Systems and methods for authenticating and protecting the integrity of data streams and other data

US 20050235154A1
Filed: 04/22/2005
Published: 10/20/2005
Est. Priority Date: 06/08/1999
Status: Active Grant

First Claim

Patent Images

1-74. -74. (canceled)

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain'"'"'s security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file.

234 Citations

94 Claims

1-74. -74. (canceled)

75. A method for encoding and transmitting a digital file in a manner designed to facilitate authentication of a streamed transmission of the file, the method including:
- generating a progression of check values, each check value in the progression being derived from at least one other check value in the progression and from a transformed portion of the file;
  
  transmitting the digital file and the progression of check values to a user'"'"'s system, whereby the user'"'"'s system is able to receive portions of the file and to use one or more received check values to authenticate said portions of the file before the entire file is received.
- View Dependent Claims (76, 77, 78)
- - 76. The method of claim 75, further including:
    - encrypting a final check value in the progression of check values;
      
      inserting the encrypted final check value in proximity to the beginning of the streamed transmission of the file.
  - 77. The method of claim 75, in which the transformed portion of the file comprises a hashed portion of the file.
  - 78. The method of claim 77, further including:
    - inserting a plurality of hash values into the streamed transmission of the file, each hash value comprising a hash of a portion of the file, and each hash value being inserted in proximity to the portion of the file to which it corresponds.

79. A computer program product for encoding a data block in a manner designed to facilitate authentication of a streamed transmission of the data block, the computer program product including:
- (a) computer code for generating a progression of data check values, wherein each data check value is derived, at least in part, from (i) at least one other data check value in the progression, and (ii) a hash of a portion of the data block;
  
  (b) computer code for encoding the data block by inserting each data check value into the data block in proximity to a portion of the data block to which the data check value corresponds;
  
  (c) computer code for sending a streamed transmission of the encoded data block to a user'"'"'s system, whereby the user'"'"'s system is able to receive and authenticate portions of the streamed transmission before all of the data block is received; and
  
  (d) a computer readable medium for storing the computer codes.
- View Dependent Claims (80, 81, 82, 83)
- - 80. The computer program product of claim 79, further including:
    - (a)(1) computer code for digitally signing at least a root data check value in the progression of data check values.
  - 81. The computer program product of claim 79, in which the computer readable medium is one of:
    - CD-ROM, DVD, MINIDISC, floppy disk, magnetic tape, flash memory, ROM, RAM, system memory, hard drive, optical storage, and a data signal embodied in a carrier wave.
  - 82. The computer program product of claim 79, in which at least one data check value comprises a hash of a combination of (i) at least one other data check value, and (ii) a hash of a portion of the data block.
  - 83. The computer program product of claim 79, further including:
    - computer code for encrypting a final data check value in the progression of data check values; and
      
      computer code for inserting the final data check value into the data block.

84. A computer program product for verifying the integrity of a block of data, the computer program product including:
- computer code for receiving a first portion of the block of data, and for receiving first and second check values in a chain of check values, wherein each check value in the chain is derived from a corresponding transformed portion of the block of data and from at least one other check value in the chain;
  
  computer code for verifying the integrity of the first portion of the block of data and the second check value using, at least in part, the first check value;
  
  computer code for allowing at least one use of the first portion of the block of data if the integrity of said first portion is successfully verified; and
  
  a computer readable medium for storing the computer codes.
- View Dependent Claims (85, 86, 87, 88, 89, 90)
- - 85. The computer program product of claim 84, in which the first check value is digitally signed, and in which the computer code for verifying the integrity of the first portion of the block of data and the second check value includes computer code for unsigning the first check value.
  - 86. The computer program product of claim 84, in which each transformed portion of the block of data is obtained by hashing said portion of the block of data.
  - 87. The computer program product of claim 84, further including:
    - computer code for receiving a first transformed value corresponding to the first portion of the block of data; and
      
      computer code for using the first transformed value and the first check value to verify the integrity of the second check value.
  - 88. The computer program product of claim 87, further including:
    - computer code for allowing at least one use of the first portion of the block of data if verification of the integrity of less than a predefined number of portions of the block of data has failed.
  - 89. The computer program product of claim 87, in which the first transformed value comprises a hash of the first portion of the block of data.
  - 90. The computer program product of claim 84, in which the at least one use of the first portion of the block of data is selected from a group consisting of:
    - sending the first portion of the block of data to a speaker system;
      
      displaying the first portion of the block of data on a viewing device;
      
      printing the first portion of the block of data; and
      
      storing the first portion of the block of data on a computer readable medium.

91. A method for authenticating data, the method including:
- (a) receiving a first sub-block of the data, a first error-check value, a first check value, and a second check value, wherein the first check value and the second check value form part of a progression of check values associated with the data, each check value in the progression being derived, at least in part, from (i) a sub-block of the data, and (ii) at least one other check value in the progression;
  
  (b) using the first error-check value to detect a corruption of the integrity of the first sub-block;
  
  (c) recording the detection of the corruption; and
  
  (d) using the first check value and the first error-check value to verify the integrity of the second check value.
- View Dependent Claims (92, 93, 94)
- - 92. The method of claim 91, further including:
    - (e) receiving a second sub-block of the data;
      
      (f) using the second check value to verify the integrity of the second sub-block.
  - 93. The method of claim 91, wherein each check value in the progression is derived, at least in part, from a transformed sub-block of the data.
  - 94. The method of claim 91, in which the first error-check value comprises a hash of the first sub-block of the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PLS IV, LLC (Pretium Partners, LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Serret-Avila, Xavier

Granted Patent

US 7,340,602 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2149   Restricted operating enviro...

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 2209/603   Digital right managament [DRM]

H04L 63/0428   wherein the data content is...

H04L 9/3236   using cryptographic hash fu...

H04L 9/50   using hash chains, e.g. blo...

Systems and methods for authenticating and protecting the integrity of data streams and other data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

234 Citations

94 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for authenticating and protecting the integrity of data streams and other data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

234 Citations

94 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links