Technique for digitally notarizing a collection of data streams

US 7,028,184 B2
Filed: 01/17/2001
Issued: 04/11/2006
Est. Priority Date: 01/17/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product for digitally notarizing a collection comprising a plurality of data streams, the computer program product embodied on one or more computer-usable media and comprising:

computer-readable program code configured to compute a hash value over each of the plurality of data streams, wherein each data stream is created by a different application processing component;

computer-readable program code configured to combine each hash value for each of the plurality of data streams with a unique identifier of the application processing component which created the data stream for which the hash value was computed, thereby creating a combination data block;

computer-readable program code configured to hash the combination data block;

computer-readable program code configured to digitally sign the hashed combination data block with a private cryptographic key, wherein the private cryptographic key and a public cryptographic key which is cryptographically associated therewith represent a digital notary; and

computer-readable program code configured to provide the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the collection plurality of data streams, wherein the digital notarization cryptographically seals contents of the collection of data streams.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, computer program product, and method of doing business by digitally notarizing a collection of data streams, thereby improving security of the contents of the data streams. Preferably, public key cryptography is used, wherein the collection of data streams is digitally signed (i.e. notarized) using a private cryptographic key of a digital notary, such that an associated public cryptographic key can be used to verify the authenticity and integrity of the collection of data streams. One or more components which are involved in creating the data streams are preferably authenticated, and a unique identifier of each such component is included within cryptographically-protected information that is provided for the digital notarization. The authenticated identities of the components can therefore be determined from the digital notarization.

Citations

38 Claims

1. A computer program product for digitally notarizing a collection comprising a plurality of data streams, the computer program product embodied on one or more computer-usable media and comprising:
- computer-readable program code configured to compute a hash value over each of the plurality of data streams, wherein each data stream is created by a different application processing component;
  
  computer-readable program code configured to combine each hash value for each of the plurality of data streams with a unique identifier of the application processing component which created the data stream for which the hash value was computed, thereby creating a combination data block;
  
  computer-readable program code configured to hash the combination data block;
  
  computer-readable program code configured to digitally sign the hashed combination data block with a private cryptographic key, wherein the private cryptographic key and a public cryptographic key which is cryptographically associated therewith represent a digital notary; and
  
  computer-readable program code configured to provide the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the collection plurality of data streams, wherein the digital notarization cryptographically seals contents of the collection of data streams.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer program product according to claim 1, wherein:
    - the computer-readable program code configured to combine and the computer-readable program code configured to hash operate on pairs of (hash values, identifiers), one pair for each of the plurality of data streams;
      
      the computer-readable program code configured to digitally sign digitally signs each of the hashed pairs; and
      
      the computer-readable program code configured to provide provides the digitally signed hashed pairs, along with the hashed pairs, as the digital notarization.
  - 3. The computer program product according to claim 1, wherein:
    - the computer-readable program code configured to compute a hash operates periodically, upon expiration of an elapsed time value, to compute a hash value over each of a plurality of segments of each data stream;
      
      the computer-readable program code configured to combine, the computer-readable program code configured to hash, and the computer-readable program code configured to digitally sign all operate on the periodically-computed hash values for each data stream; and
      
      the computer-readable program code configured to provide provides the digitally signed periodically-computed hash values, along with the periodically-computed hash values, as the digital notarization; and
      
      further comprising computer-readable program code configured to insert an identification of a time corresponding to each of the periodically-computed hash values at appropriate locations within each of the data streams.
  - 4. The computer program product according to claim 3, wherein the computer-readable program code configured to insert uses MPEG-4 synchronization timestamping.
  - 5. The computer program product according to claim 3, wherein authenticity and integrity of each of the segments is independently verifiable.
  - 6. The computer program product according to claim 3, further comprising:
    - computer-readable program code configured to extract selected ones of the segments of the data streams; and
      
      computer-readable program code configured to verify integrity of the extracted selected ones using the public cryptographic key of the digital notary.
  - 7. The computer program product according to claim 3, further comprising:
    - computer-readable program code configured to authenticate, by the digital notary, each of the application processing components;
      
      computer-readable program code configured to extract selected ones of the segments of the data streams; and
      
      computer-readable program code configured to verify authenticity of the extracted selected ones using the public cryptographic key of the digital notary and the digital notarization.
  - 8. The computer program product according to claim 1, further comprising:
    - computer-readable program code configured to add an additional data stream to the collection, wherein the additional data stream comprises the digital notarization.
  - 9. The computer program product according to claim 7, wherein the identifiers serve to identify data streams from each of the authenticated application processing components.
  - 10. The computer program product according to claim 1, further comprising computer-readable program code configured to authenticate each of the application processing components using the unique identifier thereof, along with a digital signature of the unique identifier that is created using a private key of the application processing component.
  - 11. The computer program product according to claim 10, wherein inclusion of the unique identifiers within the combination data block allows concluding that each data stream in the collection was created by an authentic application processing component if operation of a verification process succeeds, wherein the verification process further comprises:
    - using the public cryptographic key of the digital notary to decrypt the digitally signed hashed combination data block, yielding a new version of the hashed combination data block and a new version of the combination data block;
      
      computing a new hash over the new version of the combination data block; and
      
      determining whether the new hash is identical to the new version of the hashed combination data block.
  - 12. The computer program product according to claim 11, wherein successful operation of the verification process also allows concluding that the data streams in the collection have not been altered.

