EP0972374A1 - Verfahren und vorrichtung zur effizienten authentifizierung und prüfung der integrität unter verwendung von hierarchischem hashing - Google Patents

Verfahren und vorrichtung zur effizienten authentifizierung und prüfung der integrität unter verwendung von hierarchischem hashing

Info

Publication number
EP0972374A1
EP0972374A1 EP99905733A EP99905733A EP0972374A1 EP 0972374 A1 EP0972374 A1 EP 0972374A1 EP 99905733 A EP99905733 A EP 99905733A EP 99905733 A EP99905733 A EP 99905733A EP 0972374 A1 EP0972374 A1 EP 0972374A1
Authority
EP
European Patent Office
Prior art keywords
hash
data
packets
block
hash block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP99905733A
Other languages
English (en)
French (fr)
Inventor
Stephen Hanna
Radia Perlman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sun Microsystems Inc
Original Assignee
Sun Microsystems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Microsystems Inc filed Critical Sun Microsystems Inc
Publication of EP0972374A1 publication Critical patent/EP0972374A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • This invention generally relates to data corruption detection and, more particularly, to a method and apparatus for efficient authentication and integrity checking in data processing using hierarchical hashing.
  • Video conferencing is another example of an application that demands the secure transmission of information (video/voice/data).
  • Open networks such as the Internet provide simple and effective means for digital communication. However, such communication can be unintentionally corrupted by network transmission errors or altered by malicious acts.
  • Several conventional techniques guard against these communication problems. These techniques require applying checksums or digital signatures to data before transmission and verifying the checksum or digital signature upon receipt.
  • Checksums values derived from the data, are typically easy to compute. After computing the checksum, a transmitting machine sends the checksum with the data itself. A receiving machine then recalculates the checksum from the received data and compares the calculated checksum with the received checksum. However, a hacker with the ability to modify data likely also has the ability to replace the original checksum with a recalculated checksum that corresponds to the modified data.
  • Digital signatures protect against malicious acts intended to corrupt data but are more expensive than checksums to compute.
  • the protection provided by digital signatures becomes increasingly important in networked environments where data must pass through unguarded points.
  • Digital signatures are often used in a bulk signature format in which a digital signature is applied to a complete data set.
  • the bulk signature format has several drawbacks.
  • the packet-level signature method assigns a digital signature to each individual packet. Although allowing the verification to begin as the individual packets are received making it easy to identify individual corrupted packets, this method requires additional computation and repeated checking of the digital signatures, which is quite time-consuming.
  • a conventional hierarchical hashing technique for neighboring databases on a local area network (LAN) allows a database management system to check if the databases are identical by hashing pieces of the database. The hashes are then hashed, and the final value is broadcast periodically to confirm that all neighbors on the LAN have identical databases. If they do not, the next hash level is compared until the area of the database that differs is located, at which time it can be updated accordingly.
  • Creating a hierarchy of hash values that start with packet hashes of an arbitrary data set and culminate in a single signed block allows a single digital signature to protect the data set from both data corruption and malicious acts that cause errors in data processing. Receiving this hierarchy of hashes before the data also allows the data packets to be quickly verified as they are received.
  • the hierarchical structure used in the method cryptographically protects individual portions of the data and makes it easier to recognize corruption. Systems consistent with the present invention verify portions of the data even if other portions of the data are corrupt or have not yet been received.
  • a computer-implemented data processing method comprises the steps of dividing a data set into packets, hashing the data within each of the packets to produce a hash block including hash values and applying a signature to the hash block.
  • a computer-implemented data processing method comprises the steps of receiving a packet including data, a hash block and a digital signature, verifying the digital signature, hashing the data to produce hash values and comparing the hash values to values in the hash block.
  • FIG. 1 is a schematic block diagram illustrating a computer architecture suitable for use with the present invention
  • FIG.2 is a flowchart of the steps used to digitally sign the hash block in accordance with an implementation of the present invention
  • FIG. 3 is a flowchart of the steps used to verify the data in accordance with an implementation of the present invention.
  • FIG. 4 is a diagram of an example of the hashing of a sample data set and signing of a hash block
  • FIG. 5 is a diagram of a sample hierarchical structure of hash blocks and data based on the data set in Fig. 4.
  • Systems consistent with the present invention generally perform two data processing functions: (1) signing data and (2) verifying data.
  • Such systems generally sign data by creating a hierarchical structure of hash blocks, sequences of hash values, which correspond to the given data. To accomplish this, a data set is divided into packets. A one-way, collision-proof hash function is applied to each packet which will result in a sequence of hash values. These hash values are grouped into packets, referred to as hash blocks. Higher level hash blocks are created by hashing the hash blocks. This process continues until a single hash block small enough to fit in a packet is achieved. The top level hash block, the smallest one, is signed with a digital signature. The hash blocks and data are then transmitted to an intended destination such as a network node.
