Digital signatures for data streams and data archives

US 6,021,491 A
Filed: 11/27/1996
Issued: 02/01/2000
Est. Priority Date: 11/27/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for creating a secure data file suitable for transferring over a computer network, the method comprising:

providing at least one data file having an identifier using a computer system; and

creating a signature file having the identifier for the at least one data file and a digital signature using the computer system, the signature file being separate from the at least one data file, wherein the signature file is arranged to substantially vouch for the authenticity of the at least one data file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses and products are provided for verifying the authenticity of data within one or more data files. Each data file is provided with an identifier, such as a one-way hash function or cyclic redundancy checksum. A signature file, that includes the identifiers for one or more data files, is provided with a digital signature created with a signature algorithm. The data file(s) and signature file are then transferred, or otherwise provided to a user. The user verifies the digital signature in the signature file using a signature verifying algorithm. Once verified as being authentic, the signature file can be used to verify each of the data files. Verification of the data files can be accomplished by comparing the identifier for each data file with the corresponding identifier in the signature file. If the identifiers in the data and signature files match, then the data file can be marked as authentic. If the identifiers do not match then the data file can be rejected or otherwise dealt with accordingly.

Citations

13 Claims

1. A method for creating a secure data file suitable for transferring over a computer network, the method comprising:
- providing at least one data file having an identifier using a computer system; and
  
  creating a signature file having the identifier for the at least one data file and a digital signature using the computer system, the signature file being separate from the at least one data file, wherein the signature file is arranged to substantially vouch for the authenticity of the at least one data file.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method as recited in claim 1 further including:
    - running a signature algorithm on the signature file; and
      
      determining when running the signature algorithm on the signature file verifies the authenticity of the signature file, wherein when it is determined that the signature file is authentic, the at least one data file is determined to be authentic.
  - 3. A method as recited in claim 1 further including:
    - providing a second data file having an identifier using the computer system;
      
      adding the identifier for the second data file to the signature file, wherein the signature file is arranged to vouch for the authenticity of the at least one data file and the second data file;
      
      running a signature algorithm on the signature file; and
      
      determining when running the signature algorithm on the signature file verifies the authenticity of the signature file, wherein when it is determined that the signature file is authentic, the at least one data file and the second data file are determined to be authentic.
  - 4. A method as recited in claim 3 further including:
    - comparing the identifier for the at least one data file with the identifier for the at least one data file in the signature file when it is determined that the signature file is authentic, wherein when the identifier for the at least one data file and the identifier for the at least one data file in the signature file match, the at least one data file is determined to be authentic; and
      
      comparing the identifier for the second data file with the identifier for the second data file in the signature file when it is determined that the signature file is authentic, wherein when the identifier for the second data file and the identifier for the at second data file in the signature file match, the second data file is determined to be authentic.
  - 5. A method as recited in claim 2 wherein when it is determined that the signature file is authentic, substantially only the at least one data file is transferred over the network.
  - 6. A method as recited in claim 5 wherein when it is determined that the signature file is authentic, the signature file and the at least one data file are separately transferred over the network.

7. A method for verifying the authenticity of a first digital data file and a digital signature file, the digital signature file being separate from the first digital data file, the first digital data file including an identifier, the digital signature file including the identifier for the first data file and a digital signature, the method including:
- verifying the digital signature using a computer system to determine the authenticity of the digital signature file;
  
  determining when the digital signature is verified; and
  
  comparing the identifier in the first digital data file with the identifier for the first digital data file in the digital signature file using the computer system to identify the first digital data file as authentic when it is determined that the digital signature is verified.
- View Dependent Claims (8, 9)
- - 8. A method as recited in claim 7 further including a second digital file having an identifier, the second digital file being separate from the first digital file and the digital signature file, the digital signature file including the identifier for the second digital file.
  - 9. A method as recited in claim 8 further including:
    - comparing the identifier in the second digital data file with the identifier for the second digital data file in the digital signature file using the computer system to identify the second digital file as authentic when it is determined that the digital signature is verified.

10. A method for verifying the authenticity of a plurality of data files suitable for transfer over a networked computing system, each of the plurality of data files including a data file identifier, the method comprising:
- creating a single signature file, the signature file including a digital signature, the signature file further including a version of the data file identifier for each of the plurality of data files, the single signature file being separate from each of the plurality of data files; and
  
  verifying the authenticity of the digital signature included in the signature file, wherein when the digital signature included in the signature file is verified as being authentic, each of the plurality of data files is considered to be authentic.
- View Dependent Claims (11, 12, 13)
- - 11. A method as recited in claim 10 further including:
    - transferring the plurality of data files over the networked computing system when the digital signature included in the signature file is verified as being authentic.
  - 12. A method as recited in claim 10 wherein verifying the authenticity of the digital signature included in the signature file includes running a signature algorithm on the digital signature, and wherein each of the plurality of data files is considered to be authentic when the authenticity of the digital signature is verified without running a verification algorithm on each of the plurality of data files.
  - 13. A method as recited in claim 10 further including:
    - comparing the version of the data file identifier for each of the plurality of data files with the corresponding data file identifier for each of the plurality of data files when the digital signature included in the signature file is verified as being authentic, wherein when the version of the data file identifier for a particular data file selected from the plurality of data files substantially matches the data file identifier for the particular data file selected from the plurality of data files, the particular data file selected from the plurality of data files is considered to be authentic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Renaud, Benjamin J.
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
Jack, Todd

Application Number

US08/753,716
Time in Patent Office

1,161 Days
Field of Search

380/4, 380/25
US Class Current

713/179
CPC Class Codes

G06F 21/64 Protecting data integrity, ...

G06F 2221/2115 Third party

Digital signatures for data streams and data archives

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Digital signatures for data streams and data archives

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links