Systems and methods for authenticating and protecting the integrity of data streams and other data
DC CAFCFirst Claim
1. A method for encoding a data block, the method comprising:
- (1) encoding the data block, the encoding including;
(a) hashing a first portion of the data block to obtain a first hash value;
(b) hashing a combination of the first hash value and a first verification value to obtain a second verification value, wherein the first verification value is derived, at least in part, from a hashed portion of the data block and a third verification value;
(c) encrypting the second verification value; and
(2) transmitting an encoded data stream to a receiver, wherein the encoded data stream comprises the encrypted second verification value, the first hash value, the first portion of the data block, and the first verification value.
3 Assignments
Litigations
1 Petition
Accused Products
Abstract
Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain'"'"'s security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file.
98 Citations
40 Claims
-
1. A method for encoding a data block, the method comprising:
-
(1) encoding the data block, the encoding including; (a) hashing a first portion of the data block to obtain a first hash value; (b) hashing a combination of the first hash value and a first verification value to obtain a second verification value, wherein the first verification value is derived, at least in part, from a hashed portion of the data block and a third verification value; (c) encrypting the second verification value; and (2) transmitting an encoded data stream to a receiver, wherein the encoded data stream comprises the encrypted second verification value, the first hash value, the first portion of the data block, and the first verification value. - View Dependent Claims (2)
-
-
3. A method for encoding a data block, the method including:
-
(1) generating a chain of data verification values, including; (a) hashing a first sub-block of the data block to obtain a first hash value; (b) hashing a combination of the first hash value and a first verification value to obtain a second verification value; (c) hashing a second sub-block of the data block to obtain a second hash value; (d) hashing a combination of the second hash value and a third verification value to obtain a fourth verification value, wherein the third verification value is derived, at least in part, from the second verification value; (e) generating a digital signature by signing the fourth verification value using a first cryptographic key; (2) transmitting an encoded data stream to a receiver, the encoded data stream including the digital signature, the second sub-block, the third verification value, the second verification value, the first sub-block, and the first verification value. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for encoding a block of content in a manner designed to facilitate authentication comprising:
-
(a) hashing a first portion of the block of content to obtain a first hash value; (b) combining the first hash value and a first data verification value to obtain a second verification value; (c) hashing a second portion of the block of content to obtain a second hash value; (d) hashing a combination of the second hash value and a third verification value to obtain a fourth verification value, wherein the third verification value is derived, at least in part, from the second verification value; (e) generating a digital signature by signing the fourth verification value using a cryptographic key; and (f) sending the digital signature, the second portion of the block of content, the third verification value, the second verification value, the first portion of the block of content, and the first verification value to a computer readable storage device. - View Dependent Claims (15, 16, 17)
-
-
18. A method for verifying the integrity of data contained in a data stream comprising:
-
(a) receiving an encrypted first check value, the encrypted first check value being derived, at least in part, from a second check value, a third check value, a fourth check value, and the data; (b) decrypting the encrypted first check value; (c) obtaining a first calculated check value by performing a predefined operation on a combination of (i) a value derived from a first block of data, and (ii) the second check value; (d) comparing the first check value with the first calculated check value; (e) enabling use of the first block of data if the first check value is equal to the first calculated check value; (f) receiving a second block of data; (g) obtaining a second calculated check value by performing the predefined operation on a combination of (i) a value derived from the second block of data, and (ii) the fourth check value; (h) comparing the third check value with the second calculated check value; and (i) enabling use of the second block of data if the third check value is equal to the second calculated check value. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A system for encoding a stream of data, the system comprising:
-
(1) means for encoding the data block, the encoding including; (a) means for hashing a first portion of the data block to obtain a first hash value; (b) means for hashing a combination of the first hash value and a first verification value to obtain a second verification value, wherein the first verification value is derived, at least in part, from a hashed portion of the data block and a third verification value; (c) means for encrypting the second verification value; and (2) means for transmitting an encoded data stream to a receiver, wherein the encoded data stream comprises the encrypted second verification value, the first hash value, the first portion of the data block, and the first verification value. - View Dependent Claims (24)
-
-
25. A method for encoding a block of data in a manner designed to facilitate fault-tolerant authentication comprising:
-
generating a progression of check values, each check value in the progression being derived from a portion of the block of data and from at least one other check value in the progression; generating an encoded block of data, comprising; inserting error-check values into the block of data, each error-check value being inserted in proximity to a portion of the block of data to which it corresponds, and each error-check value being operable to facilitate authentication of a portion of the block of data and of a check value in the progression of check values; transmitting the encoded block of data and the check values to a user'"'"'s system, whereby the user'"'"'s system is able to receive and authenticate portions of the encoded block of data before the entire encoded block of data is received, wherein each error-check value comprises a hash of the portion of the block of data to which it corresponds. - View Dependent Claims (26)
-
-
27. A system for encoding a data block comprising:
-
(1) means for generating a chain of data verification values, including; (a) means for hashing a first sub-block of the data block to obtain a first hash value; (b) means for hashing a combination of the first hash value and a first verification value to obtain a second verification value; (c) means for hashing a second sub-block of the data block to obtain a second hash value; (d) means for hashing a combination of the second hash value and a third verification value to obtain a fourth verification value, wherein the third verification value is derived, at least in part, from the second verification value; (e) means for generating a digital signature by signing the fourth verification value using a first cryptographic key; (2) means for transmitting an encoded data stream to a receiver, the encoded data stream including the digital signature, the second sub-block, the third verification value, the second verification value, the first sub-block, and the first verification value. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A system for encoding a block of content in a manner designed to facilitate authentication comprising:
-
(a) means for hashing a first portion of the block of content to obtain a first hash value; (b) means for combining the first hash value and a first data verification value to obtain a second verification value; (c) means for hashing a second portion of the block of content to obtain a second hash value; (d) means for hashing a combination of the second hash value and a third verification value to obtain a fourth verification value, wherein the third verification value is derived, at least in part, from the second verification value; (e) means for generating a digital signature by signing the fourth verification value using a cryptographic key; and (f) means for sending the digital signature, the second portion of the block of content, the third verification value, the second verification value, the first portion of the block of content, and the first verification value to a computer readable storage device.
-
-
39. A system for verifying the integrity of data contained in a data stream comprising:
-
(a) means for receiving an encrypted first check value, the encrypted first check value being derived, at least in part, from a second check value, a third check value, a fourth check value, and the data; (b) means for decrypting the encrypted first check value; (c) means for obtaining a first calculated check value by performing a predefined operation on a combination of (i) a value derived from a first block of data, and (ii) the second check value; (d) means for comparing the first check value with the first calculated check value; (e) means for enabling use of the first block of data if the first check value is equal to the first calculated check value; (f) means for receiving a second block of data; (g) means for obtaining a second calculated check value by performing the predefined operation on a combination of (i) a value derived from the second block of data, and (ii) the fourth check value; (h) means for comparing the third check value with the second calculated check value; and (i) means for enabling use of the second block of data if the third check value is equal to the second calculated check value.
-
-
40. A system for encoding a block of data in a manner designed to facilitate fault-tolerant authentication comprising:
-
means for generating a progression of check values, each check value in the progression being derived from a portion of the block of data and from at least one other check value in the progression; means for generating an encoded block of data, comprising; means for inserting error-check values into the block of data, each error-check value being inserted in proximity to a portion of the block of data to which it corresponds, and each error-check value being operable to facilitate authentication of a portion of the block of data and of a check value in the progression of check values; means for transmitting the encoded block of data and the check values to a user'"'"'s system, whereby the user'"'"'s system is able to receive and authenticate portions of the encoded block of data before the entire encoded block of data is received, wherein each error-check value comprises a hash of the portion of the block of data to which it corresponds.
-
Specification