[go: up one dir, main page]

WO1999040702A1 - Method and apparatus for efficient authentication and integrity checking using hierarchical hashing - Google Patents

Method and apparatus for efficient authentication and integrity checking using hierarchical hashing Download PDF

Info

Publication number
WO1999040702A1
WO1999040702A1 PCT/US1999/002417 US9902417W WO9940702A1 WO 1999040702 A1 WO1999040702 A1 WO 1999040702A1 US 9902417 W US9902417 W US 9902417W WO 9940702 A1 WO9940702 A1 WO 9940702A1
Authority
WO
WIPO (PCT)
Prior art keywords
hash
data
packets
block
hash block
Prior art date
Application number
PCT/US1999/002417
Other languages
French (fr)
Inventor
Stephen Hanna
Radia Perlman
Original Assignee
Sun Microsystems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Microsystems, Inc. filed Critical Sun Microsystems, Inc.
Priority to AU25830/99A priority Critical patent/AU2583099A/en
Priority to EP99905733A priority patent/EP0972374A1/en
Priority to JP54061899A priority patent/JP2001519930A/en
Publication of WO1999040702A1 publication Critical patent/WO1999040702A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • This invention generally relates to data corruption detection and, more particularly, to a method and apparatus for efficient authentication and integrity checking in data processing using hierarchical hashing.
  • Video conferencing is another example of an application that demands the secure transmission of information (video/voice/data).
  • Open networks such as the Internet provide simple and effective means for digital communication. However, such communication can be unintentionally corrupted by network transmission errors or altered by malicious acts.
  • Several conventional techniques guard against these communication problems. These techniques require applying checksums or digital signatures to data before transmission and verifying the checksum or digital signature upon receipt.
  • Checksums values derived from the data, are typically easy to compute. After computing the checksum, a transmitting machine sends the checksum with the data itself. A receiving machine then recalculates the checksum from the received data and compares the calculated checksum with the received checksum. However, a hacker with the ability to modify data likely also has the ability to replace the original checksum with a recalculated checksum that corresponds to the modified data.
  • Digital signatures protect against malicious acts intended to corrupt data but are more expensive than checksums to compute.
  • the protection provided by digital signatures becomes increasingly important in networked environments where data must pass through unguarded points.
  • Digital signatures are often used in a bulk signature format in which a digital signature is applied to a complete data set.
  • the bulk signature format has several drawbacks.
  • the packet-level signature method assigns a digital signature to each individual packet. Although allowing the verification to begin as the individual packets are received making it easy to identify individual corrupted packets, this method requires additional computation and repeated checking of the digital signatures, which is quite time-consuming.
  • a conventional hierarchical hashing technique for neighboring databases on a local area network (LAN) allows a database management system to check if the databases are identical by hashing pieces of the database. The hashes are then hashed, and the final value is broadcast periodically to confirm that all neighbors on the LAN have identical databases. If they do not, the next hash level is compared until the area of the database that differs is located, at which time it can be updated accordingly.
  • Creating a hierarchy of hash values that start with packet hashes of an arbitrary data set and culminate in a single signed block allows a single digital signature to protect the data set from both data corruption and malicious acts that cause errors in data processing. Receiving this hierarchy of hashes before the data also allows the data packets to be quickly verified as they are received.
  • the hierarchical structure used in the method cryptographically protects individual portions of the data and makes it easier to recognize corruption. Systems consistent with the present invention verify portions of the data even if other portions of the data are corrupt or have not yet been received.
  • a computer-implemented data processing method comprises the steps of dividing a data set into packets, hashing the data within each of the packets to produce a hash block including hash values and applying a signature to the hash block.
  • a computer-implemented data processing method comprises the steps of receiving a packet including data, a hash block and a digital signature, verifying the digital signature, hashing the data to produce hash values and comparing the hash values to values in the hash block.
  • FIG. 1 is a schematic block diagram illustrating a computer architecture suitable for use with the present invention
  • FIG.2 is a flowchart of the steps used to digitally sign the hash block in accordance with an implementation of the present invention
  • FIG. 3 is a flowchart of the steps used to verify the data in accordance with an implementation of the present invention.
  • FIG. 4 is a diagram of an example of the hashing of a sample data set and signing of a hash block
  • FIG. 5 is a diagram of a sample hierarchical structure of hash blocks and data based on the data set in Fig. 4.
  • Systems consistent with the present invention generally perform two data processing functions: (1) signing data and (2) verifying data.
  • Such systems generally sign data by creating a hierarchical structure of hash blocks, sequences of hash values, which correspond to the given data. To accomplish this, a data set is divided into packets. A one-way, collision-proof hash function is applied to each packet which will result in a sequence of hash values. These hash values are grouped into packets, referred to as hash blocks. Higher level hash blocks are created by hashing the hash blocks. This process continues until a single hash block small enough to fit in a packet is achieved. The top level hash block, the smallest one, is signed with a digital signature. The hash blocks and data are then transmitted to an intended destination such as a network node.
  • Systems consistent with the present invention generally verify the data set by checking the digital signature on the top level hash block. Once the top level hash block is verified, the next lower level hash block can be verified by comparing the hash of the packets of that hash block against the hashes stored in the top level block. All lower level hash blocks are checked against the next higher level hash blocks in the same manner. Finally, the data is checked against the hash block containing the hashes of the data set. Any given data packet can be checked once all hash blocks above it are received.
  • FIG. 1 is a block diagram that illustrates a computer system 100 upon which an embodiment of the invention may be implemented.
  • Computer system 100 includes a bus 102 or other communication mechanism for communicating information, and a processor 104 coupled with bus 102 for processing information.
  • Computer system 100 also includes a main memory 106, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 101 for storing information and instructions to be executed by processor 104.
  • Main memory 106 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 104.
  • Computer system 100 further includes a read only memory (ROM) 108 or other static storage device coupled to bus 102 for storing static information and instructions for processor 104.
  • ROM read only memory
  • a storage device 110 such as a magnetic disk or optical disk, is provided and coupled to bus 102 for storing information and instructions.
  • Computer system 100 may be coupled via bus 102 to a display 112, such as a cathode ray tube (CRT), for displaying information to a computer user.
  • a display 112 such as a cathode ray tube (CRT)
  • An input device 1 f4 is coupled to bus 102 for communicating information and command selections to processor 104.
  • cursor control 116 is Another type of user input device
  • cursor control 116 such as a mouse, a trackball or cursor direction keys for communicating direction information and command selections to processor 104 and for controlling cursor movement on display 112.
  • This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.
  • the invention is related to the use of computer system 100 for signing data and verifying data.
  • signed or verified data is provided by computer system 100 in response to processor 104 executing one or more sequences of one or more instructions contained in main memory 106.
  • Such instructions may be read into main memory 106 from another computer-readable medium, such as storage device 110.
  • Execution of the sequences of instructions contained in main memory 106 causes processor 104 to perform the process steps described herein.
  • hard- wired circuitry may be used in place of or in combination with software instructions to implement the invention.
  • embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
  • Nonvolatile media includes, for example, optical or magnetic disks, such as storage device 110.
  • Volatile media includes dynamic memory, such as main memory 106.
  • Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 102. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications.
  • Computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
  • Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 104 for execution.
  • the instructions may initially be carried on magnetic disk of a remote computer.
  • the remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem.
  • a modem local to computer system 100 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal.
  • An infra-red detector coupled to bus 102 can receive the data carried in the infra-red signal and place the data on bus 102.
  • Bus 102 carries the data to main memory 106, from which processor 104 retrieves and executes the instructions.
  • the instructions received by main memory 106 may optionally be stored on storage device 110 either before or after execution by processor 104.
  • Computer system 100 also includes a communication interface 118 coupled to bus 102.
  • Communication interface 118 provides a two-way data communication coupling to a network link 120 that is connected to local network 122.
  • communication interface 118 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line.
  • ISDN integrated services digital network
  • communication interface 118 may be a local area network (LAN) card provide a data communication connection to a compatible LAN.
  • LAN local area network
  • Wireless links may also be implemented.
  • communication interface 118 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
  • Network link 120 typically provides data communication through one or more networks to other data devices.
  • network link 120 may provide a connection through local network 122 to a host computer 124 or to data equipment operated by an Internet Service Provider (ISP) 126.
  • ISP 126 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the "Internet" 128.
  • Local network 122 and Internet 128 both use electric, electromagnetic or optical signals that carry digital data streams.
  • the signals through the various networks and the signals on network link 120 and through communication interface 118, which carry the digital data to and from computer system 100, are exemplary forms of carrier waves transporting the information.
  • Computer system 100 can send messages and receive data, including program code, through the network(s), network link 120 and communication interface 118.
  • a server 130 might transmit a requested code for an application program through Internet 128, ISP 126, local network 122 and communication interface 118.
