Data stream header object protection

US 20040054912A1
Filed: 09/04/2002
Published: 03/18/2004
Est. Priority Date: 09/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method for use in combination with a digital object comprising at least one sub-object, said method providing a digital signature for at least one region, where each of said at least one region is comprised of all or part of one of said at least one sub-object, and where said sub-objects may be rearranged within the object without invalidating the digital signature, the method comprising:

creating an array comprising, for each of said at least one region, a region specifier identifying the region;

producing a digital signature based on data comprising each region and said array; and

adding a signature sub-object comprising said array and said digital signature to the digital object.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A header object for a data file is comprised of sub-objects which specify properties of the data stream and contains information needed to properly verify and interpret the information within the data object. In order to allow the protection of any set of sub-objects without requiring that the sub-objects follow any specific ordering, a new sub-object is introduced which includes region specifiers identifying regions within sub-objects and verification information for those regions. This new sub-object in the header object allows the modification of non-protected regions and reorganization of sub-objects in a header without invalidating verification information.

111 Citations

View as Search Results

56 Claims

1. A method for use in combination with a digital object comprising at least one sub-object, said method providing a digital signature for at least one region, where each of said at least one region is comprised of all or part of one of said at least one sub-object, and where said sub-objects may be rearranged within the object without invalidating the digital signature, the method comprising:
- creating an array comprising, for each of said at least one region, a region specifier identifying the region;
  
  producing a digital signature based on data comprising each region and said array; and
  
  adding a signature sub-object comprising said array and said digital signature to the digital object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, where each of said at least one region comprises a sub-object from among said at least one sub-objects.
  - 3. The method of claim 1, where each of said region specifiers comprises a checksum calculated according to a checksum algorithm.
  - 4. The method of claim 3, where said checksum is calculated for the region.
  - 5. The method of claim 3, where said checksum is calculated for the sub-object containing the region.
  - 6. The method of claim 3, where said signature sub-object comprises a checksum algorithm identifier identifying the checksum algorithm used.
  - 7. The method of claim 3, where each of said region specifiers comprises a checksum length.
  - 8. The method of claim 1, where said signature sub-object comprises a signature algorithm identifier identifying a signature algorithm used for said producing of a digital signature.
  - 9. The method of claim 1, where said signature sub-object comprises signer identifier identifying a signer for verification of said digital signature.
  - 10. The method of claim 9, where said signer identifier comprises digital certificates for securely identifying and verifying the public key of said signer.
  - 11. The method of claim 1, where each of said region specifiers comprises a region offset identifying the start location of the corresponding region in a sub-object.
  - 12. The method of claim 1, where each of said region specifiers comprises a region size identifying the size of the corresponding region in a sub-object.
  - 13. The method of claim 1, where said object is a header object for an ASF file.
  - 14. The method of claim 13, where said new object further comprises a GUID.

15. A method for use in combination with a digital object comprising at least one sub-object, said method validating a digital signature for at least one region, where each of said at least one region is comprised of all or part of one of said at least one sub-object, where an array comprises region specifiers for each of said at least one region, comprising:
- identifying a region corresponding to each of said region specifiers;
  
  creating a data object comprising, said array and, for each of said region specifiers, said region corresponding to said region specifier; and
  
  validating said digital signature using on said data object.
- View Dependent Claims (16)
- - 16. The method of claim 15, where said object is a header object for an ASF file.

17. A method for use in combination with a digital object comprising at least one sub-object, said method validating a digital signature for at least one region, where each of said at least one region is comprised of all or part of one of said at least one sub-object, where an array comprises region specifiers for each of said at least one region, comprising:
- determining the number of digital signatures present in said digital object;
  
  validating each of said digital signatures.
- View Dependent Claims (18)
- - 18. The method of claim 17, further comprising:
    - returning an error value if the number of digital signatures present in said digital object is zero.

19. A system for use in combination with a digital object comprising at least one sub-object, said system providing a digital signature for at least one region, where each of said at least one region is comprised of all or part of one of said at least one sub-object, and where said sub-objects may be rearranged within the object without invalidating the digital signature, the system comprising:
- array-creation means for creating an array comprising, for each of said at least one region, a region specifier identifying the region;
  
  signing means for producing a digital signature based on data comprising each region and said array; and
  
  signature sub-object adding means for adding a signature sub-object comprising said array and said digital signature to the digital object.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 20. The system of claim 19, where each of said at least one region comprises a sub-object from among said at least one sub-objects.
  - 21. The system of claim 19, where each of said region specifiers comprises a checksum calculated according to a checksum algorithm.
  - 22. The system of claim 21, where said checksum is calculated for the region.
  - 23. The system of claim 21, where said checksum is calculated for the sub-object containing the region.
  - 24. The system of claim 21, where said signature sub-object comprises a checksum algorithm identifier identifying the checksum algorithm used.
  - 25. The system of claim 21, where each of said region specifiers comprises a checksum length.
  - 26. The system of claim 19, where said signature sub-object comprises a signature algorithm identifier identifying a signature algorithm used for said producing of a digital signature.
  - 27. The system of claim 19, where said signature sub-object comprises signer identifier identifying a signer for verification of said digital signature.
  - 28. The system of claim 27, where said signer identifier comprises digital certificates for securely identifying and verifying the public key of said signer.
  - 29. The system of claim 19, where each of said region specifiers comprises a region offset identifying the start location of the corresponding region in a sub-object.
  - 30. The system of claim 19, where each of said region specifiers comprises a region size identifying the size of the corresponding region in a sub-object.
  - 31. The system of claim 19, where said object is a header object for an ASF file.
  - 32. The system of claim 31, where said new object further comprises a GUID.

