• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    Some embodiments of the invention provide a method for verifying the integrity of digital information. In a source of the digital information, the method generates a signature for the digital information by applying a hashing function to a special part of the digital information, the special part being less than the total digital information. The method provides a unit with the signature and the digital information. . In the device, the method applies the hashing function to the special part of the digital information to verify the transmitted signature and thereby verify the integrity of the transmitted digital information.
    公开号:SE535797C2
    申请号:SE1150067
    申请日:2007-03-13
    公开日:2012-12-27
    发明作者:Augustin J Farrugia;Jean-Francois Riendeau
    申请人:Apple Inc;
    IPC主号:
    专利说明:

    535 797 fundamental property of all "hash functions" is that if two "hashes" are different then the two input data were different in some respect. When two hashes are identical for two different input data, a hash collision occurs. It is important in an encryption system that the hash function has a very low collision probability.
    Traditional privacy verification procedures are computationally intensive, especially for portable devices with limited computational resources. For this reason, there is a need in this technology for a privacy verification procedure that is less computationally intensive. It would be ideal if such a process allowed a portable device to quickly verify the integrity of a digital information it receives.
    SUMMARY OF THE INVENTION Some embodiments of the invention provide a method for verifying the integrity of a digital information. In a source of the digital information, the method generates a signature for the digital information by applying a hashing function to a special part of the digital information, the special part being smaller than the total digital information. The method provides a device with the signature and the digital information. In the device, the method applies the hashing function to the special part of the digital information to verify the integrity of the transmitted signature and then verify the integrity of the transmitted digital information.
    - The special part of the digital information includes olika your different sections of the digital information. In some embodiments, the method configures the source and device to select a predetermined set of sections of the digital information as the particular portion of the digital information. The device includes in some embodiments a read-only memory that (1) stores code for identifying the particular part, and (2) stores the hashing function.
    In some embodiments, the method generates a signature for the digital information at the source by (1) applying the hashing function to the particular part to generate a hash digest, and then (2) generating the signature from the hash digest. The method can be implemented in either an asymmetric or symmetric procedure for irrationality verification. In some embodiments, for example, the method applies the hashing function to the device by (1) applying the hashing function to the particular part to generate a hash digest, and (2) transferring the digest and the received signature to a signature verifying process that determines the authenticity of the hash. The signature based on the digest provided. In some embodiments, the method alternatively applies the hashing function to the device by (l) generating a second signature based on the hash digest, and (2) comparing the first and second signatures to determine the integrity of the transmitted digital information.
    The source of the digital information can be different in different embodiments. For example, the source may be the author of the information, distributor, etc. The device that receives the digital information may also be different in different embodiments.
    Examples of such a device include a portable audio / video player (eg iPod), a laptop, a mobile phone, etc. The digital information may also be different in different embodiments. The digital information can Lex. be firmware updates to the operating system of the device, third-party applications to run on the device, audio / video files to be played on the device, etc.
    DESCRIPTION OF THE DESIGN The new properties of the invention are set out in the appended claims. For a more detailed explanation, however, a number of embodiments are described in the following figures.
    Figure 1 shows a system for integrity verification according to some embodiments of the invention.
    Figure 2 shows another system for integrity verification according to some embodiments of the invention.
    Figure 3 shows a DRM system which implements the system for integrity verification according to some embodiments of the invention.
    Figure 4 shows an integrity verification procedure performed using one or more of your DRM servers in some embodiments of the invention.
    Figure 5 shows a method of integrity verification performed by means of a portable multimedia unit in some embodiments of the invention.
    Figure 6 shows a diagram of a computer system that conceptually illustrates the components of a typical DRM server, user computer or portable device implementing some embodiments of the invention. DETAILED DESCRIPTION OF THE INVENTION In the following description, a number of details will be included to facilitate the explanation. However, those skilled in the art will appreciate that the invention may be practiced without the use of these particular details. In other cases, well-known structures and units are shown in the form of the block diagram so as not to burden the description of the invention with unnecessary details.
    I. OVERVIEW Some embodiments of the invention provide a method for verifying the integrity of a digital information. In a source of the digital information, the method generates a signature for the digital information by applying a hashing function to a special part of the digital information, the special part being smaller than the total digital information. The method provides a device with the signature and the digital information. In the device, the method applies the hashing function to the special part »of the digital information in order to verify the integrity of the transmitted signature and thereby verify the integrity of the transmitted digital information.
    The special part of the digital information includes olika your different sections of the digital information. In some embodiments, the method configures the source and device to select a predetermined set of sections of the digital information as the particular portion of the digital information. The device includes in some embodiments a read-only memory that (1) stores code for identifying the particular part, and (2) stores the hashing function.
    In some embodiments, the method generates a signature for the digital information at the source by (l) applying the hashing function to the particular part to generate a hash digest, and then (2) generating the signature from the hash digest. The method can be implemented in either an asymmetric or symmetric integrity verification procedure. In some embodiments, for example, the method applies the hashing function to the device by (l) applying the hashing function to the particular part to generate a hash digest, and (2) transferring the digest and the received signature to a signature verifying process that determines the authenticity of the signature based on the provided digest. In some embodiments, the method alternatively applies the hashing function to the device by (1) generating a second signature based on the hash digest, and (2) comparing the first and second signatures to determine the integrity of the transmitted digital information. 10 15 20 25 30 '35 535 797 The source of the digital information may be different in different embodiments. For example, the source may be the author of the information, distributor, etc. The device that receives the digital information may also be different in different embodiments.
    Examples of such a device include a portable audio / video player (Lex. IPod), a laptop, a mobile phone, etc. The digital information may also be different in different embodiments. The digital information can e.g. be firmware updates to the operating system of the device, third-party applications to 'run on the device, audio / video files to be played on the device, etc.
