Method for protecting a volatile file using a single hash
First Claim
1. A method for protecting a collection of a plurality of discrete data units which are modified from time to time by an associated data processing system comprising the steps of:
- obtaining an individual hash value for each of the discrete data units by performing a hash operation using at least the data value portion of the data unit which is to be protected; and
aggregating said individual hash values into an aggregate hash value for said collection using a function which permits the independent inclusion and deletion of each individual hash value from the aggregate hash value.
0 Assignments
0 Petitions
Accused Products
Abstract
The disclosed methodology permits an insecure computing system to safely perform high security electronic financial transactions. The present invention permits the hash of a file to be taken on an incremental basis. It permits any part of the file to be changed while allowing a new aggregate hash to be computed based on the revised file portion and the prior total hash. The aggregate hash is readily updatable with each record revision without having to recompute the hash of the entire file in accordance with conventional techniques. These objectives are accomplished using two functions. The first function is an effective one-way hash function "H" for which it is computationally impossible to find two data values that hash to the same result. The second function is a commutative and associative function "F" (and inverse "Finv") and provides a mechanism for combining the aggregate hash and the hash of updated records. Examples of these latter functions include exclusive OR ("XOR") and arithmetic addition. The hash of each file record and the hash of an identification of the record (i.e., a record number or key) are combined using a function ("F") whereby individual records may be extracted using the inverse of that function (Finv). In this fashion, an individual record may be extracted from the aggregate hash and updated. Each record is represented by its identification hashed together with its data content. All such record hashs are added together to provide a highly secure integrity check. This aggregate hash covers the entire database such that the tampering (or rearranging) of any data record is revealed by the use of the record identifier (i.e., record number) in the hash calculation due to its impact on the aggregate hash (e.g., the sum).
-
Citations
43 Claims
-
1. A method for protecting a collection of a plurality of discrete data units which are modified from time to time by an associated data processing system comprising the steps of:
-
obtaining an individual hash value for each of the discrete data units by performing a hash operation using at least the data value portion of the data unit which is to be protected; and aggregating said individual hash values into an aggregate hash value for said collection using a function which permits the independent inclusion and deletion of each individual hash value from the aggregate hash value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for protecting a collection of individual data groups including a first data group and a second data group which are modified from time to time comprising the steps of:
-
performing a predetermined hash operation using both the first data group and indicia in addition to the first data group which specifically identifies said first group; performing a predetermined hash operation on the second data group and indicia identifying said second group; and combining the hashes to determine an aggregate hash for said collection using a function wherein said hash of said first group or said hash of said second group may be subsequently extracted from the aggregate hash using the inverse of said function. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for maintaining a validity indicator of an updatable data file including a plurality of data records and having an associated file hash comprising the steps of:
-
accessing said file hash; updating one of said plurality of data records to generate an updated record; and computing an aggregate hash using the updated record by applying a function having both associative and commutative properties to the aggregate hash and the updated data record. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method of protecting a plurality of digital data records each data record including both information content and a record identifier comprising the steps of:
-
combining the informational content of a data record with the record identifier of said data record to determine an aggregate data string; performing a hashing operation on said aggregate data string to determine a hash value; and applying a function having both associative and commutative properties to said hash value. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43)
-
Specification