Document modification detection and prevention

US 9,705,917 B2
Filed: 03/25/2016
Issued: 07/11/2017
Est. Priority Date: 05/16/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a computing device processor, an electronic document including a plurality of content items, a rule, a first digest, and a digital signature of a document author, wherein the rule identifies a subset of the content items that are invariant to operations authorized by the rule;

generating a second digest for the electronic document by digesting the subset of content items that are invariant to operations authorized by the rule, wherein content items that are modifiable pursuant to the rule are not considered in generating the second digest;

comparing the first and second digests;

invalidating the digital signature of the document author in response to detecting a discrepancy between the first and second digests, andrestricting access to the electronic document in response to detecting the invalidated digital signature.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting.

81 Citations

View as Search Results

17 Claims

1. A computer-implemented method comprising:
- receiving, by a computing device processor, an electronic document including a plurality of content items, a rule, a first digest, and a digital signature of a document author, wherein the rule identifies a subset of the content items that are invariant to operations authorized by the rule;
  
  generating a second digest for the electronic document by digesting the subset of content items that are invariant to operations authorized by the rule, wherein content items that are modifiable pursuant to the rule are not considered in generating the second digest;
  
  comparing the first and second digests;
  
  invalidating the digital signature of the document author in response to detecting a discrepancy between the first and second digests, andrestricting access to the electronic document in response to detecting the invalidated digital signature.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the digital signature identifies the document author as an originator of the rule.
  - 3. The method of claim 1, wherein:
    - generating the second digest includes using a multi-layer hash function that includes a bottom layer and an intermediate layer;
      
      the bottom layer provides recursive digesting functionality; and
      
      the intermediate layer provides annotation digesting functionality and is configured to call the bottom layer.
  - 4. The method of claim 1, wherein the content items that are modifiable pursuant to the rule include a fillable form field in the electronic document, such that manipulating data provided in the fillable form field does not affect the second digest.
  - 5. The method of claim 1, wherein the electronic document represents an existing signed state, the method further comprising generating a new signed state of the electronic document that comprises the second digest, a second rule, and a second digital signature.

6. A computer-implemented method comprising:
- receiving, by a computing device processor, an electronic document including a plurality of content items, a rule, a first digest, and a digital signature of a document author, wherein the rule identifies a first subset of the content items that are invariant to operations authorized by the rule;
  
  generating a second digest for the electronic document by digesting the first subset of content items that are invariant to operations authorized by the rule, wherein content items that are modifiable pursuant to the rule are not considered in generating the second digest;
  
  after determining that the first and second digests are identical, (a) receiving input attempting to create a new state of the electronic document, (b) determining whether the input is allowed by the rule, and (c) invalidating the digital signature of the document author if the input is not allowed by the rule; and
  
  restricting access to the electronic document in response to detecting the invalidated digital signature.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method of claim 6, wherein the content items that are modifiable pursuant to the rule include a fillable form field.
  - 8. The method of claim 6, the method further comprising rendering the electronic document such that at least a portion of the content items are displayed, including at least a portion of the first subset of content items that are invariant to operations authorized by the rule.
  - 9. The method of claim 6, wherein the rule identifies at least one form field that is fillable without invalidating the digital signature.
  - 10. The method of claim 6, wherein:
    - the rule specifies a particular content type; and
      
      content items associated with the particular content type are not considered in generating the second digest.
  - 11. The method of claim 6, wherein:
    - the rule specifies a second subset of content items that are specified based on user interaction with a particular content item that is not included in the first subset; and
      
      the first and second subsets of content items form part of the plurality of content items included in the electronic document.
  - 12. The method of claim 6, further comprising comparing the first and second digests.

13. A computer readable storage device storing a computer program which, when executed by one or more computer processors, causes the one or more computer processors to perform operations comprising:
- receiving, by a computing device processor, an electronic document including a plurality of content items, a rule, a first digest, and a digital signature of a document author, wherein the rule identifies a subset of the content items that are invariant to operations authorized by the rule;
  
  generating a second digest for the electronic document by digesting the subset of content items that are invariant to operations authorized by the rule, wherein content items that are modifiable pursuant to the rule are not considered in generating the second digest;
  
  invalidating the digital signature of the document author in response to detecting a discrepancy between the first and second digests andrestricting access to the electronic document in response to detecting the invalidated digital signature.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer readable storage device of claim 13, wherein the first digest is generated before the second digest.
  - 15. The computer readable storage device of claim 13, wherein the operations further comprise receiving input that creates a new state of the electronic document, wherein the second digest corresponds to the new state of the electronic document.
  - 16. The computer readable storage device of claim 13, wherein the content items that are modifiable pursuant to the rule include a fillable form field.
  - 17. The computer readable storage device of claim 13, wherein:
    - the first digest comprises a previous byte range digest,generating the second digest further comprises generating a current byte range digest by digesting certain bytes of the electronic document, andthe operations further comprise comparing the current byte range digest with the previous byte range digest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Agrawal, Sunil, Pravetz, James D., Chaudhury, Krish
Primary Examiner(s)
Tolentino, Roderick

Application Number

US15/080,812
Publication Number

US 20160226909A1
Time in Patent Office

473 Days
Field of Search

726 26- 30
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/18   using different networks or...

H04L 9/3247   involving digital signatures

Document modification detection and prevention

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Document modification detection and prevention

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links