Implementing digital signatures for data streams and data archives

US 5,958,051 A
Filed: 01/09/1997
Issued: 09/28/1999
Est. Priority Date: 11/27/1996
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented method for verifying the authenticity of data, the method comprising:

a) receiving at least one data file and a signature file, wherein the data file and the signature file are separate, the data file including a first identifier, the signature file including a representation of the first identifier for the data file and a digital signature, the signature file being arranged to include representations of identifiers for additional data files; and

b) processing the signature file using a computer system to determine the authenticity of the signature file;

c) comparing the first identifier in the data file with the representation of the first identifier in the signature file using the computer system to determine the authenticity of the data file, wherein processing the signature file further includes processing the digital signature using the computer system to determine the authenticity of the signature file; and

d) marking the data file as signed when the first identifier in the data file and the representation of the first identifier in the signature file match.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses and products are provided for establishing and verifying the authenticity of data within one or more data files. In accordance with one aspect of the present invention, a method for verifying the authenticity of data involves providing at least one data file which includes an identifier and a signature file which includes the identifier for the data file as well as a digital signature. The digital signature is then verified using a computer system, and the identifier in the data file is compared with the identifier in the signature file using the computer system. In one embodiment, the identifier for the data file includes at least one certificate authority, site certificate, software publisher identifier, or a site name, and verifying the authenticity of data involves setting a security level for at least one of the certificate authority, the site certificate, the software publisher identifier, and the site name.

Citations

32 Claims

1. A computer-implemented method for verifying the authenticity of data, the method comprising:
- a) receiving at least one data file and a signature file, wherein the data file and the signature file are separate, the data file including a first identifier, the signature file including a representation of the first identifier for the data file and a digital signature, the signature file being arranged to include representations of identifiers for additional data files; and
  
  b) processing the signature file using a computer system to determine the authenticity of the signature file;
  
  c) comparing the first identifier in the data file with the representation of the first identifier in the signature file using the computer system to determine the authenticity of the data file, wherein processing the signature file further includes processing the digital signature using the computer system to determine the authenticity of the signature file; and
  
  d) marking the data file as signed when the first identifier in the data file and the representation of the first identifier in the signature file match.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method as recited in claim 1 wherein when the first identifier in the data file and the representation of the first identifier in the signature file do not match, the method further includes at least one selected from the group of ignoring the data file, aborting the loading of the data file, and alerting a user.
  - 3. A computer-implemented method for verifying the authenticity of data as recited in claim 1 further including:
    - comparing a second identifier in a second data file with a representation of the second identifier in the signature file using the computer system.
  - 4. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein processing the digital signature further includes verifying the digital signature with a signature algorithm, the signature algorithm being a keyed algorithm.
  - 5. A computer-implemented method for verifying the authenticity of data as recited in claim 4 wherein the signature algorithm is selected from a group consisting of a DSA algorithm, and a combined Message Digest and RSA algorithm.
  - 6. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein comparing the first identifier in the data file with the representation of the first identifier in the signature file further includes generating one or more of the identifiers with a one-way hash function algorithm.
  - 7. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein comparing the first identifier in the data file with the representation of the first identifier in the signature file further includes checking one or more of the identifiers with a cyclic redundancy checksum algorithm.
  - 8. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein the signature file includes additional data selected from the group consisting of a text, a name, an author, a version, a time-stamp, and a rating.
  - 9. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein the identifier is generated using one of a one-way hash function algorithm and a cyclic redundancy checksum algorithm.
  - 10. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein receiving the data file and the signature file further includes transferring the data file and the signature file among networked computers.
  - 11. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein the first identifier in the data file includes at least one of a certificate authority, a site certificate, a software publisher identifier, and a site name, the method further including setting a security level for at least one of said certificate authority, said site certificate, said software publisher identifier, and said site name.
  - 12. A computer-implemented method for verifying the authenticity of data as recited in claim 11 including downloading the data file to the computer system, and when the data file comprises an applet and when the digital signature is verified, the method includes branding the applet as verified and running the applet.
  - 13. A computer-implemented method for verifying the authenticity of data as recited in claim 12 wherein when the data file comprises an applet, and when the signature is not verified, the method includes determining whether an unsigned data file is acceptable for execution on the computer, and terminating the applet if an unsigned data file is not acceptable for execution on said computer.
  - 14. A computer-implemented method for verifying the authenticity of data as recited in claim 13 including branding the applet when the unsigned data file is determined acceptable for execution on said computer.
  - 15. A computer-implemented method for verifying the authenticity of data as recited in claim 14 including the running the applet and determining whether the applet performs an action that triggers a security check.
  - 16. A computer-implemented method for verifying the authenticity of data as recited in claim 15 wherein the security check includes comparing the brand with the security level and allowing the action when the security check is satisfied and disallowing the action if the security check is not satisfied.
  - 17. A computer-implemented method for verifying the authenticity of data as recited in claim 1, further including establishing a data communication connection with a remote site using the computer system, determining whether the site requires a secure connection, and determining whether a site certificate for the site is valid in response to a determination that a secure connection is required.
  - 18. A computer-implemented method for verifying the authenticity of data as recited in claim 17, further including determining whether the site certificate is trusted in response to a determination that the site certificate is valid.

19. An apparatus for verifying the authenticity of at least one data file and a signature file, the data file including an identifier, the signature file including a representation of the identifier for the data file and a digital signature, the apparatus comprising:
- a processor for processing the digital signature to determine the authenticity of the signature file; and
  
  a comparator for comparing the identifier in the data file with the representation of the identifier in the signature file using the computer system to determine the authenticity of the data file, wherein the processor is further arranged to process the digital signature using the computer system to determine the authenticity of the signature file, the comparator further including a marker for marking the data file as signed when the identifier in the data file and the representation of the identifier in the signature file match.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. An apparatus for verifying the authenticity of data as recited in claim 19 wherein the comparator for comparing the identifier in the data file with the representation of the identifier in the signature file using the computer system is further arranged to alert a user when the identifier in the data file and the representation in the signature file do not match.
  - 21. An apparatus for verifying the authenticity of data as recited in claim 19 wherein the comparator for comparing the identifier in the data file with the representation of the identifier in the signature file using the computer system is further arranged to compare each identifier for each data file with the representation of the identifier in the signature file.
  - 22. An apparatus for verifying the authenticity of data as recited in claim 19 wherein the processor for processing the digital signature is further arranged to verify the digital signature with a signature algorithm.
  - 23. An apparatus for verifying the authenticity of data as recited in claim 22 wherein the signature algorithm is selected from a group consisting of a DSA algorithm, and a combined Message Digest and RSA algorithm.
  - 24. An apparatus for verifying the authenticity of data as recited in claim 19 wherein the identifier in the data file includes at least one of a certificate authority, a site certificate, a software publisher identifier, and a site name, the apparatus further including:
    - a mechanism for setting a security level for at least one of the certificate authority, the site certificate, the software publisher identifier, and the site name.
  - 25. An apparatus for verifying the authenticity of data as recited in claim 19 further including a mechanism for establishing a data communication connection with a remote site using the computer system, wherein the mechanism for establishing the data communication connection is arranged to determine whether the site requires a secure connection, and to determine whether a site certificate for the site is valid in response to a determination that a secure connection is required.
  - 26. An apparatus for verifying the authenticity of data as recited in claim 25 wherein the mechanism for establishing the data communication system is further arranged to determine whether the site certificate is trusted in response to a determination that the site certificate is valid.

27. A computer program product for verifying the authenticity of data, the computer program product comprising:
- computer code that receives at least one data file and a signature file, the data file including an identifier, the signature file including a representation of the identifier for the data file and a digital signature;
  
  computer code that process the signature file using a computer system to determine the authenticity of the signature file, wherein the computer code that processes the signature file further includes computer code that processes the digital signature using the computer system to determine the authenticity of the signature file;
  
  computer code that compares the identifier in the data file with the representation of the identifier in the signature file using the computer system to determine the authenticity of the data file, wherein the computer code that compares the identifier in the data file with the representation of the identifier in the signature file using the computer system further includes computer code that marks the data file as signed when the identifier in the data file and the representation of the identifier in the signature file match; and
  
  a computer-readable medium that stores the computer codes.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. A computer program product as recited in claim 27 wherein the identifier in the data file includes at least one of a certificate authority, a site certificate, a software publisher identifier, and a site name, the computer program product further including computer code that sets a security level for at least one of said certificate authority, said site certificate, said software publisher identifier, and said site name.
  - 29. A computer program product as recited in claim 28 further including computer code for downloading the data file to the computer system, the computer program product further including computer code that brands the applet as verified and computer code that runs the applet when the data file includes an applet and when the digital signature is verified.
  - 30. A computer program product as recited in claim 29 further including computer code for determining whether an unsigned data file is acceptable for execution on the computer, and terminating the applet if an unsigned data file is not acceptable for execution on said computer when the data file comprises an applet, and when the signature is not verified.
  - 31. A computer program product as recited in claim 27 further including computer code for establishing a data communication connection with a remote site using the computer system, computer code for determining whether the site requires a secure connection, and computer code for determining whether a site certificate for the site is valid in response to a determination that a secure connection is required.
  - 32. A computer program product as recited in claim 31 further including computer code for determining whether the site certificate is trusted in response to a determination that the site certificate is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Pampuch, John C., Renaud, Benjamin J., Hodges Wilsher, Avril E.
Primary Examiner(s)
Beusoliel, Jr., Robert W.
Assistant Examiner(s)
Elmore, Stephen C.

Application Number

US08/780,817
Time in Patent Office

992 Days
Field of Search

395/186, 364/222.5, 364/286.4, 364/286.5, 326/8, 380/4, 380/23, 380/24, 340/825.34
US Class Current

726/22
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/554   involving event detection a...

G06F 21/604   Tools and structures for ma...

G06F 21/64   Protecting data integrity, ...

Implementing digital signatures for data streams and data archives

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Implementing digital signatures for data streams and data archives

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links