  • one such downloaded application provides the data processing operations described herein. For example, data to be stored on computer-readable medium or transmitted to a remote device may be signed in accordance with the principles of the present invention. Additionally, data retrieved from a computer-readable medium or received from a remote device may be verified in accordance with the principles of the present invention.
  • the received code may be executed by processor 104 as it is received, and/or stored in storage device 110, or other non- volatile storage for later execution. In this manner, computer system 100 may obtain application code in the form of a carrier wave.
  • Systems consistent with the present invention utilize a one-way, collision-proof hash function to transform data of arbitrary length into a fixed length hash value.
  • One-way hash functions also have other characteristics. For example, it is relatively simple to apply the 8 function to a given data set or message to compute the hash value for that set. However, given a hash value it is difficult to determine a data set that would produce the same hash value if the hash function was applied to that data set.
  • collision-resistance means it is unlikely for two random messages to have the same hash value for the same function.
  • collision-resistant hash functions are described in detail in C. Kaufman, R. Perlman, M. Specine, "Network Security: Private Communication in a Public World,” Prentice Hall, 1995.
  • Fig. 2 is a flowchart of the steps used in the signing procedure of hierarchical hashing.
  • Systems consistent with the present invention generally begin the hashing process by dividing the data set into small packets (step 210).
  • the packet boundaries are generally arbitrary but, for more efficient use, should correspond to likely boundaries between good and corrupt data.
  • Network datagram boundaries or disk sectors are examples of suitable boundaries.
  • a collision-proof, one-way hash function is applied to each packet (step 220).
  • Each application of the hash function will produce a single hash value.
  • the application of the hash function to each of the data packets will produce a sequence of hash values. This sequence is called a hash block (step 230).
  • the hash block created by the application of the hash function to the data packets is too large to fit in a single packet along with the digital signature (step 240), the hash block must be further broken down.
  • the hash block itself is divided into packets (steps 245).
  • the hash function is applied to each packet. Once again, the application of the hash function to the packets will produce a sequence of hash values. This new hash block will be smaller than the previous hash block and will be referred to as the next higher level hash block. If the next higher level hash block is too large to fit into a single packet with the digital signature, a new smaller hash block of a higher level is created by repeating steps 220-245.
  • Fig. 5 is the smallest hash block.
  • the hash block from which the top level hash block was created is referred to as the next level down hash block 501, with the complete structure of hash blocks forming a hierarchy of hash blocks 510. If, however, the hash block originally created by the hashing of the data packets (step 230) is small enough to fit in a single packet with the digital signature, there is no need to go through the steps of breaking down the hash block and creating another higher level hash block and the top level hash block remains the only hash block.
  • Systems consistent with the present invention apply a digital signature to the top level hash block packet (step 250). No signature need be applied to any of the other hash blocks or data packets. The single digital signature applied to the top level packet is sufficient to verify all of the data. If extraordinary redundancy is desired, lower level hash blocks may be signed. These signatures would only be used if the top level hash block was corrupted and could not be recovered.
  • the packets are transmitted in order beginning with the top level hash block packet (step 260), followed by each of the larger hash blocks (steps 270, 275, 280), and finally the data (step 280).
  • the hash block packets and the data packets may be intermingled and need not be sent with all hash blocks first, but the top level packet should be sent first and lower level hashes be sent before the data they represent because their contents will need to be checked first, as explained below.
  • the top level hash block packet with the single digital signature, the hierarchy of lower level hash blocks, and the data are sent to a receiver. This is all the information needed to protect the data.
  • Fig. 3 is a flowchart of the steps used in the data receiving and verification procedure for systems consistent with the present invention.
  • the digital signature on the top level packet must be verified first (step 320). If the signature fails this verification step or it is determined that the packet was corrupted during transmission, the top level packet must be repaired or recovered before checking the other packets (steps 330, 335). If lower level hash blocks were signed for extraordinary redundancy, their signatures may be checked in this case to allow verification to proceed. 10
  • step 340 by computing the hash of the packet and comparing it with the hash value stored in the hash block (step 350). If this check fails, the data packet is corrupt and should be repaired or recovered (step 350). Of course the verification process must use the same hash function used to sign the data.
  • the packets of these hash blocks are then received and verified (step 370).
  • the hash function is applied to each packet to derive its hash value.
  • the hash value derived from the received hash block packet is compared with the one stored in the received top level hash block. If the comparison fails, the packet is corrupt and must be repaired or replaced before any packets that depend on this hash block can be verified (step 370).
  • the hashes of the packets of each lower level hash block are compared with the values stored in the hash block in the level above. If this verification step fails, the packet is corrupt and must be repaired or recovered before any packets that depend on this packet can be verified. However, other packets in the hash block can be verified. Examples
  • FIG. 4 is a block diagram of example of the hashing of a sample set of data and signing of a hash block.
  • Figure 5 is a diagram of a sample hierarchical structure of hash blocks and data based on the data in Fig. 4.
  • the packet size and amount of data in this sample is completely arbitrary.
  • additional levels of hash blocks may be utilized depending on the size of the data and the selected hash function.
  • the data values are divided into data packets 402a-f.
  • the present example shows 18 data values, A, though A 18 , divided into six packets with three data values in each packet.
  • a one-way, collision-proof hash function 403 is applied to the data packets 403.
  • the hashing of each data packet results in a single hash value. For instance, the hashing of the data packet A Arlington A 2 , A 3 in this case yields value B,. 11
  • the hash values derived from the data packets, B, through B 6 form a hash block (404).
  • the sequence of hash values in the hash block will not fit in a single packet with a digital signature so they are divided into two packets 404a and b of three hash values: B,, B 2 , and B 3 form one packet 404a and B 4 , B 5 , and B 6 form the second packet 404b.
  • a one-way, collision-proof hash function 405 is then applied to the hash block packets
  • Each hash block packet will form another hash value.
  • the packet B For example, the packet B dislike B 2 , B 3 will create the hash value C,.
  • These hash values, C, and C 2 form another hash block 406. This one, however, is small enough that it does not need to be broken down any further.
  • the last hash block C is signed with a digital signature 407 and results in the top level hash block with a digital signature 408.
  • the signing procedure (Fig. 2) is applied to data sequence 401 to generate top level hash block 408 and the next level hash block 404.
  • Data verification begins with checking the digital signature on the top level hash block 502. If the top level hash block 502 passes this check, the next level hash block 501 is verified.
  • a hash function (not shown) is applied to each packet and compared with the corresponding hash value in the hash block in the level above it. For example, the packets 501a and b of the hash block ⁇ Ol , B, through B 6 , are checked with the values stored in the other hash block 502, C j and C 2 . In the sample in Fig. 5, the hash of the packet Berne B 2 , B 3 would be compared with the value C,.
  • the packet B,, B 2 , B 3 is corrupt and must be repaired or replaced before any packets that depend on it can be verified, in this case, data values A, through A,, 500a-c.
  • the other hash block packet can be verified and remains unaffected by the corruption of the previous hash block packet. For instance, in Fig. 5, even if the first packet 501 a in the hash block, B , , B 2 , B 3 , was damaged, the second packet 501 b in the same hash block, B 4 , B 5 , B 6 , could still be checked by comparison of the hash of the packet 501b with the value C 2 .
  • the data packets are checked in the same manner.
  • the data packet A 10 , A, , , A, 2 would be checked by comparing the hash of the data packet 500d with the value B 4 . If this check fails, the data packet A, 0 , A,,, A 12 , is corrupt. However, the other data packets can still be verified.
  • the data receiving 12 and verification procedure (Fig. 3) is applied to the top level hash block 502 to verify data set 500.
  • data packets may be verified even if the data is sent, received or retrieved out of order.
  • Systems consistent with the present invention need not wait for all of the packets to be delivered to verify a data packet. Any packet can be verified as long as the hash block for that packet has been received and verified. This effectively reduces the delay time to the amount of time required to compute the hash and compare it to the value stored in its corresponding hash block. This delay time is much less than bulk signature's delay time in which all packets must be received before any can be verified.
  • the computational overhead is less than packet-level signature.
  • Hierarchical hashing consistent with the present invention protects against malicious modification of data, while checksums do not. It also allows a single digital signature to apply to an arbitrary amount of data, which packet-level signature does not.
  • the structure permits verification of data as it is received, thus eliminating the delay time of waiting for all of the data to be received as in bulk signature methods.
  • the data can be verified as it is received, systems consistent with the present invention do not have the high computational overhead associated with individual packet signing. Additionally, the data need not be received or sent in any particular order for verification to begin.
  • the hierarchical structure allows for recognition of corrupt individual packets or sections of data.
  • the other packets that are not corrupt can be used and are unaffected by the corrupt packets. Additionally, other packets that are unverified can be verified even though some packets may be corrupt. Corrupt packets can be repaired or recovered while other packets are being checked. Total replacement of the data is not needed as in bulk signature methods, thus creating greater efficiency and reducing time expended. 13
  • systems consistent with the present invention thus allow a single digital signature to protect an arbitrary amount of data, while cryptographically protecting individual portions of the data.
  • a hierarchy of hash values representing the data is built, and the top level of hashes are signed and sent. After receipt, the digital signature on the hash values is checked. The data, upon receipt, is checked against the hash values that corresponded to the data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