  • Systems consistent with the present invention generally verify the data set by checking the digital signature on the top level hash block. Once the top level hash block is verified, the next lower level hash block can be verified by comparing the hash of the packets of that hash block against the hashes stored in the top level block. All lower level hash blocks are checked against the next higher level hash blocks in the same manner. Finally, the data is checked against the hash block containing the hashes of the data set. Any given data packet can be checked once all hash blocks above it are received.
  • FIG. 1 is a block diagram that illustrates a computer system 100 upon which an embodiment of the invention may be implemented.
  • Computer system 100 includes a bus 102 or other communication mechanism for communicating information, and a processor 104 coupled with bus 102 for processing information.
  • Computer system 100 also includes a main memory 106, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 101 for storing information and instructions to be executed by processor 104.
  • Main memory 106 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 104.
  • Computer system 100 further includes a read only memory (ROM) 108 or other static storage device coupled to bus 102 for storing static information and instructions for processor 104.
  • ROM read only memory
  • a storage device 110 such as a magnetic disk or optical disk, is provided and coupled to bus 102 for storing information and instructions.
  • Computer system 100 may be coupled via bus 102 to a display 112, such as a cathode ray tube (CRT), for displaying information to a computer user.
  • a display 112 such as a cathode ray tube (CRT)
  • An input device 1 f4 is coupled to bus 102 for communicating information and command selections to processor 104.
  • cursor control 116 is Another type of user input device
  • cursor control 116 such as a mouse, a trackball or cursor direction keys for communicating direction information and command selections to processor 104 and for controlling cursor movement on display 112.
  • This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.
  • the invention is related to the use of computer system 100 for signing data and verifying data.
  • signed or verified data is provided by computer system 100 in response to processor 104 executing one or more sequences of one or more instructions contained in main memory 106.
  • Such instructions may be read into main memory 106 from another computer-readable medium, such as storage device 110.
  • Execution of the sequences of instructions contained in main memory 106 causes processor 104 to perform the process steps described herein.
  • hard- wired circuitry may be used in place of or in combination with software instructions to implement the invention.
  • embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
  • Nonvolatile media includes, for example, optical or magnetic disks, such as storage device 110.
  • Volatile media includes dynamic memory, such as main memory 106.
  • Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 102. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications.
  • Computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
  • Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 104 for execution.
  • the instructions may initially be carried on magnetic disk of a remote computer.
  • the remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem.
  • a modem local to computer system 100 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal.
  • An infra-red detector coupled to bus 102 can receive the data carried in the infra-red signal and place the data on bus 102.
  • Bus 102 carries the data to main memory 106, from which processor 104 retrieves and executes the instructions.
  • the instructions received by main memory 106 may optionally be stored on storage device 110 either before or after execution by processor 104.
  • Computer system 100 also includes a communication interface 118 coupled to bus 102.
  • Communication interface 118 provides a two-way data communication coupling to a network link 120 that is connected to local network 122.
  • communication interface 118 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line.
  • ISDN integrated services digital network
  • communication interface 118 may be a local area network (LAN) card provide a data communication connection to a compatible LAN.
  • LAN local area network
  • Wireless links may also be implemented.
  • communication interface 118 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
  • Network link 120 typically provides data communication through one or more networks to other data devices.
  • network link 120 may provide a connection through local network 122 to a host computer 124 or to data equipment operated by an Internet Service Provider (ISP) 126.
  • ISP 126 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the "Internet" 128.
  • Local network 122 and Internet 128 both use electric, electromagnetic or optical signals that carry digital data streams.
  • the signals through the various networks and the signals on network link 120 and through communication interface 118, which carry the digital data to and from computer system 100, are exemplary forms of carrier waves transporting the information.
  • Computer system 100 can send messages and receive data, including program code, through the network(s), network link 120 and communication interface 118.
  • a server 130 might transmit a requested code for an application program through Internet 128, ISP 126, local network 122 and communication interface 118.
  • one such downloaded application provides the data processing operations described herein. For example, data to be stored on computer-readable medium or transmitted to a remote device may be signed in accordance with the principles of the present invention. Additionally, data retrieved from a computer-readable medium or received from a remote device may be verified in accordance with the principles of the present invention.
