Method for real-time data authentication

US 7,194,620 B1
Filed: 09/24/1999
Issued: 03/20/2007
Est. Priority Date: 09/24/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating transmitted data in real time, said data transmitted as a stream of packets over a publicly available medium, the method comprising:

generating a master cryptographic key pair, including a long first public key and a long first private key;

publishing a first certificate issued by a certificate authority, the first certificate including the first public key and a first digital signature of the first public key based on a private key from the certificate authority;

generating a disposable cryptographic key pair, including a second public key and second private key;

generating a second certificate, the second certificate including the second public key and a second digital signature of the second public key based on the first private key;

publishing the second certificate;

signing the packets of data to be transmitted with a third digital signature by processing the data to be transmitted through a first one way hashing function to generate a first hash value and encrypting the first hash value utilizing the second private key;

processing received data through the first one way hashing function to create a second hash value;

decrypting the received third digital signature utilizing the second public key to obtain a third hash value; and

verifying authenticity of the received data by comparing the second hash value to the third hash value,wherein the first private key, the second private key, and the private key from the certificate authority have different values.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital signature is applied to digital data in real-time. The digital signature serves as a mark of authenticity assuring a recipient that the digital data did in fact originate from an indicated source. The digital signature may be applied to any digital data, including video signals, audio signals, electronic commerce information, data pertaining to land vehicles, marine vessels, aircraft, or any other data that can be transmitted and received in digital form.

Citations

13 Claims

1. A method for authenticating transmitted data in real time, said data transmitted as a stream of packets over a publicly available medium, the method comprising:
- generating a master cryptographic key pair, including a long first public key and a long first private key;
  
  publishing a first certificate issued by a certificate authority, the first certificate including the first public key and a first digital signature of the first public key based on a private key from the certificate authority;
  
  generating a disposable cryptographic key pair, including a second public key and second private key;
  
  generating a second certificate, the second certificate including the second public key and a second digital signature of the second public key based on the first private key;
  
  publishing the second certificate;
  
  signing the packets of data to be transmitted with a third digital signature by processing the data to be transmitted through a first one way hashing function to generate a first hash value and encrypting the first hash value utilizing the second private key;
  
  processing received data through the first one way hashing function to create a second hash value;
  
  decrypting the received third digital signature utilizing the second public key to obtain a third hash value; and
  
  verifying authenticity of the received data by comparing the second hash value to the third hash value,wherein the first private key, the second private key, and the private key from the certificate authority have different values.
- View Dependent Claims (2, 3, 4, 5, 7, 8, 9, 10)
- - 2. The method for authenticating transmitted data in real time according to claim 1, wherein the first certificate further includes an identification of a sender and an identification of a certificate authority issuing the first certificate.
  - 3. The method for authenticating transmitted data in real time according to claim 2, wherein the first digital signature is produced by:
    - processing information representing the identification of the sender, the identification of the certificate authority issuing the first certificate and the first public key through a second one way hashing function to create a fourth hash value; and
      
      encrypting the fourth hash value utilizing the private key from the certificate authority issuing the first certificate to create the first digital signature.
  - 4. The method for authenticating transmitted data in real time according to claim 3, further comprising the step of verifying authenticity of data comprising the first certificate.
  - 5. The method for authenticating transmitted data in real time according to claim 4, wherein the step of verifying the authenticity of the data comprising the first certificate comprises:
    - decrypting the first digital signature to obtain a fifth hash value utilizing a public key issued by the certificate authority issuing the first certificate;
      
      processing the received information representing the identification of the sender, the identification of the certificate authority issuing the first certificate and the first public key through the second one way hashing function to create a sixth hash value; and
      
      comparing the fifth and sixth hash values.
  - 7. The method for authenticating transmitted data in real time according to claim 1, wherein the second certificate further includes the identification of the sender and an identification of a signing authority issuing the second certificate.
  - 8. The method for authenticating transmitted data in real time according to claim 7, wherein the second digital signature is produced by:
    - processing the data representing the identification of the sender, the identification of the signing authority issuing the second certificate and the second public key through a third one way hashing function to create a seventh hash value; and
      
      encrypting the seventh hash value utilizing the first private key to create the second digital signature.
  - 9. The method for authenticating transmitted data in real time according to claim 8, further comprising the step of verifying the authenticity of the data comprising the second certificate.
  - 10. The method for authenticating transmitted data in real time according to claim 9, wherein the step of verifying the authenticity of the data comprising the second certificate comprises:
    - decrypting the second digital signature to obtain an eighth hash value utilizing the first public key;
      
      processing the received data representing the identification of the sender, the identification of the signing authority issuing the second certificate and the second public key through the third one way hashing function to create a ninth hash value; and
      
      comparing the eighth and ninth hash values.

