Tamper-evident data management

US 7,877,607 B2
Filed: 08/30/2002
Issued: 01/25/2011
Est. Priority Date: 08/30/2002
Status: Active Grant

First Claim

Patent Images

1. A data tampering detection system that detects alteration of data resident on a computer, the system implemented on a suitable processing platform, comprising:

a data collecting application that collects the data for storage in a digitally signed data log entry;

a digital signing application, comprising;

a mechanism for assigning to the data for the log entry, a sequence number and an identification number of the computer,a link to a hash mechanism that generates a digest of at least the sequence number and identification number, anda digital signature mechanism that creates a digital signature and digitally signs the digest, wherein the digital signing application and the data collecting application are located on a smart card, and wherein removal or disabling of the smart card disables the data collecting application and the digital signing application;

a data writing application that writes the digitally signed digest and the data to a data log as the digitally signed data log entry, wherein the digitally signed data and digest are stored on a physical media, and wherein the digitally signed data and digest are transmitted to a vendor by removal of the physical media;

an encryption mechanism to encrypt the digitally signed digest and the data; and

a decryption mechanism to decrypt the digitally signed digest and the data.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A tamper-evident data management system uses public-private digital signature keys to control use of data and to ensure the fidelity of data that is stored on a customer'"'"'s system for later collection by a computer vendor or that is sent to the vendor over a network. A computer system includes an application for collecting usage or metrics data from the computer system, for example. The metering application uses an application private key to digitally sign all metrics data prior to optionally storing the data in a data log file. The vendor can then use an application public key to validate the digitally signed entries. The digitally signed data entries may also be encrypted using a vendor public key prior to storage in the data log and may be decrypted using a vendor private key prior to validating the digitally signed data. The application and application private key may be stored on a smart card to discourage and detect tampering or may be stored on the computer system itself.

Citations

18 Claims

1. A data tampering detection system that detects alteration of data resident on a computer, the system implemented on a suitable processing platform, comprising:
- a data collecting application that collects the data for storage in a digitally signed data log entry;
  
  a digital signing application, comprising;
  
  a mechanism for assigning to the data for the log entry, a sequence number and an identification number of the computer,a link to a hash mechanism that generates a digest of at least the sequence number and identification number, anda digital signature mechanism that creates a digital signature and digitally signs the digest, wherein the digital signing application and the data collecting application are located on a smart card, and wherein removal or disabling of the smart card disables the data collecting application and the digital signing application;
  
  a data writing application that writes the digitally signed digest and the data to a data log as the digitally signed data log entry, wherein the digitally signed data and digest are stored on a physical media, and wherein the digitally signed data and digest are transmitted to a vendor by removal of the physical media;
  
  an encryption mechanism to encrypt the digitally signed digest and the data; and
  
  a decryption mechanism to decrypt the digitally signed digest and the data.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the encryption mechanism comprises:
    - a public encryption key that is supplied by a vendor; and
      
      an encryption application.
  - 3. The system of claim 1, wherein the decryption mechanism comprises:
    - a private decryption key that corresponds to the public encryption key; and
      
      a decryption application, wherein the decryption application uses the decryption key for decrypting the encrypted digitally signed data.
  - 4. The system of claim 1, further comprising a validation application that collects and validates the digitally signed digest, wherein the validation application comprises:
    - the hash mechanism that generates a second digest corresponding to the digest generated by the data signing application; and
      
      a mechanism for comparing the two digests, wherein if the two digests are not identical, the collected data shows evidence of tampering.
  - 5. The system of claim 4, wherein the validation application is stored on a computer system controlled by a vendor.
  - 6. The system of claim 1, wherein the digitally signed data and digest are transmitted to a vendor over one of a public network and a private network.

7. A method for securely gathering data, comprising:
- gathering data from a computer system;
  
  digitally signing the data with a private signature key that is specific to a particular instance of the method, comprising;
  
  creating a digest of the data using a hash function,encrypting the digest using the private signature key, thereby creating a digital signature for the data, wherein the digitally signed data and digest are stored on a physical media, and wherein the digitally signed data and digest are transmitted to a vendor by removal of the physical media, andattaching the digital signature to the metrics data, thereby forming digitally signed data, wherein the method has exclusive access to the private signature key;
  
  adding a sequence number to the data prior to digitally signing the metrics data, thereby making removal of data entries evident; and
  
  providing the digitally signed data to a validation application that validates the digitally signed data using a public signature key that is a counterpart of the private signature key, wherein the digital signing application, and the data collecting application are located on a smart card, and wherein removal or disabling of the smart card disables the data collecting application and the digital signing application.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 8. The method of claim 7, further comprising validating the digitally signed data.
  - 9. The method of claim 8, further comprising:
    - encrypting the digitally signed data with a public key, wherein the public key is supplied by a vendor; and
      
      decrypting the encrypted and signed data using a private key provided by the vendor prior to validating the decrypted and signed data.
  - 10. The method of claim 7, further comprising adding information identifying the computer system to the data prior to digitally signing the data, thereby making transfer of the data from a different computer system evident.
  - 11. The method of claim 7, further comprising adding time stamp information to the data.
  - 12. The method of claim 7, further comprising recording shut down and startup events for the computer system with the data.
  - 13. The method of claim 7, wherein gathering data further includes taking data snapshots of utilization for the computer system and storing the resulting data snapshots as the data.
  - 14. The method of claim 7, wherein gathering data further includes calculating system utilization averages for the computer system and storing the resulting averages as the data.
  - 15. The method of claim 7 wherein validating the digitally signed data further comprises:
    - creating a second digest of the data using the hash function;
      
      decrypting the digital signature attached to the data; and
      
      comparing the decrypted digital signature with the second digest, wherein the data is validated if the decrypted digital signature matches the second digest.
  - 16. The method of claim 15, further comprising checking the consistency of sequence numbers of data entries.
  - 17. The method of claim 16, wherein the step of checking consistency comprises comparing sequential entries, whereby consistency is indicated by increasing sequential numbers with no gaps.
  - 18. The method of claim 7, wherein the step of providing the digitally signed data to the validation application comprises one of transmission over a public network, and transmission over a private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valtrus Innovations Limited (f/k/a Dolya Holdco 9 Limited) (Key Patent Innovations Limited)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Circenis, Edgar, Diamant, John R.
Primary Examiner(s)
Homayounmehr, Farid

Application Number

US10/231,043
Publication Number

US 20040054908A1
Time in Patent Office

3,070 Days
Field of Search

713/170
US Class Current

713/170
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/645   using a third party

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2135   Metering

G06F 2221/2153   Using hardware token as a s...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/603   Digital right managament [DRM]

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Tamper-evident data management

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Tamper-evident data management

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links