Method for real-time data authentication
First Claim
Patent Images
1. A method for authenticating transmitted data in real time, said data transmitted as a stream of packets over a publicly available medium, the method comprising:
- generating a master cryptographic key pair, including a long first public key and a long first private key;
publishing a first certificate issued by a certificate authority, the first certificate including the first public key and a first digital signature of the first public key based on a private key from the certificate authority;
generating a disposable cryptographic key pair, including a second public key and second private key;
generating a second certificate, the second certificate including the second public key and a second digital signature of the second public key based on the first private key;
publishing the second certificate;
signing the packets of data to be transmitted with a third digital signature by processing the data to be transmitted through a first one way hashing function to generate a first hash value and encrypting the first hash value utilizing the second private key;
processing received data through the first one way hashing function to create a second hash value;
decrypting the received third digital signature utilizing the second public key to obtain a third hash value; and
verifying authenticity of the received data by comparing the second hash value to the third hash value,wherein the first private key, the second private key, and the private key from the certificate authority have different values.
7 Assignments
0 Petitions
Accused Products
Abstract
A digital signature is applied to digital data in real-time. The digital signature serves as a mark of authenticity assuring a recipient that the digital data did in fact originate from an indicated source. The digital signature may be applied to any digital data, including video signals, audio signals, electronic commerce information, data pertaining to land vehicles, marine vessels, aircraft, or any other data that can be transmitted and received in digital form.
-
Citations
13 Claims
-
1. A method for authenticating transmitted data in real time, said data transmitted as a stream of packets over a publicly available medium, the method comprising:
-
generating a master cryptographic key pair, including a long first public key and a long first private key; publishing a first certificate issued by a certificate authority, the first certificate including the first public key and a first digital signature of the first public key based on a private key from the certificate authority; generating a disposable cryptographic key pair, including a second public key and second private key; generating a second certificate, the second certificate including the second public key and a second digital signature of the second public key based on the first private key; publishing the second certificate; signing the packets of data to be transmitted with a third digital signature by processing the data to be transmitted through a first one way hashing function to generate a first hash value and encrypting the first hash value utilizing the second private key; processing received data through the first one way hashing function to create a second hash value; decrypting the received third digital signature utilizing the second public key to obtain a third hash value; and verifying authenticity of the received data by comparing the second hash value to the third hash value, wherein the first private key, the second private key, and the private key from the certificate authority have different values. - View Dependent Claims (2, 3, 4, 5, 7, 8, 9, 10)
-
-
6. A method for authenticating transmitted data in real time, said data transmitted as a stream of packets over a publicly available medium, the method comprising:
-
generating a master cryptographic key pair, including a first public key and a first private key; publishing a first certificate issued by a certificate authority, the first certificate including the first public key and a first digital signature of the first public key based on a private key from the certificate authority; generating a disposable cryptographic key pair, including a second public short key and second short private key; generating a second certificate, the second certificate including the second public key and a second digital signature of the second public key based on the first private key; publishing the second certificate; signing the packets of data to be transmitted with a third digital signature by processing the data to be transmitted through a first one way hashing function to generate a first hash value and encrypting the first hash value utilizing the second private key; processing received data through the first one way hashing function to create a second hash value; decrypting the received third digital signature utilizing the second public key to obtain a third hash value; and verifying authenticity of the received data by comparing the second hash value to the third hash value, wherein the first private key, the second private key, and the private key from the certificate authority have different values.
-
-
11. A method for authenticating transmitted data in real time, said data transmitted as a stream of packets over a publicly available medium, the method comprising:
-
(a) generating a master cryptographic key pair, including a first public key and a first private key; (b) publishing a first certificate issued by a certificate authority, the first certificate including the first public key and a first digital signature of the first public key based on a private key from the certificate authority; (c) generating a disposable cryptographic key pair, including a second public key and second private key; (d) generating a second certificate, the second certificate including the second public key and a second digital signature of the second public key based on the first private key; (e) publishing the second certificate; (f) signing the packets of data to be transmitted with a third digital signature by processing the data to be transmitted through a first one way hashing function to generate a first hash value and encrypting the first hash value utilizing the second private key; (g) processing received data through the first one way hashing function to create a second hash value; (h) decrypting the received third digital signature utilizing the second public key to obtain a third hash value; and (i) verifying authenticity of the received data by comparing the second hash value to the third hash value, wherein the first private key, the second private key, and the private key from the certificate authority have different values; and dividing the data into packets and signing and authenticating each packet of data in accordance with steps (f) through (i).
-
-
12. A method for digitally signing data in real time, said data to be transmitted as a stream of packets over a publicly available medium, the method comprising:
-
generating a master key pair including a long first public key and a long first private key; publishing a first certificate, the first certificate including the first public key and a first digital signature based on a key pair of a certificate authority; generating a disposable key pair, the disposable key pair including a second public key and a second private key, and wherein the disposable key pair is shorter than the master key pair; generating a second certificate, the second certificate including the second public key and a second digital signature based on the master key pair; dividing the data to be signed into the packets; for each packet of data, computing a hash value based on the data in the packet utilizing a one way hashing function; encrypting the hash value utilizing the second private key as the encryption key; and coupling each encrypted hash value with its corresponding data packet.
-
-
13. A method for verifying digitally signed data in real time, said data transmitted as a stream of packets over a publicly available medium, the method comprising:
-
processing a data portion of the digitally signed data through a one way hashing function to obtain a first hash value for each of the packets of digitally signed data; verifying contents of a first certificate issued by a certificate authority utilizing a public key issued by the certificate authority, the first certificate including a long first public key of a long master key pair, the master key pair including a long private key; verifying contents of a second certificate issued by a sender of the data utilizing the first public key from the first certificate, the second certificate including a second public key of a short disposable key pair that is shorter than the long master key pair; decrypting a digital signature portion of the digitally signed data utilizing the second public key to obtain a second hash value; and comparing the first and second hash values.
-
Specification