System and method for guaranteeing software integrity via combined hardware and software authentication
First Claim
1. A system for guaranteeing message integrity, comprising:
- a distribution center that transmits a transmission wherein said transmission includes a message and an appended first value; and
a user device that receives said transmission and computes an integrity value K′
that depends on said transmission and at least one of a plurality of stored values where K′
selectively enables successful further processing of said message;
wherein said plurality of stored values include a predetermined integrity value K=g1h0g2a mod M, where a is a digital signet, M is a public modulus, and g1 and g2 are unique values and h0 is an original first hash value.
4 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center'"'"'s public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K′, which equal K if and only if new messages originated from the center and have not been corrupted.
18 Citations
42 Claims
-
1. A system for guaranteeing message integrity, comprising:
-
a distribution center that transmits a transmission wherein said transmission includes a message and an appended first value; and a user device that receives said transmission and computes an integrity value K′
that depends on said transmission and at least one of a plurality of stored values where K′
selectively enables successful further processing of said message;wherein said plurality of stored values include a predetermined integrity value K=g1h0g2a mod M, where a is a digital signet, M is a public modulus, and g1 and g2 are unique values and h0 is an original first hash value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for guaranteeing message integrity, comprising:
-
a user device having at least one of a plurality of stored integrity values related to an additional integrity value h0; a distribution center that transmits a transmission wherein the transmission includes a message and an appended first value including an encryption of said additional integrity value h0, where said encryption uses a key based on a hash of said message; wherein the user device receives said transmission and computes an integrity value K′
that depends on said transmission and at least one of a plurality of stored second values, where K′
selectively enables successful further processing of said message; andwherein said plurality of stored second values include a predetermined integrity value K=g1h0g2a mod M, where a is a digital signet, M is a public modulus, and g1 and g2 are unique instances of the stored second values. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A computer program product for guaranteeing message integrity, comprising a computer-readable storage medium tangibly embodying computer readable program code thereon, said computer-readable program code comprising:
-
computer readable program code configured to transmit a transmission wherein said transmission includes a message and an appended first value from a distribution center; computer readable program code configured to receive said transmission with a user device; and computer readable program code configured to compute an integrity value K′
that depends on said transmission and at least one of a plurality of stored second values where K′
selectively enables successful further processing of said message, wherein said plurality of stored second values include a predetermined integrity value K=g1h0g2a mod M, where a is a digital signet, M is a public modulus, and g1 and g2 are unique values, and h0 is an original first hash value.
-
-
22. A method for guaranteeing message integrity, comprising:
-
transmitting a transmission from a distribution center wherein the transmission includes a message together with an appended first value including an encrypted integrity second value h0, said encrypted integrity second value h0 being encrypted with a key based on a hash of said message; decrypting said encrypted integrity second value h0; using said encrypted integrity second value h0 together with stored integrity third values to perform an integrity calculation; using the result of said integrity calculation for further processing; receiving said transmission by a user device and computing an integrity fourth value K′
that depends on said transmission and at least one of a plurality of stored fifth values, where K′
selectively enables successful further processing of said message;wherein said plurality of stored values include a predetermined integrity sixth value K=g1h0g2a mod M, where a is a digital signet, M is a public modulus, and g1 and g2 are unique seventh values. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A method for conducting electronic commerce, comprising:
-
transmitting a transmission wherein the transmission includes a message and an appended first value from a distribution center; receiving said transmission with a user device; and computing with the user device an integrity value K′
that depends on said transmission and at least one of a plurality of stored second values where K′
selectively enables successful further processing of said message,wherein said further processing completes an electronic commerce transaction, and said plurality of stored second values include a predetermined integrity value K=g1h0g2a mod M, where a is a digital signet, M is a public modulus, g1 and g2 are unique third values and h0 is an original first hash value.
-
-
28. A method for guaranteeing message integrity, comprising:
-
transmitting a transmission wherein the transmission includes a message and an appended first value from a distribution center; receiving said transmission with a user device; computing an integrity value K′
that depends on said transmission and at least one of a plurality of stored values, where K′
selectively enables successful further processing of said message;wherein said plurality of stored values include a predetermined integrity value K=g1h0g2a mod M, where a is a digital signet, M is a public modulus and g1 and g2 are unique values, and h0 is an original first hash value. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification