Method and apparatus for verifying the integrity of digital objects using signed manifests

US 6,725,373 B2
Filed: 03/25/1998
Issued: 04/20/2004
Est. Priority Date: 03/25/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

associating a first metadata name with a first object within a first manifest section of a signed manifest, the first metadata name classifying data associated with the first object;

determining a first integrity value for the first metadata name;

storing a first digest identifier of a first digest algorithm within the first manifest section;

digesting the first integrity value according to the first digest algorithm;

associating a second metadata name with a second object within a second manifest section of the signed manifest, the second metadata name classifying data associated with the second object;

determining a second integrity value for the second metadata name;

storing a second digest identifier of a second digest algorithm within the second manifest section; and

digesting the second integrity value according to the second digest algorithm.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for generating a signed manifest includes referencing an object. A metadata name is recorded. A digest algorithm is recorded. An integrity value that belongs to the object that corresponds to the metadata subject name is digested with the digest algorithm.

Citations

20 Claims

1. A method comprising:
- associating a first metadata name with a first object within a first manifest section of a signed manifest, the first metadata name classifying data associated with the first object;
  
  determining a first integrity value for the first metadata name;
  
  storing a first digest identifier of a first digest algorithm within the first manifest section;
  
  digesting the first integrity value according to the first digest algorithm;
  
  associating a second metadata name with a second object within a second manifest section of the signed manifest, the second metadata name classifying data associated with the second object;
  
  determining a second integrity value for the second metadata name;
  
  storing a second digest identifier of a second digest algorithm within the second manifest section; and
  
  digesting the second integrity value according to the second digest algorithm.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising storing an attribute of the first object.
  - 3. The method of claim 1, wherein associating the first metadata name includes storing in the first manifest section a source of the first object.
  - 4. The method of claim 1, wherein associating the first metadata name includes storing within the first manifest section a section of the first object.
  - 5. The method of claim 1,wherein associating the first metadata name comprises specifying a trusted signer.
  - 6. The method of claim 1, further comprising generating a signer information section that corresponds to first the manifest section.
  - 7. The method of claim 6, wherein generating the signer information section comprises:
8. The method of claim 7, further comprising storing an attribute of the first object not found in the first manifest section.
9. The method of claim 7, further comprising generating a signature block that corresponds to the signer information section.
10. The method of claim 9, wherein generating the signature block comprises:
- storing a fourth digest algorithm within the manifest;
  
  digesting the signer information according to the fourth digest algorithm; and
  
  encrypting the digested signer information with a private key.
11. The method of claim 1, further comprising linking the first manifest section with the second manifest section in the same manifest.

12. A computing-device readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions, which, when executed by a processor, causes the processor to:
- reference a first object;
  
  store a first metadata name for classifying data to be associated with the first object within a first manifest section of a signed manifest;
  
  store a first digest identifier of a first digest algorithm within the first manifest section;
  
  digest, with the first digest algorithm, a first integrity value for the first object determined with respect to the first metadata name;
  
  reference a second object;
  
  store a second metadata name for classifying data to be associated with the second object within a second manifest section of the signed manifest;
  
  store a second digest identifier of a second digest algorithm within the second manifest section; and
  
  digest, with the second digest algorithm, a second integrity value for the second object determined with respect to the second metadata name.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer-readable medium of claim 12 further comprising instructions which, when executed by the processor, causes the processor to generate a first signature information section that corresponds to the first manifest section.
  - 14. The computer-readable medium of claim 13, wherein generating the signature information section comprises instructions which, when executed by the processor, causes the processor to:
15. The computer-readable medium of claim 14 further comprising instructions which, when executed by the processor, causes the processor to generate a signature block that corresponds to the first signature information section.
16. The computer-readable medium of claim 15, wherein generating the signature block comprises instructions which, when executed by the processor, causes the processor to:
- store a fourth digest identifier of a fourth digest algorithm;
  
  digest the first signature information with the fourth digest algorithm; and
  
  encrypt the digested signature information with a private key.

17. An object integrity verification unit comprising:
- a signed manifest manager to generate a manifest section for each object in a collection of multiple objects, the signed manifest manager further to store a metadata name providing for classifying information associated with an object and a digest identifier corresponding to a specific digest algorithm for the object within each manifest section of a signed manifest having a plurality of manifest sections; and
  
  a digest unit, coupled to the signed manifest manager, that digests an integrity value with each digest algorithm within each manifest section, the integrity value instantiating a value for the metadata name and being based at least in part on the metadata name'"'"'s classification.
- View Dependent Claims (18)
- - 18. The object integrity verification unit of claim 17, further comprising an encryption/decryption unit, coupled to the signed manifest manager, that encrypts the digested integrity value.

19. A computer system, comprising:
- a bus;
  
  a processor coupled to the bus; and
  
  an object integrity verification unit, including;
  
  a signed manifest manager to generate a manifest section for each object in a collection of multiple objects, the signed manifest manager further to store a metadata name providing for classifying information associated with an object and a digest identifier corresponding to a specific digest algorithm for the object within each manifest section of a signed manifest having a plurality of manifest sections; and
  
  a digest unit, coupled to the signed manifest manager, that digests an integrity value with the digest algorithm within the manifest section, said integrity value determined with respect to the metadata name.
- View Dependent Claims (20)
- - 20. The computer system of claim 19, wherein the object integrity verification unit further comprises an encryption/decryption unit, coupled to the signed manifest manager, that encrypts the digested integrity value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Graunke, Gary, Rozas, Carlos, Carbajal, John M.
Primary Examiner(s)
Barrón, Gilberto
Assistant Examiner(s)
Meislahn, Douglas J.

Application Number

US09/047,231
Publication Number

US 20020002680A1
Time in Patent Office

2,218 Days
Field of Search

713/167, 713/176, 713/179
US Class Current

713/179
CPC Class Codes

H04L 9/3247 involving digital signatures

Method and apparatus for verifying the integrity of digital objects using signed manifests

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for verifying the integrity of digital objects using signed manifests

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links