  • the received code may be executed by processor 104 as it is received, and/or stored in storage device 110, or other non- volatile storage for later execution. In this manner, computer system 100 may obtain application code in the form of a carrier wave.
  • Systems consistent with the present invention utilize a one-way, collision-proof hash function to transform data of arbitrary length into a fixed length hash value.
  • One-way hash functions also have other characteristics. For example, it is relatively simple to apply the 8 function to a given data set or message to compute the hash value for that set. However, given a hash value it is difficult to determine a data set that would produce the same hash value if the hash function was applied to that data set.
  • collision-resistance means it is unlikely for two random messages to have the same hash value for the same function.
  • collision-resistant hash functions are described in detail in C. Kaufman, R. Perlman, M. Specine, "Network Security: Private Communication in a Public World,” Prentice Hall, 1995.
  • Fig. 2 is a flowchart of the steps used in the signing procedure of hierarchical hashing.
  • Systems consistent with the present invention generally begin the hashing process by dividing the data set into small packets (step 210).
  • the packet boundaries are generally arbitrary but, for more efficient use, should correspond to likely boundaries between good and corrupt data.
  • Network datagram boundaries or disk sectors are examples of suitable boundaries.
  • a collision-proof, one-way hash function is applied to each packet (step 220).
  • Each application of the hash function will produce a single hash value.
  • the application of the hash function to each of the data packets will produce a sequence of hash values. This sequence is called a hash block (step 230).
  • the hash block created by the application of the hash function to the data packets is too large to fit in a single packet along with the digital signature (step 240), the hash block must be further broken down.
  • the hash block itself is divided into packets (steps 245).
  • the hash function is applied to each packet. Once again, the application of the hash function to the packets will produce a sequence of hash values. This new hash block will be smaller than the previous hash block and will be referred to as the next higher level hash block. If the next higher level hash block is too large to fit into a single packet with the digital signature, a new smaller hash block of a higher level is created by repeating steps 220-245.
  • Fig. 5 is the smallest hash block.
  • the hash block from which the top level hash block was created is referred to as the next level down hash block 501, with the complete structure of hash blocks forming a hierarchy of hash blocks 510. If, however, the hash block originally created by the hashing of the data packets (step 230) is small enough to fit in a single packet with the digital signature, there is no need to go through the steps of breaking down the hash block and creating another higher level hash block and the top level hash block remains the only hash block.
  • Systems consistent with the present invention apply a digital signature to the top level hash block packet (step 250). No signature need be applied to any of the other hash blocks or data packets. The single digital signature applied to the top level packet is sufficient to verify all of the data. If extraordinary redundancy is desired, lower level hash blocks may be signed. These signatures would only be used if the top level hash block was corrupted and could not be recovered.
  • the packets are transmitted in order beginning with the top level hash block packet (step 260), followed by each of the larger hash blocks (steps 270, 275, 280), and finally the data (step 280).
  • the hash block packets and the data packets may be intermingled and need not be sent with all hash blocks first, but the top level packet should be sent first and lower level hashes be sent before the data they represent because their contents will need to be checked first, as explained below.
  • the top level hash block packet with the single digital signature, the hierarchy of lower level hash blocks, and the data are sent to a receiver. This is all the information needed to protect the data.
  • Fig. 3 is a flowchart of the steps used in the data receiving and verification procedure for systems consistent with the present invention.
  • the digital signature on the top level packet must be verified first (step 320). If the signature fails this verification step or it is determined that the packet was corrupted during transmission, the top level packet must be repaired or recovered before checking the other packets (steps 330, 335). If lower level hash blocks were signed for extraordinary redundancy, their signatures may be checked in this case to allow verification to proceed. 10
  • step 340 by computing the hash of the packet and comparing it with the hash value stored in the hash block (step 350). If this check fails, the data packet is corrupt and should be repaired or recovered (step 350). Of course the verification process must use the same hash function used to sign the data.
  • the packets of these hash blocks are then received and verified (step 370).
  • the hash function is applied to each packet to derive its hash value.
  • the hash value derived from the received hash block packet is compared with the one stored in the received top level hash block. If the comparison fails, the packet is corrupt and must be repaired or replaced before any packets that depend on this hash block can be verified (step 370).
  • the hashes of the packets of each lower level hash block are compared with the values stored in the hash block in the level above. If this verification step fails, the packet is corrupt and must be repaired or recovered before any packets that depend on this packet can be verified. However, other packets in the hash block can be verified. Examples
  • FIG. 4 is a block diagram of example of the hashing of a sample set of data and signing of a hash block.
  • Figure 5 is a diagram of a sample hierarchical structure of hash blocks and data based on the data in Fig. 4.
  • the packet size and amount of data in this sample is completely arbitrary.
  • additional levels of hash blocks may be utilized depending on the size of the data and the selected hash function.
  • the data values are divided into data packets 402a-f.
  • the present example shows 18 data values, A, though A 18 , divided into six packets with three data values in each packet.
  • a one-way, collision-proof hash function 403 is applied to the data packets 403.
  • the hashing of each data packet results in a single hash value. For instance, the hashing of the data packet A Arlington A 2 , A 3 in this case yields value B,. 11
  • the hash values derived from the data packets, B, through B 6 form a hash block (404).
  • the sequence of hash values in the hash block will not fit in a single packet with a digital signature so they are divided into two packets 404a and b of three hash values: B,, B 2 , and B 3 form one packet 404a and B 4 , B 5 , and B 6 form the second packet 404b.
  • a one-way, collision-proof hash function 405 is then applied to the hash block packets
  • Each hash block packet will form another hash value.
  • the packet B For example, the packet B dislike B 2 , B 3 will create the hash value C,.
  • These hash values, C, and C 2 form another hash block 406. This one, however, is small enough that it does not need to be broken down any further.
  • the last hash block C is signed with a digital signature 407 and results in the top level hash block with a digital signature 408.
  • the signing procedure (Fig. 2) is applied to data sequence 401 to generate top level hash block 408 and the next level hash block 404.
  • Data verification begins with checking the digital signature on the top level hash block 502. If the top level hash block 502 passes this check, the next level hash block 501 is verified.
  • a hash function (not shown) is applied to each packet and compared with the corresponding hash value in the hash block in the level above it. For example, the packets 501a and b of the hash block ⁇ Ol , B, through B 6 , are checked with the values stored in the other hash block 502, C j and C 2 . In the sample in Fig. 5, the hash of the packet Berne B 2 , B 3 would be compared with the value C,.
  • the packet B,, B 2 , B 3 is corrupt and must be repaired or replaced before any packets that depend on it can be verified, in this case, data values A, through A,, 500a-c.
  • the other hash block packet can be verified and remains unaffected by the corruption of the previous hash block packet. For instance, in Fig. 5, even if the first packet 501 a in the hash block, B , , B 2 , B 3 , was damaged, the second packet 501 b in the same hash block, B 4 , B 5 , B 6 , could still be checked by comparison of the hash of the packet 501b with the value C 2 .
  • the data packets are checked in the same manner.
  • the data packet A 10 , A, , , A, 2 would be checked by comparing the hash of the data packet 500d with the value B 4 . If this check fails, the data packet A, 0 , A,,, A 12 , is corrupt. However, the other data packets can still be verified.
  • the data receiving 12 and verification procedure (Fig. 3) is applied to the top level hash block 502 to verify data set 500.
  • data packets may be verified even if the data is sent, received or retrieved out of order.
  • Systems consistent with the present invention need not wait for all of the packets to be delivered to verify a data packet. Any packet can be verified as long as the hash block for that packet has been received and verified. This effectively reduces the delay time to the amount of time required to compute the hash and compare it to the value stored in its corresponding hash block. This delay time is much less than bulk signature's delay time in which all packets must be received before any can be verified.
  • the computational overhead is less than packet-level signature.
  • Hierarchical hashing consistent with the present invention protects against malicious modification of data, while checksums do not. It also allows a single digital signature to apply to an arbitrary amount of data, which packet-level signature does not.
  • the structure permits verification of data as it is received, thus eliminating the delay time of waiting for all of the data to be received as in bulk signature methods.
  • the data can be verified as it is received, systems consistent with the present invention do not have the high computational overhead associated with individual packet signing. Additionally, the data need not be received or sent in any particular order for verification to begin.
  • the hierarchical structure allows for recognition of corrupt individual packets or sections of data.
  • the other packets that are not corrupt can be used and are unaffected by the corrupt packets. Additionally, other packets that are unverified can be verified even though some packets may be corrupt. Corrupt packets can be repaired or recovered while other packets are being checked. Total replacement of the data is not needed as in bulk signature methods, thus creating greater efficiency and reducing time expended. 13
  • systems consistent with the present invention thus allow a single digital signature to protect an arbitrary amount of data, while cryptographically protecting individual portions of the data.
  • a hierarchy of hash values representing the data is built, and the top level of hashes are signed and sent. After receipt, the digital signature on the hash values is checked. The data, upon receipt, is checked against the hash values that corresponded to the data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
EP99905733A 1998-02-04 1999-02-04 Verfahren und vorrichtung zur effizienten authentifizierung und prüfung der integrität unter verwendung von hierarchischem hashing Withdrawn EP0972374A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US1853198A 1998-02-04 1998-02-04
US18531 1998-02-04
PCT/US1999/002417 WO1999040702A1 (en) 1998-02-04 1999-02-04 Method and apparatus for efficient authentication and integrity checking using hierarchical hashing

