Computationally efficient method for trusted and dynamic digital objects dissemination
First Claim
1. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
- a) registering the information provider with said trusted third party prior to distribution of any digital objects;
b) grouping digital objects into distribution packages by the information provider;
c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a field for verifying integrity of contents of said body, said body including information provider identification fields for providing information to uniquely identify the information provider, package identifying field for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said information fields including a digest of each of said digital objects, said digest being computed as an output of a predetermined secure one-way hash function with said object as its input;
d) verifying said certificate request by the trusted third party using predetermined criteria;
e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate including a certificate body and a field for verifying integrity of contents of said body, said body including a trusted third party'"'"'s identification field for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body;
f) rejecting the certificate request if the predetermined criteria of step d) are not met;
g) verifying said certificate from step e) by the information provider using predetermined criteria;
h) storing said certificate if said predetermined criteria in step g) are met;
i) rejecting said certificate if said predetermined criteria in step g) are not met;
j) accessing said certificate from step h) by an end user before accessing any of said digital objects;
k) verifying said certificate by the end user using predetermined criteria;
l) rejecting said certificate if said predetermined criteria in step k) are not met;
m) accessing a digital object from the distribution package if the predetermined criteria in step k) are met;
n) computing a digest as an output of said predetermined secure one-way hash function with said accessed digital object from step m) as input;
o) comparing said digest from step n) with the digest of the digital object from the object information fields in the certificate;
p) rejecting said digital object if the compared digests in step o) are not identical; and
q) accepting said digital object if the compared digests in step o) are identical;
whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects, and said end user can verify trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at user'"'"'s discretion.
2 Assignments
0 Petitions
Accused Products
Abstract
A computationally efficient method for trusted and dynamic dissemination of digital objects. Related digital objects of various types are grouped, based on their usage and functionality, by an information provider into distribution packages. Trustworthiness of objects contained in a distribution package are certified by a trusted certification authority in the form of a certificate which consists of a body and the certification authority'"'"'s signature on the body based on a public-key digital signature scheme. The body further consists of the name of the information provider; name of the distribution package; and type, safety checking flag, and digest of each and every object. It is used by end users to verify the trust criteria of any individual or any subset of objects specified by the package. To verify whether a received object meets trust criteria certified by the certificate, the end user computes the digest of the object, compares it with the corresponding digest in the certificate, and examines the type and safety checking flag of the object contained in the certificate. The end user car dynamically download additional objects, check their trustworthiness without having to verify the certificate multiple times.
-
Citations
19 Claims
-
1. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
-
a) registering the information provider with said trusted third party prior to distribution of any digital objects; b) grouping digital objects into distribution packages by the information provider; c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a field for verifying integrity of contents of said body, said body including information provider identification fields for providing information to uniquely identify the information provider, package identifying field for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said information fields including a digest of each of said digital objects, said digest being computed as an output of a predetermined secure one-way hash function with said object as its input; d) verifying said certificate request by the trusted third party using predetermined criteria; e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate including a certificate body and a field for verifying integrity of contents of said body, said body including a trusted third party'"'"'s identification field for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body; f) rejecting the certificate request if the predetermined criteria of step d) are not met; g) verifying said certificate from step e) by the information provider using predetermined criteria; h) storing said certificate if said predetermined criteria in step g) are met; i) rejecting said certificate if said predetermined criteria in step g) are not met; j) accessing said certificate from step h) by an end user before accessing any of said digital objects; k) verifying said certificate by the end user using predetermined criteria; l) rejecting said certificate if said predetermined criteria in step k) are not met; m) accessing a digital object from the distribution package if the predetermined criteria in step k) are met; n) computing a digest as an output of said predetermined secure one-way hash function with said accessed digital object from step m) as input; o) comparing said digest from step n) with the digest of the digital object from the object information fields in the certificate; p) rejecting said digital object if the compared digests in step o) are not identical; and q) accepting said digital object if the compared digests in step o) are identical; whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects, and said end user can verify trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at user'"'"'s discretion. - View Dependent Claims (2, 3, 4)
-
-
5. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a computationally efficient method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
-
a) registering the information provider with said trusted third party prior to distribution of any digital objects using a public key digital signature scheme, said scheme including an information provider'"'"'s public key and private key, said public key being made known to the trusted third party in an authenticated manner and said private key being secretly known only to said information provider, said private key being used by the information provider to generate a digital signature, said public key being used to verify said digital signature by the trusted third party; b) grouping digital objects into distribution packages by the information provider; c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a digital signature on said certificate request body under said information provider'"'"'s private key based on the public key digital signature scheme, said certificate request body including said information provider'"'"'s identification fields for uniquely identifying the information provider, package identification fields for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said object information fields including a digest of each of said digital objects, said digest being computed as the output of a predetermined secure one-way hash function with said object as its input; d) verifying said certificate request by the trusted third party using predetermined criteria; e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate comprising a certificate body and a digital signature on the said certificate body under the trusted third party'"'"'s private key based on a predetermined public key digital signature scheme, said certificate body including the trusted third party'"'"'s identification fields for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body; f) rejecting the certificate request if the predetermined criteria of step d) are not met; g) verifying said certificate from step e) by the information provider using predetermined criteria; h) storing said certificate if said predetermined criteria in step g) are met; i) rejecting said certificate if said predetermined criteria in step g) are not met; j) accessing said certificate from step h) by an end user before accessing any of said digital objects; k) verifying said certificate by the end user using predetermined criteria; l) rejecting said certificate if said predetermined criteria in step k) are not met; m) accessing a digital object from the distribution package if the predetermined criteria in step k) are met; n) computing a digest as output of said predetermined secure one-way hash function with said accessed digital object from step m) as input; o) comparing said digest from step n) with the digest of the digital object from the object information fields in the certificate; p) rejecting said digital object if the two digests in step o) are not identical; and q) accepting said digital object if the two digests in step o) are identical; whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects, and said end user can verify the trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at user'"'"'s discretion. - View Dependent Claims (6, 7, 8)
-
-
9. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a computationally efficient method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
-
a) registering the information provider with said trusted third party prior to distribution of any digital objects using a public key digital signature scheme, said scheme including an information provider'"'"'s public key and private key, said public key being made known to the trusted third party in an authenticated manner and said private key being secretly known only to said information provider, said private key being used by the information provider to generate a digital signature, said public key being used to verify said digital signature by the trusted third party; b) grouping digital objects into distribution packages by the information provider; c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a digital signature on the said certificate request body under said information provider'"'"'s private key based on the public key digital signature scheme, said certificate request body including said information provider'"'"'s identification fields for uniquely identifying the information provider, package identification fields for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said object information fields including a digest of each of said digital objects, said digest being computed as the output of a predetermined secure one-way hash function with said object as its input; d) verifying said certificate request by the trusted third party by verifying that the identity of information provider contained in said certificate-request corresponds to a registered information provider, that said information provider'"'"'s public key is still valid, and verifying said information provider'"'"'s signature contained in said certificate request using the information provider'"'"'s public key; e) providing a certificate to the information provider by the trusted third party if the verifying step d) is passed, said certificate comprising a certificate body and a digital signature on the said certificate body under the trusted third party'"'"'s private key based on a predetermined public key digital signature scheme, said certificate body including the trusted third party'"'"'s identification fields for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body; f) rejecting the certificate request if the verifying step d) is not passed; g) verifying said certificate from step e) by the information provider by verifying the identities of the information provider and the trusted third party contained in said certificate, verifying that the validity period has not elapsed, and verifying said trusted third party'"'"'s signature contained in said certificate using said trusted third party'"'"'s public key; h) storing said certificate if the verifying step g) is passed; i) rejecting said certificate if the verifying step g) is not passed; j) accessing said certificate from step h) by an end user before accessing any of said digital objects; k) verifying said certificate by the end user by verifying the identities of the information provider and the trusted third party contained in said certificate, verifying that the validity period has not elapsed, and verifying said trusted third party'"'"'s signature contained in said certificate using said trusted third party'"'"'s public key; l) rejecting said certificate if the verifying step k) is not passed; m) accessing a digital object from the distribution package if the verifying step k) is passed; n) computing a digest as output of said predetermined secure one-way hash function with said accessed digital object from step m) as input; o) comparing said digest from step n) with the digest of the digital object from the object information fields in the certificate; p) rejecting said digital object if the two digests in step o) are not identical; and q) accepting said digital object if the two digests in step o) are identical; whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects, and said end user can verify the trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at user'"'"'s discretion.
