Systems and Methods for Authenticating and Protecting the Integrity of Data Streams and Other Data
First Claim
1. A method for encoding and authenticating a streamed transmission of an electronic file, the method including:
- generating a progression of check values, each check value in the progression being derived from at least one other check value in the progression and from a hash of a portion of the electronic file;
encrypting a root check value in the progression of check values;
transmitting the electronic file and the progression of check values to a user'"'"'s system via a data stream; and
receiving and authenticating the data stream, including;
receiving the root check value;
decrypting the root check value; and
using the decrypted root check value and one or more received check values in the progression of check values to authenticate portions of the data stream, whereby portions of the data stream are authenticated before the entire electronic file and the entire progression of check values are received by the user'"'"'s system.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain'"'"'s security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file.
107 Citations
14 Claims
-
1. A method for encoding and authenticating a streamed transmission of an electronic file, the method including:
-
generating a progression of check values, each check value in the progression being derived from at least one other check value in the progression and from a hash of a portion of the electronic file; encrypting a root check value in the progression of check values; transmitting the electronic file and the progression of check values to a user'"'"'s system via a data stream; and receiving and authenticating the data stream, including; receiving the root check value; decrypting the root check value; and using the decrypted root check value and one or more received check values in the progression of check values to authenticate portions of the data stream, whereby portions of the data stream are authenticated before the entire electronic file and the entire progression of check values are received by the user'"'"'s system. - View Dependent Claims (2)
-
-
3. A method for encoding and authenticating a data block in a fault-tolerant fashion, the method including:
-
(1) encoding the data block, the encoding including; (a) hashing a first portion of the data block to obtain a first hash value; (b) hashing a combination of the first hash value and a first verification value to obtain a second verification value, wherein the first verification value is derived, at least in part, from a hashed portion of the data block and a third verification value; (c) encrypting the second verification value; (2) transmitting an encoded data stream to a receiver, wherein the encoded data stream includes the encrypted second verification value, the first hash value, the first portion of the data block, and the first verification value; and (3) receiving the encoded data stream and verifying its integrity, including; (a) receiving the encrypted second verification value; (b) decrypting the encrypted second verification value; (c) receiving the first hash value, a first portion of the encoded data stream, and the first verification value; (d) hashing the first portion of the encoded data stream to obtain a first re-computed hash; (e) comparing the first re-computed hash with the first hash value, and, if the first re-computed hash is not equal to the first hash value, hashing a combination of the first hash value and the first verification value to obtain a first calculated hash value; and (f) comparing the second verification value with the first calculated hash value, and, if the second verification value is equal to the first calculated hash value, releasing the first portion of the encoded data stream for use.
-
-
4. A method for encoding and authenticating a data block, the method including:
-
(1) generating a chain of data verification values, including; (a) hashing a first sub-block of the data block to obtain a first hash value; (b) hashing a combination of the first hash value and a first verification value to obtain a second verification value; (c) hashing a second sub-block of the data block to obtain a second hash value; (d) hashing a combination of the second hash value and a third verification value to obtain a fourth verification value, wherein the third verification value is derived, at least in part, from the second verification value; (e) generating a digital signature by signing the fourth verification value using a first cryptographic key; (2) transmitting an encoded data stream to a receiver, the encoded data stream including the digital signature, the second sub-block, the third verification value, the second verification value, the first sub-block, and the first verification value; and (3) receiving and verifying the integrity of the encoded data stream, including; (a) receiving the digital signature; (b) using a second cryptographic key to unsign the digital signature to obtain the fourth verification value; (c) receiving a first portion of the encoded data stream and the third verification value; (d) hashing the first portion of the encoded data stream to obtain a first received hash value; (e) hashing a combination of the first received hash value and the third verification value to obtain a first calculated hash; (f) comparing the fourth verification value with the first calculated hash; (g) releasing the first portion of the encoded data stream for use if the fourth verification value is equal to the first calculated hash; (h) receiving the second verification value; (i) verifying that the second verification value is securely derived from the third verification value; (j) receiving a second portion of the encoded data stream and the first verification value; (k) hashing the second portion of the encoded data stream to obtain a second received hash value; (l) hashing a combination of the second received hash value and the first verification value to obtain a second calculated hash; (m) comparing the second verification value with the second calculated hash; and (n) releasing the second portion of the encoded data stream for use if the second verification value is equal to the second calculated hash. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14-74. -74. (canceled)
Specification