In accordance with the present invention a method is provided for signing data and verifying data. Data signing involves dividing a data set into packets, hashing the data within each of the packets to produce a hash block including hash values and applying a digital signature to the hash block. The verifying process involves receiving a packet including data, a hash block and a digital signature, verifying the digital signature, hashing the data to produce hash values and comparing the hash values to values in the hash block.

Description

METHOD AND APPARATUS FOR EFFICIENT AUTHENTICATION AND INTEGRITY CHECKING USING HIERARCHICAL HASHING
BACKGROUND A. Field of the Invention
This invention generally relates to data corruption detection and, more particularly, to a method and apparatus for efficient authentication and integrity checking in data processing using hierarchical hashing.
B. Description of the Related Art Certain types of business activities create the need to transfer information in a secure manner. For instance, banks periodically "backup" their computer files to a remote central database and need to know that these files were successfully copied to the remote database without having been changed or corrupted during the process. Video conferencing is another example of an application that demands the secure transmission of information (video/voice/data).
Open networks such as the Internet provide simple and effective means for digital communication. However, such communication can be unintentionally corrupted by network transmission errors or altered by malicious acts. Several conventional techniques guard against these communication problems. These techniques require applying checksums or digital signatures to data before transmission and verifying the checksum or digital signature upon receipt.
Checksums, values derived from the data, are typically easy to compute. After computing the checksum, a transmitting machine sends the checksum with the data itself. A receiving machine then recalculates the checksum from the received data and compares the calculated checksum with the received checksum. However, a hacker with the ability to modify data likely also has the ability to replace the original checksum with a recalculated checksum that corresponds to the modified data.
Digital signatures protect against malicious acts intended to corrupt data but are more expensive than checksums to compute. The protection provided by digital signatures becomes increasingly important in networked environments where data must pass through unguarded points. Digital signatures are often used in a bulk signature format in which a digital signature is applied to a complete data set. However, the bulk signature format has several drawbacks.
The process of confirming the digital signature operates on the whole data set. Bulk signature algorithms cannot identify the portion of the data that was corrupted. This leads to increased cost since the data, if corrupted, must all be sent again.
If the data is communicated in discrete packets signed with a bulk signature, detecting corruption or invalid packets inserted by a hacker also carries a high cost. It requires waiting for the receipt of at least one copy of each sequence number of packets. At this point, the signature can be checked. The integrity of the bulk signature cannot be checked until all of the packets are received. This aspect creates a time delay relative to the size of the data set. If several packets with the same sequence number and different contents are received, one is a forgery. Then, to detect which one is the valid copy of any given sequence number if a forgery is inserted, each copy of that sequence number would have to be compared with all the valid packets of the sequence. A method called packet-level signature addresses this problem. The packet-level signature method assigns a digital signature to each individual packet. Although allowing the verification to begin as the individual packets are received making it easy to identify individual corrupted packets, this method requires additional computation and repeated checking of the digital signatures, which is quite time-consuming. A conventional hierarchical hashing technique for neighboring databases on a local area network (LAN) allows a database management system to check if the databases are identical by hashing pieces of the database. The hashes are then hashed, and the final value is broadcast periodically to confirm that all neighbors on the LAN have identical databases. If they do not, the next hash level is compared until the area of the database that differs is located, at which time it can be updated accordingly. However, this system does not deal with the application of a single digital signature to protect an arbitrary amount of data against both malicious errors and unintentional errors. Currently, there is no system that allows a single digital signature to apply to an arbitrary amount of data and allows the data to be verified as it is received. There is, therefore, a need for a system that protects against unintentional data corruption and malicious acts that cause errors in data processing and allows data to be checked as it is received. Additionally, the need exists for a system that provides information regarding which section of data was corrupted while keeping a low computational overhead. SUMMARY OF THE INVENTION
Creating a hierarchy of hash values that start with packet hashes of an arbitrary data set and culminate in a single signed block allows a single digital signature to protect the data set from both data corruption and malicious acts that cause errors in data processing. Receiving this hierarchy of hashes before the data also allows the data packets to be quickly verified as they are received. The hierarchical structure used in the method cryptographically protects individual portions of the data and makes it easier to recognize corruption. Systems consistent with the present invention verify portions of the data even if other portions of the data are corrupt or have not yet been received.
In accordance with the present invention, as embodied and broadly described herein, a computer-implemented data processing method comprises the steps of dividing a data set into packets, hashing the data within each of the packets to produce a hash block including hash values and applying a signature to the hash block.
In accordance with another aspect of the present invention, as embodied and broadly described herein, a computer-implemented data processing method comprises the steps of receiving a packet including data, a hash block and a digital signature, verifying the digital signature, hashing the data to produce hash values and comparing the hash values to values in the hash block.
BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the advantages and principles of the invention. In the drawings,
FIG. 1 is a schematic block diagram illustrating a computer architecture suitable for use with the present invention;
FIG.2 is a flowchart of the steps used to digitally sign the hash block in accordance with an implementation of the present invention; 4
FIG. 3 is a flowchart of the steps used to verify the data in accordance with an implementation of the present invention;
FIG. 4 is a diagram of an example of the hashing of a sample data set and signing of a hash block; and FIG. 5 is a diagram of a sample hierarchical structure of hash blocks and data based on the data set in Fig. 4.
DETAILED DESCRIPTION Reference will now be made in detail to a system and method consistent with the present invention. Wherever possible, the same reference numbers will be used throughout the drawings and the following description to refer to the same or like parts.
Overview
Systems consistent with the present invention generally perform two data processing functions: (1) signing data and (2) verifying data. Such systems generally sign data by creating a hierarchical structure of hash blocks, sequences of hash values, which correspond to the given data. To accomplish this, a data set is divided into packets. A one-way, collision-proof hash function is applied to each packet which will result in a sequence of hash values. These hash values are grouped into packets, referred to as hash blocks. Higher level hash blocks are created by hashing the hash blocks. This process continues until a single hash block small enough to fit in a packet is achieved. The top level hash block, the smallest one, is signed with a digital signature. The hash blocks and data are then transmitted to an intended destination such as a network node.
Systems consistent with the present invention generally verify the data set by checking the digital signature on the top level hash block. Once the top level hash block is verified, the next lower level hash block can be verified by comparing the hash of the packets of that hash block against the hashes stored in the top level block. All lower level hash blocks are checked against the next higher level hash blocks in the same manner. Finally, the data is checked against the hash block containing the hashes of the data set. Any given data packet can be checked once all hash blocks above it are received. Computer Architecture
Figure 1 is a block diagram that illustrates a computer system 100 upon which an embodiment of the invention may be implemented. Computer system 100 includes a bus 102 or other communication mechanism for communicating information, and a processor 104 coupled with bus 102 for processing information. Computer system 100 also includes a main memory 106, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 101 for storing information and instructions to be executed by processor 104. Main memory 106 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 104. Computer system 100 further includes a read only memory (ROM) 108 or other static storage device coupled to bus 102 for storing static information and instructions for processor 104. A storage device 110, such as a magnetic disk or optical disk, is provided and coupled to bus 102 for storing information and instructions.
Computer system 100 may be coupled via bus 102 to a display 112, such as a cathode ray tube (CRT), for displaying information to a computer user. An input device 1 f4, including alphanumeric and other keys, is coupled to bus 102 for communicating information and command selections to processor 104. Another type of user input device is cursor control 116, such as a mouse, a trackball or cursor direction keys for communicating direction information and command selections to processor 104 and for controlling cursor movement on display 112. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.
The invention is related to the use of computer system 100 for signing data and verifying data. According to one embodiment of the invention, signed or verified data is provided by computer system 100 in response to processor 104 executing one or more sequences of one or more instructions contained in main memory 106. Such instructions may be read into main memory 106 from another computer-readable medium, such as storage device 110. Execution of the sequences of instructions contained in main memory 106 causes processor 104 to perform the process steps described herein. In an alternative embodiment, hard- wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
The term "computer-readable medium" as used herein refer to any media that participates in providing instructions to processor 104 for execution. Such a medium may take many forms, including but not limited to, non- volatile media, volatile media, and transmission media. Nonvolatile media includes, for example, optical or magnetic disks, such as storage device 110. Volatile media includes dynamic memory, such as main memory 106. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 102. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications.
Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 104 for execution. For example, the instructions may initially be carried on magnetic disk of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 100 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector coupled to bus 102 can receive the data carried in the infra-red signal and place the data on bus 102. Bus 102 carries the data to main memory 106, from which processor 104 retrieves and executes the instructions. The instructions received by main memory 106 may optionally be stored on storage device 110 either before or after execution by processor 104.
Computer system 100 also includes a communication interface 118 coupled to bus 102.
Communication interface 118 provides a two-way data communication coupling to a network link 120 that is connected to local network 122. For example, communication interface 118 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 118 may be a local area network (LAN) card provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, communication interface 118 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
Network link 120 typically provides data communication through one or more networks to other data devices. For example, network link 120 may provide a connection through local network 122 to a host computer 124 or to data equipment operated by an Internet Service Provider (ISP) 126. ISP 126 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the "Internet" 128.
Local network 122 and Internet 128 both use electric, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 120 and through communication interface 118, which carry the digital data to and from computer system 100, are exemplary forms of carrier waves transporting the information. Computer system 100 can send messages and receive data, including program code, through the network(s), network link 120 and communication interface 118. In the Internet example, a server 130 might transmit a requested code for an application program through Internet 128, ISP 126, local network 122 and communication interface 118. In accordance with the invention, one such downloaded application provides the data processing operations described herein. For example, data to be stored on computer-readable medium or transmitted to a remote device may be signed in accordance with the principles of the present invention. Additionally, data retrieved from a computer-readable medium or received from a remote device may be verified in accordance with the principles of the present invention.
The received code may be executed by processor 104 as it is received, and/or stored in storage device 110, or other non- volatile storage for later execution. In this manner, computer system 100 may obtain application code in the form of a carrier wave. Hierarchical Hashing
Systems consistent with the present invention utilize a one-way, collision-proof hash function to transform data of arbitrary length into a fixed length hash value. One-way hash functions also have other characteristics. For example, it is relatively simple to apply the 8 function to a given data set or message to compute the hash value for that set. However, given a hash value it is difficult to determine a data set that would produce the same hash value if the hash function was applied to that data set.
In regards to hash functions, collision-resistance means it is unlikely for two random messages to have the same hash value for the same function. One way and collision-resistant hash functions are described in detail in C. Kaufman, R. Perlman, M. Specine, "Network Security: Private Communication in a Public World," Prentice Hall, 1995.
(1) Signing Data
Fig. 2 is a flowchart of the steps used in the signing procedure of hierarchical hashing. Systems consistent with the present invention generally begin the hashing process by dividing the data set into small packets (step 210). The packet boundaries are generally arbitrary but, for more efficient use, should correspond to likely boundaries between good and corrupt data.
Network datagram boundaries or disk sectors are examples of suitable boundaries.
Once the data is broken into packets, a collision-proof, one-way hash function is applied to each packet (step 220). Each application of the hash function will produce a single hash value. The application of the hash function to each of the data packets will produce a sequence of hash values. This sequence is called a hash block (step 230).
If the hash block created by the application of the hash function to the data packets is too large to fit in a single packet along with the digital signature (step 240), the hash block must be further broken down. The hash block itself is divided into packets (steps 245). The hash function is applied to each packet. Once again, the application of the hash function to the packets will produce a sequence of hash values. This new hash block will be smaller than the previous hash block and will be referred to as the next higher level hash block. If the next higher level hash block is too large to fit into a single packet with the digital signature, a new smaller hash block of a higher level is created by repeating steps 220-245.
The process of breaking down the hash block is repeated until the resulting hash block can fit in a single packet with the digital signature (step 240). This top level hash block 502 (see
Fig. 5) is the smallest hash block. The hash block from which the top level hash block was created is referred to as the next level down hash block 501, with the complete structure of hash blocks forming a hierarchy of hash blocks 510. If, however, the hash block originally created by the hashing of the data packets (step 230) is small enough to fit in a single packet with the digital signature, there is no need to go through the steps of breaking down the hash block and creating another higher level hash block and the top level hash block remains the only hash block. Systems consistent with the present invention apply a digital signature to the top level hash block packet (step 250). No signature need be applied to any of the other hash blocks or data packets. The single digital signature applied to the top level packet is sufficient to verify all of the data. If extraordinary redundancy is desired, lower level hash blocks may be signed. These signatures would only be used if the top level hash block was corrupted and could not be recovered.
In one implementation for data transmission, the packets are transmitted in order beginning with the top level hash block packet (step 260), followed by each of the larger hash blocks (steps 270, 275, 280), and finally the data (step 280). For the fastest verification, however, the hash block packets and the data packets may be intermingled and need not be sent with all hash blocks first, but the top level packet should be sent first and lower level hashes be sent before the data they represent because their contents will need to be checked first, as explained below.