Publications (1)

Publication Number Publication Date
EP0972374A1 true EP0972374A1 (de) 2000-01-19

Family

ID=21788409

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99905733A Withdrawn EP0972374A1 (de) 1998-02-04 1999-02-04 Verfahren und vorrichtung zur effizienten authentifizierung und prüfung der integrität unter verwendung von hierarchischem hashing

Country Status (4)

Country Link
EP (1) EP0972374A1 (de)
JP (1) JP2001519930A (de)
AU (1) AU2583099A (de)
WO (1) WO1999040702A1 (de)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11254153B2 (en) 2019-02-06 2022-02-22 Hewlett-Packard Development Company, L.P. Modifying control data packets that include random bits
US11364719B2 (en) 2019-02-06 2022-06-21 Hewlett-Packard Development Company, L.P. Print component with memory array using intermittent clock signal
US11400704B2 (en) 2019-02-06 2022-08-02 Hewlett-Packard Development Company, L.P. Emulating parameters of a fluid ejection die
US11407218B2 (en) 2019-02-06 2022-08-09 Hewlett-Packard Development Company, L.P. Identifying random bits in control data packets
US11485134B2 (en) 2019-02-06 2022-11-01 Hewlett-Packard Development Company, L.P. Data packets comprising random numbers for controlling fluid dispensing devices
US11559985B2 (en) 2019-02-06 2023-01-24 Hewlett-Packard Development Company, L.P. Integrated circuit with address drivers for fluidic die
US11912025B2 (en) 2019-02-06 2024-02-27 Hewlett-Packard Development Company, L.P. Issue determinations responsive to measurements