    II. SYSTEMS FOR INTEGRITY VERIFICATION ACCORDING TO SOME EMBODIMENTS Figure 1 conceptually shows a more detailed version of an integrity verification system 100 for any embodiment of the invention. As shown in this figure, this system includes a source unit for digital information 1 and an information receiving unit 115. As shown in Figure 1, the source unit for digital information 110 transmits at least one block of digital information 105 to the information receiving unit 115. An information source is any party involved in the creation of the information, its sale or distribution. Examples of such a party include the source of the information, the seller, the distributor, etc. The source unit for digital information 110 may consist of one or more of your stationary or portable devices, computers, servers, etc. As shown in Figure 1, the source unit for digital information 110 performs a hashing. procedure 120 and a signature generation procedure130. The hashing procedure 120 applies a hash function to a portion of the digital information 105. This portion is a special pattern of bits. 125 which is shown conceptually as blackened sections of the digital information 105 in Figure 1.
    In some embodiments, this bit pattern is specified in a manner that (for example, by the digital information source unit 1, by a DRM server controlling the unit 110, etc.) ensures that sufficient digital information is hashed to achieve three goals. First, the bit pattern must be specified so that manipulation of the digital information requires manipulation of one of the sections being hashed, which would reveal the manipulation because the manipulation would change the following signature. Second, the bit pattern must be specified so that two different pieces of digital information hashed by procedure 120 do not collide (that is, do not produce the same hash).
    Third, since the information receiving unit 115 will use the same bit pattern for its hashing procedure, the bit pattern should use the minimum number of bits needed to meet the two thirst targets, so that the hashing procedure will make minimal use of the computational resources of the information receiving unit 1 15.
    The hashing procedure 120 is in some embodiments configured to select the bit pattern 125 quasi-randomly, or systematically (eg, based on an ordered pattern of bits) in other forms of teaching. In some embodiments, e.g. the digital information consists of object code of a program (such as the operating system of the information receiving unit 115, a third party application running on the information receiving unit 115, etc.) In some of these embodiments the code includes a set of op-codes (that is, instruction codes) and none or your operands (that is, none or your data bits) for each op-code. Thus, some of these embodiments apply the hash function to as much of the op-codes and operands as are needed to maximize the detection of tampering, minimize hash collisions, and minimize the use of computational resources.
    In some embodiments, e.g. the information receiving device an ARM microprocessor. In such a microprocessor, each row of object code (which includes an op code and its associated operand) is called a microprocessor operation unit (MOU), which has a statistical length of four bytes. Some embodiments therefore use the four-byte distance to identify the boundary between each line of code, and then use this information to select one or more bytes from each MOU. The selection of changes from each MOU can be performed in different ways in different embodiments. Some embodiments include a quasi-random mixture of opcodes and operands in the bit pattern to be hashed. Other embodiments may only include op-codes (for example, most or all op-codes) in a code snippet, which is hashed and signed.
    Still other embodiments can select a specific byte (for example, always the first one) in each instruction line. Some embodiments use a secret function, which for. each MOU produces an integer module for the MOU length and then selects the section or sections of the MOU that correspond to that module. Other embodiments may utilize other microprocessors such as microprocessors provided by Motorola Corporation, Intel Corporation, AMD Corporation, IBM i Corporation, etc.
    In various embodiments, the hashirig procedure applies 120 different hashing functions to the particular portion of the digital information. Examples of hashing functions that are used in various embodiments include MDS, SHA-1, etc. Hashing functions can be used with or without a key (i.e. hashing functions can be keyed hashing functions). functions).
    As mentioned above, a hashing function is a transformation that typically takes a form of data (such as a text form) and transfers it to a distorted output called digest or hash. The digest typically has a certain number of bits, which serves as a unique "fi fingerprint" for the original information. If the original message is changed and hashas again, a very high digest is likely to be produced. Hash functions can thus be used to detect altered and forged documents. They provide message integrity, which assures the information recipient that the information has not been altered or distorted.
    As shown in Figure 1, the signature generator 130 receives digests, which the hashing function in the hashing procedure 120 produces. The signature generator 130 produces a signature 147 for the information 105 from the received digest 145. To produce such a signature, the generator 130 may use any of a number of known techniques such as: SHA-1, MD5 MAC.
    In the system 100, the digital information 105 and the generated signature 147 are transmitted to the information receiving unit 115, as shown in Fig. 1. Different embodiments transmit this data to the receiving unit 115 in different ways. Some embodiments, for example, distribute this data via a communication network such as a LAN, WAN or a network of networks (for example, the Internet). In addition, the information receiving unit 115 may receive this data via a network directly from the author, seller or distributor of the information or indirectly via one or more of its interconnected servers, such as one or three of its DRM servers, information-caching servers, etc.
    An recipient of information is each party involved in the use or distribution of the information. Examples of such a party include the information user, distributor, etc. The information receiving device 1.15 may be a stationary or portable device, computer, server, audio / video player, a communication device (for example telephone, pager, text messenger, etc.) , fi ckdator, etc.
    In the system 100, the source unit for digital information 110 and the information receiving unit 115 utilize an asymmetric method for privacy verification. The information receiving unit 115 thus performs two methods, a hashing procedure 135 and a signature verification procedure 140.
    The hashing procedure 135 applies the same hash function to the same sections of the digital information 105 as the hashing procedure 120 in the digital information source unit 110. In particular, in some embodiments, the hashing procedure 135 in the receiving unit 115 is configured to select the same bit pattern in the digital information 105 as the hashing procedure 120 in the digital information source unit 110. Figure 1 illustrates this conceptually by showing that the hashing procedures 120 and 135 utilize identical blackened bit patterns 125 in the digital information 105.
    The selection of the hashing procedure 135 can be made in a quasi-random or systematic manner which leads to the selection of the same bit pattern as in the hashing procedure 120. The application of the hashing function in the hashing procedure 135 to the information 105 provides a digest 149. This digest should be identical to the digest 145 generated by the hashing function in the hashing procedure 120 as the digital information received by procedures 120 and 135 is the same, since both procedures select the same set of sections of the digital information.
    As shown in Figure 1, the signature generator 140 receives the digest 149 produced by the hashing function in the hashing procedure 135. The signature verifier 140 also receives the signature 147 generated by the signature generator 130 in the source unit of digital information 110. The verifier 140 then determines whether the received signature 147 is the correct signature of the received digital information 105 by determining whether the signature 147 is correct for the digest 149. To determine if the signature 147 is correct for the digester 149, the verifier 140 may use any of a number of known techniques, such as SHA-1 or MDS.
