Method and apparatus for verifying the integrity of digital objects using signed manifests
First Claim
Patent Images
1. A method comprising:
- associating a first metadata name with a first object within a first manifest section of a signed manifest, the first metadata name classifying data associated with the first object;
determining a first integrity value for the first metadata name;
storing a first digest identifier of a first digest algorithm within the first manifest section;
digesting the first integrity value according to the first digest algorithm;
associating a second metadata name with a second object within a second manifest section of the signed manifest, the second metadata name classifying data associated with the second object;
determining a second integrity value for the second metadata name;
storing a second digest identifier of a second digest algorithm within the second manifest section; and
digesting the second integrity value according to the second digest algorithm.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for generating a signed manifest includes referencing an object. A metadata name is recorded. A digest algorithm is recorded. An integrity value that belongs to the object that corresponds to the metadata subject name is digested with the digest algorithm.
-
Citations
20 Claims
-
1. A method comprising:
-
associating a first metadata name with a first object within a first manifest section of a signed manifest, the first metadata name classifying data associated with the first object;
determining a first integrity value for the first metadata name;
storing a first digest identifier of a first digest algorithm within the first manifest section;
digesting the first integrity value according to the first digest algorithm;
associating a second metadata name with a second object within a second manifest section of the signed manifest, the second metadata name classifying data associated with the second object;
determining a second integrity value for the second metadata name;
storing a second digest identifier of a second digest algorithm within the second manifest section; and
digesting the second integrity value according to the second digest algorithm. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
referencing the first manifest section;
storing a third digest identifier of a third digest algorithm within the manifest; and
digesting the first manifest section according to the third digest algorithm.
-
-
8. The method of claim 7, further comprising storing an attribute of the first object not found in the first manifest section.
-
9. The method of claim 7, further comprising generating a signature block that corresponds to the signer information section.
-
10. The method of claim 9, wherein generating the signature block comprises:
-
storing a fourth digest algorithm within the manifest;
digesting the signer information according to the fourth digest algorithm; and
encrypting the digested signer information with a private key.
-
-
11. The method of claim 1, further comprising linking the first manifest section with the second manifest section in the same manifest.
-
12. A computing-device readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions, which, when executed by a processor, causes the processor to:
-
reference a first object;
store a first metadata name for classifying data to be associated with the first object within a first manifest section of a signed manifest;
store a first digest identifier of a first digest algorithm within the first manifest section;
digest, with the first digest algorithm, a first integrity value for the first object determined with respect to the first metadata name;
reference a second object;
store a second metadata name for classifying data to be associated with the second object within a second manifest section of the signed manifest;
store a second digest identifier of a second digest algorithm within the second manifest section; and
digest, with the second digest algorithm, a second integrity value for the second objectdetermined with respect to the second metadata name. - View Dependent Claims (13, 14, 15, 16)
reference the first manifest section;
store a third digest identifier of a third digest algorithm; and
digest the first manifest section with the third digest algorithm.
-
-
15. The computer-readable medium of claim 14 further comprising instructions which, when executed by the processor, causes the processor to generate a signature block that corresponds to the first signature information section.
-
16. The computer-readable medium of claim 15, wherein generating the signature block comprises instructions which, when executed by the processor, causes the processor to:
-
store a fourth digest identifier of a fourth digest algorithm;
digest the first signature information with the fourth digest algorithm; and
encrypt the digested signature information with a private key.
-
-
17. An object integrity verification unit comprising:
-
a signed manifest manager to generate a manifest section for each object in a collection of multiple objects, the signed manifest manager further to store a metadata name providing for classifying information associated with an object and a digest identifier corresponding to a specific digest algorithm for the object within each manifest section of a signed manifest having a plurality of manifest sections; and
a digest unit, coupled to the signed manifest manager, that digests an integrity value with each digest algorithm within each manifest section, the integrity value instantiating a value for the metadata name and being based at least in part on the metadata name'"'"'s classification. - View Dependent Claims (18)
-
-
19. A computer system, comprising:
-
a bus;
a processor coupled to the bus; and
an object integrity verification unit, including;
a signed manifest manager to generate a manifest section for each object in a collection of multiple objects, the signed manifest manager further to store a metadata name providing for classifying information associated with an object and a digest identifier corresponding to a specific digest algorithm for the object within each manifest section of a signed manifest having a plurality of manifest sections; and
a digest unit, coupled to the signed manifest manager, that digests an integrity value with the digest algorithm within the manifest section, said integrity value determined with respect to the metadata name. - View Dependent Claims (20)
-
Specification