Tamper-evident data management
First Claim
1. A data tampering detection system that detects alteration of data resident on a computer, the system implemented on a suitable processing platform, comprising:
- a data collecting application that collects the data for storage in a digitally signed data log entry;
a digital signing application, comprising;
a mechanism for assigning to the data for the log entry, a sequence number and an identification number of the computer,a link to a hash mechanism that generates a digest of at least the sequence number and identification number, anda digital signature mechanism that creates a digital signature and digitally signs the digest, wherein the digital signing application and the data collecting application are located on a smart card, and wherein removal or disabling of the smart card disables the data collecting application and the digital signing application;
a data writing application that writes the digitally signed digest and the data to a data log as the digitally signed data log entry, wherein the digitally signed data and digest are stored on a physical media, and wherein the digitally signed data and digest are transmitted to a vendor by removal of the physical media;
an encryption mechanism to encrypt the digitally signed digest and the data; and
a decryption mechanism to decrypt the digitally signed digest and the data.
5 Assignments
0 Petitions
Accused Products
Abstract
A tamper-evident data management system uses public-private digital signature keys to control use of data and to ensure the fidelity of data that is stored on a customer'"'"'s system for later collection by a computer vendor or that is sent to the vendor over a network. A computer system includes an application for collecting usage or metrics data from the computer system, for example. The metering application uses an application private key to digitally sign all metrics data prior to optionally storing the data in a data log file. The vendor can then use an application public key to validate the digitally signed entries. The digitally signed data entries may also be encrypted using a vendor public key prior to storage in the data log and may be decrypted using a vendor private key prior to validating the digitally signed data. The application and application private key may be stored on a smart card to discourage and detect tampering or may be stored on the computer system itself.
-
Citations
18 Claims
-
1. A data tampering detection system that detects alteration of data resident on a computer, the system implemented on a suitable processing platform, comprising:
-
a data collecting application that collects the data for storage in a digitally signed data log entry; a digital signing application, comprising; a mechanism for assigning to the data for the log entry, a sequence number and an identification number of the computer, a link to a hash mechanism that generates a digest of at least the sequence number and identification number, and a digital signature mechanism that creates a digital signature and digitally signs the digest, wherein the digital signing application and the data collecting application are located on a smart card, and wherein removal or disabling of the smart card disables the data collecting application and the digital signing application; a data writing application that writes the digitally signed digest and the data to a data log as the digitally signed data log entry, wherein the digitally signed data and digest are stored on a physical media, and wherein the digitally signed data and digest are transmitted to a vendor by removal of the physical media; an encryption mechanism to encrypt the digitally signed digest and the data; and a decryption mechanism to decrypt the digitally signed digest and the data. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for securely gathering data, comprising:
-
gathering data from a computer system; digitally signing the data with a private signature key that is specific to a particular instance of the method, comprising; creating a digest of the data using a hash function, encrypting the digest using the private signature key, thereby creating a digital signature for the data, wherein the digitally signed data and digest are stored on a physical media, and wherein the digitally signed data and digest are transmitted to a vendor by removal of the physical media, and attaching the digital signature to the metrics data, thereby forming digitally signed data, wherein the method has exclusive access to the private signature key; adding a sequence number to the data prior to digitally signing the metrics data, thereby making removal of data entries evident; and providing the digitally signed data to a validation application that validates the digitally signed data using a public signature key that is a counterpart of the private signature key, wherein the digital signing application, and the data collecting application are located on a smart card, and wherein removal or disabling of the smart card disables the data collecting application and the digital signing application. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification