Systems and methods for authenticating and protecting the integrity of data streams and other data

US 7,882,351 B2
Filed: 02/27/2008
Issued: 02/01/2011
Est. Priority Date: 06/08/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for encoding and transmitting a digital file in a manner designed to facilitate authentication of a streamed transmission of the digital file, the method including:

generating a progression of check values, each check value in the progression being derived from at least one other check value in the progression and from a portion of the digital file;

transmitting the digital file and the progression of check values to a user'"'"'s system, whereby the user'"'"'s system is able to receive parts of the digital file and to use one or more received check values to authenticate said parts of the digital file before the entire digital file is received;

wherein the portion of the digital file comprises error-check values, each error-check value being inserted in proximity to a part of the digital file to which said error-check value corresponds, each error-check value being configured to facilitate authentication of a part of the digital file and a check value in the progression of check values.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain'"'"'s security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file.

Citations

19 Claims

1. A method for encoding and transmitting a digital file in a manner designed to facilitate authentication of a streamed transmission of the digital file, the method including:
- generating a progression of check values, each check value in the progression being derived from at least one other check value in the progression and from a portion of the digital file;
  
  transmitting the digital file and the progression of check values to a user'"'"'s system, whereby the user'"'"'s system is able to receive parts of the digital file and to use one or more received check values to authenticate said parts of the digital file before the entire digital file is received;
  
  wherein the portion of the digital file comprises error-check values, each error-check value being inserted in proximity to a part of the digital file to which said error-check value corresponds, each error-check value being configured to facilitate authentication of a part of the digital file and a check value in the progression of check values.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further including:
    - encrypting a final check value in the progression of check values; and
      
      inserting the encrypted final check value in proximity to the beginning of the streamed transmission of the digital file.
  - 3. The method of claim 1, wherein each error-check value comprises a hash of the part of the digital file to which the error-check value corresponds.

4. A non-transitory computer readable storage medium storing instructions that, when executed by a processor, are configured to cause the processor to perform a method for encoding a data block in a manner designed to facilitate authentication of a streamed transmission of the data block, the method including:
- generating a progression of data check values, wherein each data check value is derived, at least in part, from (i) at least one other data check value in the progression, and (ii) a hash of a portion of the data block;
  
  encoding the data block by inserting a plurality of error-check values into the data block, each error-check value being inserted in proximity to a part of the data block to which the error-check value corresponds, and each error-check value being operable to facilitate authentication of part of the data block and of a data check value in the progression of data check values; and
  
  sending a streamed transmission of the encoded data block to a user'"'"'s system, whereby the user'"'"'s system is configured to receive and authenticate portions of the streamed transmission before the entire encoded data block is received.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The non-transitory computer readable storage medium of claim 4, wherein at least one error-check value comprises a hash of the part of the data block to which the error-check value corresponds.
  - 6. The non-transitory computer readable storage medium of claim 4 further storing instructions, that when executed by the processor, cause the processor to perform a method including:
    - digitally signing at least a root data check value in the progression of data check values.
  - 7. The non-transitory computer readable storage medium of claim 4, in which the computer readable storage medium is selected from the group consisting of:
    - CD-ROM, DVD, MINIDISC, floppy disk, magnetic tape, flash memory, ROM, RAM, system memory, hard drive, and optical storage.
  - 8. The non-transitory computer readable storage medium of claim 4, in which at least one error-check value comprises a hash of a combination of (i) at least one other error-check value, and (ii) a hash of a portion of the data block.
  - 9. The non-transitory computer readable storage medium of claim 4, further storing instructions, that when executed by the processor, cause the processor to perform a method including:
    - encrypting a final data check value in the progression of data check values; and
      
      inserting the final data check value into the data block.

10. A non-transitory computer readable storage medium storing instructions that, when executed by a processor, are configured to cause the processor to perform a method for verifying the integrity of a block of data, the method including:
- receiving a first portion of the block of data;
  
  receiving first and second check values in a chain of check values, wherein each check value in the chain is derived from a corresponding transformed portion of the block of data and from at least one other check value in the chain, and wherein the first portion of the block of data comprises at least one error-check value inserted in proximity to the first portion of the block of data;
  
  verifying the integrity of the first portion of the block of data and the second check value using, at least in part, the first check value and the at least one error-check value; and
  
  allowing at least one use of the first portion of the block of data if the integrity of said first portion is successfully verified.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The non-transitory computer readable storage medium of claim 10, in which the first check value is digitally signed, and in which the step of verifying the integrity of the first portion of the block of data and the second check value includes verifying a digital signature associated with the first check value.
  - 12. The non-transitory computer readable storage medium of claim 10, in which each transformed portion of the block of data is obtained, at least in part, by hashing said portion of the block of data.
  - 13. The non-transitory computer readable storage medium of claim 11, further storing instructions that, when executed by the processor, cause the processor to perform a method including:
    - allowing at least one use of the first portion of the block of data if verification of the integrity of less than a predefined number of portions of the block of data has failed.
  - 14. The non-transitory computer readable storage medium of claim 11, in which the at least one error check value comprises a hash of the first portion of the block of data.
  - 15. The non-transitory computer readable storage medium of claim 10, in which the at least one use of the first portion of the block of data is selected from a group consisting of:
    - sending the first portion of the block of data to a speaker system;
      
      displaying the first portion of the block of data on a viewing device;
      
      printing the first portion of the block of data; and
      
      storing the first portion of the block of data on a computer readable medium.

16. In a computer-implemented decoding system comprising a processor and a memory, a method for authenticating data as performed by the processor, the method including:
- receiving a first sub-block of the data, a first check value, and a second check value, wherein the first check value and the second check value form part of a progression of check values associated with the data, each check value in the progression being derived, at least in part, from (i) a sub-block of the data, and (ii) at least one other check value in the progression, and wherein the first sub-block of data comprises at least one error-check value;
  
  using the at least one error-check value to detect a corruption of the integrity of the first sub-block of the data;
  
  recording detection of the corruption; and
  
  using the first check value and the at least one error-check value to verify the integrity of the second check value.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, further including:
    - receiving a second sub-block of the data; and
      
      using the second check value to verify the integrity of the second sub-block.
  - 18. The method of claim 16, wherein each check value in the progression is derived, at least in part, from a transformed sub-block of the data.
  - 19. The method of claim 16, in which the at least one error-check value comprises a hash of the first sub-block of the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PLS IV, LLC (Pretium Partners, LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Serret-Avila, Xavier
Primary Examiner(s)
Brown; Christopher J

Application Number

US12/038,664
Publication Number

US 20080222420A1
Time in Patent Office

1,070 Days
Field of Search

713/161, 713/176
US Class Current

713/161
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2149   Restricted operating enviro...

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 2209/603   Digital right managament [DRM]

H04L 63/0428   wherein the data content is...

H04L 9/3236   using cryptographic hash fu...

H04L 9/50   using hash chains, e.g. blo...

Systems and methods for authenticating and protecting the integrity of data streams and other data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for authenticating and protecting the integrity of data streams and other data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links