Document modification detection and prevention

US 7,735,144 B2
Filed: 05/16/2003
Issued: 06/08/2010
Est. Priority Date: 05/16/2003
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

reading an electronic document, the electronic document comprising content rules, an existing signed state, and existing content items;

authenticating the electronic document one or more times, each authenticating comprising;

classifying the existing content items of the electronic document into existing invariant content items and existing modifiable content items according to the content rules;

receiving one or more user actions for one or more of the existing content items;

determining whether the one or more user actions are permitted by the content rules;

reclassifying one or more existing modifiable content items into new invariant content items in response to the one or more user actions;

generating an object digest for an aggregation of the existing invariant content items and the new invariant content items by digesting the existing invariant content items and the new invariant content items, wherein the aggregation includes a simple content item, a semi-complex content item and a complex content item, the object digest is generated according to their complexity and generating the object digest includes ignoring one or more existing modifiable content items in the electronic document that are not reclassified into new invariant content items;

generating a saved state of the electronic document; and

adding a new signed state to the electronic document, the new signed state comprising the object digest, the saved state, and an electronic signaturewherein generating an object digest is preformed by a processor of an electronic document reader.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting.

108 Citations

View as Search Results

36 Claims

1. A computer implemented method, comprising:
- reading an electronic document, the electronic document comprising content rules, an existing signed state, and existing content items;
  
  authenticating the electronic document one or more times, each authenticating comprising;
  
  classifying the existing content items of the electronic document into existing invariant content items and existing modifiable content items according to the content rules;
  
  receiving one or more user actions for one or more of the existing content items;
  
  determining whether the one or more user actions are permitted by the content rules;
  
  reclassifying one or more existing modifiable content items into new invariant content items in response to the one or more user actions;
  
  generating an object digest for an aggregation of the existing invariant content items and the new invariant content items by digesting the existing invariant content items and the new invariant content items, wherein the aggregation includes a simple content item, a semi-complex content item and a complex content item, the object digest is generated according to their complexity and generating the object digest includes ignoring one or more existing modifiable content items in the electronic document that are not reclassified into new invariant content items;
  
  generating a saved state of the electronic document; and
  
  adding a new signed state to the electronic document, the new signed state comprising the object digest, the saved state, and an electronic signaturewherein generating an object digest is preformed by a processor of an electronic document reader.
- View Dependent Claims (2, 3, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the digesting is recursive on layers of content items in the electronic document.
  - 3. The method of claim 1, wherein each of the content items in the electronic document has a type identifier and a length.
  - 5. The method of claim 1, wherein the object digest is a hash.
  - 6. The method of claim 1, wherein the saved state of the electronic document is a byte range digest.
  - 7. The method of claim 6, wherein the byte range digest is a byte range hash generated for a saved version of the electronic document.
  - 8. The method of claim 1, wherein the user actions are one or more of the following:
    - entering data into predefined fields of the electronic document or annotating the electronic document.
  - 9. The method of claim 1, further comprising:
    - invalidating the new signed state if the one or more user actions are not permitted by the content rules.
  - 10. The method of claim 1, the authenticating further comprising:
    - saving the electronic document with the new signed state to a computer-readable medium.
  - 11. The method of claim 1, wherein the semi-complex content item is a form field.
  - 12. The method of claim 1, wherein:
    - the content rules state that a first user action of a first signature causes a first subset of the existing modifiable content items to be reclassified into new invariant content items and a user action of a second signature causes a second subset of the existing modifiable content items is reclassified into new invariant content items;
      
      the first signature is not a part of the first subset of the existing modifiable content items;
      
      the second signature is not a part of the second subset of the existing modifiable content items; and
      
      the first subset of the existing modifiable content items does not overlap the second subset of the existing modifiable content items.

4. The method of 3, wherein the object digest contains the type identifier and the length of each content item.

13. A computer readable storage device storing a computer program which, when executed by a computer processor, causes the computer processor to perform operations comprising:
- reading an electronic document, the electronic document comprising content rules, an existing signed state, and existing content items;
  
  authenticating the electronic document one or more times, each authenticating comprising;
  
  classifying the existing content items of the electronic document into existing invariant content items and existing modifiable content items, according to the content rules;
  
  receiving one or more user actions for one or more of the existing content items;
  
  determining whether the one or more user actions are permitted by the content rules;
  
  reclassifying one or more existing modifiable content items into new invariant content items in response to the one or more user actions;
  
  generating an object digest for an aggregation of the existing invariant content items and the new invariant content items, wherein the aggregation includes a simple content item, a semi-complex content item and a complex content item, and the object digest is generated by digesting the existing invariant content items and the new invariant content items according to their complexity and generating the object digest includes ignoring one or more existing modifiable content items in the electronic document that are not reclassified into new invariant content items;
  
