data contained in the item of information in layer n which referred to the or each accessed items of information in the n+1th layer;
      
      and step c) further comprises setting n=n+1 at the start of each iteration until n+1=x.
  - 3. A method according to claim 1, wherein each piece of lightweight authentication data is a hash value derived from a hash function which takes the respective item of information to which a particular piece of lightweight authentication data relates as an argument, and wherein the authentication step b) comprises computing the hash value of the other item of information using the hash function, and comparing said computed hash value with the respective hash value represented by the lightweight authentication data.
  - 4. A method according to claim 3, wherein the hash function comprises a one-way function applied one or more times.
  - 5. A method according to claim 1, wherein the items of information comprise a first item of information, and other items of information, the other items of information being time-variant versions of the first item of information.
  - 6. A method according to claim 1, wherein the lightweight authentication data for any particular item of information is a hash value generated by a hash function which takes as its argument the lightweight authentication data from the next item of information in time.
  - 7. A method according to claim 1, wherein the heavyweight authentication data is a digital signature generated using public key cryptography.
  - 8. A method according to any of claim 1, wherein the heavyweight authentication data comprises a plurality of signature values each generated using a pseudorandom function which takes as its arguments the item of information to which the data relates and a respectively different key for each signature value.
  - 9. A method according to claim 1, wherein the items of information are index messages transmitted from one or more index message servers.
  - 19. A computer program or suite of programs comprising instructions which when executed on a computer cause the computer to operate in accordance with the method steps of claim 1.

10. A method of generating authenticable items of information which contain heavyweight authentication data relating to themselves, and lightweight authentication data relating to other such items of information, comprising the steps of:
- a) generating lightweight authentication data specific to one or more of the other such of items of information;
  
  b) compiling a new item of information comprising the lightweight authentication data;
  
  c) generating heavyweight authentication data relating to the new item of information; and
  
  d) including the heavyweight authentication data as part of the new item of information.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. A method according to claim 10, wherein the items of information form part of a linked graph of items of information, and each item of information which links to one or more other items of information contains:
    - link information to those one or more linked items of information; and
      
      lightweight authentication data relating to the or each linked item of information.
  - 12. A method according to claim 11, wherein each piece of lightweight authentication data is a hash value derived from a hash function which takes the item of information to which a particular piece of lightweight authentication data relates as an argument, and wherein the generating step a) comprises computing the hash values using the hash of the or each of the linked items of information.
  - 13. A method according to claim 12, wherein the hash function comprises a one-way function applied one or more times.
  - 14. A method according to claim 10, wherein the items of information comprise a first item of information, and other items of information, the other items of information being time-variant versions of the first item of information.
  - 15. A method according to claim 10, and further comprising the steps of generating a chain of hash values by repeatedly applying a hash function to an item of starting data m, wherein the lightweight authentication data for any particular item of information is the hash value from the chain of hash values which preceded within the chain the hash value which was used as the lightweight authentication data for the previously generated item of information.
  - 16. A method according to claim 10, wherein the heavyweight authentication data is a digital signature generated using public key cryptography.
  - 17. A method according to claim 10, wherein the heavyweight authentication data comprises a plurality of signature values each generated using a pseudorandom function which takes as its arguments the item of information to which the data relates and a respectively different key for each signature value.
  - 18. A method according to claim 10, wherein the items of information are index messages received from one or more index message servers;
    - and the new item of information is an index message to be transmitted from an index server.

22. An apparatus for authenticating items of information, said items of information containing lightweight authentication data relating to others of the items of information, and at least one or more of said items of information containing heavyweight authentication data respectively relating to themselves, the apparatus comprising:
- a) heavyweight authentication means for authenticating a first one of the items of information which contains heavyweight authentication data using said heavyweight authentication data; and
  
  b) lightweight authentication means for authenticating another one of the items of information using the lightweight authentication data contained within the first item of information;
  
  wherein said lightweight authentication means is further arranged to iteratively repeat its operation using lightweight authentication data from the item of information which was authenticated in the previous iteration so as to authenticate one or more further of the items of information.
- View Dependent Claims (20, 21, 23, 24, 25, 26, 27, 28, 29, 30)
- - 20. A computer-readable storage medium storing a computer program or at least one of the suite of programs according to claim 29.
  - 21. An electric or electromagnetic signal embodying information representing the computer program or at least one of the suite of programs according to claim 29.
  - 23. An apparatus according to claim 22, wherein the items of information form part of a linked graph of items of information, the linked graph comprising x layers of items of information, where x is a real number greater than 3, and wherein each item of information in layer n, where n<
    - x, respectively contains;
      
      link information referring to one or more further items of information in layer n+1; and
      
      lightweight authentication data respectively relating to the or each of the referred items of information in layer n+1;
      
      wherein the lightweight authentication means is further arranged to authenticate the or each accessed items of information in the n+1th layer using the respective lightweight authentication data contained in the item of information in layer n which referred to the or each accessed items of information in the n+1th layer;
      
      and further comprises counter means arranged in use to set n=n+1 at the start of each iteration until n+1=x.
  - 24. A method according to claim 22, wherein each piece of lightweight authentication data is a hash value derived from a hash function which takes the respective item of information to which a particular piece of lightweight authentication data relates as an argument, and wherein the lightweight authentication means further comprises:
    - computing means for computing the hash value of the other item of information using the hash function; and
      
      comparing means for comparing said computed hash value with the respective hash value represented by the lightweight authentication data.
  - 25. An apparatus according to claim 24, wherein the hash function comprises a one-way function applied one or more times.
  - 26. An apparatus according to claim 22, wherein the items of information comprise a first item of information, and other items of information, the other items of information being time-variant versions of the first item of information.
  - 27. An apparatus according to claim 22, wherein the lightweight authentication data for any particular item of information is a hash value generated by a hash function which takes as its argument the lightweight authentication data from the next item of information in time.
  - 28. An apparatus according to claim 22, wherein the heavyweight authentication data is a digital signature generated using public key cryptography.
  - 29. An apparatus according to claim 22, wherein the heavyweight authentication data comprises a plurality of signature values each generated using a pseudorandom function which takes as its arguments the item of information to which the data relates and a respectively different key for each signature value.
  - 30. An apparatus according to claim 22, wherein the items of information are index messages transmitted from one or more index message servers.

31. An apparatus for generating authenticable items of information which contain heavyweight authentication data relating to themselves, and lightweight authentication data relating to other such items of information, the apparatus comprising:
- a) lightweight authentication data generating means arranged in use to generate lightweight authentication data specific to one or more of the other such of items of information;
  
  b) an information compiler arranged to compile a new item of information comprising the lightweight authentication data; and
  
  c) heavyweight authentication data generating means for generating heavyweight authentication data relating to the new item of information;
  
  said information compiler being further arranged to include the heavyweight authentication data as part of the new item of information.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
- - 32. An apparatus according to claim 31, wherein the items of information form part of a linked graph of items of information, and each item of information which links to one or more other items of information contains:
    - link information to those one or more linked items of information; and
      
      lightweight authentication data relating to the or each linked item of information.
  - 33. An apparatus according to claim 32, wherein each piece of lightweight authentication data is a hash value derived from a hash function which takes the item of information to which a particular piece of lightweight authentication data relates as an argument, and wherein the lightweight authentication data generating means further comprises computing means for computing the hash values using the hash of the or each of the linked items of information.
  - 34. An apparatus according to claim 33, wherein the hash function comprises a one-way function applied one or more times.
  - 35. An apparatus according to claim 31, wherein the items of information comprise a first item of information, and other items of information, the other items of information being time-variant versions of the first item of information.
  - 36. An apparatus according to claim 31, wherein the lightweight authentication data generating means is arranged to generate a chain of hash values by repeatedly applying a hash function to an item of starting data m, wherein the lightweight authentication data for any particular item of information is the hash value from the chain of hash values which preceded within the chain the hash value which was used as the lightweight authentication data for the previously generated item of information.
  - 37. An apparatus according to claim 31, wherein the heavyweight authentication data is a digital signature generated using public key cryptography.
  - 38. (currently amended) An apparatus according to any of claims 31 to 36claim 31, wherein the heavyweight authentication data comprises a plurality of signature values each generated using a pseudorandom function which takes as its arguments the item of information to which the data relates and a respectively different key for each signature value.
  - 39. An apparatus according to any claim 31, wherein the items of information are index messages received from one or more index message servers;
    - and the new item of information is an index message to be transmitted from an index server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Soppera, Andrea

Application Number

US10/506,180
Publication Number

US 20050091545A1
Time in Patent Office

Days
Field of Search
US Class Current

726/19
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

Lightweight authentication of information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Lightweight authentication of information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links