METHOD AND SYSTEM FOR ENCODING SIGNATURES TO AUTHENTICATE FILES
First Claim
1. A method for encoding authentication information in the filenames of computer files containing digital data, said method comprising:
- computing a hash value H0 by applying a master hash function to only the digital data comprised by a master computer file, said master computer file having an original filename;
computing a digital signature of the hash value H0 using a private key of a sender such that the digital signature of H0 has a predetermined fixed length;
generating a signed filename of the master computer file by encoding the computed digital signature of the hash value H0 in the original filename of the master computer file;
associating the signed filename of the master computer file with the master computer file;
computing a hash value H1 by applying a first hash function to only the digital data comprised by a first computer file, said first computer file having an original filename;
computing a digital signature of the hash value H1 using the private key of the sender;
generating a signed filename of the first computer file by encoding the computed digital signature of the hash value H1 in the original filename of the first computer file;
associating the signed filename of the first computer file with the first computer file; and
generating a composite computer file by attaching to the master computer file the first computer file and its associated signed filename; and
sending the composite computer file from the sender to a receiver.
4 Assignments
0 Petitions
Accused Products
Abstract
Method and system for verifying the authenticity and integrity of files transmitted through a computer network. Authentication information is encoded in the filename of the file. In a preferred embodiment, authentication information is provided by computing a hash value of the file, computing a digital signature of the hash value using a private key, and encoding the digital signature in the filename of the file at a predetermined position or using delimiters, to create a signed filename. Upon reception of a file, the encoded digital signature is extracted from the signed filename. Then, the encoded hash value of the file is recovered using a public key and extracted digital signature, and compared with the hash value computed on the file. If the decoded and computed hash values are identical, the received file is processed as authentic.
-
Citations
19 Claims
-
1. A method for encoding authentication information in the filenames of computer files containing digital data, said method comprising:
-
computing a hash value H0 by applying a master hash function to only the digital data comprised by a master computer file, said master computer file having an original filename;
computing a digital signature of the hash value H0 using a private key of a sender such that the digital signature of H0 has a predetermined fixed length;
generating a signed filename of the master computer file by encoding the computed digital signature of the hash value H0 in the original filename of the master computer file;
associating the signed filename of the master computer file with the master computer file;
computing a hash value H1 by applying a first hash function to only the digital data comprised by a first computer file, said first computer file having an original filename;
computing a digital signature of the hash value H1 using the private key of the sender;
generating a signed filename of the first computer file by encoding the computed digital signature of the hash value H1 in the original filename of the first computer file;
associating the signed filename of the first computer file with the first computer file; and
generating a composite computer file by attaching to the master computer file the first computer file and its associated signed filename; and
sending the composite computer file from the sender to a receiver. - View Dependent Claims (2, 3, 4)
-
-
5. A method for encoding authentication information in the filenames of computer files containing digital data, said method comprising:
-
computing a hash value H0 by applying a master hash function to only the digital data comprised by a master computer file, said master computer file having an original filename;
computing a digital signature of the hash value H0 using a private key of a sender;
generating a signed filename of the master computer file by encoding the computed digital signature of the hash value H0 in the original filename of the master computer file;
associating the signed filename of the master computer file with the master computer file;
computing a hash value H1 by applying a first hash function to only the digital data comprised by a first computer file, said first computer file having an original filename within a first link that points to the first computer file;
computing a digital signature of the hash value H1 using the private key of the sender;
generating a signed filename of the first computer file by encoding the computed digital signature of the hash value H1 in the original filename in the first link to transform the first link to a signed first link;
associating the signed first link with the first computer file; and
generating a composite computer file by attaching the signed first link to the master computer file; and
sending the composite computer file from the sender to a receiver. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method for authenticating information in the filenames of computer files containing digital data, said method comprising:
-
receiving, by a receiver from a sender, a composite computer file comprising a master computer file having an original filename and a first computer file having an original filename, wherein the master computer file in the composite computer file comprises an associated signed filename, wherein the first computer file in the composite computer file comprises an associated signed filename, wherein the first computer file is attached to the master computer file in the received composite computer file, wherein the signed filename associated with the master computer file comprises a master digital signature encoded in the original filename of the master computer file, wherein the master digital signature is a digital signature of a hash value H0 of a master hash function applied to only the digital data comprised by the master computer file subject to the digital signature of H0 having been computed using a private key of the sender, wherein the signed filename associated with the first computer file comprises a first digital signature encoded in the original filename of the first computer file, and wherein the first digital signature is a digital signature of a hash value H1 of a first hash function applied to only the digital data comprised by the first computer file subject to the digital signature of H1 having been computed using the private key of the sender;
extracting, by the receiver, the master digital signature from the signed filename associated with the master computer file in the received composite computer file;
recovering, by the receiver, the hash value H0 from the extracted master digital signature using a public key of the sender associated with the private key of the sender;
computing, by the receiver, a hash value H0□
of the master hash function applied to only the digital data comprised by the master computer file in the received composite computer file;
determining, by the receiver, that H0□
=H0 which authenticates the master computer file in the received composite computer file;
extracting, by the receiver, the first digital signature from the signed filename associated with the first computer file in the received composite computer file;
recovering, by the receiver, the hash value H1 from the extracted first digital signature using the public key of the sender associated with the private key of the sender;
computing, by the receiver, a hash value H1□
of the first hash function applied to only the digital data comprised by the first computer file in the received composite computer file;
determining, by the receiver, that H1□
=H1 which authenticates the first computer file in the received composite computer file. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for authenticating information in the filenames of computer files containing digital data, said method comprising:
-
receiving, by a receiver from a sender, a composite computer file comprising a master computer file having an original filename and a signed first link that points to a first computer file having an original filename, wherein the master computer file in the composite computer file comprises an associated signed filename, wherein the signed filename associated with the master computer file comprises a master digital signature encoded in the original filename of the master computer file, wherein the master digital signature is a digital signature of a hash value H0 of a master hash function applied to only the digital data comprised by the master computer file subject to the digital signature of H0 having been computed using a private key of the sender, wherein the signed first link comprises a first digital signature encoded in the original filename of the first computer file, and wherein the first digital signature is a digital signature of a hash value H1 of a first hash function applied to only the digital data comprised by the first computer file subject to the digital signature of H1 having been computed using the private key of the sender;
extracting, by the receiver, the master digital signature from the signed filename associated with the master computer file in the received composite computer file;
recovering, by the receiver, the hash value H0 from the extracted master digital signature using a public key of the sender associated with the private key of the sender;
computing, by the receiver, a hash value H0□
of the master hash function applied to only the digital data comprised by the master computer file in the received composite computer file;
determining, by the receiver, that H0□
=H0 which authenticates the master computer file in the received composite computer file;
extracting, by the receiver, the first digital signature from the signed first link in the received composite computer file;
recovering, by the receiver, the hash value H1 from the extracted first digital signature using the public key of the sender associated with the private key of the sender;
computing, by the receiver, a hash value H1□
of the first hash function applied to only the digital data comprised by the first computer file in the received composite computer file; and
determining, by the receiver, that H1□
=H1 which authenticates the first computer file pointed to by the signed first link in the received composite computer file. - View Dependent Claims (16, 17, 18, 19)
-
Specification