Technique for establishing provable chain of evidence
First Claim
1. A system for providing a provable chain of evidence for an evidence collection, comprising:
- a security core which provides security functions;
one or more components;
means for operating the security core;
means for connecting the components to the security core, such that the security core can vouch for authenticity of each connected component;
means for recording one or more data streams which comprise the evidence collection, each of the data streams being created by selected ones of the connected components; and
means for securely providing, for the evidence collection by the security core, an identification of each of the selected ones which create the recorded data streams, wherein the means for securely providing further comprises means for digitally notarizing, by the security core, the recorded data streams which comprise the evidence collection and wherein the means for digitally notarizing further comprises;
means for computing, by the security core, a hash value over each of the recorded data streams;
means for combining each hash value with a unique identifier of the selected one which created the recorded data stream for which the hash value was computed, thereby creating a combination data block;
means for hashing the combination data block;
means for digitally signing the hashed combination data block with a private cryptographic key of the security core, wherein the private cryptographic key has a public cryptographic key cryptographically associated therewith; and
means for providing the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the recorded data streams which comprise the evidence collection, wherein the digital notarization cryptographically seals contents of the evidence collection and identities of the selected ones.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, computer program product, and method of doing business by providing a provable chain of evidence for data stream(s) created by one or more components (such as input/output devices and application processing components). Components that create the evidence collection are authenticated. A unique identifier of each such component is included within cryptographically-protected information that is added to the evidence collection. A digital signature is preferably used for the cryptographic protection, thereby digitally notarizing the evidence collection. The authenticity and integrity of the evidence collection can be verified. In preferred embodiments, the authenticated identities of components providing the evidence can also be determined from the cryptographically-protected information. One or more data streams may be included within the evidence collection to establish information such as the date and time the evidence collection was captured, the geographic location where the capture was performed, an identification of a person performing the evidence capture, and so forth. When present in a provable chain of evidence, these types of additional evidence are provided by authenticated components which are identified within the cryptographically-protected information.
107 Citations
103 Claims
-
1. A system for providing a provable chain of evidence for an evidence collection, comprising:
-
a security core which provides security functions;
one or more components;
means for operating the security core;
means for connecting the components to the security core, such that the security core can vouch for authenticity of each connected component;
means for recording one or more data streams which comprise the evidence collection, each of the data streams being created by selected ones of the connected components; and
means for securely providing, for the evidence collection by the security core, an identification of each of the selected ones which create the recorded data streams, wherein the means for securely providing further comprises means for digitally notarizing, by the security core, the recorded data streams which comprise the evidence collection and wherein the means for digitally notarizing further comprises;
means for computing, by the security core, a hash value over each of the recorded data streams;
means for combining each hash value with a unique identifier of the selected one which created the recorded data stream for which the hash value was computed, thereby creating a combination data block;
means for hashing the combination data block;
means for digitally signing the hashed combination data block with a private cryptographic key of the security core, wherein the private cryptographic key has a public cryptographic key cryptographically associated therewith; and
means for providing the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the recorded data streams which comprise the evidence collection, wherein the digital notarization cryptographically seals contents of the evidence collection and identities of the selected ones. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39)
-
-
35. A method of creating a provable chain of evidence for an evidence collection, comprising:
-
providing a security core which provides security functions;
connecting one or more components to the security core, such that the security core can vouch for authenticity of each connected component;
recording one or more data streams which comprise the evidence collection, each of the data streams being created by selected ones of the connected components; and
securely providing, for the evidence collection by the security core, an identification of each of the selected ones which create the recorded data streams, wherein securely providing further comprises digitally notarizing, by the security core, the recorded data streams which comprise the evidence collection and wherein digitally notarizing further comprises;
computing, by the security core, a hash value over each of the recorded data streams;
combining each hash value with a unique identifier of the selected one which created the recorded data stream for which the hash value was computed, thereby creating a combination data block;
hashing the combination data block;
digitally signing the hashed combination data block with a private cryptographic key of the security core, wherein the private cryptographic key has a public cryptographic key cryptographically associated therewith; and
providing the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the recorded data streams which comprise the evidence collection, wherein the digital notarization cryptographically seals contents of the evidence collection and identities of the selected ones. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
-
-
69. A computer program product for providing a provable chain of evidence for an evidence collection, the computer program product embodied on one or more computer-readable media and comprising:
-
computer-readable program code configured to operate a security core which provides security functions;
computer-readable program code configured to connect one or more components to the security core, such that the security core can vouch for authenticity of each connected component;
computer-readable program code configured to record one or more data streams which comprise the evidence collection, each of the data streams being created by selected ones of the connected components; and
computer-readable program code configured to securely provide, for the evidence collection by the security core, an identification of each of the selected ones which create the recorded data streams, wherein the computer-readable program code configured to securely provide further comprises computer-readable program code configured to digitally notarize, by the security core, the recorded data streams which comprise the evidence collection and wherein the computer-readable program code configured to digitally notarize further comprises;
computer-readable program code configured to compute, by the security core, a hash value over each of the recorded data streams;
computer-readable program code configured to combine each hash value with a unique identifier of the selected one which created the recorded data stream for which the hash value was computed, thereby creating a combination data block;
computer-readable program code configured to hash the combination data block;
computer-readable program code configured to digitally sign the hashed combination data block with a private cryptographic key of the security core, wherein the private cryptographic key has a public cryptographic key cryptographically associated therewith; and
computer-readable program code configured to provide the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the recorded data streams which comprise the evidence collection, wherein the digital notarization cryptographically seals contents of the evidence collection and identities of the selected ones. - View Dependent Claims (70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102)
-
-
103. A method of doing business by creating a provable chain of evidence for an evidence collection, comprising:
-
operating a security core which provides security functions;
connecting one or more components to the security core, such that the security core can vouch for authenticity of each connected component;
authenticating selected ones of the components to the security core, thereby connecting the selected ones, using a unique identifier of each selected one along with a digital signature of the unique identifier that is created using a private key of the selected one and using, by the security core, a public key that is cryptographically associated with the private key to determine authenticity of the connected component;
recording one or more data streams which comprise the evidence collection, the data streams being created by at least one of the selected ones; and
digitally notarizing, by the security core, the recorded data streams which comprise the evidence collection, wherein the digitally notarizing further comprises;
computing, by the security core, a hash value over each of the recorded data streams;
combining each hash value with a unique identifier of the selected one which created the recorded data stream for which the hash value was computed, thereby creating a combination data block;
hashing the combination data block;
digitally signing the hashed combination data block with a private cryptographic key of the security core, wherein the private cryptographic key has a public cryptographic key cryptographically associated therewith; and
providing the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the recorded data streams which comprise the evidence collection, wherein the digital notarization cryptographically seals contents of the evidence collection and identities of the selected ones which created the recorded data streams of the evidence collection.
-
Specification