Generation of cryptographic signatures using hash keys

US 5,754,659 A
Filed: 12/22/1995
Issued: 05/19/1998
Est. Priority Date: 12/22/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method for generating a digital signature that authenticates information of a plurality of different information groups, comprising the steps of:

hashing information from each of said groups to produce a separate hash key for each group, each hash key authenticating the information in its respective group;

hashing combinations of said hash keys together to produce at least one combined hash key; and

deriving said digital signature from said at least one combined hash key;

wherein said digital signature is independently reproducible from (i) a hash key derived from the authenticated information of one of said groups and (ii) a set of hash keys and combined hash key(s) already produced by said hashing steps for other of said groups, without requiring the authenticated information from all of said groups.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided for generating a digital signature that authenticates information of a plurality of different information groups. Information from each group is hashed to produce a separate hash key for each group authenticating the information in that group. Particular combinations of the hash keys are hashed together to produce at least one combined hash key. Each of the hash keys is ultimately combined in a predetermined order with all other hash keys via the combined hash keys to produce the digital signature in a manner that authenticates the information of all of the information groups. The digital signature is reproducible without access to all of the information groups authenticated thereby. Instead, information from a first information group is provided together with a set of hash keys and combined hash keys embodying authenticated information from the other groups. The hash key for the first information group is produced locally and combined with the other hash keys and/or combined hash keys in order to reproduce the digital signature.

84 Citations

View as Search Results

25 Claims

1. A method for generating a digital signature that authenticates information of a plurality of different information groups, comprising the steps of:
- hashing information from each of said groups to produce a separate hash key for each group, each hash key authenticating the information in its respective group;
  
  hashing combinations of said hash keys together to produce at least one combined hash key; and
  
  deriving said digital signature from said at least one combined hash key;
  
  wherein said digital signature is independently reproducible from (i) a hash key derived from the authenticated information of one of said groups and (ii) a set of hash keys and combined hash key(s) already produced by said hashing steps for other of said groups, without requiring the authenticated information from all of said groups.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. A method in accordance with claim 1 wherein said hashing step comprises a bi-directional cryptographic process.
  - 3. A method in accordance with claim 1 wherein said hashing step comprises a trapdoor one way function.
  - 4. A method in accordance with claim 1 wherein said digital signature is produced by hashing at least two combined hash keys together.
  - 5. A method in accordance with claim 1 wherein said digital signature is produced by hashing at least one combined hash key with at least one hash key.
  - 6. A method in accordance with claim 5 wherein a plurality of hash keys and combined hash keys are hashed together in a predetermined order to produce said digital signature.
  - 7. A method in accordance with claim 1 wherein each of said hash keys is ultimately combined in a predetermined order with all other hash keys via said combined hash keys, thereby producing said digital signature in a manner that authenticates the information of said information groups.
  - 8. A method in accordance with claim 7 wherein said digital signature is used as a cryptographic key in controlling access to a service communicated to a receiver.
  - 9. A method in accordance with claim 1 wherein said hash keys are produced by authenticating information of different information groups.
  - 10. A method in accordance with claim 9 wherein said digital signature is used to determine whether or not information in any of the different information groups has changed.
  - 11. A method for recovering the digital signature of claim 7 for use in accessing a service at a receiver, comprising the steps of:
    - hashing a first information group at said receiver to obtain the hash key for that group;
      
      communicating to said receiver all other hash keys and combined hash keys used in producing said digital signature which are required by said receiver to recover said digital signature; and
      
      hashing the hash keys and combined hash keys communicated to the receiver as well as the hash key obtained for the first information group, all in accordance with said predetermined order, to reproduce said digital signature.
  - 12. A method in accordance with claim 11 comprising the further step of encrypting said hash keys and combined hash keys prior to communicating them to said receiver.
  - 13. A method in accordance with claim 12 wherein said hash keys and combined hash keys communicated to said receiver are encrypted under at least one of a hash key and combined hash key derivable at said receiver.
  - 14. A method for reproducing the digital signature of claim 7 without access to all of the information groups authenticated thereby, comprising the steps of:
    - obtaining the authenticated information from at least one desired information group authenticated by said digital signature;
      
      hashing the obtained information to reproduce the hash key for said desired information group;
      
      receiving a collection of hash keys and combined hash keys which are necessary to reproduce said digital signature in lieu of the actual information from which the hash keys and combined hash keys in said collection were produced; and
      
      hashing the reproduced hash key for said desired information group with said collection of hash keys and combined hash keys in accordance with said predetermined order to reproduce said digital signature.
  - 15. A method in accordance with claim 14 wherein:
    - said predetermined order comprises a tree structure having branches into which hash keys and combined hash keys are input for hashing and having a root from which said digital signature is output; and
      
      said information groups are prioritized in said tree structure by assigning the hash keys of those that are to be recovered with the least computation to branches nearest said root and assigning the hash keys of those that justify progressively more computation for recovery to branches that are progressively further from said root.
  - 16. A method in accordance with claim 15 wherein:
    - said information groups provide information for controlling access to services provided on a communication network; and
      
      the hash keys of information groups to be processed at an end user location in order to receive a service are assigned to branches close to said root, whereas the hash keys of information groups to be processed upstream of said end user location are assigned to branches further away from said root.
  - 17. A method in accordance with claim 15 wherein the hash keys of information groups that are likely to be modified more frequently are allocated to lower branches of said tree structure than the hash keys of information groups that are likely to be modified less frequently, said lower branches being closer to said root than higher branches of said tree structure.
  - 18. A method in accordance with claim 1 wherein each of said hash keys is ultimately combined in a predetermined order established by a network structure with all other hash keys via said combined hash keys, thereby producing said digital signature in a manner that authenticates the information of all of said information groups.
  - 19. A method in accordance with claim 18 wherein said network structure comprises a binary tree.

20. Receiver apparatus for recovering a digital signature that authenticates information from a plurality of information groups, without requiring the authenticated information from all of said information groups, said apparatus comprising:
- means for receiving the information from at least one of said information groups;
  
  means for hashing the received information to internally generate at least one first hash key;
  
  means for receiving at least one externally produced additional hash key used to authenticate information from at least one of said information groups that is not received by said apparatus; and
  
  means for cryptographically combining said at least one first hash key with said at least one additional hash key according to a sequence from which said digital signature was produced;
  
  said combining means producing said digital resignature.
- View Dependent Claims (21, 22, 23, 24)
- - 21. Apparatus in accordance with claim 20 wherein said digital signature is a cryptographic key used to encrypt a service communicated to said receiver apparatus.
  - 22. Apparatus in accordance with claim 20 wherein said at least one externally produced additional hash key is received encrypted, said apparatus further comprising means for decrypting said additional hash key prior to combining it with said at least one first hash key.
  - 23. Apparatus in accordance with claim 20 wherein said combining means comprise hash functions for combining said first and additional hash keys.
  - 24. Apparatus in accordance with claim 21 wherein said receiver apparatus comprises a decoder for pay television signals.

25. Receiver apparatus for recovering a previously produced digital signature from a plurality of hash keys, said apparatus comprising:
- means for internally generating at least one first hash key from authenticated information intended to be received by said receiver;
  
  means for receiving at least one externally produced additional hash key derived from other authenticated information not intended to be received by said receiver; and
  
  means for cryptographically combining said at least one first hash key with said at least one additional hash key according to a sequence from which said digital signature was previously produced;
  
  said combining means recovering said digital signature without requiring reception of said other authenticated information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Candelore, Brant, Sprunk, Eric, Moroney, Paul
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/577,922
Time in Patent Office

879 Days
Field of Search

380/25, 380/30
US Class Current

380/30
CPC Class Codes

H04L 2209/12   Details relating to cryptog...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

Generation of cryptographic signatures using hash keys

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Generation of cryptographic signatures using hash keys

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links