In accordance with the data signing procedure, the top level hash block packet with the single digital signature, the hierarchy of lower level hash blocks, and the data are sent to a receiver. This is all the information needed to protect the data.
(2) Verifying Data
Fig. 3 is a flowchart of the steps used in the data receiving and verification procedure for systems consistent with the present invention. To verify data, the digital signature on the top level packet must be verified first (step 320). If the signature fails this verification step or it is determined that the packet was corrupted during transmission, the top level packet must be repaired or recovered before checking the other packets (steps 330, 335). If lower level hash blocks were signed for extraordinary redundancy, their signatures may be checked in this case to allow verification to proceed. 10
Once a hash block is received and verified, data packets that depend on it may be verified
(step 340) by computing the hash of the packet and comparing it with the hash value stored in the hash block (step 350). If this check fails, the data packet is corrupt and should be repaired or recovered (step 350). Of course the verification process must use the same hash function used to sign the data.
If it is determined that additional hash blocks are expected (step 360), the packets of these hash blocks are then received and verified (step 370). The hash function is applied to each packet to derive its hash value. The hash value derived from the received hash block packet is compared with the one stored in the received top level hash block. If the comparison fails, the packet is corrupt and must be repaired or replaced before any packets that depend on this hash block can be verified (step 370).
If other hash blocks are expected, the hashes of the packets of each lower level hash block are compared with the values stored in the hash block in the level above. If this verification step fails, the packet is corrupt and must be repaired or recovered before any packets that depend on this packet can be verified. However, other packets in the hash block can be verified. Examples
Reference will now be made to Figs. 4 and 5 to explain the procedures for hierarchical hashing and verification using examples. Figure 4 is a block diagram of example of the hashing of a sample set of data and signing of a hash block. Figure 5 is a diagram of a sample hierarchical structure of hash blocks and data based on the data in Fig. 4. In both Figs. 4 and 5, A, (where .=1,2,3...) represents data values while B, and C, represent hash values in different hash blocks. The packet size and amount of data in this sample is completely arbitrary. Thus, additional levels of hash blocks may be utilized depending on the size of the data and the selected hash function.
Given an initial data sequence of data values 401, the data values are divided into data packets 402a-f. The present example shows 18 data values, A, though A18, divided into six packets with three data values in each packet. A one-way, collision-proof hash function 403 is applied to the data packets 403. The hashing of each data packet results in a single hash value. For instance, the hashing of the data packet A„ A2, A3 in this case yields value B,. 11
The hash values derived from the data packets, B, through B6, form a hash block (404). In this example, the sequence of hash values in the hash block will not fit in a single packet with a digital signature so they are divided into two packets 404a and b of three hash values: B,, B2, and B3 form one packet 404a and B4, B5, and B6 form the second packet 404b. A one-way, collision-proof hash function 405 is then applied to the hash block packets
405. Each hash block packet will form another hash value. For example, the packet B„ B2, B3 will create the hash value C,. These hash values, C, and C2, form another hash block 406. This one, however, is small enough that it does not need to be broken down any further. Finally, the last hash block C„ C2, is signed with a digital signature 407 and results in the top level hash block with a digital signature 408. In this manner, the signing procedure (Fig. 2) is applied to data sequence 401 to generate top level hash block 408 and the next level hash block 404.
Data verification begins with checking the digital signature on the top level hash block 502. If the top level hash block 502 passes this check, the next level hash block 501 is verified. A hash function (not shown) is applied to each packet and compared with the corresponding hash value in the hash block in the level above it. For example, the packets 501a and b of the hash block^Ol , B, through B6, are checked with the values stored in the other hash block 502, Cj and C2. In the sample in Fig. 5, the hash of the packet B„ B2, B3 would be compared with the value C,. If the check fails, the packet B,, B2, B3 is corrupt and must be repaired or replaced before any packets that depend on it can be verified, in this case, data values A, through A,, 500a-c. The other hash block packet can be verified and remains unaffected by the corruption of the previous hash block packet. For instance, in Fig. 5, even if the first packet 501 a in the hash block, B , , B2, B3, was damaged, the second packet 501 b in the same hash block, B4, B5, B6, could still be checked by comparison of the hash of the packet 501b with the value C2.
The data packets are checked in the same manner. For example, the data packet A10, A, , , A,2 would be checked by comparing the hash of the data packet 500d with the value B4. If this check fails, the data packet A,0, A,,, A12, is corrupt. However, the other data packets can still be verified. For an arbitrary example, in Fig. 5, even if the fourth packet 500d in the data, A10, A,„ A12, was corrupt, the fifth packet 500e in the data A13, A14, A,5 could still be checked by comparison of the hash of the data packet with the value B5. In this manner, the data receiving 12 and verification procedure (Fig. 3) is applied to the top level hash block 502 to verify data set 500.
According to the present invention, data packets may be verified even if the data is sent, received or retrieved out of order. Systems consistent with the present invention need not wait for all of the packets to be delivered to verify a data packet. Any packet can be verified as long as the hash block for that packet has been received and verified. This effectively reduces the delay time to the amount of time required to compute the hash and compare it to the value stored in its corresponding hash block. This delay time is much less than bulk signature's delay time in which all packets must be received before any can be verified. The computational overhead is less than packet-level signature.
The choice of when to send a hash block can save time. For instance, the second packet in a hash block need not be sent until after the packets that depend on the first packet in the hash block. This implementation can save the delay time of sending all of the hash blocks first. Conclusion Hierarchical hashing consistent with the present invention protects against malicious modification of data, while checksums do not. It also allows a single digital signature to apply to an arbitrary amount of data, which packet-level signature does not. The structure permits verification of data as it is received, thus eliminating the delay time of waiting for all of the data to be received as in bulk signature methods. Although the data can be verified as it is received, systems consistent with the present invention do not have the high computational overhead associated with individual packet signing. Additionally, the data need not be received or sent in any particular order for verification to begin.
The hierarchical structure allows for recognition of corrupt individual packets or sections of data. The other packets that are not corrupt can be used and are unaffected by the corrupt packets. Additionally, other packets that are unverified can be verified even though some packets may be corrupt. Corrupt packets can be repaired or recovered while other packets are being checked. Total replacement of the data is not needed as in bulk signature methods, thus creating greater efficiency and reducing time expended. 13
In summary, systems consistent with the present invention thus allow a single digital signature to protect an arbitrary amount of data, while cryptographically protecting individual portions of the data. To accomplish this, a hierarchy of hash values representing the data is built, and the top level of hashes are signed and sent. After receipt, the digital signature on the hash values is checked. The data, upon receipt, is checked against the hash values that corresponded to the data.
The foregoing description of an implementation of the invention has been presented for purposes of illustration and description. It is not exhaustive and does not limit the invention to the precise form disclosed. Modifications and variations are possible in light of the above teachings or may be acquired from practicing of the invention. The scope of the invention is defined by the claims and their equivalents.

Claims

14WHAT IS CLAIMED IS:
1. A computer implemented data processing method comprising the steps of: dividing a data set into packets; hashing the data within each of the packets to produce a hash block including hash values; and applying a signature to the hash block.
2. The method of claim 1, wherein the applying step includes the substep of appending a digital signature to hash block.
3. The method of claim 1 further comprising the step of: transmitting the data set and hash block.
4. The method of claim 1 , wherein the hashing step includes the substep of determining whether the hash values fit into a single packet.
5. The method of claim 1, wherein the hashing step includes the substep of applying a collision-proof hash function.
6. The method of claim 1 , wherein the hashing step includes the substeps of
(a) separating the hash values into packets; and
(b) applying a hash function to each of the packets.
7. The method of claim 6, further comprising the step of repeating steps (a) and (b) until the resulting hash values fit into a single packet.
8. The method of claim 7, wherein the resulting sequence of hash values from each iteration of the steps (a) and (b) is smaller than the previous sequence of hash values.
9. The method of claim 8, wherein the packet size is large enough to hold at least two hash values.
10. A computer implemented data processing method comprising the steps of: receiving a packet including data, a hash block and a digital signature; verifying the digital signature; hashing the data to produce hash values; and comparing the hash values to values in the hash block. 15
11. A computer implemented data processing method comprising the steps of: signing, with a digital signature, a hash block corresponding to a data set; sending the data and the hash block from a source to a destination; upon receipt at the destination, checking the digital signature on the hash block; applying the hash function to the received data set; and comparing the hashes of the received data with the hash values stored in the hash block.
12. The method of claim 11 , wherein the signing step includes the substep of separating the data set into packets.
13. The method of claim 11, wherein the applying step includes the substep of utilizing a collision-proof hash function.
14. The method of claim 12, wherein the packet size is at least large enough to hold 2 hash values.
15. The method of claim 11 , wherein the signing step includes the substeps of (i) separating the hash block into packets; and (ii) applying a hash function to the packets to create a second hash block.
~ 16. The method of claim 15, wherein the steps (i) and (ii) are repeated until the resulting hash block can fit in a single packet with a digital signature.
17. A data processing apparatus comprising: a dividing component configured to divide a data set into packets; a hashing component configured to hash the data within each of the packets to produce a hash block including hash values; and an applying component configured to apply a signature to the hash block.
18. The apparatus of claim 17, wherein the applying component includes: an appending component configured to append a digital signature to hash block.
19. The apparatus of claim 17 further comprising: a transmitting component configured to transmit the data set and hash block.
20. The apparatus of claim 17, wherein the hashing component includes: a determining component configured to determine whether the hash values fit into a single packet. 16
21. The apparatus of claim 17, wherein the hashing component includes: an applying component configured to apply a collision-proof hash function.
22. The apparatus of claim 17, wherein the hashing component includes:
(a) a separating component configured to separate the hash values into packets; and (b) an applying component configured to apply a hash function to each of the packets .
23. The apparatus of claim 22, further comprising: a performing component configured to perform the functions of components (a) and (b) repeatedly until the resulting hash values fit into a single packet.
24. A data processing apparatus comprising: a receiving component configured to receive a packet including data, a hash block and a digital signature; a verifying component configured to verify the digital signature; a hashing component configured to hash the data to produce hash values; and a comparing component configured to compare the hash values to values in the hash block.
25. A data processing apparatus comprising: a signing component configured to sign, with a digital signature, a hash block corresponding to a data set; a sending component configured to send the data and the hash block from a source to a destination; a checking component configured to, upon receipt at the destination, check the digital signature on the hash block; a applying component configured to apply the hash function to the received data set; and a comparing component configured to compare the hashes of the received data with the hash values stored in the hash block.
26. The apparatus of claim 25, wherein the signing component includes: a signing component configured to divide the data set into packets.
27. The apparatus of claim 25, wherein the applying component includes a component configured to utilize a collision-proof hash function. 17
28. The apparatus of claim 26, wherein the packet size is at least large enough to hold 2 hash values.
29. The apparatus of claim 25, wherein the signing component includes:
(i) a separating component configured to separating the hash block into packets; and (ii) an applying component configured to apply a hash function to the packets to create a second hash block.
30. The apparatus of claim 29, further including a performing component configured to perform the functions of components (I) and (ii) repeatedly until the resulting hash block can fit in a single packet with a digital signature.
31. A computer product comprising a computer readable medium having computer readable code embodied therein for processing data, the computer readable medium comprising: a dividing module configured to divide a data set into packets; a hashing module configured to hash the data within each of the packets to produce a hash block including hash values; and an applying module configured to apply a signature to the hash block.
32. The product of claim 31 , wherein the applying module includes: an appending module configured to append a digital signature to hash block.
33. The product of claim 31 further comprising : a transmitting module configured to transmit the data set and hash block.
34. The product of claim 31 , wherein the hashing module includes: a determining module configured to determine whether the hash values fit into a single packet.
35. The product of claim 31 , wherein the hashing module includes: an applying module configured to apply a collision-proof hash function.
36. The product of claim 31 , wherein the hashing module includes:
(a) a separating module configured to separate the hash values into packets; and
(b) an applying module configured to apply a hash fimction to each of the packets.
37. The product of claim 36, further comprising: a performing module configured to perform the functions of modules (a) and (b) repeatedly until the resulting hash values fit into a single packet. 18
38. A computer product comprising a computer readable medium having computer readable code embodied therein for processing data, the computer readable medium comprising: a receiving module configured to receive a packet including data, a hash block and a digital signature; a verifying module configured to verify the digital signature; a hashing module configured to hash the data to produce hash values; and a comparing module configured to compare the hash values to values in the hash block.
39. A computer product comprising a computer readable medium having computer readable code embodied therein for processing data, the computer readable medium comprising: a signing module configured to sign, with a digital signature, a hash block corresponding to a data set; a sending module configured to send the data and the hash block from a source to a destination; a checking module configured to, upon receipt at the destination, check the digital signature on the hash block; an applying module configured to apply the hash function to the received data set; and a comparing module configured to compare the hashes of the received data with the hash values stored in the hash block.
40. The product of claim 39, wherein the signing module includes: a signing module configured to divide the data set into packets.
41. The product of claim 39, wherein the applying module includes an applying module configured to utilize a collision-proof hash function.
42. The product of claim 40, wherein the packet size is at least large enough to hold 2 hash values.
43. The product of claim 39, wherein the signing module includes:
(i) a separating module configured to separate the hash block into packets; and (ii) an applying module configured to apply a hash function to the packets to create a second hash block. 19
44. The product of claim 43 , further including a performing module configured to perform the functions of modules (I) and (ii) repeatedly until the resulting hash block can fit in a single packet with a digital signature.
45. A data structure stored in a computer readable medium for use by a processor in processing packaged data, the data structure comprising: a plurality of packets, each including data; a hash block including hash values resulting from application of a hash function to the packets of data; and a digital signature appended to the hash block.
46. A data structure having portions capable of being stored separately in a computer readable medium for use by a processor in processing data, the data structure comprising: a plurality of packets, each including data; a first hash block including hash values resulting from application of a hash function to the packets of data, the first hash block being larger than a predetermined size based on the size of a single packet and divided into hash block packets; and
~ a second hash block including hash values resulting from application of a hash function to the packets of hash values of the first hash block, the size of the second hash block being within an acceptable range of the predetermined size.
47. The data structure of claim 46, further comprising: a digital signature appended to the second hash block.
PCT/US1999/002417 1998-02-04 1999-02-04 Method and apparatus for efficient authentication and integrity checking using hierarchical hashing WO1999040702A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU25830/99A AU2583099A (en) 1998-02-04 1999-02-04 Method and apparatus for efficient authentication and integrity checking using hierarchical hashing
EP99905733A EP0972374A1 (en) 1998-02-04 1999-02-04 Method and apparatus for efficient authentication and integrity checking using hierarchical hashing
JP54061899A JP2001519930A (en) 1998-02-04 1999-02-04 Method and apparatus for efficient authentication and integrity check using hierarchical hash

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US1853198A 1998-02-04 1998-02-04
US09/018,531 1998-02-04

Publications (1)

Publication Number Publication Date
WO1999040702A1 true WO1999040702A1 (en) 1999-08-12

Family

ID=21788409

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/002417 WO1999040702A1 (en) 1998-02-04 1999-02-04 Method and apparatus for efficient authentication and integrity checking using hierarchical hashing