    Based on the comparison between the digester 149 and the signature 147, the verifier 140 then delivers an integrity check value 151. This value specifies whether the received signature 147 is the correct signature for the received digital information 105. In some embodiments, e.g. the privacy check value is a Boolean value, which is true when the integrity of the digital information has been verified (that is, the received signature corresponds to the received digital information), and is false when the integrity of the digital information has not been verified. In other embodiments, the integrity check value is any other type of binary value, with a value indicating that the integrity of the digital information has been verified and the other value indicating that the integrity of the digital information has not been verified. The integrity check will specify that the integrity of the information is not verified when one or your portions of the digital information have been tampered with after the signature 147 has been generated and these portions include one or two of the information sections used to generate the hash digests 145 and 149.
    Other execution forms can be implemented in other privacy verification systems. Figure 2 shows, for example, an embodiment of the invention in a symmetrical system for integrating verification 200. The system 200 is similar to the system 100 except that its information receiving unit 1 does not include the asymmetric signature verifier 140 but includes a signature generator 240 and a symmetric signature verifier 250. Like the signature generator 130 in the digital information source unit 110, the signature generator 240 generates a signature 253 from the hash digest 149 which it receives. The generated signature 253 is then transferred to the signature verifier 250 together with the received signature 147. The verifier 250 then compares the two signatures to specify the integrity check value 151. The integrity check value 151 indicates that the received digital information has not been manipulated as the two signatures 147 and 253 correspond. Since these two signatures do not correspond to each other, the integrity check value indicates that the information has been tampered with (i.e., the received signature 147 does not correspond to the received digital information).
    To conceptually illustrate that different parts of the digital information can be hashed in different embodiments or for different parts of the information, Figure 2 shows a different black bit pattern 225 in the information 105 than the pattern shown in Figure 1. The welded sections in Figure 2 have different lengths. to conceptually illustrate that sections of different sizes can be hashed in some embodiments of the invention.
    III. DRM SYSTEM IMPLEMENTING SYSTEM FOR INTEGRITY VERIFICATION ACCORDING TO SOME EMBODIMENTS The system for integrity verification according to some embodiments is implemented in a DRM system, which distributes information in a way that ensures the legal use of the information. As shown in Figure 3, the DRM system 300 includes a set of DRM servers 310 that distribute information to a set of N user computers 315. The set of servers 310 is connected to the user computers 315 via a computer network 320, such as a LAN, WAN, a network of network 10 15 20 25 30 35 535 797 10 (for example, Internet), etc. Each user computer 315 is connected to a set of one or more portable multimedia devices 330.
    Through the network connection, the user computers 315 communicate with the set of DRM servers 310 to purchase, obtain a license for, update or otherwise receive information in certain embodiments. Thus, while in some embodiments, the set of DRM servers 310 sells or licenses information to the user computers, this set does not sell or license the information in other embodiments. In some embodiments, the set of DRM servers 310 only performs the distribution of information to authorized computers without any financial interest.
    In some embodiments, the set of DRM servers 310 includes an information caching server that delivers encrypted information to a user computer 310 via the network 320 after another DRM server 310 has determined that the computer 310 is entitled to the information. In some embodiments, the .300 system utilizes a number of caching servers to store information at various locations in the network to increase the speed and efficiency of downloading information over the network; As mentioned above, a user computer 315 communicates with the set of DRM servers 310 to purchase, obtain a license for, update or otherwise receive information over the network 320. In some embodiments, the set of DRM servers 310 transmits a signature for an amount of information that is distributed to a user computer 315, the signature being generated by hashing only a portion of the information, according to some embodiments of the invention.
    Figure 3 shows in particular a user computer 15 15a which sends a request for an amount of information "A" to the set of DRM servers 310. This request may be a request for purchase, for obtaining a license for, or otherwise accessing the information. Alternatively, when the information is an application or operating system running on the user computer or one of its associated multimedia devices 330, the request may be a request for an update to the application or operating system.
    This request may be an explicit request or an implicit request in an update check procedure performed on the user computer 315, which with or without user intervention searches for updates to the application or operating system. As shown in Figure 3, the set of DRM servers 310 receives requests for the information A from the user computer 3 1 Sa. One or more of the DRM computers then perform in the procedure 400 illustrated in Figure 4 to generate a signature for the requested information A. As shown in Figure 4, the procedure 400 initially generates (at 405) a digest by applying a hash function on only a part of the requested information A. Application of a hash function to only a part of an amount of information has been described in sections I and II above. As mentioned above and further described below, the procedure 400 applies the hash function to the same part of the information A as the hashing functions of the user computer 31Sa and its associated multimedia unit 330a.
    After applying the hashing function at 405, the procedure 410 (at 410) generates a signature based on the hash digest generated at 405. Generation of a signature based on the hash digest has been described above in sections 1 and 11. After generating the signature at 410, the procedure transmits the requested information A and its associated signature to the user computer 315a, and then terminates.
    In some embodiments, the user computer 31 l Sa uses the transmitted signature to verify the integrity of the received information A. To do this, the user computer 31 Sa generates a hash gesture for the information A by applying the hashing function to the same part of the information A as the hashing function in the set of DRM servers 310. It then utilizes this digest to verify the integrity of the signature by using an asymmetric signature verifying method (as shown in Figure 1) or a symmetric signature verifying method (as shown in Figure 2).
    In some embodiments, a multimedia unit 330a connected to the user computer 3 1 Sa also receives the information A and the signature A of this information when it is synchronized with the computer 3 1 Sa. Thus, when the information A is information intended for the multimedia unit 330a, in some embodiments, the user computer 315a (for example in a data memory) registers the need to download the information A and its signature to the unit 330a when the unit 330a synchronizes next with the computer 315a.
    In the same way as the user computer 3 1 Sa, the multimedia unit 330a generates a hash digest for the information A by applying the hashing function to the same part of the information A as the hashing function in the set of DRM servers 310. It then uses this hash digest for verifying the integrity of the information by utilizing an asymmetric signature verifying method (such as that shown in Figure 1) or a symmetric signature verifying method (such as that shown in Figure 2). Figure 5 illustrates a more detailed example of the integrity verification method 500 performed by the multimedia unit 330a in some embodiments. This procedure is performed during a synchronization operation which loads executable information (that is, code for updating the operating system, for updating existing applications, for new applications, etc.) on the multimedia device 330a. As shown in this figure, to begin with, the procedure 500 (at 505) receives executable information and signature for this information during a synchronization operation which ensures that the device has all the information that the user computer indicates it should have.
