System and method for guaranteeing software integrity via combined hardware and software authentication
First Claim
1. A method for guaranteeing message integrity, comprising:
- transmitting a transmission including a first message and at least one appended value from a distribution center, said at least one appended value further comprising a modulus pq and an authentication value s;
receiving said transmission with an instance of a user device, said instance of a user device further comprising tamper-resistant hardware;
computing an integrity value K′
that depends on said transmission and at least one stored value, where K′
selectively enables decryption of said first message and completion of an electronic commerce transaction, andwherein said integrity value K′
selectively enables said decryption of said first message if and only if a first hash value h matches a correct hash value h1, guaranteeing the integrity of said first message,wherein said integrity value K′
equals g1x g2a mod M, where x=sh mod pq, pq is a modulus, s is an authentication value, h1 is an odd-valued correct hash value of said first message computed according to a means for hashing, said h is the first hash value of said first message computed by said user device according to the same means for hashing as for said correct hash value h1, M is a public modulus, a is a stored digital signet, and g1 and g2 are stored values that uniquely identify the instance of said user device, andwherein said first message includes one software program portion, said integrity value K′
includes another software program portion, and said first message and said integrity value K′
together comprise a complete software program;
said first message further comprising protected information intended for use only by authorized recipients, wherein said protected information further comprises at least one of;
a text file, an audio file, a video file, an application, and a database;
said modulus pq further comprising a product of two prime numbers p and q, neither of said prime numbers p and q being separately included in said transmission,wherein said prime numbers p and q are selected by said distribution center such that a likelihood of a product (p−
1)(q−
1) and the odd-valued correct hash value h1 of said transmitted first message having a greatest common denominator other than 1 is substantially zero, whereby h1z=1 mod Φ
(pq), where Φ
(pq)=(p−
1)(q−
1), and said correct hash value h1 is a public RSA key corresponding to a private RSA key z;
said s authentication value further comprising an encrypted version of an original hash value h0, said modulus pq, and the private RSA key z, where s=h0z mod pq;
said correct hash value h1, further forced to be odd, if initially even; and
said stored values are further stored in said tamper-resistant hardware.
4 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center'"'"'s public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K′, which equal K if and only if new messages originated from the center and have not been corrupted.
-
Citations
1 Claim
-
1. A method for guaranteeing message integrity, comprising:
-
transmitting a transmission including a first message and at least one appended value from a distribution center, said at least one appended value further comprising a modulus pq and an authentication value s; receiving said transmission with an instance of a user device, said instance of a user device further comprising tamper-resistant hardware; computing an integrity value K′
that depends on said transmission and at least one stored value, where K′
selectively enables decryption of said first message and completion of an electronic commerce transaction, andwherein said integrity value K′
selectively enables said decryption of said first message if and only if a first hash value h matches a correct hash value h1, guaranteeing the integrity of said first message,wherein said integrity value K′
equals g1x g2a mod M, where x=sh mod pq, pq is a modulus, s is an authentication value, h1 is an odd-valued correct hash value of said first message computed according to a means for hashing, said h is the first hash value of said first message computed by said user device according to the same means for hashing as for said correct hash value h1, M is a public modulus, a is a stored digital signet, and g1 and g2 are stored values that uniquely identify the instance of said user device, andwherein said first message includes one software program portion, said integrity value K′
includes another software program portion, and said first message and said integrity value K′
together comprise a complete software program;said first message further comprising protected information intended for use only by authorized recipients, wherein said protected information further comprises at least one of;
a text file, an audio file, a video file, an application, and a database;said modulus pq further comprising a product of two prime numbers p and q, neither of said prime numbers p and q being separately included in said transmission, wherein said prime numbers p and q are selected by said distribution center such that a likelihood of a product (p−
1)(q−
1) and the odd-valued correct hash value h1 of said transmitted first message having a greatest common denominator other than 1 is substantially zero, whereby h1z=1 mod Φ
(pq), where Φ
(pq)=(p−
1)(q−
1), and said correct hash value h1 is a public RSA key corresponding to a private RSA key z;said s authentication value further comprising an encrypted version of an original hash value h0, said modulus pq, and the private RSA key z, where s=h0z mod pq; said correct hash value h1, further forced to be odd, if initially even; and said stored values are further stored in said tamper-resistant hardware.
-
Specification