13. A system for digitally notarizing a collection comprising a plurality of data streams, comprising:
- means for computing a hash value over each of the plurality of data streams, wherein each data stream is created by a different application processing component;
  
  means for combining each hash value for each of the plurality of data streams with a unique identifier of the application processing component which created the data stream for which the hash value was computed, thereby creating a combination data block;
  
  means for hashing the combination data block;
  
  means for digitally signing the hashed combination data block with a private cryptographic key, wherein the private cryptographic key and a public cryptographic key which is cryptographically associated therewith represent a digital notary; and
  
  means for providing the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the collection of data streams, wherein the digital notarization cryptographically seals contents of the collection of data streams.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system according to claim 13, wherein:
    - the means for combining and the means for hashing operate on pairs of (hash values, identifiers), one pair for each of the plurality of data streams;
      
      the means for digitally signing digitally signs each of the hashed pairs; and
      
      the means for providing provides the digitally signed hashed pairs, along with the hashed pairs, as the digital notarization.
  - 15. The system according to claim 13, wherein:
    - the means for computing a hash operates periodically, upon expiration of an elapsed time value, to compute a hash value over each of a plurality of segments of each data stream;
      
      the means for combining, the means for hashing, and the means for digitally signing all operate on the periodically-computed hash values for each data stream; and
      
      the means for providing provides the digitally signed periodically-computed hash values, along with the periodically-computed hash values, as the digital notarization; and
      
      further comprising means for inserting an identification of a time corresponding to each of the periodically-computed hash values at appropriate locations within each of the data streams.
  - 16. The system according to claim 15, wherein the means for inserting uses MPEG-4 synchronization timestamping.
  - 17. The system according to claim 15, wherein integrity of each of the segments is independently verifiable.
  - 18. The system according to claim 15, further comprising:
    - means for extracting selected ones of the segments of the data streams; and
      
      means for verifying integrity of the extracted selected ones using the public cryptographic key of the digital notary.
  - 19. The system according to claim 15, further comprising:
    - means for authenticating, by the digital notary, each of the application processing components;
      
      means for extracting selected ones of the segments of the data streams; and
      
      means for verifying authenticity of the extracted selected ones using the public cryptographic key of the digital notary and the digital notarization.
  - 20. The system according to claim 13, further comprising means for adding an additional data stream to the collection, wherein the additional data stream comprises the digital notarization.
  - 21. The system according to claim 19, wherein the identifiers serve to identify data streams from each of the authenticated application processing components.
  - 22. The system according to claim 13, further comprising means for authenticating each of the application processing components using the unique identifier thereof, along with a digital signature of the unique identifier that is created using a private key of the application processing component.
  - 23. The system according to claim 22, wherein inclusion of the unique identifiers within the combination data block allows concluding that each data stream in the collection was created by an authentic application processing component if operation of a verification process succeeds, wherein the verification process further comprises:
    - using the public cryptographic key of the digital notary to decrypt the digitally signed hashed combination data block, yielding a new version of the hashed combination data block and a new version of the combination data block;
      
      computing a new hash over the new version of the combination data block; and
      
      determining whether the new hash is identical to the new version of the hashed combination data block.
  - 24. The system according to claim 23, wherein successful operation of the verification process also allows concluding that the data streams in the collection have not been altered.

25. A method of digitally notarizing a collection comprising a plurality of data streams, comprising:
- computing a hash value over each of the plurality of data streams, wherein each data stream is created by a different application processing component;
  
  combining each hash value for each of the plurality of data streams with a unique identifier of the application processing component which created the data stream for which the hash value was computed, thereby creating a combination data block;
  
  hashing the combination data block;
  
  digitally signing the hashed combination data block with a private cryptographic key, wherein the private cryptographic key and a public cryptographic key which is cryptographically associated therewith represent a digital notary; and
  
  providing the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the collection of data streams, wherein the digital notarization cryptographically seals contents of the collection of data streams.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The method according to claim 25, wherein:
    - the combining and the hashing operate on pairs of (hash values, identifiers), one pair for each of the plurality of data streams;
      
      the digitally signing digitally signs each of the hashed pairs; and
      
      the providing provides the digitally signed hashed pairs, along with the hashed pairs, as the digital notarization.
  - 27. The method according to claim 25, wherein:
    - computing a hash operates periodically, upon expiration of an elapsed time value, to compute a hash value over each of a plurality of segments of each data stream;
      
      combining, hashing, and digitally signing all operate on the periodically-computed hash values for each data stream; and
      
      providing provides the digitally signed periodically-computed hash values, along with the periodically-computed hash values, as the digital notarization; and
      
      further comprising inserting an identification of a time corresponding to each of the periodically-computed hash values at appropriate locations within each of the data streams.
  - 28. The method according to claim 27, wherein the inserting step uses MPEG-4 synchronization timestamping.
  - 29. The method according to claim 27, wherein integrity of each of the segments is independently verifiable.
  - 30. The method according to claim 27, further comprising:
    - extracting selected ones of the segments of the data streams; and
      
      verifying integrity of the extracted selected ones using the public cryptographic key of the digital notary.
  - 31. The method according to claim 27, further comprising:
    - authenticating, by the digital notary, each of the application processing components;
      
      extracting selected ones of the segments of the data streams; and
      
      verifying authenticity of the extracted selected ones using the public cryptographic key of the digital notary and the digital notarization.
  - 32. The method according to claim 25, further comprising adding an additional data stream to the collection, wherein the additional data stream comprises the digital notarization.
  - 33. The method according to claim 31, wherein the identifiers serve to identify data streams from each of the authenticated application processing components.
  - 34. The method according to claim 25, further comprising authenticating each of the application processing components using the unique identifier thereof, along with a digital signature of the unique identifier that is created using a private key of the application processing component.
  - 35. The method according to claim 34, wherein inclusion of the unique identifiers within the combination data block allows concluding that each data stream in the collection was created by an authentic application processing component if operation of a verification process succeeds, wherein the verification process further comprises:
    - using the public cryptographic key of the digital notary to decrypt the digitally signed hashed combination data block, yielding a new version of the hashed combination data block and a new version of the combination data block;
      
      computing a new hash over the new version of the combination data block; and
      
      determining whether the new hash is identical to the new version of the hashed combination data block.
  - 36. The method according to claim 35, wherein successful operation of the verification process also allows concluding that the data streams in the collection have not been altered.

37. A digitally notarized collection of data streams, comprising:
- a plurality of data streams in the collection, wherein each data stream is created by a different application processing component; and
  
  a digital notarization of the collection, created by;
  
  computing a hash value over each of the plurality of data streams;
  
  combining each hash value for each of the plurality of data streams with a unique identifier of the application processing component which created the data stream for which the hash value was computed, thereby creating a combination data block;
  
  hashing the combination data block;
  
  digitally signing the hashed combination data block with a private cryptographic key, wherein the private cryptographic key and a public cryptographic key which is cryptographically associated therewith represent a digital notary; and
  
  providing the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the collection of data streams, wherein the digital notarization cryptographically seals contents of the collection of data streams.

38. A method of doing business using digitally notarized data streams, comprising:
- digitally notarizing a collection comprising a plurality of data streams, further comprising;
  
  computing a hash value over each of the plurality of data streams, wherein each data stream is created by a different application processing component;
  
  combining each hash value for each of the plurality of data streams with a unique identifier of the application processing component which created the data stream for which the hash value was computed, thereby creating a combination data block;
  
  hashing the combination data block;
  
  digitally signing the hashed combination data block with a private cryptographic key, wherein the private cryptographic key and a public cryptographic key which is cryptographically associated therewith represent a digital notary; and
  
  providing the digitally signed hashed combination data block, along with the combination data block, as the digital notarization for the collection of data streams; and
  
  verifying authenticity of the digitally notarized collection of data streams, by a receiver of the digital notarization, further comprising;
  
  using the public cryptographic key of the digital notary to decrypt the digitally signed hashed combination data block, yielding a new version of the hashed combination data block and a new version of the combination data block;
  
  computing a new hash over the new version of the combination data block; and
  
  determining whether the new hash is identical to the new version of the hashed combination data block, and if so, concluding that the data streams in the collection have not been altered.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hind, John R., Peters, Marcia L.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
STULBERGER, CAS P

Application Number

US09/764,541
Publication Number

US 20030212893A1
Time in Patent Office

1,910 Days
Field of Search

713/170, 713/176, 713/181, 380/201, 380/202, 380/203, 380/204, 380/216, 382/17
US Class Current

713/170
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

Technique for digitally notarizing a collection of data streams

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Technique for digitally notarizing a collection of data streams

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links