33. A system for use in combination with a digital object comprising at least one sub-object, said system validating a digital signature for at least one region, where each of said at least one region is comprised of all or part of one of said at least one sub-object, where an array comprises region specifiers for each of said at least one region, comprising:
- region-identifying means identifying a region corresponding to each of said region specifiers;
  
  data object creation means for creating a data object comprising, said array and, for each of said region specifiers, said region corresponding to said region specifier; and
  
  validation means for validating said digital signature using on said data object.
- View Dependent Claims (34)
- - 34. The system of claim 33, where said object is a header object for an ASF file.

35. A system for use in combination with a digital object comprising at least one sub-object, said system validating a digital signature for at least one region, where each of said at least one region is comprised of all or part of one of said at least one sub-object, where an array comprises region specifiers for each of said at least one region, comprising:
- counting means for determining the number of digital signatures present in said digital object;
  
  validating means for validating each of said digital signatures.
- View Dependent Claims (36)
- - 36. The system of claim 35, further comprising:
    - error return means returning an error value if the number of digital signatures present in said digital object is zero.

37. A computer-readable medium for use in combination with a digital object comprising at least one sub-object, said computer-readable medium providing a digital signature for at least one region, where each of said at least one region is comprised of all or part of one of said at least one sub-object, and where said sub-objects may be rearranged within the object without invalidating the digital signature, computer-readable medium with instructions to perform acts comprising:
- creating an array comprising, for each of said at least one region, a region specifier identifying the region;
  
  producing a digital signature based on data comprising each region and said array; and
  
  adding a signature sub-object comprising said array and said digital signature to the digital object.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 38. The computer-readable medium of claim 37, where each of said at least one region comprises a sub-object from among said at least one sub-objects.
  - 39. The computer-readable medium of claim 37, where each of said region specifiers comprises a checksum calculated according to a checksum algorithm.
  - 40. The computer-readable medium of claim 39, where said checksum is calculated for the region.
  - 41. The computer-readable medium of claim 39, where said checksum is calculated for the sub-object containing the region.
  - 42. The computer-readable medium of claim 39, where said signature sub-object comprises a checksum algorithm identifier identifying the checksum algorithm used.
  - 43. The computer-readable medium of claim 39, where each of said region specifiers comprises a checksum length.
  - 44. The computer-readable medium of claim 37, where said signature sub-object comprises a signature algorithm identifier identifying a signature algorithm used for said producing of a digital signature.
  - 45. The computer-readable medium of claim 37, where said signature sub-object comprises signer identifier identifying a signer for verification of said digital signature.
  - 46. The computer-readable medium of claim 45, where said signer identifier comprises digital certificates for securely identifying and verifying the public key of said signer.
  - 47. The computer-readable medium of claim 37, where each of said region specifiers comprises a region offset identifying the start location of the corresponding region in a sub-object.
  - 48. The computer-readable medium of claim 37, where each of said region specifiers comprises a region size identifying the size of the corresponding region in a sub-object.
  - 49. The computer-readable medium of claim 37, where said object is a header object for an ASF file.
  - 50. The computer-readable medium of claim 49, where said new object further comprises a GUID.

51. A computer-readable medium for use in combination with a digital object comprising at least one sub-object, said computer-readable medium validating a digital signature for at least one region, where each of said at least one region is comprised of all or part of one of said at least one sub-object, where an array comprises region specifiers for each of said at least one region, the computer-readable medium with instructions to perform acts comprising:
- identifying a region corresponding to each of said region specifiers;
  
  creating a data object comprising, said array and, for each of said region specifiers, said region corresponding to said region specifier; and
  
  validating said digital signature using on said data object.
- View Dependent Claims (52)
- - 52. The computer-readable medium of claim 51, where said object is a header object for an ASF file.

53. A computer-readable medium for use in combination with a digital object comprising at least one sub-object, said computer-readable medium validating a digital signature for at least one region, where each of said at least one region is comprised of all or part of one of said at least one sub-object, where an array comprises region specifiers for each of said at least one region, the computer-readable medium with instructions to perform acts comprising:
- determining the number of digital signatures present in said digital object;
  
  validating each of said digital signatures.
- View Dependent Claims (54)
- - 54. The computer-readable medium of claim 53, said computer-readable medium with instructions to perform acts further comprising:
    - returning an error value if the number of digital signatures present in said digital object is zero.

55. A memory for storing data for access by an application program comprising a data structure stored in said memory, said data structure adapted for storing verification information for an object comprised of at least one sub-object while allowing changes in the order of said sub-objects, comprising:
- a region specifier array comprising at least one region specifier, each such region specifier specifying a region comprising all or part of one of said sub-objects; and
  
  a digital signature for data comprising each of said regions and said regions specifier array.
- View Dependent Claims (56)
- - 56. The memory of claim 55, said data structure further comprising one or more of the following:
    - a globally unique identifier (GUID) for said data structure;
      
      the size of the data structure;
      
      the number of regions in said region specifier array;
      
      a checksum algorithm identifier;
      
      a signature algorithm identifier identifying the algorithm used to produce said digital signature;
      
      a signature length for said digital signature; and
      
      signer information for verifying said digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Strom, Clifford P., Dublish, Pratul, West, Cory, Adent, Daniel, Crites, Brian D.

Granted Patent

US 7,401,221 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/181
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04L 63/12 Applying verification of th...

Data stream header object protection

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

111 Citations

56 Claims

Specification

Solutions

Use Cases

Quick Links

Data stream header object protection

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

56 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links