Document verification with ID augmentation

US 9,473,306 B2
Filed: 08/05/2013
Issued: 10/18/2016
Est. Priority Date: 08/05/2013
Status: Active Grant

First Claim

Patent Images

1. An authentication system for authentication of digital records, comprising:

means for receiving a current highest-level combined output value that is formed as digital combinations of successively lower-level combined output values computed in subordinate entities as node values of a tree data structure having lowest level inputs formed as digital transformations of digital input records input by user-level entities;

means for computing a current calendar value as a digital combination of the current highest-level combined output values;

means for returning the current calendar value to at least one subordinate entity, whereupon recomputation parameters are distributed downward to the user-level entities for association with digital input records,wherein the current highest-level combined output encodes at least one augmented node value computed in at least one of the subordinate entities as a digital combination of a corresponding one of the lower-level combined output values and an entity identifier, andwherein the recomputation parameters distributed to entities subordinate to the entity associated with the identifier encode the identity of the identified entity in a recomputation path;

means for digitally transforming an original digital input record through association of the current calendar value therewith; and

means for authenticating a test digital record relative to the original digital input record by;

using the recomputation parameters to recompute the node values upward through the tree data structure to determine a test calendar value;

comparing the test calendar value with the current calendar value attained as originally computed for the original digital input record; and

authenticating the test digital record relative to the original digital input record based on the test calendar value being the same as the current calendar value.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At least one node in a distributed hash tree document verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure.

Citations

13 Claims

1. An authentication system for authentication of digital records, comprising:
- means for receiving a current highest-level combined output value that is formed as digital combinations of successively lower-level combined output values computed in subordinate entities as node values of a tree data structure having lowest level inputs formed as digital transformations of digital input records input by user-level entities;
  
  means for computing a current calendar value as a digital combination of the current highest-level combined output values;
  
  means for returning the current calendar value to at least one subordinate entity, whereupon recomputation parameters are distributed downward to the user-level entities for association with digital input records,wherein the current highest-level combined output encodes at least one augmented node value computed in at least one of the subordinate entities as a digital combination of a corresponding one of the lower-level combined output values and an entity identifier, andwherein the recomputation parameters distributed to entities subordinate to the entity associated with the identifier encode the identity of the identified entity in a recomputation path;
  
  means for digitally transforming an original digital input record through association of the current calendar value therewith; and
  
  means for authenticating a test digital record relative to the original digital input record by;
  
  using the recomputation parameters to recompute the node values upward through the tree data structure to determine a test calendar value;
  
  comparing the test calendar value with the current calendar value attained as originally computed for the original digital input record; and
  
  authenticating the test digital record relative to the original digital input record based on the test calendar value being the same as the current calendar value.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A system as in claim 1, in which the digital combinations are hash functions.
  - 3. A system as in claim 1, in which the identifier is provided from a hardware security key device.
  - 4. A system as in claim 1, in which the identifier is provided by user input.
  - 5. A system as in claim 1, in which the augmented node is computed in the entity that the identifier is associated with.
  - 6. A system as in claim 1, further comprising means, located within a respective immediately superior entity, for assigning the identifier for an immediately subordinate entity, in which the augmented node is computed in the superior entity using the identifier assigned to the subordinate entity.

7. A non-transitory computer readable storage medium having data stored therein representing software executable by a computer, the software including instructions to enabling authentication of digital records, the storage medium comprising:
- instructions for receiving a current highest-level combined output value that is formed as digital combinations of successively lower-level combined output values computed in subordinate entities as node values of a tree data structure having lowest level inputs formed as digital transformations of digital input records input by user-level entities;
  
  instructions for computing a current calendar value as a digital combination of the current highest-level combined output values; and
  
  instructions for returning the current calendar value to at least one subordinate entity, whereupon recomputation parameters are distributed downward to the user-level entities for association with respective ones of the digital input records such that an arbitrary subsequent test digital record is considered authenticated relative to the corresponding digital input record if, applying the corresponding digital transformation to the test digital record and, using the recomputation parameters to recompute the node values upward through the tree data structure, the same current calendar value is attained as when it was originally computed with the corresponding digital input record forming the lowest level input;
  
  in which;
  
  the current highest-level combined output encodes at least one augmented node value computed in at least one of the subordinate entities as a digital combination of a corresponding one of the lower-level combined output values and an entity identifier, whereby the recomputation parameters distributed to entities subordinate to the entity associated with the identifier encode the identity of the identified entity in a recomputation path.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The non-transitory storage medium as in claim 7, further comprising computer-executable instructions for computing the digital combinations as hash functions.
  - 9. The non-transitory storage medium as in claim 7, further comprising computer-executable instructions for including a function of time in the identifier.
  - 10. The non-transitory storage medium as in claim 7, further comprising computer-executable instructions for computing the augmented node in the entity that the identifier is associated with.
  - 11. The non-transitory storage medium as in claim 7, further comprising computer-executable instructions for inputting the identifier from a hardware security key device.
  - 12. The non-transitory storage medium as in claim 7, further comprising computer-executable instructions for inputting the identifier via user input.
  - 13. The non-transitory storage medium as in claim 7, further comprising computer-executable instructions for assigning the identifier for a subordinate entity from an immediately superior entity and for computing the augmented node in the superior entity using the identifier assigned to the subordinate entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Guardtime SA
Original Assignee
Guardtime IP Holdings Limited
Inventors
Kroonmaa, Andres, Buldas, Ahto, Truu, Ahto
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US13/959,734
Publication Number

US 20150039893A1
Time in Patent Office

1,170 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 9/3239 involving non-keyed hash fu...

H04L 9/3247 involving digital signatures

Document verification with ID augmentation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Document verification with ID augmentation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links