NESTED DIGITAL SIGNATURES WITH CONSTANT FILE SIZE

US 20130191642A1
Filed: 01/20/2012
Published: 07/25/2013
Est. Priority Date: 01/20/2012
Status: Active Grant

First Claim

Patent Images

1. A method for implementing a digital signature scheme, comprising:

obtaining a digital document;

embedding, with a processor, multiple data fields in the digital document and filling the multiple data fields with filler data to arrive at a final digital document having a final document size;

applying an encrypting hash scheme to the final digital document to obtain a first hash value;

encrypting the first hash value using a first encryption key to obtain a first digital signature; and

substituting a first identifier associated with the first encryption key and the first digital signature for the filler data in a first data field and a second data field of the multiple data fields in the final digital document to obtain a first signed final digital document.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for implementing a digital signature scheme for embedding and validating multiple nested digital signatures in digitally produced documents without modifying a file size of the digitally produced and signed documents or otherwise corrupting previously-embedded digital signatures. A number of fixed fields are included in a digitally produced document, upfront, that will be populated with multiple digital signatures. With the fixed fields in the digitally produced documents, the entire file is cryptographically “hashed” and the individual digital signatures are independently verifiable via simple cryptographic schemes. Multiple digital signatures are embedded in documents including complex file formats in a manner that does not corrupt the documents. Known cryptographic techniques such as, for example, a known hash algorithm, are applied to the digitally produced documents including the multiple sequentially input digital signatures in a process that is independently verifiable.

7 Citations

View as Search Results

21 Claims

1. A method for implementing a digital signature scheme, comprising:
- obtaining a digital document;
  
  embedding, with a processor, multiple data fields in the digital document and filling the multiple data fields with filler data to arrive at a final digital document having a final document size;
  
  applying an encrypting hash scheme to the final digital document to obtain a first hash value;
  
  encrypting the first hash value using a first encryption key to obtain a first digital signature; and
  
  substituting a first identifier associated with the first encryption key and the first digital signature for the filler data in a first data field and a second data field of the multiple data fields in the final digital document to obtain a first signed final digital document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, the first signed final digital document having the final document size.
  - 3. The method of claim 1, the first identifier, the first encryption key and the first digital signature being associated with a document author.
  - 4. The method of claim 1, further comprising:
    - applying the encrypting hash scheme to the first signed final digital document to obtain a second hash value;
      
      encrypting the second hash value using a second encryption key to obtain a second digital signature; and
      
      substituting a second identifier associated with the second encryption key and the second digital signature for the filler data in a third data field and a fourth data field of the multiple data fields in the first signed final digital document to obtain a second signed final digital document.
  - 5. The method of claim 4, the second signed final digital document having the final document size.
  - 6. The method of claim 4, the second identifier, the second encryption key and the second digital signature being associated with a document reviewer.
  - 7. The method of claim 6, the applying of the encrypting hash scheme to the first signed final digital document to obtain the second hash value, the encrypting of the second hash value using the second encryption key to obtain the second digital signature, and the substituting of the second identifier associated with the second encryption key and the second digital signature for the filler data being repeated for multiple document reviewers.
  - 8. The method of claim 6, further comprising:
    - validating the second signed final digital document with the second digital signature, the validating comprising;
      
      temporarily replacing the second identifier associated with the second encryption key and the second digital signature with the filler data previously populating the third data field and the fourth data field to obtain a first review final digital document;
      
      applying the encrypting hash scheme to the first review final digital document to obtain a first review hash value;
      
      encrypting the first review hash value using the second encryption key to obtain a first review digital signature;
      
      comparing the first review digital signature to the second digital signature; and
      
      rejecting the second signed final digital document when the first review digital signature and the second digital signature do not match.
  - 9. The method of claim 8, the validating further comprising:
    - temporarily replacing the first identifier associated with the first encryption key and the first digital signature with the filler data previously populating the first data field and the second data field to obtain a second review final digital document;
      
      applying the encrypting hash scheme to the second review final digital document to obtain a second review hash value;
      
      encrypting the second review hash value using the first encryption key to obtain a second review digital signature;
      
      comparing the second review digital signature to the first digital signature; and
      
      rejecting the second signed final digital document when the second review digital signature and the first digital signature do not match.
  - 10. The method of claim 9, further comprising:
    - sealing the second signed final digital document with the second digital signature when the second signed final digital document is not rejected, the sealing comprising;
      
      reverting to the second signed digital document with the first identifier associated with the first encryption key, the first digital signature, the second identifier associated with the second encryption key and the second digital signature respectively populating the first through fourth data fields;
      
      applying the encrypting hash scheme to the second signed final digital document to obtain a sealing hash value;
      
      encrypting the sealing hash value using a third encryption key that is associated with at least one of a system or an application that performs the digital signature scheme to obtain a sealing digital signature; and
      
      substituting a third identifier associated with the third encryption key and the third digital signature for the filler data in a fifth data field and a sixth data field of the multiple data fields in the second signed final digital document to obtain a sealed digital document.
  - 11. The method of claim 1, the digital document including a complex file format.
  - 12. The method of claim 11, the complex file format being a National Imagery Transmission Format (NITF).

13. A system for implementing a digital signature scheme, comprising:
- an external communication interface via which a digital document is obtained from a system that generates the digital document;
  
  a data field adding and filling device that embeds multiple data fields in the digital document and fills the multiple data fields with filler data to arrive at a final digital document having a final document size; and
  
  a cryptographic scheme implementing device that applies an encrypting hash scheme to the final digital document to obtain a hash value and that encrypts the hash value using an encryption key to obtain a digital signature,the data field adding and filling device substituting an identifier associated with the encryption key and the digital signature for the filler data in a first data field and a second data field of the multiple data fields in the final digital document to obtain a signed final digital document.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, the signed final digital document having the final document size.
  - 15. The system of claim 13, the identifier, the encryption key and the digital signature being associated with a document author.
  - 16. The system of claim 13, the cryptographic scheme implementing device applying the encrypting hash scheme to the signed final digital document to obtain another hash value and encrypting the another hash value using another encryption key to obtain another digital signature, andthe data field adding and filling device substituting another identifier associated with the another encryption key and the another digital signature for the filler data in a third data field and a fourth data field of the multiple data fields in the signed final digital document to obtain a multiply signed final digital document.
  - 17. The system of claim 16, the multiply signed final digital document having the final document size.
  - 18. The system of claim 16, the another identifier, the another encryption key and the another digital signature being associated with a document reviewer.
  - 19. The system of claim 13, further comprising a hash value/data comparing device that temporarily replaces the identifier associated with the encryption key and the digital signature in the first data field and the second data field with the filler data that previously populated those data fields to obtain a temporarily modified digital document,the cryptographic scheme implementing device applying the encrypting hash scheme to the temporarily modified digital document to obtain a comparing hash value and encrypting the hash value using the encryption key to obtain a comparing digital signature, andthe hash value/data comparing device comparing the comparing digital signature to the digital signature to determine whether the digital signatures match.
  - 20. The system of claim 19, further comprising:
    - a document rejecting device that directs that no further processing occur with regard to the digital document when the hash value/data comparing device determines that the signatures do not match.

21. A non-transitory computer-readable medium storing instructions which, when executed by a processor, cause the processor to execute a method for implementing a digital signature scheme, comprising:
- obtaining a digital document;
  
  embedding multiple data fields in the digital document and filling the multiple data fields with filler data to arrive at a final digital document having a final document size;
  
  applying an encrypting hash scheme to the final digital document to obtain a first hash value;
  
  encrypting the first hash value using a first encryption key to obtain a first digital signature; and
  
  substituting a first identifier associated with the first encryption key and the first digital signature for the filler data in a first data field and a second data field of the multiple data fields in the final digital document to obtain a first signed final digital document, andthe first signed final digital document having the final document size.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Original Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Inventors
LOUGHRY, Robert Joseph

Granted Patent

US 8,793,499 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/64 Protecting data integrity, ...

H04L 9/3247 involving digital signatures

NESTED DIGITAL SIGNATURES WITH CONSTANT FILE SIZE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

NESTED DIGITAL SIGNATURES WITH CONSTANT FILE SIZE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links