  generating a saved state of the electronic document; and
  
  adding a new signed state to the electronic document, the new signed state comprising the object digest, the saved state, and an electronic signature.
- View Dependent Claims (14, 15, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The storage device of claim 13, wherein the digesting is recursive on layers of content items in the electronic document.
  - 15. The storage device of claim 13, wherein each of the content items of the electronic document has a type identifier and a length.
  - 17. The storage device of claim 13, wherein the object digest is a hash.
  - 18. The storage device of claim 13, wherein the saved state of the electronic document is a byte range digest.
  - 19. The storage device of claim 18, wherein the byte range digest is a byte range hash generated for a saved version of the electronic document.
  - 20. The storage device of claim 13, wherein the user actions are one or more of the following:
    - entering data into predefined fields of the electronic document or annotating the electronic document.
  - 21. The storage device of claim 13, the operations further comprising:
    - invalidating the new signed state if the one or more user actions are not permitted by the content rules.
  - 22. The storage device of claim 13, the authenticating further comprising:
    - saving the electronic document with the new signed state to a computer-readable medium.
  - 23. The storage device of claim 13, wherein the semi-complex content item is a form field.
  - 24. The storage device of claim 13, wherein:
    - the content rules state that a first user action of a first signature causes a first subset of the existing modifiable content items to be reclassified into new invariant content items and a user action of a second signature causes a second subset of the existing modifiable content items is reclassified into new invariant content items;
      
      the first signature is not a part of the first subset of the existing modifiable content items;
      
      the second signature is not a part of the second subset of the existing modifiable content items; and
      
      the first subset of the existing modifiable content items does not overlap the second subset of the existing modifiable content items.

16. The storage device of 15, wherein the object digest contains the type identifier and the length of each content item.

25. A system comprising a computer readable storage device storing a computer program, a display device, and one or more processors operable to interact with the display device and to execute the computer program and perform operations comprising:
- reading an electronic document, the electronic document comprising content rules, an existing signed state, and existing content items;
  
  authenticating the electronic document one or more times, each authenticating comprising;
  
  classifying the existing content items of the electronic document into existing invariant content items and existing modifiable content items, according to the content rules;
  
  receiving one or more user actions for one or more of the existing one or more content items;
  
  determining whether the one or more user actions are permitted by the content rules;
  
  reclassifying one or more existing modifiable content items into new invariant content items in response to the one or more user actions;
  
  generating an object digest for an aggregation of the existing invariant content items and the new invariant content items by digesting the existing invariant content items and the new invariant content items, wherein the aggregation includes a simple content item, a semi-complex content item and a complex content item, the object digest is generated according to their complexity and generating the object digest includes ignoring one or more existing modifiable content items in the electronic document that are not reclassified into new invariant content items;
  
  generating a saved state of the electronic document; and
  
  adding a new signed state to the electronic document, the new signed state comprising the object digest, the saved state, and an electronic signature.
- View Dependent Claims (26, 27, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The system of claim 25, wherein the digesting is recursive on layers of content items in the electronic document.
  - 27. The system of claim 25, wherein each of the content items of the electronic document has a type identifier and a length.
  - 29. The system of claim 25, wherein the object digest is a hash.
  - 30. The system of claim 25, wherein the saved state of the electronic document is a byte range digest.
  - 31. The system of claim 30, wherein the byte range digest is a byte range hash generated for a saved version of the electronic document.
  - 32. The system of claim 25, wherein the user actions are one or more of the following entering data into predefined fields of the electronic document or annotating the electronic document.
  - 33. The system of claim 25, the operations further comprising:
    - invalidating the new signed state if the one or more user actions are not permitted by the content rules.
  - 34. The system of claim 25, the authenticating further comprising:
    - saving the electronic document with the new signed state to a computer-readable medium.
  - 35. The system of claim 25, wherein the semi-complex content item is a form field.
  - 36. The system of claim 25, wherein:
    - the content rules state that a first user action of a first signature causes a first subset of the existing modifiable content items to be reclassified into new invariant content items and a user action of a second signature causes a second subset of the existing modifiable content items is reclassified into new invariant content items;
      
      the first signature is not a part of the first subset of the existing modifiable content items;
      
      the second signature is not a part of the second subset of the existing modifiable content items; and
      
      the first subset of the existing modifiable content items does not overlap the second subset of the existing modifiable content items.

28. The system of 27, wherein the object digest contains the type identifier and the length of each content item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Agrawal, Sunil C., Pravetz, James D., Chaudhury, Krish
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
Tolentino; Roderick

Application Number

US10/440,487
Publication Number

US 20040230891A1
Time in Patent Office

2,580 Days
Field of Search

380/51, 713/176, 726/2, 726/21, 726/26, 726/27, 726/30, 726/33, 705/50, 705/51, 705/55, 705/56, 705/57, 705/58, 705/59
US Class Current

726/30
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/18   using different networks or...

H04L 9/3247   involving digital signatures

Document modification detection and prevention

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

108 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Document modification detection and prevention

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links