Method for protecting a volatile file using a single hash

US 5,694,569 A
Filed: 06/05/1995
Issued: 12/02/1997
Est. Priority Date: 11/19/1993
Status: Expired due to Term

First Claim

Patent Images

1. A method for protecting a collection of a plurality of discrete data units which are modified from time to time by an associated data processing system comprising the steps of:

obtaining an individual hash value for each of the discrete data units by performing a hash operation using at least the data value portion of the data unit which is to be protected; and

aggregating said individual hash values into an aggregate hash value for said collection using a function which permits the independent inclusion and deletion of each individual hash value from the aggregate hash value.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed methodology permits an insecure computing system to safely perform high security electronic financial transactions. The present invention permits the hash of a file to be taken on an incremental basis. It permits any part of the file to be changed while allowing a new aggregate hash to be computed based on the revised file portion and the prior total hash. The aggregate hash is readily updatable with each record revision without having to recompute the hash of the entire file in accordance with conventional techniques. These objectives are accomplished using two functions. The first function is an effective one-way hash function "H" for which it is computationally impossible to find two data values that hash to the same result. The second function is a commutative and associative function "F" (and inverse "Finv") and provides a mechanism for combining the aggregate hash and the hash of updated records. Examples of these latter functions include exclusive OR ("XOR") and arithmetic addition. The hash of each file record and the hash of an identification of the record (i.e., a record number or key) are combined using a function ("F") whereby individual records may be extracted using the inverse of that function (Finv). In this fashion, an individual record may be extracted from the aggregate hash and updated. Each record is represented by its identification hashed together with its data content. All such record hashs are added together to provide a highly secure integrity check. This aggregate hash covers the entire database such that the tampering (or rearranging) of any data record is revealed by the use of the record identifier (i.e., record number) in the hash calculation due to its impact on the aggregate hash (e.g., the sum).

Citations

43 Claims

1. A method for protecting a collection of a plurality of discrete data units which are modified from time to time by an associated data processing system comprising the steps of:
- obtaining an individual hash value for each of the discrete data units by performing a hash operation using at least the data value portion of the data unit which is to be protected; and
  
  aggregating said individual hash values into an aggregate hash value for said collection using a function which permits the independent inclusion and deletion of each individual hash value from the aggregate hash value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A method according to claim 1, further including the step of deleting an individual hash value using the inverse of said function.
  - 3. A method according to claim 1, further including the step of including as part of the data to be hashed for each data unit, indicia which distinguishes the relative order of each data unit from the other data units.
  - 4. A method according to claim 1, further including the steps ofupdating one of said discrete data units, andoperating on said aggregate hash value using the inverse of said function.
  - 5. A method according to claim 1, wherein said indicia is a key value used to associatively index said discrete data units.
  - 6. A method according to claim 1, wherein said discrete data units are records.
  - 7. A method according to claim 1, further including the step of associating a data structure with at least one of said discrete data units containing information regarding the data unit for use if the data processing system is interrupted while updates are underway.
  - 8. A method according to claim 1, wherein said discrete data units are bytes.
  - 9. A method according to claim 1, wherein said discrete data units are sectors.
  - 10. A method according to claim 1, further including the step of storing said aggregate hash.
  - 11. A method according to claim 1, further including the step of storing said aggregate hash such that it can not be modified by anyone other than an authorized user.
  - 12. A method according to claim 1, wherein said function is an exclusive OR operation.
  - 13. A method according to claim 1, wherein said function is an addition operation.
  - 14. A method according to claim 1, wherein the obtaining step includes obtaining a substantially non-reversible hash value.
  - 15. A method according to claim 1, wherein the obtaining step includes obtaining a substantially cryptographically secure hash value.
  - 16. A method according to claim 15, wherein the cryptographically secure hash value is obtained using a message digest 5 (MD5) or a secure hash algorithm (SHA) hashing technique.
  - 17. The method in accordance with claim 1, wherein the collections of a plurality of discrete data units corresponds to a file in a database data unit, each discrete data unit being a one of plural records in the file having a record identifier and a record value with each record having one of said individual hash values and the file having the aggregate hash value, and wherein the existing aggregate hash is incrementally modified by inclusion or deletion of individual hash values.

