Computationally efficient method for trusted and dynamic digital objects dissemination

US 6,058,383 A
Filed: 02/14/1998
Issued: 05/02/2000
Est. Priority Date: 06/27/1996
Status: Expired due to Fees

First Claim

Patent Images

1. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a method for providing trusted and dynamic dissemination of digital objects comprising the steps of:

a) registering the information provider with said trusted third party prior to distribution of any digital objects;

b) grouping digital objects into distribution packages by the information provider;

c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a field for verifying integrity of contents of said body, said body including information provider identification fields for providing information to uniquely identify the information provider, package identifying field for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said information fields including a digest of each of said digital objects, said digest being computed as an output of a predetermined secure one-way hash function with said object as its input;

d) verifying said certificate request by the trusted third party using predetermined criteria;

e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate including a certificate body and a field for verifying integrity of contents of said body, said body including a trusted third party'"'"'s identification field for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body;

f) rejecting the certificate request if the predetermined criteria of step d) are not met;

g) verifying said certificate from step e) by the information provider using predetermined criteria;

h) storing said certificate if said predetermined criteria in step g) are met;

i) rejecting said certificate if said predetermined criteria in step g) are not met;

j) accessing said certificate from step h) by an end user before accessing any of said digital objects;

k) verifying said certificate by the end user using predetermined criteria;

l) rejecting said certificate if said predetermined criteria in step k) are not met;

m) accessing a digital object from the distribution package if the predetermined criteria in step k) are met;

n) computing a digest as an output of said predetermined secure one-way hash function with said accessed digital object from step m) as input;

o) comparing said digest from step n) with the digest of the digital object from the object information fields in the certificate;

p) rejecting said digital object if the compared digests in step o) are not identical; and

q) accepting said digital object if the compared digests in step o) are identical;

whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects, and said end user can verify trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at user'"'"'s discretion.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computationally efficient method for trusted and dynamic dissemination of digital objects. Related digital objects of various types are grouped, based on their usage and functionality, by an information provider into distribution packages. Trustworthiness of objects contained in a distribution package are certified by a trusted certification authority in the form of a certificate which consists of a body and the certification authority'"'"'s signature on the body based on a public-key digital signature scheme. The body further consists of the name of the information provider; name of the distribution package; and type, safety checking flag, and digest of each and every object. It is used by end users to verify the trust criteria of any individual or any subset of objects specified by the package. To verify whether a received object meets trust criteria certified by the certificate, the end user computes the digest of the object, compares it with the corresponding digest in the certificate, and examines the type and safety checking flag of the object contained in the certificate. The end user car dynamically download additional objects, check their trustworthiness without having to verify the certificate multiple times.

Citations

19 Claims

1. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
- a) registering the information provider with said trusted third party prior to distribution of any digital objects;
  
  b) grouping digital objects into distribution packages by the information provider;
  
  c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a field for verifying integrity of contents of said body, said body including information provider identification fields for providing information to uniquely identify the information provider, package identifying field for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said information fields including a digest of each of said digital objects, said digest being computed as an output of a predetermined secure one-way hash function with said object as its input;
  
  d) verifying said certificate request by the trusted third party using predetermined criteria;
  
  e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate including a certificate body and a field for verifying integrity of contents of said body, said body including a trusted third party'"'"'s identification field for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body;
  
  f) rejecting the certificate request if the predetermined criteria of step d) are not met;
  
  g) verifying said certificate from step e) by the information provider using predetermined criteria;
  
  h) storing said certificate if said predetermined criteria in step g) are met;
  
  i) rejecting said certificate if said predetermined criteria in step g) are not met;
  
  j) accessing said certificate from step h) by an end user before accessing any of said digital objects;
  
  k) verifying said certificate by the end user using predetermined criteria;
  
  l) rejecting said certificate if said predetermined criteria in step k) are not met;
  
  m) accessing a digital object from the distribution package if the predetermined criteria in step k) are met;
  
  n) computing a digest as an output of said predetermined secure one-way hash function with said accessed digital object from step m) as input;
  
  o) comparing said digest from step n) with the digest of the digital object from the object information fields in the certificate;
  
  p) rejecting said digital object if the compared digests in step o) are not identical; and
  
  q) accepting said digital object if the compared digests in step o) are identical;
  
  whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects, and said end user can verify trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at user'"'"'s discretion.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claims 1 wherein said distribution packages are grouped based on their usage and functionality.
  - 3. The method as recited in claim 1 wherein said certificate request further includes a field for validity period of the requested certificate to be issued by a trusted third party.
  - 4. The method as recited in claim 1 wherein said information provider identification fields include the name of the information provider and the network address of the information provider.

5. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a computationally efficient method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
- a) registering the information provider with said trusted third party prior to distribution of any digital objects using a public key digital signature scheme, said scheme including an information provider'"'"'s public key and private key, said public key being made known to the trusted third party in an authenticated manner and said private key being secretly known only to said information provider, said private key being used by the information provider to generate a digital signature, said public key being used to verify said digital signature by the trusted third party;
  
  b) grouping digital objects into distribution packages by the information provider;
  
  c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a digital signature on said certificate request body under said information provider'"'"'s private key based on the public key digital signature scheme, said certificate request body including said information provider'"'"'s identification fields for uniquely identifying the information provider, package identification fields for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said object information fields including a digest of each of said digital objects, said digest being computed as the output of a predetermined secure one-way hash function with said object as its input;
  
  d) verifying said certificate request by the trusted third party using predetermined criteria;
  
  e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate comprising a certificate body and a digital signature on the said certificate body under the trusted third party'"'"'s private key based on a predetermined public key digital signature scheme, said certificate body including the trusted third party'"'"'s identification fields for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body;
  
  f) rejecting the certificate request if the predetermined criteria of step d) are not met;
  
  g) verifying said certificate from step e) by the information provider using predetermined criteria;
  
  h) storing said certificate if said predetermined criteria in step g) are met;
  
  i) rejecting said certificate if said predetermined criteria in step g) are not met;
  
  j) accessing said certificate from step h) by an end user before accessing any of said digital objects;
  
  k) verifying said certificate by the end user using predetermined criteria;
  
  l) rejecting said certificate if said predetermined criteria in step k) are not met;
  
  m) accessing a digital object from the distribution package if the predetermined criteria in step k) are met;
  
  n) computing a digest as output of said predetermined secure one-way hash function with said accessed digital object from step m) as input;
  
  o) comparing said digest from step n) with the digest of the digital object from the object information fields in the certificate;
  
  p) rejecting said digital object if the two digests in step o) are not identical; and
  
  q) accepting said digital object if the two digests in step o) are identical;
  
  whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects, and said end user can verify the trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at user'"'"'s discretion.
- View Dependent Claims (6, 7, 8)
- - 6. The method as defined in claim 5, wherein said verification of a certificate request by the trusted third party comprising the steps of:
    - a) verifying that identity of the information provider contained in said certificate request corresponds to a registered information provider and that said information provider'"'"'s public key is still valid; and
      
      b) verifying said information provider'"'"'s signature contained in said certificate request using the information provider'"'"'s public key.
  - 7. The method as recited in claim 5, wherein said verification of a certificate by the information provider in step g) comprising the steps of:
    - a) verifying the identities of the information provider and the trusted third party contained in said certificate;
      
      b) verifying that the validity period has not elapsed; and
      
      c) verifying said trusted third party'"'"'s signature contained in said certificate using said trusted third party'"'"'s public key.
  - 8. The method as recited in claim 5, wherein said verification of a certificate by the end user in step k) comprising the steps of:
    - a) verifying the identities of the information provider and the trusted third party contained in said certificate;
      
      b) verifying that the validity period has not elapsed; and
      
      c) verifying said trusted third party'"'"'s signature contained in said certificate using said trusted third party'"'"'s public key.

9. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a computationally efficient method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
- a) registering the information provider with said trusted third party prior to distribution of any digital objects using a public key digital signature scheme, said scheme including an information provider'"'"'s public key and private key, said public key being made known to the trusted third party in an authenticated manner and said private key being secretly known only to said information provider, said private key being used by the information provider to generate a digital signature, said public key being used to verify said digital signature by the trusted third party;
  
  b) grouping digital objects into distribution packages by the information provider;
  
  c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a digital signature on the said certificate request body under said information provider'"'"'s private key based on the public key digital signature scheme, said certificate request body including said information provider'"'"'s identification fields for uniquely identifying the information provider, package identification fields for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said object information fields including a digest of each of said digital objects, said digest being computed as the output of a predetermined secure one-way hash function with said object as its input;
  
  d) verifying said certificate request by the trusted third party by verifying that the identity of information provider contained in said certificate-request corresponds to a registered information provider, that said information provider'"'"'s public key is still valid, and verifying said information provider'"'"'s signature contained in said certificate request using the information provider'"'"'s public key;
  
  e) providing a certificate to the information provider by the trusted third party if the verifying step d) is passed, said certificate comprising a certificate body and a digital signature on the said certificate body under the trusted third party'"'"'s private key based on a predetermined public key digital signature scheme, said certificate body including the trusted third party'"'"'s identification fields for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body;
  
  f) rejecting the certificate request if the verifying step d) is not passed;
  
  g) verifying said certificate from step e) by the information provider by verifying the identities of the information provider and the trusted third party contained in said certificate, verifying that the validity period has not elapsed, and verifying said trusted third party'"'"'s signature contained in said certificate using said trusted third party'"'"'s public key;
  
  h) storing said certificate if the verifying step g) is passed;
  
  i) rejecting said certificate if the verifying step g) is not passed;
  
  j) accessing said certificate from step h) by an end user before accessing any of said digital objects;
  
  k) verifying said certificate by the end user by verifying the identities of the information provider and the trusted third party contained in said certificate, verifying that the validity period has not elapsed, and verifying said trusted third party'"'"'s signature contained in said certificate using said trusted third party'"'"'s public key;
  
  l) rejecting said certificate if the verifying step k) is not passed;
  
  m) accessing a digital object from the distribution package if the verifying step k) is passed;
  
  n) computing a digest as output of said predetermined secure one-way hash function with said accessed digital object from step m) as input;
  
  o) comparing said digest from step n) with the digest of the digital object from the object information fields in the certificate;
  
  p) rejecting said digital object if the two digests in step o) are not identical; and
  
  q) accepting said digital object if the two digests in step o) are identical;
  
  whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects, and said end user can verify the trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at user'"'"'s discretion.

10. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a computationally efficient method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
- a) registering the information provider with said trusted third party prior to distribution of any digital objects using a public key digital signature scheme, said scheme including an information provider'"'"'s public key and private key, said public key being made known to the trusted third party in an authenticated manner and said private key being secretly known only to said information provider, said private key being used by the information provider to generate digital signature, said public key being used to verify said digital signature by the trusted third party;
  
  b) grouping digital objects into distribution packages by the information provider;
  
  c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body, an optional need-safety-checking objects field, and a digital signature on the certificate request body and the said need-safety-checking objects field under said information provider'"'"'s private key based on the public key digital signature scheme, said certificate request body including said information provider'"'"'s identification fields for uniquely identifying the information provider, package identification fields for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said object information fields including a digest, an object type indicator, and a safety-checking flag for each of said digital objects, said digest being computed as an output of a predetermined secure one-way hash function with said object as its input, said safety-checking flag taking two possible values corresponding to ON and OFF, said need-safety-checking objects field containing objects whose safety needs to be checked by the trusted third party;
  
  d) verifying said certificate request by the trusted third party using predetermined criteria;
  
  e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate comprising a certificate body and a digital signature on the said certificate body under the trusted third party'"'"'s private key based the predetermined public key digital signature scheme, said certificate body including the trusted third party'"'"'s identification fields for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body;
  
  f) rejecting the certificate request if the predetermined criteria of step d) are not met;
  
  g) verifying said certificate from step e) by the information provider using predetermined criteria;
  
  h) storing said certificate if said predetermined criteria in step g) are met;
  
  i) rejecting said certificate if said predetermined criteria in step g) are not met;
  
  i) accessing said certificate from step h) by an end user before accessing any of said digital objects;
  
  k) verifying said certificate by the end user using predetermined criteria;
  
  l) rejecting said certificate if said predetermined criteria in step k) are not met;
  
  m) accessing a digital object from the distribution package if the predetermined criteria in step k) are met;
  
  n) computing a digest as output of said predetermined secure one-way hash function with said accessed digital object from step m) as input;
  
  o) comparing said digest from step n) with the digest of the digital object from the object information fields contained in the certificate and checking if values of the object type indicator and safety-checking flag of said object are as required;
  
  p) rejecting said digital object if the two digests in step o) are not identical or if the values of the object type indicator and safety-checking flag of said object are not as required; and
  
  q) accepting said digital object if the two digests in step o) are identical and if the values of the object type indicator and safety-checking flag of said object are as required;
  
  whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects, and said end user can verify the trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at user'"'"'s discretion.
- View Dependent Claims (11, 12, 13)
- - 11. The method as defined in claim 10, wherein said verification of a certificate-request by the trusted third party comprising the steps of:
    - a) verifying that identity of information provider contained in said certificate-request corresponds to a registered information provider and that said information provider'"'"'s public key is still valid; and
      
      b) verifying said information provider'"'"'s signature contained in said certificate-request; and
      
      c) computing a digest as output of a predetermined secure one-way hash function with said digital object as input for each object contained in the need-safety-checking-objects field; and
      
      d) verifying that said digest from step c) is identical to the corresponding digest contained in the object information field; and
      
      e) verifying the safety features of said object with predetermined procedures.
  - 12. The method as recited in claim 10, wherein said verification of a certificate by the information provider comprising the steps of:
    - a) checking the correctness of identities of information provider and trusted third party contained in said certificate; and
      
      b) verifying said trusted third party'"'"'s signature contained in said certificate.
  - 13. The method as recited in claim 10, wherein said verification of a certificate by the end user comprising the steps of:
    - a) checking the correctness of identities of information provider and trusted third party contained in said certificate; and
      
      b) verifying said trusted third party'"'"'s signature contained in said certificate.

14. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a computationally efficient method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
- a) registering the information provider with said trusted third party prior to distribution of any digital objects;
  
  b) grouping digital objects into distribution packages by the information provider;
  
  c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a field for verifying integrity of contents of said body, said body including information provider identification fields for providing information to uniquely identify the information provider, package identifying field for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said information fields including a digest of each of said digital objects, said digest being computed as an output of a predetermined secure one-way hash function with said object as its input;
  
  d) verifying said certificate request by the trusted third party using predetermined criteria;
  
  e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate including a certificate body and a field for verifying integrity of contents of said body, said certificate body including a trusted third party'"'"'s identification field for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body;
  
  f) rejecting the certificate request if the predetermined criteria of step d) are not met;
  
  g) verifying said certificate from step e) by the information provider using predetermined criteria;
  
  h) storing said certificate if said predetermined criteria in step g) are met; and
  
  i) rejecting said certificate if said predetermined criteria in step g) are not met;
  
  whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects.

15. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, a computationally efficient method for providing trusted and dynamic dissemination of digital objects comprising the steps of:
- a) registering the information provider with said trusted third party prior to distribution of any digital objects using a public key digital signature scheme, said scheme including an information provider'"'"'s public key and private key, said public key being made known to the trusted third party in an authenticated manner and said private key being secretly known only to said information provider, said private key being used by the information provider to generate a digital signature, said public key being used to verify said digital signature by the trusted third party;
  
  b) grouping digital objects into distribution packages by the information provider;
  
  c) providing a certificate request by the information provider to the trusted third party, said certificate request including a certificate request body and a digital signature on the said certificate request body under said information provider'"'"'s private key based on the public key digital signature scheme, said certificate request body including said information provider'"'"'s identification fields for uniquely identifying the information provider, package identification fields for uniquely identifying a distribution package, object information fields for uniquely identifying each of a plurality of digital objects in the distribution package, said object information fields including a digest of each of said digital objects, said digest being computed as the output of a predetermined secure one-way hash function with said object as its input;
  