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000050573A1 (fr) 1999-02-22 2000-08-31 Transgene S.A. Procede d'obtention d'une preparation virale purifiee
US6715076B1 (en) * 1999-10-21 2004-03-30 Koninklijke Philips Electronics N.V. Video signal authentication system
EP1195734B1 (de) 2000-01-21 2008-02-27 Sony Corporation Daten-identifizierungs-system
US6986048B1 (en) * 2000-01-24 2006-01-10 Koninklijke Philips Electronics N.V. Protecting content from illicit reproduction by proof of existence of a complete data set using security identifiers
JP4137370B2 (ja) * 2000-12-19 2008-08-20 株式会社リコー セキュア電子メディア管理方法
GB0229894D0 (en) 2002-12-21 2003-01-29 Ibm Methods, apparatus and computer programs for generating and/or using conditional electronic signatures and/or for reporting status changes
JP4460251B2 (ja) * 2003-09-19 2010-05-12 株式会社エヌ・ティ・ティ・ドコモ 構造化文書署名装置、構造化文書適応化装置及び構造化文書検証装置。
CN101086880B (zh) * 2004-04-02 2010-06-02 松下电器产业株式会社 未授权内容检测系统
JP2005354217A (ja) 2004-06-08 2005-12-22 Sony Corp 情報出力処理装置、情報入力処理装置、情報処理システム及び情報処理方法
FR2887350A1 (fr) * 2005-06-21 2006-12-22 France Telecom Procede de securisation d'un contenu stocke sur un support de donnees a partir de la verification d'une signature d'int egrite, programme, dispositif et support correspondants
JP4827468B2 (ja) 2005-07-25 2011-11-30 キヤノン株式会社 情報処理装置及び情報処理装置の制御方法、並びにコンピュータプログラム及びコンピュータ可読記憶媒体
CA2627136A1 (en) * 2005-11-04 2007-05-10 Nec Corporation Message authentication device, message authentication method, message authentication program and storage medium therefor
US8204213B2 (en) 2006-03-29 2012-06-19 International Business Machines Corporation System and method for performing a similarity measure of anonymized data
JP5002205B2 (ja) * 2006-07-10 2012-08-15 任天堂株式会社 データ認証方法およびデータ認証システム
WO2008026238A1 (fr) * 2006-08-28 2008-03-06 Mitsubishi Electric Corporation Système de traitement de données, procédé de traitement de données, et programme
JP4869845B2 (ja) * 2006-09-14 2012-02-08 Kddi株式会社 デジタル放送用コンテンツ配信装置、デジタル放送用コンテンツ認証システム、デジタル放送用コンテンツ認証方法およびプログラム
JP4938409B2 (ja) * 2006-10-13 2012-05-23 Kddi株式会社 デジタル放送用コンテンツ配信装置、デジタル放送用コンテンツ認証システム、デジタル放送用コンテンツ認証方法およびプログラム
US7624276B2 (en) * 2006-10-16 2009-11-24 Broadon Communications Corp. Secure device authentication system and method
US8949600B2 (en) 2006-10-27 2015-02-03 Qualcomm Incorporated Composed message authentication code
KR101356736B1 (ko) * 2007-01-19 2014-02-06 삼성전자주식회사 콘텐츠의 무결성을 확인하기 위한 콘텐츠 제공 장치 및방법 및 콘텐츠 사용 장치 및 방법, 및 콘텐츠 사용 장치를폐지하는 콘텐츠 제공 장치 및 방법
JP4359622B2 (ja) 2007-01-22 2009-11-04 富士通株式会社 電子署名プログラム、および電子署名装置
US9032181B2 (en) 2009-05-19 2015-05-12 Vmware, Inc. Shortcut input/output in virtual machine systems
KR20130024996A (ko) * 2011-08-24 2013-03-11 한국전자통신연구원 멀티캐스트 환경에서 싱글 버퍼 해시를 이용한 소스 인증 방법 및 장치
JP5315422B2 (ja) * 2012-01-10 2013-10-16 任天堂株式会社 データ認証方法およびデータ認証システム
DE102012104947B4 (de) * 2012-06-07 2016-06-30 cp.media AG Verfahren zum Erzeugen eines gesicherten Datenobjekts und System
DE102013226780A1 (de) * 2013-12-19 2015-06-25 Siemens Aktiengesellschaft Verfahren und Vorrichtung zum digitalen Signieren einer Datei
JP6289680B2 (ja) 2015-01-19 2018-03-07 三菱電機株式会社 パケット送信装置、パケット受信装置、パケット送信プログラムおよびパケット受信プログラム
IL248237A0 (en) 2016-10-06 2017-01-31 Kipnis Aviad A method and system for signing
IL250359A0 (en) 2017-01-30 2017-03-30 Kipnis Aviad Method and system for signing
JP6794383B2 (ja) * 2018-01-15 2020-12-02 株式会社東芝 電子装置、方法、プログラム及びサーバ、方法、プログラム
CN109361734B (zh) * 2018-09-18 2021-04-20 百度在线网络技术(北京)有限公司 一种区块链的数据处理方法、装置、设备及介质

