Document modification detection and prevention
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving, by a computing device processor, an electronic document including a plurality of content items, a rule, a first digest, and a digital signature of a document author, wherein the rule identifies a subset of the content items that are invariant to operations authorized by the rule;
generating a second digest for the electronic document by digesting the subset of content items that are invariant to operations authorized by the rule, wherein content items that are modifiable pursuant to the rule are not considered in generating the second digest;
comparing the first and second digests;
invalidating the digital signature of the document author in response to detecting a discrepancy between the first and second digests, andrestricting access to the electronic document in response to detecting the invalidated digital signature.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting.
81 Citations
17 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a computing device processor, an electronic document including a plurality of content items, a rule, a first digest, and a digital signature of a document author, wherein the rule identifies a subset of the content items that are invariant to operations authorized by the rule; generating a second digest for the electronic document by digesting the subset of content items that are invariant to operations authorized by the rule, wherein content items that are modifiable pursuant to the rule are not considered in generating the second digest; comparing the first and second digests; invalidating the digital signature of the document author in response to detecting a discrepancy between the first and second digests, and restricting access to the electronic document in response to detecting the invalidated digital signature. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method comprising:
-
receiving, by a computing device processor, an electronic document including a plurality of content items, a rule, a first digest, and a digital signature of a document author, wherein the rule identifies a first subset of the content items that are invariant to operations authorized by the rule; generating a second digest for the electronic document by digesting the first subset of content items that are invariant to operations authorized by the rule, wherein content items that are modifiable pursuant to the rule are not considered in generating the second digest; after determining that the first and second digests are identical, (a) receiving input attempting to create a new state of the electronic document, (b) determining whether the input is allowed by the rule, and (c) invalidating the digital signature of the document author if the input is not allowed by the rule; and restricting access to the electronic document in response to detecting the invalidated digital signature. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A computer readable storage device storing a computer program which, when executed by one or more computer processors, causes the one or more computer processors to perform operations comprising:
-
receiving, by a computing device processor, an electronic document including a plurality of content items, a rule, a first digest, and a digital signature of a document author, wherein the rule identifies a subset of the content items that are invariant to operations authorized by the rule; generating a second digest for the electronic document by digesting the subset of content items that are invariant to operations authorized by the rule, wherein content items that are modifiable pursuant to the rule are not considered in generating the second digest; invalidating the digital signature of the document author in response to detecting a discrepancy between the first and second digests and restricting access to the electronic document in response to detecting the invalidated digital signature. - View Dependent Claims (14, 15, 16, 17)
-
Specification