NESTED DIGITAL SIGNATURES WITH CONSTANT FILE SIZE
First Claim
1. A method for implementing a digital signature scheme, comprising:
- obtaining a digital document;
embedding, with a processor, multiple data fields in the digital document and filling the multiple data fields with filler data to arrive at a final digital document having a final document size;
applying an encrypting hash scheme to the final digital document to obtain a first hash value;
encrypting the first hash value using a first encryption key to obtain a first digital signature; and
substituting a first identifier associated with the first encryption key and the first digital signature for the filler data in a first data field and a second data field of the multiple data fields in the final digital document to obtain a first signed final digital document.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are provided for implementing a digital signature scheme for embedding and validating multiple nested digital signatures in digitally produced documents without modifying a file size of the digitally produced and signed documents or otherwise corrupting previously-embedded digital signatures. A number of fixed fields are included in a digitally produced document, upfront, that will be populated with multiple digital signatures. With the fixed fields in the digitally produced documents, the entire file is cryptographically “hashed” and the individual digital signatures are independently verifiable via simple cryptographic schemes. Multiple digital signatures are embedded in documents including complex file formats in a manner that does not corrupt the documents. Known cryptographic techniques such as, for example, a known hash algorithm, are applied to the digitally produced documents including the multiple sequentially input digital signatures in a process that is independently verifiable.
7 Citations
21 Claims
-
1. A method for implementing a digital signature scheme, comprising:
-
obtaining a digital document; embedding, with a processor, multiple data fields in the digital document and filling the multiple data fields with filler data to arrive at a final digital document having a final document size; applying an encrypting hash scheme to the final digital document to obtain a first hash value; encrypting the first hash value using a first encryption key to obtain a first digital signature; and substituting a first identifier associated with the first encryption key and the first digital signature for the filler data in a first data field and a second data field of the multiple data fields in the final digital document to obtain a first signed final digital document. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for implementing a digital signature scheme, comprising:
-
an external communication interface via which a digital document is obtained from a system that generates the digital document; a data field adding and filling device that embeds multiple data fields in the digital document and fills the multiple data fields with filler data to arrive at a final digital document having a final document size; and a cryptographic scheme implementing device that applies an encrypting hash scheme to the final digital document to obtain a hash value and that encrypts the hash value using an encryption key to obtain a digital signature, the data field adding and filling device substituting an identifier associated with the encryption key and the digital signature for the filler data in a first data field and a second data field of the multiple data fields in the final digital document to obtain a signed final digital document. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer-readable medium storing instructions which, when executed by a processor, cause the processor to execute a method for implementing a digital signature scheme, comprising:
-
obtaining a digital document; embedding multiple data fields in the digital document and filling the multiple data fields with filler data to arrive at a final digital document having a final document size; applying an encrypting hash scheme to the final digital document to obtain a first hash value; encrypting the first hash value using a first encryption key to obtain a first digital signature; and substituting a first identifier associated with the first encryption key and the first digital signature for the filler data in a first data field and a second data field of the multiple data fields in the final digital document to obtain a first signed final digital document, and the first signed final digital document having the final document size.
-
Specification