Document modification detection and prevention

US 8,533,480 B2
Filed: 06/07/2010
Issued: 09/10/2013
Est. Priority Date: 05/16/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a computing device processor, an electronic document including content items, a rule and a digital signature, wherein the rule specifies what parts of the electronic document are allowed to change based on user interaction with the electronic document;

generating a digest for the electronic document by digesting all of the content items, using multiple functions based upon complexity of the content items, except for at least a first content item that is ignored in the digestion based on the rule;

comparing the generated digest with a stored digest that is associated with the electronic document; and

invalidating the digital signature if the generated digest indicates a difference in any of the digested content items,wherein if the generated digest indicates no difference in any of the digested content items, the method further comprises;

subsequently receiving a user input attempting to create a new state of the received electronic document;

determining whether the user input is allowed by the rule; and

invalidating the digital signature if the user input is not allowed by the rule, andwherein the rule applies differently to a first author and a second author, such that the user input causes a first digital signature of the first author to be invalidated but does not cause a second digital signature of the second author to be invalidated.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting.

Citations

15 Claims

1. A computer-implemented method comprising:
- receiving, by a computing device processor, an electronic document including content items, a rule and a digital signature, wherein the rule specifies what parts of the electronic document are allowed to change based on user interaction with the electronic document;
  
  generating a digest for the electronic document by digesting all of the content items, using multiple functions based upon complexity of the content items, except for at least a first content item that is ignored in the digestion based on the rule;
  
  comparing the generated digest with a stored digest that is associated with the electronic document; and
  
  invalidating the digital signature if the generated digest indicates a difference in any of the digested content items,wherein if the generated digest indicates no difference in any of the digested content items, the method further comprises;
  
  subsequently receiving a user input attempting to create a new state of the received electronic document;
  
  determining whether the user input is allowed by the rule; and
  
  invalidating the digital signature if the user input is not allowed by the rule, andwherein the rule applies differently to a first author and a second author, such that the user input causes a first digital signature of the first author to be invalidated but does not cause a second digital signature of the second author to be invalidated.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein simple content items, semi-complex content items and complex content items in the electronic document are digested by separate functions.
  - 3. The method of claim 1, wherein the electronic document contains a previous byte range digest, the method further comprising:
    - generating a current byte range digest by digesting all bytes of the electronic document; and
      
      comparing the current byte range digest with the previous byte range digest, wherein the digital signature is invalidated also if the current byte range digest differs from the previous byte range digest.
  - 4. The method of claim 1, wherein the first content item is ignored in the digestion based on having a content item type specified by the rule.
  - 5. The method of claim 1, wherein the first content item is ignored in the digestion on another basis than the rule specifying a content item type.

6. A computer readable storage device storing a computer program which when executed by a processor causes the processor to perform a method comprising:
- receiving an electronic document including content items, a rule and a digital signature, wherein the rule specifies what parts of the electronic document are allowed to change based on user interaction with the electronic document;
  
  generating a digest for the electronic document by digesting all of the content items, using multiple functions based upon complexity of the content items, except for at least a first content item that is ignored in the digestion based on the rule;
  
  comparing the generated digest with a stored digest that is associated with the electronic document; and
  
  invalidating the digital signature if the generated digest indicates a difference in any of the digested content items,wherein if the generated digest indicates no difference in any of the digested content items, the method further comprises;
  
  subsequently receiving a user input attempting to create a new state of the received electronic document;
  
  determining whether the user input is allowed by the rule; and
  
  invalidating the digital signature if the user input is not allowed by the rule, andwherein the rule applies differently to a first author and a second author, such that the user input causes a first digital signature of the first author to be invalidated but does not cause a second digital signature of the second author to be invalidated.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer readable storage device of claim 6, wherein simple content items, semi-complex content items and complex content items in the electronic document are digested by separate functions.
  - 8. The computer readable storage device of claim 6, wherein the electronic document contains a previous byte range digest, the method further comprising:
    - generating a current byte range digest by digesting all bytes of the electronic document; and
      
      comparing the current byte range digest with the previous byte range digest, wherein the digital signature is invalidated also if the current byte range digest differs from the previous byte range digest.
  - 9. The computer readable storage device of claim 6, wherein the first content item is ignored in the digestion based on having a content item type specified by the rule.
  - 10. The method of claim 6, wherein the first content item is ignored in the digestion on another basis than the rule specifying a content item type.

11. A system comprising:
- a processor; and
  
  a computer readable storage device storing a computer program which when executed by the processor causes the processor to perform a method comprising;
  
  receiving an electronic document including content items, a rule and a digital signature, wherein the rule specifies what parts of the electronic document are allowed to change based on user interaction with the electronic document;
  
  generating a digest for the electronic document by digesting all of the content items, using multiple functions based upon complexity of the content items, except for at least a first content item that is ignored in the digestion based on the rule;
  
  comparing the generated digest with a stored digest that is associated with the electronic document; and
  
  invalidating the digital signature if the generated digest indicates a difference in any of the digested content items,wherein if the generated digest indicates no difference in any of the digested content items, the method further comprises;
  
  subsequently receiving a user input attempting to create a new state of the received electronic document;
  
  determining whether the user input is allowed by the rule; and
  
  invalidating the digital signature if the user input is not allowed by the rule, andwherein the rule applies differently to a first author and a second author, such that the user input causes a first digital signature of the first author to be invalidated but does not cause a second digital signature of the second author to be invalidated.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein simple content items, semi-complex content items and complex content items in the electronic document are digested by separate functions.
  - 13. The system of claim 11, wherein the electronic document contains a previous byte range digest, the method further comprising:
    - generating a current byte range digest by digesting all bytes of the electronic document; and
      
      comparing the current byte range digest with the previous byte range digest, wherein the digital signature is invalidated also if the current byte range digest differs from the previous byte range digest.
  - 14. The system of claim 11, wherein the first content item is ignored in the digestion based on having a content item type specified by the rule.
  - 15. The system of claim 11, wherein the first content item is ignored in the digestion on another basis than the rule specifying a content item type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Pravetz, James, Chaudhury, Krish, Agrawal, Sunil
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US12/795,502
Publication Number

US 20130212404A1
Time in Patent Office

1,191 Days
Field of Search

713/150, 713/176, 713/179, 713/180, 382276-308
US Class Current

713/176
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/18   using different networks or...

H04L 9/3247   involving digital signatures

Document modification detection and prevention

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Document modification detection and prevention

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links