Country Status (4)

Country Link
EP (1) EP0972374A1 (en)
JP (1) JP2001519930A (en)
AU (1) AU2583099A (en)
WO (1) WO1999040702A1 (en)

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003512784A (en) * 1999-10-21 2003-04-02 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Video signal authentication system
JP2003521056A (en) * 2000-01-24 2003-07-08 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Protect content from illegal duplication by proving the existence of a complete dataset using security identifiers
EP1195734A4 (en) * 2000-01-21 2004-03-03 Sony Corp Data authentication system
WO2004057796A1 (en) * 2002-12-21 2004-07-08 International Business Machines Corporation Methods, apparatus and computer programs for generating and/or using conditional electronic signatures for reporting status changes
JP2005094712A (en) * 2003-09-19 2005-04-07 Ntt Docomo Inc Structured document signature apparatus, structured document adaptation apparatus, and structured document verification apparatus.
FR2887350A1 (en) * 2005-06-21 2006-12-22 France Telecom Data medium e.g. DVD, content e.g. audio data, securing method for mobile, involves authenticating content by correlation of two control data, if integrity signature is correct, and continuing reading of content if authentication is correct
EP1752906A3 (en) * 2005-07-25 2007-04-25 Canon Kabushiki Kaisha Information processing apparatus and method
US7264958B1 (en) 1999-02-22 2007-09-04 Transgene, S.A. Method for obtaining a purified viral preparation
US7900062B2 (en) 2004-04-02 2011-03-01 Panasonic Corporation Unauthorized contents detection system
US8037312B2 (en) 2007-01-22 2011-10-11 Fujitsu Limited Method and apparatus for digital signature authentication, and computer product
US8204213B2 (en) 2006-03-29 2012-06-19 International Business Machines Corporation System and method for performing a similarity measure of anonymized data
US20130054974A1 (en) * 2011-08-24 2013-02-28 Electronics And Telecommunications Research Institute Packet source authentication method using single-buffered hash in multicast environment and apparatus for the same
US8589688B2 (en) 2005-11-04 2013-11-19 Nec Corporation Message authentication device, message authentication method, message authentication program and storage medium therefor
EP2672419A1 (en) * 2012-06-07 2013-12-11 cp.media AG Method for producing a secured data object and system
EP2080311A4 (en) * 2006-10-16 2014-10-29 Acer Cloud Technology Inc SECURE DEVICE AUTHENTICATION SYSTEM, AND METHOD
US8949600B2 (en) 2006-10-27 2015-02-03 Qualcomm Incorporated Composed message authentication code
WO2015090678A1 (en) * 2013-12-19 2015-06-25 Siemens Aktiengesellschaft Method and device for digitally signing a file
US10361865B2 (en) 2017-01-30 2019-07-23 Cisco Technology, Inc. Signature method and system
US10412069B2 (en) 2015-01-19 2019-09-10 Mitsubishi Electric Corporation Packet transmitting apparatus, packet receiving apparatus, and computer readable medium
US10469266B2 (en) 2016-10-06 2019-11-05 Cisco Technology, Inc. Signature method and system
US10496670B1 (en) * 2009-01-21 2019-12-03 Vmware, Inc. Computer storage deduplication
US11170583B2 (en) * 2018-01-15 2021-11-09 Kabushiki Kaisha Toshiba Electronic apparatus, method and server and method for verifying validity of log data of vehicle
US11407218B2 (en) 2019-02-06 2022-08-09 Hewlett-Packard Development Company, L.P. Identifying random bits in control data packets
US11840075B2 (en) 2019-02-06 2023-12-12 Hewlett-Packard Development Company, L.P. Emulating parameters of a fluid ejection die
US11912025B2 (en) 2019-02-06 2024-02-27 Hewlett-Packard Development Company, L.P. Issue determinations responsive to measurements
US12240231B2 (en) 2019-02-06 2025-03-04 Hewlett-Packard Development Company, L.P. Integrated circuit with address drivers for fluidic die
US12403689B2 (en) 2019-02-06 2025-09-02 Hewlett-Packard Development Company, L.P. Print component with memory array using intermittent clock signal

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4137370B2 (en) * 2000-12-19 2008-08-20 株式会社リコー Secure electronic media management method
JP2005354217A (en) 2004-06-08 2005-12-22 Sony Corp Information output processor, information input processor, information processing system, and information processing method
JP5002205B2 (en) * 2006-07-10 2012-08-15 任天堂株式会社 Data authentication method and data authentication system
CN101507178A (en) * 2006-08-28 2009-08-12 三菱电机株式会社 Data processing system, data processing method, and program
JP4869845B2 (en) * 2006-09-14 2012-02-08 Kddi株式会社 Digital broadcast content distribution apparatus, digital broadcast content authentication system, digital broadcast content authentication method and program
JP4938409B2 (en) * 2006-10-13 2012-05-23 Kddi株式会社 Digital broadcast content distribution apparatus, digital broadcast content authentication system, digital broadcast content authentication method and program
KR101356736B1 (en) * 2007-01-19 2014-02-06 삼성전자주식회사 Contents providing apparatus and method and contents using apparatus and method for checking integrity of contents, and contents providing apparatus and method for revocating contents using apparatus
JP5315422B2 (en) * 2012-01-10 2013-10-16 任天堂株式会社 Data authentication method and data authentication system
CN109361734B (en) * 2018-09-18 2021-04-20 百度在线网络技术(北京)有限公司 Data processing method, device, equipment and medium for block chain
CN113365839B (en) 2019-02-06 2022-12-06 惠普发展公司,有限责任合伙企业 Data packet including random number for controlling fluid dispensing device
US11254153B2 (en) 2019-02-06 2022-02-22 Hewlett-Packard Development Company, L.P. Modifying control data packets that include random bits

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0752786A1 (en) * 1995-07-07 1997-01-08 Thomson Consumer Electronics, Inc. Apparatus and method for authenticating transmitted applications in an interactive information system
EP0781003A2 (en) * 1995-12-22 1997-06-25 General Instrument Corporation Of Delaware Generation of cryptographic signatures using hash keys

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0752786A1 (en) * 1995-07-07 1997-01-08 Thomson Consumer Electronics, Inc. Apparatus and method for authenticating transmitted applications in an interactive information system
EP0781003A2 (en) * 1995-12-22 1997-06-25 General Instrument Corporation Of Delaware Generation of cryptographic signatures using hash keys

