System and method for secure font subset distribution
First Claim
1. A method for supplying authenticated font subsets, comprising the following steps:
- constructing an authentication tree for a font;
subsetting the font to form a font subset; and
distributing the font subset together with at least one authentication value of the authentication tree that represents portions of the font that are not contained in the font subset.
2 Assignments
0 Petitions
Accused Products
Abstract
This invention concerns a system and method for securely distributing subsetted fonts from a distributor to a client. The system includes a signing module to construct an authentication tree having leaves formed of glyphs, one or more intermediate levels of nodes computed as one-way functions of the glyphs, and a root computed as a one-way function of the nodes. The signing module digitally signs the root of the authentication tree using a private signing key unique to the font creator or distributor. The system has a subsetting module to construct a font subset file that contains selected glyphs and other data to be included in a font subset. The font subset file also holds the digitally signed root of the font authentication tree and one or more authentication values of the authentication tree that represents non-selected glyphs and data of the font that are not contained in the font subset. The font subset file is distributed to requesting clients. An authentication module at the client authenticates the font subset file received from the distributor. The authentication module reconstructs the root of the authentication tree using the selected glyphs and data in the font subset and the authentication values that represent the non-selected glyphs and data not contained in the font subset. The authentication module also produces an unsigned version of the digitally signed root using a public key of the font creator to produce an unsigned root digest. The authentication module compares the unsigned root to the reconstructed root and if and only if they match, authenticates the font subset file as originating from the distributor (or font creator) and not being subsequently altered.
113 Citations
27 Claims
-
1. A method for supplying authenticated font subsets, comprising the following steps:
-
constructing an authentication tree for a font; subsetting the font to form a font subset; and distributing the font subset together with at least one authentication value of the authentication tree that represents portions of the font that are not contained in the font subset. - View Dependent Claims (2, 3, 4)
-
-
5. A data structure stored on a computer-readable medium constructed as a result of the following steps:
-
constructing an authentication tree for a font; digitally signing a root of the authentication tree; subsetting the font to form a font subset; storing the font subset, at least one authentication value of the authentication tree that represents portions of the font that are not contained in the font subset, and the digitally signed root as a font subset data file.
-
-
6. A computer-readable medium having computer executable instructions that, when executed on a processor, perform the following steps:
-
constructing an authentication tree for a font; subsetting the font to form a font subset; and distributing the font subset together with at least one authentication value of the authentication tree that represents portions of the font that are not contained in the font subset.
-
-
7. A method comprising the following steps:
-
receiving a font subset that is subsetted from a font file, the font file being represented by an authentication tree whose root is digitally signed by a source; receiving at least one authentication value from the authentication tree that represents portions of the font that are not contained in the font subset; receiving the digitally signed root; reconstructing the authentication tree from the font subset and the authentication value(s); and authenticating the font subset based upon the reconstructed authentication tree and the digitally signed root. - View Dependent Claims (8, 9)
-
-
10. A method for supplying a font comprising the following steps:
-
constructing a hash tree for the font, the hash tree having leaves formed of glyphs and data that define the font, the hash tree also having a root; digitally signing the root of the hash tree to authenticate the font as belonging to a source; subsetting the font by selecting one or more of the glyphs and data to form a font subset; storing the font subset, one or more hash values that represent all remaining glyphs and data that are not part of the selected font subset, and the digitally signed root as a font subset file; electronically transmitting the font subset file; receiving the font subset file; producing an unsigned root of the hash tree from the signed root contained in the font subset file; reconstructing the hash tree from the font subset and the one or more hash values contained in the font subset file to derive a reconstructed root; and authenticating the font subset by comparing the reconstructed root with the unsigned root derived from the signed root.
