Nested digital signatures with constant file size
First Claim
1. A method for implementing a digital signature scheme, comprising:
- obtaining a digital document;
embedding, using a processor, a pre-determined number of pairs of data fields in the digital document and filling the pre-determined number of pairs of data fields with filler data according to a pre-determined scheme that is known to signatories of the digital document to arrive at a final digital document having a specified resultant final document size;
applying an encrypting hash scheme to the final digital document to obtain a first hash value;
encrypting the first hash value using a first encryption key to obtain a first digital signature;
substituting a first identifier associated with the first encryption key for the filler data in a first data field of a first pair of the pre-determined number of pairs of data fields in the final digital document; and
separately substituting the first digital signature for the filler data in a second data field of the first pair of the pre-determined number of pairs of data fields in the final digital document to obtain a first signed final digital document,the first signed final digital document maintaining a same specified resultant final document size based on the substitutions of the first identifier and the first digital signature separately in the first and second data fields of the first pair of the pre-determined number of pairs of data fields.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are provided for implementing a digital signature scheme for embedding and validating multiple nested digital signatures in digitally produced documents without modifying a file size of the digitally produced and signed documents or otherwise corrupting previously-embedded digital signatures. A number of fixed fields are included in a digitally produced document, upfront, that will be populated with multiple digital signatures. With the fixed fields in the digitally produced documents, the entire file is cryptographically “hashed” and the individual digital signatures are independently verifiable via simple cryptographic schemes. Multiple digital signatures are embedded in documents including complex file formats in a manner that does not corrupt the documents. Known cryptographic techniques such as, for example, a known hash algorithm, are applied to the digitally produced documents including the multiple sequentially input digital signatures in a process that is independently verifiable.
21 Citations
21 Claims
-
1. A method for implementing a digital signature scheme, comprising:
-
obtaining a digital document; embedding, using a processor, a pre-determined number of pairs of data fields in the digital document and filling the pre-determined number of pairs of data fields with filler data according to a pre-determined scheme that is known to signatories of the digital document to arrive at a final digital document having a specified resultant final document size; applying an encrypting hash scheme to the final digital document to obtain a first hash value; encrypting the first hash value using a first encryption key to obtain a first digital signature; substituting a first identifier associated with the first encryption key for the filler data in a first data field of a first pair of the pre-determined number of pairs of data fields in the final digital document; and separately substituting the first digital signature for the filler data in a second data field of the first pair of the pre-determined number of pairs of data fields in the final digital document to obtain a first signed final digital document, the first signed final digital document maintaining a same specified resultant final document size based on the substitutions of the first identifier and the first digital signature separately in the first and second data fields of the first pair of the pre-determined number of pairs of data fields. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for implementing a digital signature scheme, comprising:
-
an external communication interface via which a digital document is obtained from a system that generates the digital document; a data field adding and filling device that embeds a pre-determined number of pairs of data fields in the digital document and fills the pre-determined number of pairs of data fields with filler data according to a pre-determined scheme that is known to the signatories of the digital document to arrive at a final digital document having a specified resultant final document size; and a cryptographic scheme implementing device that applies an encrypting hash scheme to the final digital document to obtain a hash value and that encrypts the hash value using an encryption key to obtain a digital signature, the data field adding and filling device (1) substituting an identifier associated with the encryption key for the filler data in a first data field of a first pair of the pre-determined number of pairs of data fields in the final digital document, and (2) separately substituting the digital signature for the filler data in a second data field of the first pair of the pre-determined number of pairs of data fields in the final digital document to obtain a signed final digital document, the signed final digital document maintaining the same specified final document size based on the substitutions of the identifier and the digital signature separately in the first and second data fields of the first pair of the pre-determined number of pairs of data fields. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium storing instructions which, when executed by a processor, cause the processor to execute a method for implementing a digital signature scheme, comprising:
-
obtaining a digital document; embedding pre-determined number of pairs of data fields in the digital document and filling the pre-determined number of pairs of data fields with filler data according to a pre-determined scheme that is known to signatories of the digital document to arrive at a final digital document having a specified resultant final document size; applying an encrypting hash scheme to the final digital document to obtain a first hash value; encrypting the first hash value using a first encryption key to obtain a first digital signature; substituting a first identifier associated with the first encryption key for the filler data in a first data field of a first pair of the pre-determined number of pairs of data fields in the final digital document; and separately substituting the first digital signature for the filler data in a second data field of the first pair of the pre-determined number of pairs of data fields in the final digital document to obtain a first signed final digital document, the first signed final digital document maintaining a same specified resultant final document size based on the substitutions of the first identifier and the first digital signature separately in the first and second data fields of the first pair of the pre-determined number of pairs of data fields. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification