Document modification detection and prevention

US 9,338,011 B2
Filed: 08/13/2013
Issued: 05/10/2016
Est. Priority Date: 05/16/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a computing device processor, an electronic document including content items, a rule, a first digital signature provided by a first author, and a second digital signature provided by a second author, wherein the rule defines a user-modifiable content item included in the electronic document;

generating a digest for the electronic document by digesting all of the content items except for at least the user-modifiable content item that is defined by the rule, such that the user-modifiable content item is ignored in the digest generation; and

invalidating at least one of the digital signatures if the digest indicates a difference in any of the digested content items;

wherein if the digest indicates no difference in any of the digested content items, the method further comprises (a) subsequently receiving a user input attempting to create a new state of the electronic document, (b) determining whether the user input is allowed by the rule, and (c) invalidating at least one of the digital signatures if the user input is not allowed by the rule; and

wherein the rule applies differently to the first and second authors, such that the user input causes the first digital signature to be invalidated but does not cause the second digital signature to be invalidated.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting.

Citations

16 Claims

1. A computer-implemented method comprising:
- receiving, by a computing device processor, an electronic document including content items, a rule, a first digital signature provided by a first author, and a second digital signature provided by a second author, wherein the rule defines a user-modifiable content item included in the electronic document;
  
  generating a digest for the electronic document by digesting all of the content items except for at least the user-modifiable content item that is defined by the rule, such that the user-modifiable content item is ignored in the digest generation; and
  
  invalidating at least one of the digital signatures if the digest indicates a difference in any of the digested content items;
  
  wherein if the digest indicates no difference in any of the digested content items, the method further comprises (a) subsequently receiving a user input attempting to create a new state of the electronic document, (b) determining whether the user input is allowed by the rule, and (c) invalidating at least one of the digital signatures if the user input is not allowed by the rule; and
  
  wherein the rule applies differently to the first and second authors, such that the user input causes the first digital signature to be invalidated but does not cause the second digital signature to be invalidated.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the user-modifiable content item is allowed to change based on user interaction with the electronic document.
  - 3. The method of claim 1, further comprising comparing the generated digest with a stored digest that is associated with the electronic document.
  - 4. The method of claim 1, wherein the content items include the user-modifiable content item and at least one invariant content item.
  - 5. The method of claim 1, wherein the electronic document includes an existing signed state, the method further comprising adding a new signed state to the electronic document, the new signed state comprising the digest and a new digital signature.
  - 6. The method of claim 1, wherein the electronic document contains a previous byte range digest, the method further comprising:
    - generating a current byte range digest by digesting certain bytes of the electronic document; and
      
      comparing the current byte range digest with the previous byte range digest, wherein at least one of the digital signatures is also invalidated if the current byte range digest differs from the previous byte range digest.
  - 7. The computer-implemented method of claim 1, wherein:
    - the digest is generated using a multi-layer hash function that includes a bottom layer and an intermediate layer;
      
      the bottom layer provides recursive digesting functionality; and
      
      the intermediate layer provides annotation digesting functionality and is configured to call the bottom layer.

8. A computer readable storage device storing a computer program which, when executed by one or more computer processors, causes the one or more computer processors to perform operations comprising:
- receiving, by a computing device processor, an electronic document including content items, a rule, a first digital signature provided by a first author, and a second digital signature provided by a second author;
  
  generating a digest for the electronic document by digesting all of the content items except for at least a first user-modifiable content item that is ignored in the digest generation based on the rule; and
  
  invalidating at least one of the digital signatures if the digest indicates a difference in any of the digested content items, wherein the rule is applied differently to content items associated with the first and second authors such that generating the digest causes the first digital signature to be invalidated but does not cause the second digital signature to be invalidated.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer readable storage device of claim 8, wherein:
    - the rule specifies parts of the electronic document that are allowed to change based on user interaction with the electronic document; and
      
      the operations further comprise comparing the generated digest with a stored digest that is associated with the electronic document.
  - 10. The computer readable storage device of claim 8, wherein if the digest indicates no difference in any of the digested content items, the operations further comprise:
    - subsequently receiving a user input attempting to create a new state of the electronic document;
      
      determining whether the user input is allowed by the rule; and
      
      invalidating at least one of the digital signatures if the user input is not allowed by the rule.
  - 11. The computer readable storage device of claim 8, wherein the rule defines the first user-modifiable content item.
  - 12. The computer readable storage device of claim 8, wherein:
    - the digest is generated using a multi-layer hash function that includes a bottom layer and an intermediate layer;
      
      the bottom layer provides recursive digesting functionality; and
      
      the intermediate layer provides annotation digesting functionality and is configured to call the bottom layer.

13. A computer-implemented method comprising:
- receiving, by a computing device processor, an electronic document including content items, a rule, a first digital signature provided by a first author, and a second digital signature provided by a second author;
  
  generating a digest for the electronic document by digesting a portion of the content items, wherein a user-modifiable content item is not digested; and
  
  invalidating at least one of the digital signatures if the digest indicates a difference in any of the digested content items,wherein if the digest indicates no difference in any of the digested content items, the method further comprises;
  
  subsequently receiving a user input attempting to create a new state of the electronic document;
  
  determining whether the user input is allowed by the rule; and
  
  invalidating at least one of the digital signatures if the user input is not allowed by the rule, wherein the rule is applied differently to the first and second authors such that generating the digest causes the first digital signature to be invalidated but does not cause the second digital signature to be invalidated.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the user-modifiable content item is ignored in the digest generation based on having a content item type specified by the rule.
  - 15. The method of claim 13, wherein the rule specifies parts of the electronic document that are allowed to change based on user interaction with the electronic document.
  - 16. The method of claim 13, further comprising comparing the generated digest with a stored digest that is associated with the electronic document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Pravetz, James D., Chaudhury, Krish, Agrawal, Sunil
Primary Examiner(s)
Tolentino, Roderick

Application Number

US13/965,688
Publication Number

US 20140013119A1
Time in Patent Office

1,001 Days
Field of Search

713/176, 726 26- 30
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/18   using different networks or...

H04L 9/3247   involving digital signatures

Document modification detection and prevention

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Document modification detection and prevention

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links