Cited By (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7264958B1 (en) 1999-02-22 2007-09-04 Transgene, S.A. Method for obtaining a purified viral preparation
JP2003512784A (en) * 1999-10-21 2003-04-02 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Video signal authentication system
JP4795594B2 (en) * 1999-10-21 2011-10-19 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Video signal authentication system
US7669052B2 (en) 2000-01-21 2010-02-23 Sony Corporation Authentication and encryption utilizing command identifiers
US7373506B2 (en) 2000-01-21 2008-05-13 Sony Corporation Data authentication system
US8375206B2 (en) 2000-01-21 2013-02-12 Sony Corporation Authentication and encryption utilizing command identifiers
EP1195734A4 (en) * 2000-01-21 2004-03-03 Sony Corp Data authentication system
JP2003521056A (en) * 2000-01-24 2003-07-08 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Protect content from illegal duplication by proving the existence of a complete dataset using security identifiers
JP2011061845A (en) * 2000-01-24 2011-03-24 Koninkl Philips Electronics Nv Protecting content from illicit reproduction by proof of existence of complete data set using security identifier
US8862886B2 (en) 2002-12-21 2014-10-14 International Business Machines Corporation Methods, apparatus and computer programs for generating and/or using conditional electronic signatures for reporting status changes
US9306752B2 (en) 2002-12-21 2016-04-05 International Business Machines Corporation Generation of a digital signature
US10637667B2 (en) 2002-12-21 2020-04-28 International Business Machines Corporation Generation of a digital signature
WO2004057796A1 (en) * 2002-12-21 2004-07-08 International Business Machines Corporation Methods, apparatus and computer programs for generating and/or using conditional electronic signatures for reporting status changes
JP2005094712A (en) * 2003-09-19 2005-04-07 Ntt Docomo Inc Structured document signature apparatus, structured document adaptation apparatus, and structured document verification apparatus.
US7900062B2 (en) 2004-04-02 2011-03-01 Panasonic Corporation Unauthorized contents detection system
US8972737B2 (en) 2004-04-02 2015-03-03 Panasonic Intellectual Property Management Co., Ltd. Unauthorized contents detection system
US8261084B2 (en) 2004-04-02 2012-09-04 Panasonic Corporation Unauthorized contents detection system
US8667291B2 (en) 2004-04-02 2014-03-04 Panasonic Corporation Unauthorized contents detection system
US9270470B2 (en) 2004-04-02 2016-02-23 Panasonic Intellectual Property Management Co., Ltd. Unauthorized contents detection system
WO2006136559A3 (en) * 2005-06-21 2007-04-05 France Telecom Method for securing a content stored on a data medium based on the verification of an integrity signature, computer program, and corresponding device and data medium
FR2887350A1 (en) * 2005-06-21 2006-12-22 France Telecom Data medium e.g. DVD, content e.g. audio data, securing method for mobile, involves authenticating content by correlation of two control data, if integrity signature is correct, and continuing reading of content if authentication is correct
EP1752906A3 (en) * 2005-07-25 2007-04-25 Canon Kabushiki Kaisha Information processing apparatus and method
US7958361B2 (en) 2005-07-25 2011-06-07 Canon Kabushiki Kaisha Information processing apparatus and method
US8589688B2 (en) 2005-11-04 2013-11-19 Nec Corporation Message authentication device, message authentication method, message authentication program and storage medium therefor
US8204213B2 (en) 2006-03-29 2012-06-19 International Business Machines Corporation System and method for performing a similarity measure of anonymized data
EP2080311A4 (en) * 2006-10-16 2014-10-29 Acer Cloud Technology Inc SECURE DEVICE AUTHENTICATION SYSTEM, AND METHOD
US8949600B2 (en) 2006-10-27 2015-02-03 Qualcomm Incorporated Composed message authentication code
US8037312B2 (en) 2007-01-22 2011-10-11 Fujitsu Limited Method and apparatus for digital signature authentication, and computer product
US10496670B1 (en) * 2009-01-21 2019-12-03 Vmware, Inc. Computer storage deduplication
US11899592B2 (en) 2009-01-21 2024-02-13 Vmware, Inc. Computer storage deduplication
US8832451B2 (en) * 2011-08-24 2014-09-09 Electronics And Telecommunications Research Institute Packet source authentication method using single-buffered hash in multicast environment and apparatus for the same
US20130054974A1 (en) * 2011-08-24 2013-02-28 Electronics And Telecommunications Research Institute Packet source authentication method using single-buffered hash in multicast environment and apparatus for the same
DE102012104947A1 (en) * 2012-06-07 2013-12-12 cp.media AG Method of creating a secured data object and system
DE102012104947B4 (en) * 2012-06-07 2016-06-30 cp.media AG Method of creating a secured data object and system
US9514307B2 (en) 2012-06-07 2016-12-06 cp.media AG Method for producing a secured data object and system
KR20130137566A (en) * 2012-06-07 2013-12-17 시피 미디어 아게 Method for producing a secured data object and system
KR102052347B1 (en) 2012-06-07 2019-12-05 시피 미디어 아게 Method for producing a secured data object and system
EP2672419A1 (en) * 2012-06-07 2013-12-11 cp.media AG Method for producing a secured data object and system
CN105830087A (en) * 2013-12-19 2016-08-03 西门子公司 Method and device for digital signature of documents
WO2015090678A1 (en) * 2013-12-19 2015-06-25 Siemens Aktiengesellschaft Method and device for digitally signing a file
US10412069B2 (en) 2015-01-19 2019-09-10 Mitsubishi Electric Corporation Packet transmitting apparatus, packet receiving apparatus, and computer readable medium
US10469266B2 (en) 2016-10-06 2019-11-05 Cisco Technology, Inc. Signature method and system
US10361865B2 (en) 2017-01-30 2019-07-23 Cisco Technology, Inc. Signature method and system
US11170583B2 (en) * 2018-01-15 2021-11-09 Kabushiki Kaisha Toshiba Electronic apparatus, method and server and method for verifying validity of log data of vehicle
US11407218B2 (en) 2019-02-06 2022-08-09 Hewlett-Packard Development Company, L.P. Identifying random bits in control data packets
US11840075B2 (en) 2019-02-06 2023-12-12 Hewlett-Packard Development Company, L.P. Emulating parameters of a fluid ejection die
US11912025B2 (en) 2019-02-06 2024-02-27 Hewlett-Packard Development Company, L.P. Issue determinations responsive to measurements
US12130280B2 (en) 2019-02-06 2024-10-29 Hewlett-Packard Development Company, L.P. Identifying random bits in control data packets
US12240231B2 (en) 2019-02-06 2025-03-04 Hewlett-Packard Development Company, L.P. Integrated circuit with address drivers for fluidic die
US12403689B2 (en) 2019-02-06 2025-09-02 Hewlett-Packard Development Company, L.P. Print component with memory array using intermittent clock signal

Also Published As

Publication number Publication date
AU2583099A (en) 1999-08-23
EP0972374A1 (en) 2000-01-19
JP2001519930A (en) 2001-10-23

Similar Documents

Publication Publication Date Title
WO1999040702A1 (en) Method and apparatus for efficient authentication and integrity checking using hierarchical hashing
US10068090B2 (en) Systems and methods for detecting undesirable network traffic content
US7020835B2 (en) Enhancements to data integrity verification mechanism
US6611925B1 (en) Single point of entry/origination item scanning within an enterprise or workgroup
US6145012A (en) Apparatus and method for efficiently updating files in computer networks
US8316240B2 (en) Securing computer log files
US7231564B2 (en) Data block location verification
US7970821B2 (en) Device and method for updating code
EP0966708B1 (en) Method for identifying validity of an executable file description
US5633931A (en) Method and apparatus for calculating message signatures in advance
US7165076B2 (en) Security system with methodology for computing unique security signature for executable file employed across different machines
US6668262B1 (en) Methods and apparatus for modifying a database
KR19980042805A (en) Methods, devices and products to verify that the data in the data file is genuine
CN114138562B (en) Method and system for restoring data based on backup system
US7685174B2 (en) Automatic regeneration of computer files
US20020191785A1 (en) Apparatus and method for encrypting and decrypting data with incremental data validation
US7389538B2 (en) Static code image modeling and recognition
CN110968899B (en) Data blocking confirmation method, device, equipment and medium based on block chain
US5822431A (en) Virtual authentication network for secure processors
CN1851659A (en) Method for verifying data between main device and back-up device
CN112131041A (en) Method, apparatus and computer program product for managing data placement
EP1168165A2 (en) Device and method for updating code
CN113806780A (en) Block chain-based partially variable information storage method and device
CN116185449A (en) Plug-in upgrading method, device, system and terminal equipment
JP2002006739A (en) Authentication information generation device and data verification device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 1999905733

Country of ref document: EP

ENP Entry into the national phase

Ref country code: JP

Ref document number: 1999 540618

Kind code of ref document: A

Format of ref document f/p: F

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWP Wipo information: published in national office

Ref document number: 1999905733

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 1999905733

Country of ref document: EP