    After the synchronization, the procedure restarts (at 510), since in some embodiments the integrity verification procedure forms part of the boot sequence at startup.
    In particular, in some embodiments, the boot sequence at startup performs an integrity verification procedure for each part of the code just received, although in the example shown in Figure 5, it is assumed that only one set of information is downloaded to the device at 505. In some embodiments, the boot sequence is the sequence (including the integrity verification procedure) stored in a permanent read-only memory in the device 31 Sa. This ensures that the privacy verification procedure can not be manipulated after the sale of the device.
    Thus, the procedure 500 (at 515) during the boot sequence at startup generates a hash digest for the received information by applying the hashing function to the same part of the information as the hashing function in the set of DRM servers 310. It then uses (at 520 ) this hash digest to verify the integrity of the signature. The procedure 500 may, for example, use an asymmetric signature verifying method (such as that shown in Figure 1) or a symmetric signature verifying method (such as that shown in Figure 2).
    When the procedure cannot verify (at 520) the integrity of the just received code (i.e. when the recently received signature does not correspond to the digest generated by the unit of the recently received information) the procedure stops without specifying that the information can be loaded into the executable memory. Alternatively, when the procedure verifies (at 520) the integrity of the just received code, the procedure specifies (at 525) that the code is executable. In some embodiments, the procedure (at 525) loads the code into an executable memory and executes the code. The DRM system 300 of Figure 3 has more than one user computer that receives digital information and signatures for such information according to the privacy verification procedures in some embodiments of the invention. In particular, Figure 3 shows a user computer 3nn requesting an amount of information (i.e., the amount B) from the set of DRM servers 310. As shown in this figure, the user computer 31 Sn receives the requested information B and a signature for this information from the set of DRM servers 310. According to the invention, the signature of the information B is generated by hashing only a part of the information B. The user computer 3 1 Sn and its associated set of portable devices 330 then verify the integrity of the information B by hashing the same piece of information B as the set of DRM servers in approximately the same manner as described above for the user computer 315a and its associated devices 330a.
    IV. SYSTEM DIAGRAM Figure 6 shows a diagram of a computer system that conceptually illustrates the components of a typical DRM server, user computer or portable device implementing some embodiments of the invention. The computer system 600 includes a bus 605, a processor 610, a system memory 615, a read-only memory 620, a permanent memory 625, input units 630 and output units 3035.
    The bus 605 collectively represents all system, peripheral and chipset buses that handle the communication between internal units in the computer system 600. For example, the bus 605 communicatively connects the processor 610 with the read-only memory 620, the system memory 615 and the permanent storage unit 625. From these various memory units retrieve processor 610 instructions to execute and data to process to execute the procedure of the invention. The Read-only memory (ROM) 620 stores static data and instructions needed for the processor 610 and other modules in the computer system. In the case of a portable device implementing the invention, the read-only memory stores the boot sequence and the hashing procedure in some embodiments, as mentioned above.
    The permanent storage unit 625, on the other hand, is a read-and-write memory unit.
    This unit is a permanent memory unit, which stores instructions and data even when the computer system is not in operation. Some embodiments of the invention utilize a mass memory device (such as a magnetic or optical disk with associated disk drive) as the permanent memory device 625. Other embodiments utilize an extreme memory device (such as a memory card or memory stick) as a pennant memory device.
    Like the pencil storage unit 625, the system memory 615 is a read-and-write memory unit. However, unlike the storage unit 625, the system memory is a useful read-and-write memory, like a random access memory. The system memory stores some of the instructions and data that the processor needs while operating. In some embodiments, the procedures of the invention are stored in the system memory 615, the permanent storage unit 625, and / or the read-only memory 620.
    Bus 605 is also connected to input and output units 630 and 635.
    The input devices allow the user to transfer information and select commands for the computer system. The input units 630 include alphanumeric keyboards and pointers. The output devices 635 display images generated by the computer system. The output devices include printers and display devices such as cathode ray tube (CRT) or liquid crystal display (LCD) devices. Finally, as shown in Figure 6, some configurations of the computer 600 also include a network adapter 640 connected to the bus 605. Via the network adapter 640, the computer may be part of a network of computers (such as a local area network (“LAN”), an extensive network (“WAN”) or an intranet) or a network of networks (such as the Internet). Any or all of the components of the computer system 600 may be used in conjunction with the invention.
    However, those skilled in the art will appreciate that any other system configuration may also be used in conjunction with the invention.
    V. BENEFITS Those skilled in the art will appreciate that the integrity verification procedures described above have fl your advantages. When downloading new executable code to a device, for example, it is - important to verify the integrity of the code as such code provides an appropriate opportunity to subject the device to an attack. The integrity procedures, as described above, provide an easy way to check the integrity of the code even on portable devices with limited computing resources.
    Some embodiments also incorporate the integrity verification procedures during the boot sequence at the boot of the device to minimize the possibility of tampering with the integrity procedure. In order to further minimize this possibility, some embodiments have the integrity procedures stored in a read-only memory in the device. Although the invention has been described with reference to a large number of specific details, those skilled in the art will appreciate that the invention may be realized in other specific forms. As mentioned above, for example, some embodiments may utilize a keyed hashing function.If a key is used, both synimetric (single secret key) and asymmetric keys (public / private key pairs) may be used. An example of a keyed hash function is a keyed MDS technology. A transmitter adds a randomly generated key at the end of a message and then hashes the message-key combination using an MDS hash to effect a digest. away from the message and encrypted using the sender's private key. The message, the message gesture and the encrypted key is sent to the recipient who opens the key with the t's public key (validating in such a way that the message is really from the sender). The receiver then adds the key to the message and applies the same hash as the sender. The message digest should correspond to the message digest sent with the message.
    Several of the embodiments described above also select bit patterns in the object code format for an information. Other embodiments can select other patterns of sections as the information has a different format (for example, in source code or XML format). The inventor thus realizes that the invention is not limited by the illustrative details described but should instead be defined by the appended claims.
    权利要求:
    Claims (29)
    [1]
    A computer readable medium storing a computer program executable with at least one processor, the computer program comprising sets of instructions for: receiving a particular information, comprising a plurality of lines of object code, each line comprising an op code and its associated set of operander; receiving a digital signature generated using at least one byte from each row of object code; and verifying the authenticity of the particular information by applying a hashing function to the bytes of object code used to generate the digital signature.
    [2]
    The computer readable medium of claim 1, wherein the set of instructions for verifying the authenticity of the particular information further comprises: comparing the result of the application of the hashing function on the exchanges of object code to the digital signature received together with the particular information.
    [3]
    The computer readable medium of claim 2, wherein the received digital signature is generated by a set of DRM servers, which distribute the particular information. 10 15 20 535 797 i
    [4]
    The computer readable medium of claim 1, wherein the received digital signature is generated from quasi-randomly selected bytes of object code from each row of object code.
    [5]
    The computer readable medium of claim 1, wherein each row comprises a microprocessor operating unit with a statistical length of four bytes.
    [6]
    A computer readable medium storing a computer program for execution with at least one processor, the computer program comprising sets of instructions for: receiving a special information, which comprises a number of sets of op codes and operands, each set comprising an op code and its associated set of operands, together with a digital signature derived from only a part of the special information, based on an ordered pattern of bits in the special information, the part comprising a part of each of a number of the sets of operands. codes and operands; and verifying the authenticity of the particular information by recalculating a digest used in deriving the digital signature, the recalculated digest being derived from only the same portion of the particular information.
    [7]
    The computer readable medium of claim 6, wherein the set of instructions for verifying the authenticity of the particular information comprises a set of instructions for verifying the recalculated digest using an asymmetric integrity check that does not recalculate the digital signature. 10 15 20 535 797
    [8]
    The computer readable medium of claim 6, wherein the set of instructions for verifying the authenticity of the particular information comprises sets of instructions for: deriving a new digital signature from the recovered digest; and comparing the new digital signature with the received digital signature.
    [9]
    The computer readable medium of claim 6, wherein the special information comprises an update for firmware to a device.
    [10]
    The computer readable medium of claim 6, wherein the particular information comprises media information.
    [11]
    A method of verifying a particular information on a user device, the method comprising: receiving (i) a particular information comprising a plurality of sections and (ii) a digital signature generated from a subset of said fl number of sections of the particular information , wherein the subset is selected to reduce the use of computational resources to verify the digital signature without increasing the likelihood that digital signatures for two different informations will be the same; recalculating a digest from the subset of said tal ertal sections of the particular information; and verifying the authenticity of the particular information using the recalculated digest and the received digital signature.
    [12]
    The method of claim 11, wherein the subset is also selected to improve detection of tampering with the particular information.
    [13]
    The method of claim 11, wherein the receiving, recalculating and verifying the authenticity is performed by a first unit, the method further comprising synchronizing with a second unit for transmitting the particular information and the received digital signature to the second unit. .
    [14]
    A method comprising: for a particular information comprising a plurality of sections, selecting a set of sections of the particular information; generating a digital signature for the particular information from only the selected set of "sections from the particular information, the set of sections being selected to improve detection of manipulation of the particular information and reduce the use of computational resources for generating the digital signature; and distribution; of the digital signature.
    [15]
    The method of claim 14, wherein the set of sections is selected to avoid an increase in the probability that digital signatures for two different pieces of information will be the same.
    [16]
    The method of claim 14, further comprising distributing the particular information with the digital signature.
    [17]
    The method of claim 14, wherein the set of sections is selected quasi-randomly.
    [18]
    A computer readable medium storing a computer program executable with at least one processor, the computer program comprising sets of instructions for: identifying a particular information, a plurality of rows of object code in the particular information, each row comprising an op code and its associated set of operands; 10 15 20 535 797 [lb selection of at least one byte from each row of object code, less than the entire row being selected for a number of the rows; generating a digital signature for all the special information by applying a hashing function to only the selected bytes from the object code rows; and distribution of the digital signature.
    [19]
    The computer readable medium of claim 18, wherein the digital signature is distributed with the particular information to a user unit.
    [20]
    The computer readable medium of claim 18, wherein the user unit verifies the digital signature using only one op code from each set of the particular information.
    [21]
    A computer readable medium storing a computer program executable with at least one processor, the computer program comprising sets of instructions for: identifying for a particular information, a plurality of rows of object code in the particular information, each row comprising an op code and its associated set of operands, selecting at least one byte from each row of object code, selecting less than the entire row for said number of rows; generating a digital signature for the special information from only the selected bytes from the object code rows; and distributing the digital signature and the special information to a device. 10 15 20 535 797 &
    [22]
    The computer readable medium of claim 21, wherein the set of instructions for generating the digital signature comprises a set of instructions for generating a hash digest from the selected bytes from the rows of object code.
    [23]
    The computer readable medium of claim 21, wherein the particular information comprises an application for execution on a device.
    [24]
    A method of generating a digital signature for special information comprising a set of sections, the method comprising: in a set of digital law enforcement (DRM) computers, selecting a subsection from each of a plurality of sections in the set of sections based on an ordered pattern of bits in the special information, each of said fl number of sections comprising a first selected subsection and a second non-selected subsection; generating a single digital signature for the particular information based on only the selected subsections of the particular information; and from the set of DRM computers provide the single digital signature for verification of all the special information.
    [25]
    The method of claim 24, wherein each of the sections comprises a four byte microprocessor operating unit (MOU), and the selected subsection from each of said fl number of sections is a first byte from the MOU.
    [26]
    The method of claim 24, wherein each of the sections comprises an op code and associated operands and the selected subsection from each of said fl number of sections comprises the op code.
    [27]
    A method of verifying an information comprising a set of sections, the method comprising: receiving the information and a single digital signature derived from a portion of the information, the portion comprising, for each of a plurality of sections , a first selected subsection and a second non-selected subsection; verification of the entire information using the single digital signature.
    [28]
    The method of claim 27, wherein the selected subsections are selected quasi-randomly.
    [29]
    The method of claim 27, wherein the selected subsections are selected from an ordered pattern of bits.
    类似技术:
    公开号 | 公开日 | 专利标题
    SE535797C2|2012-12-27|Optimized privacy verification procedures
    US10338946B1|2019-07-02|Composable machine image
    US10200198B2|2019-02-05|Making cryptographic claims about stored data using an anchoring system
    US10116645B1|2018-10-30|Controlling use of encryption keys
    US6993648B2|2006-01-31|Proving BIOS trust in a TCPA compliant system
    US9148415B2|2015-09-29|Method and system for accessing e-book data
    US8874922B2|2014-10-28|Systems and methods for multi-layered authentication/verification of trusted platform updates
    TWI714179B|2020-12-21|Use public side chains to verify the integrity of data stored in the alliance blockchain
    US9832651B2|2017-11-28|System and method for verifying integrity of software package in mobile terminal
    WO2016074506A1|2016-05-19|Method and network device for authenticating application program integrity
    US10003467B1|2018-06-19|Controlling digital certificate use
    CN111355705A|2020-06-30|Data auditing and safety duplicate removal cloud storage system and method based on block chain
    US20080313475A1|2008-12-18|Methods and systems for tamper resistant files
    US8972732B2|2015-03-03|Offline data access using trusted hardware
    Zhang et al.2019|A blockchain based searchable encryption scheme for multiple cloud storage
    US20150121072A1|2015-04-30|Object verification apparatus and its integrity authentication method
    CN113536361B|2022-02-25|Method and device for realizing trusted reference library and computing equipment
    CN111934882A|2020-11-13|Identity authentication method and device based on block chain, electronic equipment and storage medium
    CN110874225A|2020-03-10|Data verification method and device, embedded equipment and storage medium
    US9860230B1|2018-01-02|Systems and methods for digitally signing executables with reputation information
    同族专利:
    公开号 | 公开日
    EP2988238A1|2016-02-24|
    EP2284754A1|2011-02-16|
    US20130145167A1|2013-06-06|
    US8364965B2|2013-01-29|
    CN101443774B|2015-03-25|
    DE102007012490A1|2007-09-20|
    US8886947B2|2014-11-11|
    EP2284755A1|2011-02-16|
    SE0700601L|2007-09-16|
    SE1150067A1|2011-02-01|
    EP1835432A1|2007-09-19|
    EP2284755B1|2015-04-22|
    US20070220261A1|2007-09-20|
    CN101443774A|2009-05-27|
    FR2911419B1|2018-02-09|
    SE534208C2|2011-05-31|
    FR2911419A1|2008-07-18|
    EP2988238B1|2018-06-06|
    WO2007106831A1|2007-09-20|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US4868877A|1988-02-12|1989-09-19|Fischer Addison M|Public key/signature cryptosystem with enhanced digital signature certification|
    US5113444A|1990-09-05|1992-05-12|Arnold Vobach|Random choice cipher system and method|
    US5313576A|1990-11-23|1994-05-17|Network Computing Devices, Inc.|Bit aligned data block transfer method and apparatus|
    US5454000A|1992-07-13|1995-09-26|International Business Machines Corporation|Method and system for authenticating files|
    US7770013B2|1995-07-27|2010-08-03|Digimarc Corporation|Digital authentication with digital and analog documents|
    US6367013B1|1995-01-17|2002-04-02|Eoriginal Inc.|System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents|
    FR2731163B1|1995-03-03|1997-06-20|Air Liquide|PROCESS AND PLANT FOR SEPARATING A GAS MIXTURE BY PERMEATION|
    US5625693A|1995-07-07|1997-04-29|Thomson Consumer Electronics, Inc.|Apparatus and method for authenticating transmitting applications in an interactive TV system|
    US5913022A|1995-08-31|1999-06-15|Schlumberger Technologies, Inc.|Loading hardware pattern memory in automatic test equipment for testing circuits|
    US6202203B1|1995-12-06|2001-03-13|International Business Machines Corporation|Method of, system for, and computer program product for providing global value numbering|
    US5673316A|1996-03-29|1997-09-30|International Business Machines Corporation|Creation and distribution of cryptographic envelope|
    US5757919A|1996-12-12|1998-05-26|Intel Corporation|Cryptographically protected paging subsystem|
    JP4187285B2|1997-04-10|2008-11-26|富士通株式会社|Authenticator grant method and authenticator grant device|
    US6092147A|1997-04-15|2000-07-18|Sun Microsystems, Inc.|Virtual machine with securely distributed bytecode verification|
    US7246098B1|1997-07-15|2007-07-17|Silverbrook Research Pty Ltd|Consumable authentication protocol and system|
    US6560706B1|1998-01-26|2003-05-06|Intel Corporation|Interface for ensuring system boot image integrity and authenticity|
    US6263348B1|1998-07-01|2001-07-17|Serena Software International, Inc.|Method and apparatus for identifying the existence of differences between two files|
    US7194092B1|1998-10-26|2007-03-20|Microsoft Corporation|Key-based secure storage|
    US7650504B2|1999-07-22|2010-01-19|Macrovision Corporation|System and method of verifying the authenticity of dynamically connectable executable images|
    US6591365B1|1999-01-21|2003-07-08|Time Warner Entertainment Co., Lp|Copy protection control system|
    AU2998100A|1999-02-18|2000-09-04|Sun Microsystems, Inc.|Data authentication system employing encrypted integrity blocks|
    US6792535B1|1999-04-06|2004-09-14|Kwan Software Engineering, Inc.|System and method for digitally marking a file with a removable mark|
    US6785815B1|1999-06-08|2004-08-31|Intertrust Technologies Corp.|Methods and systems for encoding and protecting data using digital signature and watermarking techniques|
    JP2001034470A|1999-07-22|2001-02-09|Fujitsu Ltd|Server having management automating mechanism|
    US7430670B1|1999-07-29|2008-09-30|Intertrust Technologies Corp.|Software self-defense systems and methods|
    AU6614600A|1999-07-29|2001-02-19|Intertrust Technologies Corp.|Systems and methods for using cryptography to protect secure and insecure computing environments|