-
-
11. In a system for electronically delivering media wherein the media is segmented into multiple individual media segments and the segments are used to construct an authentication tree that is digitally signed by a source to authenticate the media as belonging to the source, a method comprising the following steps:
-
subsetting the media to form a media subset containing one or more of the media segments; and sending the media subset and at least one authentication value of the authentication tree that represents the media segments not contained within the media subset so that a recipient can authenticate the media subset as belonging to the source. - View Dependent Claims (12, 13)
-
-
14. In a system for electronically delivering media wherein the media is segmented into multiple individual media segments and the segments are used to construct an authentication tree that is digitally signed by a source to authenticate the media as belonging to the source, a computer-readable medium having computer executable instructions that, when executed on a processor, perform the following steps:
-
subsetting the media to form a media subset containing one or more of the media segments; and sending the media subset and at least one authentication value of the authentication tree that represents the media segments not contained within the media subset so that a recipient can authenticate the media subset as belonging to the source.
-
-
15. A system for supplying authenticated font subsets, comprising:
-
a signing module to construct an authentication tree for a font and digitally signing a root of the authentication tree; a subsetting module to subset the font to form a font subset and constructing a font subset file containing the font subset, the digitally signed root, and at least one authentication value of the authentication tree that represents portions of the font that are not contained in the font subset; and an authentication module to authenticate the font subset by reconstructing the root of the authentication tree using the font subset and the authentication value(s) from the font subset file, producing an unsigned root from the digitally signed root of the font subset file, and checking the unsigned root against the reconstructed root. - View Dependent Claims (16, 17, 18)
-
-
19. A computer program embodied on a computer-readable medium for creating a font file, the font file including a set of glyphs, comprising:
-
a code segment to instruct a computer to construct an authentication tree having leaves formed of glyphs, one or more intermediate levels of nodes computed as one-way functions of the glyphs, and a root computed as a one-way function of the nodes; and a code segment to instruct a computer to digitally sign the root of the authentication tree. - View Dependent Claims (20)
-
-
21. A computer operating system embodied on a computer-readable medium having code segments for creating a font file, the font file including a set of glyphs, the computer operating system comprising:
-
a code segment to instruct a computer to construct an authentication tree having leaves formed of glyphs, one or more intermediate levels of nodes computed as one-way functions of the glyphs, and a root computed as a one-way function of the nodes; and a code segment to instruct a computer to digitally sign the root of the authentication tree.
-
-
22. A computer program embodied on a computer-readable medium for subsetting a font file, the font file including a set of glyphs and a digitally signed root of an authentication tree that is derived from the glyphs, comprising:
-
a code segment to instruct a computer to create a font subset file that includes part of the glyphs in the font file and excludes remaining ones of the glyphs in the font file; and a code segment to instruct a computer to add to the font subset file the digitally signed root and one or more nodes from the authentication tree that represent the remaining glyphs.
-
-
23. A computer operating system embodied on a computer-readable medium having code segments for subsetting a font file, the font file including a set of glyphs and a digitally signed root of an authentication tree that is derived from the glyphs, the computer operating system comprising:
-
a code segment to instruct a computer to create a font subset file that includes part of the glyphs in the font file and excludes remaining ones of the glyphs in the font file; and a code segment to instruct a computer to add to the font subset file the digitally signed root and one or more nodes from the authentication tree that represent the remaining glyphs.
-
-
24. A computer program embodied on a computer-readable medium for handling a font subset file that is subsetted from a font file, wherein the font file is represented by an authentication tree having leaves formed of glyphs, one or more intermediate levels of nodes computed as one-way functions of the glyphs, and a root computed as a one-way function of the nodes, and wherein the font subset file contains selected glyphs, the root of the authentication tree, and one or more of the nodes from the authentication tree that represent non-selected glyphs, comprising:
-
a code segment to instruct a computer to reconstruct the root of the authentication tree from the selected glyphs and the nodes contained in the font subset file; and a code segment to instruct a computer to authenticate the font subset file based on the reconstructed root and the root contained in the font subset file. - View Dependent Claims (25, 26)
-
-
27. A data structure embodied on a computer-readable medium, comprising:
-
an identification field containing an identification of a font subset that is subsetted from a font; a content field containing selected glyphs and data that define the font subset; an authentication field containing one or more authentication values from an authentication tree for the font, the authentication values representing non-selected glyphs and data from the font that are not part of the font subset; and a signature field containing a digitally signed root value computed from a root of the authentication tree.
-
Specification