Authentification of data in a digital transmission system

US 7,231,525 B1
Filed: 03/25/1999
Issued: 06/12/2007
Est. Priority Date: 03/25/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of authenticating data, comprising:

organizing the data into a hierarchical structure comprising a root directory unit, at least one subdirectory unit, and at least one file unit;

authenticating data in the at least one file unit using a first authentication algorithm, resulting in an associated file authentication value being stored in a referring subdirectory, wherein the referring subdirectory is a subdirectory hierarchically above the at least one file unit; and

authenticating the associated file authentication value using a second authentication algorithm, resulting in an associated subdirectory authentication value being stored in the root directory unit,transmitting the data as digital data in a digital transmission system, wherein the data includes the at least one file unit and the hierarchical structure comprising the file authentication value and the subdirectory authentication value.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authentification of data sent in a digital transmission characterized by the organization and authentification of the data prior to transmission into a hierarchy of at least one root directory unit (75), subdirectory unit (76) and file unit (77), data in a file (77) being acted upon by an authentification algorithm and an associated file authentification value (82) stored in the referring subdirectory unit (77), this file authentification value (82) being in turn acted upon by an authentification algorithm and an associated subdirectory authentification value (79) stored in the referring root directory. Other aspects of the invention relate to the authentification of a second root directory (78) by generation of a second authentification value (83) and the authentification of data before encapsulation in tables or sections of a transport stream.

7 Citations

View as Search Results

19 Claims

1. A method of authenticating data, comprising:
- organizing the data into a hierarchical structure comprising a root directory unit, at least one subdirectory unit, and at least one file unit;
  
  authenticating data in the at least one file unit using a first authentication algorithm, resulting in an associated file authentication value being stored in a referring subdirectory, wherein the referring subdirectory is a subdirectory hierarchically above the at least one file unit; and
  
  authenticating the associated file authentication value using a second authentication algorithm, resulting in an associated subdirectory authentication value being stored in the root directory unit,transmitting the data as digital data in a digital transmission system, wherein the data includes the at least one file unit and the hierarchical structure comprising the file authentication value and the subdirectory authentication value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the first authentication algorithm is a hashing algorithm applied to some or all of the data in the at least one file unit, and wherein the associated file authentication value is a hash value stored in the referring subdirectory.
  - 3. The method of claim 2, wherein the hashing algorithm corresponds to a cryptographically secure algorithm that generates a substantially unique hash value from a give set of data.
  - 4. The method of claim 1, wherein the first authentication algorithm is a hashing algorithm applied to an accumulation of data from a plurality of file units to generate a single hash value.
  - 5. The method of claim 1, wherein the second authentication algorithm is a hashing algorithm applied to at least the file authentication value, and wherein the associated subdirectory authentication value is a hash value stored in the root directory unit.
  - 6. The method of claim 1, wherein the second authentication algorithm is a hashing algorithm applied to an accumulation of file authentication values from a plurality of subdirectories to generate a single hash value.
  - 7. The method of claim 1, wherein at least some of the data stored in the root directory unit is authenticated using a secret key associated with an encryption algorithm, resulting in an encryption value being stored in the root directory unit.
  - 8. The method of claim 7, wherein the encryption value corresponds to a digital signature generated using a private key of the encryption algorithm, wherein the digital signature is verified using a public key corresponding to the private key.
  - 9. The method of claim 1, wherein a referring unit includes an encrypted value generated by a secret key, and wherein an authentication value associated with the referring unit is calculated based on the results of an authentication algorithm performed on the encrypted value and stored in the referring unit.
  - 10. The method of claim 9, wherein a signature value for the referring unit is generated by an encryption algorithm, wherein a hashing algorithm is applied to the signature value to generate the authentication value.
  - 11. The method of claim 9, wherein the referring unit comprises one selected from the group consisting of a subdirectory unit and a file unit.
  - 12. The method of claim 9, wherein the referring unit is a second root directory unit.
  - 13. The method of claim 1, wherein the root directory unit, at least one subdirectory unit, and at least one file unit correspond to a set of data files, wherein the data files are encapsulated in data tables, and wherein the data tables are further encapsulated in data packets to form a transport stream.
  - 14. The method of claim 13, wherein the root directory unit, at least one subdirectory unit, and at least one file unit correspond to data objects formatted according to the DSMCC standard.
  - 15. The method of claim 13, wherein the encapsulation of the data files and the data tables conform to the MPEG standard.
  - 16. The method of claim 1, wherein the digital transmission system corresponds to a digital television system.