    US6658556B1|1999-07-30|2003-12-02|International Business Machines Corporation|Hashing a target address for a memory access instruction in order to determine prior to execution which particular load/store unit processes the instruction|
    US6324637B1|1999-08-13|2001-11-27|Sun Microsystems, Inc.|Apparatus and method for loading objects from a primary memory hash index|
    US7406603B1|1999-08-31|2008-07-29|Intertrust Technologies Corp.|Data protection systems and methods|
    JP4049498B2|1999-11-18|2008-02-20|株式会社リコー|Originality assurance electronic storage method, apparatus, and computer-readable recording medium|
    US6959384B1|1999-12-14|2005-10-25|Intertrust Technologies Corporation|Systems and methods for authenticating and protecting the integrity of data streams and other data|
    US20010034839A1|1999-12-24|2001-10-25|Guenter Karjoth|Method and apparatus for secure transmission of data and applications|
    GB0003920D0|2000-02-21|2000-04-05|Ncipher Corp Limited|Computer system|
    US6691143B2|2000-05-11|2004-02-10|Cyberguard Corporation|Accelerated montgomery multiplication using plural multipliers|
    US6986046B1|2000-05-12|2006-01-10|Groove Networks, Incorporated|Method and apparatus for managing secure collaborative transactions|
    US7003107B2|2000-05-23|2006-02-21|Mainstream Encryption|Hybrid stream cipher|
    US6990513B2|2000-06-22|2006-01-24|Microsoft Corporation|Distributed computing services platform|
    JP4973899B2|2000-07-06|2012-07-11|ソニー株式会社|TRANSMISSION DEVICE, TRANSMISSION METHOD, RECEPTION DEVICE, RECEPTION METHOD, RECORDING MEDIUM, AND COMMUNICATION SYSTEM|
    JP3494961B2|2000-07-21|2004-02-09|パナソニックコミュニケーションズ株式会社|Encryption processing apparatus and encryption processing method|
    US6954747B1|2000-11-14|2005-10-11|Microsoft Corporation|Methods for comparing versions of a program|
    CA2414281C|2000-11-17|2009-06-02|Bitfone Corporation|System and method for updating and distributing information|
    US7478243B2|2001-03-21|2009-01-13|Microsoft Corporation|On-disk file format for serverless distributed file system with signed manifest of file modifications|
    WO2005008385A2|2003-07-07|2005-01-27|Cryptography Research, Inc.|Reprogrammable security for controlling piracy and enabling interactive content|
    JP2002353960A|2001-05-30|2002-12-06|Fujitsu Ltd|Code performing device and code distributing method|
    JP2003122726A|2001-06-07|2003-04-25|Hitachi Ltd|Method and system for contents control, and its processing program|
    US7310821B2|2001-08-27|2007-12-18|Dphi Acquisitions, Inc.|Host certification method and system|
    US7729495B2|2001-08-27|2010-06-01|Dphi Acquisitions, Inc.|System and method for detecting unauthorized copying of encrypted data|
    US20040030909A1|2001-09-14|2004-02-12|Yoichiro Sako|Recording medium reproduction method and reproduction apparatus, and recording medium recording method and recording apparatus|
    US20030084298A1|2001-10-25|2003-05-01|Messerges Thomas S.|Method for efficient hashing of digital content|
    US7240205B2|2002-01-07|2007-07-03|Xerox Corporation|Systems and methods for verifying documents|
    JP2003202929A|2002-01-08|2003-07-18|Ntt Docomo Inc|Distribution method and distribution system|
    US7484103B2|2002-01-12|2009-01-27|Je-Hak Woo|Method and system for the information protection of digital content|
    US7546629B2|2002-03-06|2009-06-09|Check Point Software Technologies, Inc.|System and methodology for security policy arbitration|
    EP1483715A4|2002-03-14|2006-05-17|Contentguard Holdings Inc|Method and apparatus for processing usage rights expressions|
    US7409717B1|2002-05-23|2008-08-05|Symantec Corporation|Metamorphic computer virus detection|
    US7529929B2|2002-05-30|2009-05-05|Nokia Corporation|System and method for dynamically enforcing digital rights management rules|
    US7203844B1|2002-06-20|2007-04-10|Oxford William V|Method and system for a recursive security protocol for digital copyright control|
    DE10239062A1|2002-08-26|2004-04-01|Siemens Ag|Method for transmitting encrypted user data objects|
    US20040064457A1|2002-09-27|2004-04-01|Zimmer Vincent J.|Mechanism for providing both a secure and attested boot|
    FR2845493A1|2002-10-04|2004-04-09|Canal Plus Technologies|ON-BOARD SOFTWARE AND AUTHENTICATION METHOD THEREOF|
    US7761316B2|2002-10-25|2010-07-20|Science Applications International Corporation|System and method for determining performance level capabilities in view of predetermined model criteria|
    US7165076B2|2002-11-15|2007-01-16|Check Point Software Technologies, Inc.|Security system with methodology for computing unique security signature for executable file employed across different machines|
    JP2004260639A|2003-02-27|2004-09-16|Hitachi Ltd|Method for embedding data and method for confirming viewing and listening|
    US7406176B2|2003-04-01|2008-07-29|Microsoft Corporation|Fully scalable encryption for scalable multimedia|
    KR100755683B1|2003-05-07|2007-09-05|삼성전자주식회사|A method for verificating the integrity of coded contents and authenticating the contents provider|
    US7219329B2|2003-06-13|2007-05-15|Microsoft Corporation|Systems and methods providing lightweight runtime code generation|
    US8006307B1|2003-07-09|2011-08-23|Imophaze Research Co., L.L.C.|Method and apparatus for distributing secure digital content that can be indexed by third party search engines|
    US7491122B2|2003-07-09|2009-02-17|Wms Gaming Inc.|Gaming machine having targeted run-time software authentication|
    GB2404489A|2003-07-31|2005-02-02|Sony Uk Ltd|Access control for digital storage medium content|
    GB2404488B|2003-07-31|2006-05-31|Sony Uk Ltd|Access control for digital content|
    US7103779B2|2003-09-18|2006-09-05|Apple Computer, Inc.|Method and apparatus for incremental code signing|