6. A method for authenticating transmitted data in real time, said data transmitted as a stream of packets over a publicly available medium, the method comprising:
- generating a master cryptographic key pair, including a first public key and a first private key;
  
  publishing a first certificate issued by a certificate authority, the first certificate including the first public key and a first digital signature of the first public key based on a private key from the certificate authority;
  
  generating a disposable cryptographic key pair, including a second public short key and second short private key;
  
  generating a second certificate, the second certificate including the second public key and a second digital signature of the second public key based on the first private key;
  
  publishing the second certificate;
  
  signing the packets of data to be transmitted with a third digital signature by processing the data to be transmitted through a first one way hashing function to generate a first hash value and encrypting the first hash value utilizing the second private key;
  
  processing received data through the first one way hashing function to create a second hash value;
  
  decrypting the received third digital signature utilizing the second public key to obtain a third hash value; and
  
  verifying authenticity of the received data by comparing the second hash value to the third hash value,wherein the first private key, the second private key, and the private key from the certificate authority have different values.

11. A method for authenticating transmitted data in real time, said data transmitted as a stream of packets over a publicly available medium, the method comprising:
- (a) generating a master cryptographic key pair, including a first public key and a first private key;
  
  (b) publishing a first certificate issued by a certificate authority, the first certificate including the first public key and a first digital signature of the first public key based on a private key from the certificate authority;
  
  (c) generating a disposable cryptographic key pair, including a second public key and second private key;
  
  (d) generating a second certificate, the second certificate including the second public key and a second digital signature of the second public key based on the first private key;
  
  (e) publishing the second certificate;
  
  (f) signing the packets of data to be transmitted with a third digital signature by processing the data to be transmitted through a first one way hashing function to generate a first hash value and encrypting the first hash value utilizing the second private key;
  
  (g) processing received data through the first one way hashing function to create a second hash value;
  
  (h) decrypting the received third digital signature utilizing the second public key to obtain a third hash value; and
  
  (i) verifying authenticity of the received data by comparing the second hash value to the third hash value,wherein the first private key, the second private key, and the private key from the certificate authority have different values; and
  
  dividing the data into packets and signing and authenticating each packet of data in accordance with steps (f) through (i).

12. A method for digitally signing data in real time, said data to be transmitted as a stream of packets over a publicly available medium, the method comprising:
- generating a master key pair including a long first public key and a long first private key;
  
  publishing a first certificate, the first certificate including the first public key and a first digital signature based on a key pair of a certificate authority;
  
  generating a disposable key pair, the disposable key pair including a second public key and a second private key, and wherein the disposable key pair is shorter than the master key pair;
  
  generating a second certificate, the second certificate including the second public key and a second digital signature based on the master key pair;
  
  dividing the data to be signed into the packets;
  
  for each packet of data, computing a hash value based on the data in the packet utilizing a one way hashing function;
  
  encrypting the hash value utilizing the second private key as the encryption key; and
  
  coupling each encrypted hash value with its corresponding data packet.

13. A method for verifying digitally signed data in real time, said data transmitted as a stream of packets over a publicly available medium, the method comprising:
- processing a data portion of the digitally signed data through a one way hashing function to obtain a first hash value for each of the packets of digitally signed data;
  
  verifying contents of a first certificate issued by a certificate authority utilizing a public key issued by the certificate authority, the first certificate including a long first public key of a long master key pair, the master key pair including a long private key;
  
  verifying contents of a second certificate issued by a sender of the data utilizing the first public key from the first certificate, the second certificate including a second public key of a short disposable key pair that is shorter than the long master key pair;
  
  decrypting a digital signature portion of the digitally signed data utilizing the second public key to obtain a second hash value; and
  
  comparing the first and second hash values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Business Global LLC (Verizon Communications Inc.)
Inventors
Hayes, David Scott
Primary Examiner(s)
ZIA, SYED

Application Number

US09/406,910
Time in Patent Office

2,734 Days
Field of Search

713/157, 713/177
US Class Current

713/157
CPC Class Codes

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Method for real-time data authentication

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for real-time data authentication

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links