17. A method for verification of received data sent in a digital transmission system, comprising:
- receiving the data organized into a hierarchical structure comprising a root directory unit, at least one subdirectory unit, and at least one file unit,wherein the received data comprises a file authentication value resulting from applying a first authentication algorithm to data in the at least one file unit, wherein the file authentication value is stored in a referring subdirectory, andwherein the received data further comprises a subdirectory authentication value resulting from a second authentication algorithm applied to the file authentication value, wherein the subdirectory authentication value is stored in the root directory unit;
  
  authenticating the received data in a file using the first authentication algorithm to obtain a first resulting value;
  
  comparing the first resulting value with the file authentication value stored in the referring subdirectory, wherein the referring subdirectory is a subdirectory hierarchically above the file;
  
  authenticating the file authentication value stored in the referring subdirectory using the second authentication algorithm to obtain a second resulting value; and
  
  comparing the second resulting value with the subdirectory authentication value stored in the root directory unit to verify the received data.

18. An apparatus for authenticating data, configured to:
- organize the data into a hierarchical structure comprising a root directory unit, at least one subdirectory unit, and at least one file unit;
  
  authenticate data in the at least one file unit using a first authentication algorithm, resulting in an associated file authentication value being stored in a referring subdirectory, wherein the referring subdirectory is a subdirectory hierarchically above the at least one file unit; and
  
  authenticate the associated file authentication value using a second authentication algorithm, resulting in an associated subdirectory authentication value being stored in the root directory unit,transmitting the data as digital data in a digital transmission system, wherein the data includes the at least one file unit and the hierarchical structure comprising the file authentication value and the subdirectory authentication value.

19. A receiver/decoder for verification of received data sent in a digital transmission system, wherein the receiver/decoder is configured to:
- receive the data organized into a hierarchical structure comprising a root directory unit, at least one subdirectory unit, and at least one file unit,wherein the received data comprises a file authentication value resulting from applying a first authentication algorithm to data in the at least one file unit, wherein the file authentication value is stored in a referring subdirectory, andwherein the received data further comprises a subdirectory authentication value resulting from a second authentication algorithm applied to the file authentication value, wherein the subdirectory authentication value is stored in the root directory unit;
  
  authenticate the received data in a file using the first authentication algorithm to obtain a first resulting value;
  
  compare the first resulting value with the file authentication value stored in the referring subdirectory, wherein the referring subdirectory is a subdirectory hierarchically above the file;
  
  authenticate the file authentication value stored in the referring subdirectory using the second authentication algorithm to obtain a second resulting value; and
  
  compare the second resulting value with the subdirectory authentication value stored in the root directory unit to verify the received data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Madison Patent Holdings (InterDigital, Inc.)
Original Assignee
Thomson Licensing SA (Vantiva SA)
Inventors
Beuque, Jean-Bernard Ge
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Szymanski; Thomas

Application Number

US09/646,845
Time in Patent Office

3,001 Days
Field of Search

713/181, 713/161, 713/193
US Class Current

713/181
CPC Class Codes

H04L 2209/601   Broadcast encryption

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

H04N 21/2347   involving video stream encr...

H04N 21/235   Processing of additional da...

H04N 21/2351   involving encryption of add...

H04N 21/23614   Multiplexing of additional ...

H04N 21/26606   for generating or managing ...

H04N 21/26613   for generating or managing ...

H04N 21/4181   for conditional access

H04N 21/435   Processing of additional da...

H04N 21/4353   involving decryption of add...

H04N 21/4405   involving video stream decr...

H04N 21/4586   Content update operation tr...

H04N 21/4627   Rights management associate...

H04N 21/8166   involving executable data, ...

H04N 21/818   OS software

H04N 21/835   Generation of protective da...

H04N 7/163   by receiver means only

H04N 7/1675 : Providing digital key or au...

View All

Authentification of data in a digital transmission system

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Authentification of data in a digital transmission system

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links