    US20050071274A1|2003-09-27|2005-03-31|Utstarcom, Inc.|Method and Apparatus in a Digital Rights Client and a Digital Rights Source and associated Digital Rights Key|
    US7921300B2|2003-10-10|2011-04-05|Via Technologies, Inc.|Apparatus and method for secure hash algorithm|
    US7346163B2|2003-10-31|2008-03-18|Sony Corporation|Dynamic composition of pre-encrypted video on demand content|
    US7664728B2|2004-02-20|2010-02-16|Microsoft Corporation|Systems and methods for parallel evaluation of multiple queries|
    US7539691B2|2004-02-20|2009-05-26|Microsoft Corporation|Systems and methods for updating a query engine opcode tree|
    EP1850258A3|2004-04-02|2008-01-16|Matsushita Electric Industrial Co., Ltd.|Unauthorized contents detection system|
    US7434058B2|2004-06-07|2008-10-07|Reconnex Corporation|Generating signatures over a document|
    JP2005354217A|2004-06-08|2005-12-22|Sony Corp|Information output processor, information input processor, information processing system, and information processing method|
    US7568102B2|2004-07-15|2009-07-28|Sony Corporation|System and method for authorizing the use of stored information in an operating system|
    EP2634958A1|2005-01-21|2013-09-04|Nec Corporation|Group Signature Scheme|
    JP2006221629A|2005-02-07|2006-08-24|Sony Computer Entertainment Inc|Content control method and device by resource management of processor|
    US7594261B2|2005-02-08|2009-09-22|Microsoft Corporation|Cryptographic applications of the Cartier pairing|
    US7669056B2|2005-03-29|2010-02-23|Microsoft Corporation|Method and apparatus for measuring presentation data exposure|
    US20060259781A1|2005-04-29|2006-11-16|Sony Corporation/Sony Electronics Inc.|Method and apparatus for detecting the falsification of metadata|
    US8364965B2|2006-03-15|2013-01-29|Apple Inc.|Optimized integrity verification procedures|US9678967B2|2003-05-22|2017-06-13|Callahan Cellular L.L.C.|Information source agent systems and methods for distributed data storage and management using content signatures|
    US7103779B2|2003-09-18|2006-09-05|Apple Computer, Inc.|Method and apparatus for incremental code signing|
    US8364965B2|2006-03-15|2013-01-29|Apple Inc.|Optimized integrity verification procedures|
    JP4479703B2|2006-08-29|2010-06-09|ブラザー工業株式会社|Communication system and management device|
    JP4305481B2|2006-08-29|2009-07-29|ブラザー工業株式会社|Communication system, management device and information processing device|
    US9443068B2|2008-02-20|2016-09-13|Micheal Bleahen|System and method for preventing unauthorized access to information|
    US20090235083A1|2008-02-20|2009-09-17|Micheal Bleahen|System and method for preventing unauthorized access to information|
    GB0811210D0|2008-06-18|2008-07-23|Isis Innovation|Improvements related to the authentication of messages|
    KR101205716B1|2008-12-19|2012-11-28|한국전자통신연구원|Apparatus for controlling the using of broadcasting program and method for the same|
    CN101739522B|2009-12-31|2013-01-02|中兴通讯股份有限公司|DRM file integrity protection method and device|
    CN102004879B|2010-11-22|2012-12-26|北京北信源软件股份有限公司|Method for identifying credible progress|
    US9852143B2|2010-12-17|2017-12-26|Microsoft Technology Licensing, Llc|Enabling random access within objects in zip archives|
    US8819361B2|2011-09-12|2014-08-26|Microsoft Corporation|Retaining verifiability of extracted data from signed archives|
    US8972967B2|2011-09-12|2015-03-03|Microsoft Corporation|Application packages using block maps|
    US8839446B2|2011-09-12|2014-09-16|Microsoft Corporation|Protecting archive structure with directory verifiers|
    US8621650B2|2011-10-25|2013-12-31|Alcatel Lucent|Verification of content possession by an announcing peer in a peer-to-peer content distribution system|
    US8930354B2|2012-01-09|2015-01-06|James Lewin|System and method for organizing content|
    US9369467B1|2013-05-08|2016-06-14|Amdocs Software Systems Limited|System, method, and computer program for providing generic access to web content on a mobile device|
    US20150302400A1|2014-04-18|2015-10-22|Ebay Inc.|Distributed crypto currency reputation system|
    US9367690B2|2014-07-01|2016-06-14|Moxa Inc.|Encryption and decryption methods applied on operating system|
    JP2017532707A|2014-10-17|2017-11-02|クラウドウェア、インコーポレイテッド|User verification based on digital fingerprint signal derived from out-of-band data|
    FR3044124B1|2015-11-20|2018-09-21|Sagemcom Energy & Telecom Sas|METHOD FOR VERIFYING THE INTEGRITY OF A SET OF DATA|
    CN106685653B|2016-12-29|2020-07-07|同济大学|Vehicle remote firmware updating method and device based on information security technology|
    JP6959155B2|2017-05-15|2021-11-02|パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America|Verification method, verification device and program|
    WO2019098895A1|2017-11-17|2019-05-23|Telefonaktiebolaget Lm Ericsson |Method and arrangement for detecting digital content tampering|
    CN108900472B|2018-05-31|2021-11-30|北京五八信息技术有限公司|Information transmission method and device|
    CN108920971A|2018-07-06|2018-11-30|北京京东金融科技控股有限公司|The method of data encryption, the method for verification, the device of encryption and verification device|
    US11210413B2|2018-08-17|2021-12-28|Microchip Technology Incorporated|Authentication of files|
    US11138085B2|2018-10-09|2021-10-05|Argo AI, LLC|Execution sequence integrity monitoring system|
    US11144375B2|2018-10-09|2021-10-12|Argo AI, LLC|Execution sequence integrity parameter monitoring system|
    CN109949889B|2019-03-29|2020-09-11|镇江市第一人民医院|Electronic medical record nursing system|
    CN111866554A|2020-07-09|2020-10-30|郑州信大捷安信息技术股份有限公司|Multimedia safe playing method and system|
    法律状态:
    优先权:
    申请号 | 申请日 | 专利标题
    US11/377,082|US8364965B2|2006-03-15|2006-03-15|Optimized integrity verification procedures|
    [返回顶部]