AUDIT-LOG INTEGRITY USING REDACTABLE SIGNATURES

US 20080104407A1
Filed: 10/31/2006
Published: 05/01/2008
Est. Priority Date: 10/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method of establishing the integrity of an audit record set, comprising:

receiving a set of audit records;

generating a first set of random values wherein each audit record in the audit record set corresponds to at least one of the first set of values;

generating a second set of values based on an audit record and a corresponding value of the first set of values for each audit record in the audit record set;

generating a summary value based on the second set of values;

certifying the summary value to generate an integrity certificate enabling verification of the integrity of the audit record set; and

storing the audit record set and at least one of the first set of values and the integrity certificate.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of establishing the integrity of an audit record set is described. The method comprises receiving a set of audit records and generating a first set of random values wherein each audit record in the set corresponds to at least one value of the first set. The method further comprises generating a second set of values based on an audit record and a corresponding value of the first set for each audit record in the set and generating a summary value based on the second set of values. The method further comprises certifying the summary value to generate an integrity certificate enabling verification of the integrity of the audit record set and storing the audit record set and at least one of the first set of values and the generated digital signature.

Citations

21 Claims

1. A method of establishing the integrity of an audit record set, comprising:
- receiving a set of audit records;
  
  generating a first set of random values wherein each audit record in the audit record set corresponds to at least one of the first set of values;
  
  generating a second set of values based on an audit record and a corresponding value of the first set of values for each audit record in the audit record set;
  
  generating a summary value based on the second set of values;
  
  certifying the summary value to generate an integrity certificate enabling verification of the integrity of the audit record set; and
  
  storing the audit record set and at least one of the first set of values and the integrity certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 19)
- - 2. The method of claim 1, wherein the certifying comprises applying at least a portion of at least one of:
    - a digital signature process and a time-stamp process.
  - 3. The method of claim 1, wherein the generating a first set of values comprises constructing a binary tree comprising leaf nodes corresponding to audit records of the audit record set.
  - 4. The method of claim 1, wherein the generating a first set of values comprises constructing a GGM tree.
  - 5. The method of claim 1, wherein the generating a second set of values comprises generating the second set of values using a commitment scheme based on a value from the first set of values and an audit record.
  - 6. The method of claim 1, wherein the generating a summary value comprises generating a summary value based on at least one value of the first set of values and an audit record of the audit record set corresponding to the at least one value of the first set of values.
  - 7. The method of claim 1, wherein the generating the summary value comprises generating a Merkle hash tree.
  - 8. The method of claim 1, wherein the receiving a set of audit records comprisesdetermining the audit record set based on a predetermined record threshold.
  - 9. The method of claim 1, wherein the generating a first set of values comprises at least one of randomly or pseudo-randomly generating the first set of values based on a seed value.
  - 10. The method of claim 1, further comprising:
    - receiving a second set of audit records;
      
      generating a third set of values in a deterministic manner wherein each audit record in the second audit record set corresponds to at least one of the third value set;
      
      generating a fourth set of values based on an audit record of the second audit record set and a corresponding value of the third value set for each audit record in the second audit record set;
      
      generating a second summary value based on the fourth set of values;
      
      certifying a combination of the second summary value and the certified first root value to generate a second integrity certificate verifying the integrity of the first and second audit record sets; and
      
      storing the second audit record set and at least one of the values of the third value set and the generated second digital signature.
  - 11. A verifiable audit record set comprising at least a subset of an audit record set, a first set of random values, and an integrity certificate generated according to the method of claim 1.
  - 19. A memory or a computer-readable medium storing instructions which, when executed by a processor, cause the processor to perform the method of claim 1.

12. A method of establishing audit record integrity for a redacted audit record set based on a verifiable audit record set, comprising:
- redacting an audit record from a verifiable audit record set comprising an integrity certificate and a first set of values, wherein each audit record in the audit record set corresponds to at least one of the first set of values;
  
  determining a first set of values corresponding to the remaining audit records after redaction of an audit record;
  
  determining a second set of values remaining corresponding to the redacted audit record; and
  
  storing the remaining first set of values and second set of values with the redacted audit record set and a integrity certificate of the verifiable audit record set.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, further comprising:
    - replacing the redacted audit record in the audit record set with a placeholder symbol.
  - 14. The method of claim 12, wherein the determining a first set of values remaining comprises determining a first set of values wherein each value is an intermediate node corresponding to at least one remaining audit record.
  - 15. The method of claim 12, wherein the determining a second set of values remaining comprises determining a second set of values wherein each value corresponds to at least one redacted audit record.
  - 16. The method of claim 15, wherein the determining a second set of values further comprises determining a second set of values wherein each value corresponds to a lowest level leaf node corresponding to one or more redacted audit records.

17. A method of verifying the integrity of a set of redacted audit records using a first set of values corresponding to a binary tree generated based on a seed value, a second set of values each generated based on a combination of at least one value from the first set of values and at least one audit record from the redacted audit record set, and an integrity certificate generated based on a verifiable audit record set from which the redacted audit record set originated, comprising:
- generating a third set of values, based on the first set of values, wherein each audit record corresponds to at least one value of the third set of values;
  
  generating a fourth set of values based on;
  
  (a) an audit record and a corresponding value from the third set of values and (b) the second set of values, for each audit record in the redacted audit record set;
  
  generating a summary value based on the generated fourth set of values; and
  
  generating a signal based on a result of applying a verification process to the generated summary value and the integrity certificate.
- View Dependent Claims (18, 20)
- - 18. The method of claim 17, wherein the verification process comprises applying at least a portion of at least one of:
    - a digital signature process and a time-stamp process.
  - 20. A memory or a computer-readable medium storing instructions which, when executed by a processor, cause the processor to perform the method of claim 17.

21. A system for establishing the integrity of an audit record set, comprising:
- a value generator arranged to generate a first value set comprising at least one of random and pseudo-random values corresponding to at least one audit record in the audit record set;
  
  a commitment generator communicatively coupled with the value generator and arranged to generate a second value set wherein each value of the second value set is based on applying a commitment scheme to an audit record of the audit record set and a value of the first value set corresponding to the audit record; and
  
  an authenticator value generator communicatively coupled with the commitment generator and arranged to generate a third value set based on the second value set and wherein the third value set comprises a summary value based on the second value set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Sander, Tomas, Haber, Stuart, Horne, William

Granted Patent

US 8,943,332 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/178
CPC Class Codes

G06F 21/33   using certificates

G06F 21/64   Protecting data integrity, ...

G06F 2221/2101   Auditing as a secondary aspect

AUDIT-LOG INTEGRITY USING REDACTABLE SIGNATURES

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

AUDIT-LOG INTEGRITY USING REDACTABLE SIGNATURES

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links