  d) verifying said certificate request by the trusted third party using predetermined criteria;
  
  e) providing a certificate to the information provider by the trusted third party if the predetermined criteria in step d) are met, said certificate comprising a certificate body and a digital signature on the said certificate body under the trusted third party'"'"'s private key based on a predetermined public key digital signature scheme, said certificate body including the trusted third party'"'"'s identification fields for uniquely identifying the trusted third party, a time stamp indicating issue date, and said certificate request body;
  
  f) rejecting the certificate request if the predetermined criteria of step d) are not met;
  
  g) verifying said certificate from step e) by the information provider using predetermined criteria;
  
  h) storing said certificate if said predetermined criteria in step g) are met;
  
  i) rejecting said certificate if said predetermined criteria in step g) are not met;
  
  whereby said trusted third party can authenticate all digital objects in the distribution package and issue a single certificate certifying all of said digital objects.
- View Dependent Claims (16, 17)
- - 16. The method as defined in claim 15, wherein said verification of a certificate-request by the trusted third party comprising the steps of:
    - a) verifying that identity of the information provider contained in said certificate-request corresponds to a registered information provider and that said information provider'"'"'s public key is still valid; and
      
      b) verifying said information provider'"'"'s signature contained in said certificate request using the information provider'"'"'s public key.
  - 17. The method as recited in claim 15, wherein said verification of a certificate by the information provider in step g) comprising the steps of:
    - a) verifying the identity of the information provider and the trusted third party contained in said certificate;
      
      b) verifying that the validity period has not elapsed; and
      
      c) verifying said trusted third party'"'"'s signature contained in said certificate using said trusted third party'"'"'s public key.

18. In a system for dissemination of digital objects over a transmission channel, said system including at least one information provider, end user, and trusted third party, where the information provider groups digital objects into distribution packages, and obtains a single certificate from the trusted third party for each of the distribution packages, said certificate containing information provider identification fields, package identifying field, object information fields including a digest of each of said digital objects, identity of a trusted third party, a time stamp indicating issue date, said trusted third party'"'"'s digital signature on all of said fields, a computationally efficient method for providing trusted and dynamic access of digital objects by the end user comprising the steps of:
- a) accessing said certificate from the information provider before accessing any of said digital objects;
  
  b) verifying said certificate by the end user using predetermined criteria;
  
  c) rejecting said certificate if said predetermined criteria in step b) are not met;
  
  d) accessing a digital object from the distribution package if the predetermined criteria in step b) are met;
  
  e) computing a digest as output of said predetermined secure one-way function with said accessed digital object from step d) as input;
  
  f) comparing said digest from step e) with the digest of the digital object from the object information fields in the certificate;
  
  g) rejecting said digital object if the compared digests in step f) are not identical; and
  
  h) accepting said digital object if the compared digests in step f) are identical;
  
  whereby said end user can verify trustworthiness of each of said digital objects in the single certificate and access any of the digital objects in the distribution package at the user'"'"'s discretion.
- View Dependent Claims (19)
- - 19. The method as recited in claim 18, wherein said verification of a certificate by the end user comprising the steps of:
    - a) checking the correctness of identities of information provider and trusted third party contained in said certificate; and
      
      b) verifying said trusted third party'"'"'s signature contained in said certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kent Ridge Digital Labs
Original Assignee
Kent Ridge Digital Labs
Inventors
Wang, Weiguo, Deng, Huijie, Narasimhalu, Arcot Desai
Primary Examiner(s)
Pham, Chi H.
Assistant Examiner(s)
Bayard, Emmanuel

Application Number

US09/011,800
Time in Patent Office

808 Days
Field of Search

380/21, 380/20, 380/30, 705/39, 705/44, 705/43, 235/380, 379/91.01
US Class Current

705/44
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/645   using a third party

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2211/009   Trust

G06Q 20/10   specially adapted for elect...

G06Q 20/3821   Electronic credentials

G06Q 20/40   Authorisation, e.g. identif...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Computationally efficient method for trusted and dynamic digital objects dissemination

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Computationally efficient method for trusted and dynamic digital objects dissemination

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links