-
-
10. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a computationally efficient method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
-
a) registering the information provider with said trusted third party prior to distribution of any digital objects using a public key digital signature scheme, said scheme including an information provider'"'"'s public key and private key, said public key being made known to the trusted third party in an authenticated manner and said private key being secretly known only to said information provider, said private key being used by the information provider to generate digital signature, said public key being used to verify said digital signature by the trusted third party; b) grouping digital objects into distribution packages by the information provider; c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body, an optional need-safety-checking objects field, and a digital signature on the certificate request body and the said need-safety-checking objects field under said information provider'"'"'s private key based on the public key digital signature scheme, said certificate request body including said information provider'"'"'s identification fields for uniquely identifying the information provider, package identification fields for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said object information fields including a digest, an object type indicator, and a safety-checking flag for each of said digital objects, said digest being computed as an output of a predetermined secure one-way hash function with said object as its input, said safety-checking flag taking two possible values corresponding to ON and OFF, said need-safety-checking objects field containing objects whose safety needs to be checked by the trusted third party; d) verifying said certificate request by the trusted third party using predetermined criteria; e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate comprising a certificate body and a digital signature on the said certificate body under the trusted third party'"'"'s private key based the predetermined public key digital signature scheme, said certificate body including the trusted third party'"'"'s identification fields for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body; f) rejecting the certificate request if the predetermined criteria of step d) are not met; g) verifying said certificate from step e) by the information provider using predetermined criteria; h) storing said certificate if said predetermined criteria in step g) are met; i) rejecting said certificate if said predetermined criteria in step g) are not met; i) accessing said certificate from step h) by an end user before accessing any of said digital objects; k) verifying said certificate by the end user using predetermined criteria; l) rejecting said certificate if said predetermined criteria in step k) are not met; m) accessing a digital object from the distribution package if the predetermined criteria in step k) are met; n) computing a digest as output of said predetermined secure one-way hash function with said accessed digital object from step m) as input; o) comparing said digest from step n) with the digest of the digital object from the object information fields contained in the certificate and checking if values of the object type indicator and safety-checking flag of said object are as required; p) rejecting said digital object if the two digests in step o) are not identical or if the values of the object type indicator and safety-checking flag of said object are not as required; and q) accepting said digital object if the two digests in step o) are identical and if the values of the object type indicator and safety-checking flag of said object are as required; whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects, and said end user can verify the trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at user'"'"'s discretion. - View Dependent Claims (11, 12, 13)
-
-
14. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a computationally efficient method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
-
a) registering the information provider with said trusted third party prior to distribution of any digital objects; b) grouping digital objects into distribution packages by the information provider; c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a field for verifying integrity of contents of said body, said body including information provider identification fields for providing information to uniquely identify the information provider, package identifying field for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said information fields including a digest of each of said digital objects, said digest being computed as an output of a predetermined secure one-way hash function with said object as its input; d) verifying said certificate request by the trusted third party using predetermined criteria; e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate including a certificate body and a field for verifying integrity of contents of said body, said certificate body including a trusted third party'"'"'s identification field for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body; f) rejecting the certificate request if the predetermined criteria of step d) are not met; g) verifying said certificate from step e) by the information provider using predetermined criteria; h) storing said certificate if said predetermined criteria in step g) are met; and i) rejecting said certificate if said predetermined criteria in step g) are not met; whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects.
-
-
15. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a computationally efficient method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
-
a) registering the information provider with said trusted third party prior to distribution of any digital objects using a public key digital signature scheme, said scheme including an information provider'"'"'s public key and private key, said public key being made known to the trusted third party in an authenticated manner and said private key being secretly known only to said information provider, said private key being used by the information provider to generate a digital signature, said public key being used to verify said digital signature by the trusted third party; b) grouping digital objects into distribution packages by the information provider; c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a digital signature on the said certificate request body under said information provider'"'"'s private key based on the public key digital signature scheme, said certificate request body including said information provider'"'"'s identification fields for uniquely identifying the information provider, package identification fields for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said object information fields including a digest of each of said digital objects, said digest being computed as the output of a predetermined secure one-way hash function with said object as its input; d) verifying said certificate request by the trusted third party using predetermined criteria; e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate comprising a certificate body and a digital signature on the said certificate body under the trusted third party'"'"'s private key based on a predetermined public key digital signature scheme, said certificate body including the trusted third party'"'"'s identification fields for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body; f) rejecting the certificate request if the predetermined criteria of step d) are not met; g) verifying said certificate from step e) by the information provider using predetermined criteria; h) storing said certificate if said predetermined criteria in step g) are met; i) rejecting said certificate if said predetermined criteria in step g) are not met; whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects. - View Dependent Claims (16, 17)
-
-
18. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, where the information provider groups digital objects into distribution packages, and obtains a single certificate from the trusted third party for each of the distribution packages, said certificate containing information provider identification fields, package identifying field, object information fields including a digest of each of said digital objects, identity of a trusted third party, a time stamp indicating issue date, said trusted third party'"'"'s digital signature on all of said fields, a computationally efficient method for providing trusted and dynamic access of digital objects by the end user comprising the steps of:
-
a) accessing said certificate from the information provider before accessing any of said digital objects; b) verifying said certificate by the end user using predetermined criteria; c) rejecting said certificate if said predetermined criteria in step b) are not met; d) accessing a digital object from the distribution package if the predetermined criteria in step b) are met; e) computing a digest as output of said predetermined secure one-way function with said accessed digital object from step d) as input; f) comparing said digest from step e) with the digest of the digital object from the object information fields in the certificate; g) rejecting said digital object if the compared digests in step f) are not identical; and h) accepting said digital object if the compared digests in step f) are identical; whereby said end user can verify trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at the user'"'"'s discretion. - View Dependent Claims (19)
-
Specification