18. A method for protecting a collection of individual data groups including a first data group and a second data group which are modified from time to time comprising the steps of:
- performing a predetermined hash operation using both the first data group and indicia in addition to the first data group which specifically identifies said first group;
  
  performing a predetermined hash operation on the second data group and indicia identifying said second group; and
  
  combining the hashes to determine an aggregate hash for said collection using a function wherein said hash of said first group or said hash of said second group may be subsequently extracted from the aggregate hash using the inverse of said function.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. A method according to claim 18, further comprising a step of performing an update operation by operating on said aggregate hash using the inverse of said function.
  - 20. A method according to claim 18, wherein said step of combining the hash uses indicia identifying said first data group and indicia identifying said second data group.
  - 21. A method according to claim 18, wherein said first data group and said second data group are records.
  - 22. A method according to claim 18, further including the step of associating a data structure with at least one of said first data group and said second data group, said data structure containing information regarding the respective group for use if the data processing system is interrupted.
  - 23. A method according to claim 18, further including the step of storing said hash such that it cannot be modified by anyone other than an authorized user.
  - 24. A method according to claim 18, wherein said function is an exclusive OR operation.
  - 25. A method according to claim 24, wherein said function is an addition operation.
  - 26. The method according to claim 18, wherein the predetermined hash operation is cryptographically secure.

27. A method for maintaining a validity indicator of an updatable data file including a plurality of data records and having an associated file hash comprising the steps of:
- accessing said file hash;
  
  updating one of said plurality of data records to generate an updated record; and
  
  computing an aggregate hash using the updated record by applying a function having both associative and commutative properties to the aggregate hash and the updated data record.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. A method according to claim 27, further including the step of associating a data structure with at least one of said plurality of data records containing information regarding said one of said plurality of record for use if the data processing system is interrupted while updating said one of said plurality of data records.
  - 29. A method according to claim 28, further including the step of providing said data structure with a field for identifying an updating operation to be performed on said one of said plurality of data records.
  - 30. A method according to claim 28, further including the step of providing said data structure with a field for identifying a revised version of an aggregate hash.
  - 31. A method according to claim 28, further including the step of encrypting at least part of said data structure.
  - 32. A method according to claim 27, further including the step of storing said aggregate hash.
  - 33. A method according to claim 27, further including the step of storing said aggregate hash such that it cannot be modified by anyone other than an authorized user.
  - 34. A method according to claim 27, wherein said function is an exclusive OR operation.
  - 35. A method according to claim 27, wherein said function is an addition operation.

36. A method of protecting a plurality of digital data records each data record including both information content and a record identifier comprising the steps of:
- combining the informational content of a data record with the record identifier of said data record to determine an aggregate data string;
  
  performing a hashing operation on said aggregate data string to determine a hash value; and
  
  applying a function having both associative and commutative properties to said hash value.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43)
- - 37. A method according to claim 36, further including the step of associating a data structure with at least one data record containing information regarding the data record for use if the data processing system is interrupted while an update for said data record is underway.
  - 38. A method according to claim 37, further including the step of providing said data structure with a field for identifying an updating operation to be performed on said data record.
  - 39. A method according to claim 37, further including the step of providing said data structure with a field of identifying a revised version of an aggregate hash for said plurality of data records.
  - 40. A method according to claim 37, further including the step of encrypting at least part of said data structure.
  - 41. A method according to claim 36, wherein said function is an exclusive OR operation.
  - 42. A method according to claim 36, wherein said function is an addition operation.
  - 43. A method according to claim 36, wherein the hashing operation produces a cryptographically secure hash value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Addison M. Fischer
Original Assignee
Addison M. Fischer
Inventors
Fischer, Addison M.
Primary Examiner(s)
Black, Thomas G.
Assistant Examiner(s)
HOMERE, JEAN RAYMOND

Application Number

US08/464,070
Time in Patent Office

911 Days
Field of Search

395/182.04, 395/421.06, 395/421.09, 395/421.1, 395/616, 395/186, 380/4
US Class Current

711/216
CPC Class Codes

G06F 21/565   by checking file integrity

G06F 21/64   Protecting data integrity, ...

H04L 2209/60   Digital content management,...

H04L 9/3236   using cryptographic hash fu...

Method for protecting a volatile file using a single hash

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Method for protecting a volatile file using a single hash

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links