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5625693A (en) * 1995-07-07 1997-04-29 Thomson Consumer Electronics, Inc. Apparatus and method for authenticating transmitting applications in an interactive TV system
US5754659A (en) * 1995-12-22 1998-05-19 General Instrument Corporation Of Delaware Generation of cryptographic signatures using hash keys

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9940702A1 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11254153B2 (en) 2019-02-06 2022-02-22 Hewlett-Packard Development Company, L.P. Modifying control data packets that include random bits
US11364719B2 (en) 2019-02-06 2022-06-21 Hewlett-Packard Development Company, L.P. Print component with memory array using intermittent clock signal
US11400704B2 (en) 2019-02-06 2022-08-02 Hewlett-Packard Development Company, L.P. Emulating parameters of a fluid ejection die
US11407218B2 (en) 2019-02-06 2022-08-09 Hewlett-Packard Development Company, L.P. Identifying random bits in control data packets
US11485134B2 (en) 2019-02-06 2022-11-01 Hewlett-Packard Development Company, L.P. Data packets comprising random numbers for controlling fluid dispensing devices
US11559985B2 (en) 2019-02-06 2023-01-24 Hewlett-Packard Development Company, L.P. Integrated circuit with address drivers for fluidic die
US11840075B2 (en) 2019-02-06 2023-12-12 Hewlett-Packard Development Company, L.P. Emulating parameters of a fluid ejection die
US11912025B2 (en) 2019-02-06 2024-02-27 Hewlett-Packard Development Company, L.P. Issue determinations responsive to measurements

Also Published As

Publication number Publication date
WO1999040702A1 (en) 1999-08-12
AU2583099A (en) 1999-08-23
JP2001519930A (ja) 2001-10-23

Similar Documents

Publication Publication Date Title
EP0972374A1 (de) Verfahren und vorrichtung zur effizienten authentifizierung und prüfung der integrität unter verwendung von hierarchischem hashing
US10068090B2 (en) Systems and methods for detecting undesirable network traffic content
US6611925B1 (en) Single point of entry/origination item scanning within an enterprise or workgroup
US6145012A (en) Apparatus and method for efficiently updating files in computer networks
US6430608B1 (en) Method and apparatus for accepting and rejecting files according to a manifest
AU2003218378B2 (en) Enhancements to data integrity verification mechanism
US8316240B2 (en) Securing computer log files
US7970821B2 (en) Device and method for updating code
EP0966708B1 (de) Verfahren um die gültigkeit der beschreibung einer ausführbaredatei zu identifizieren
US5633931A (en) Method and apparatus for calculating message signatures in advance
US20040199743A1 (en) Data block location verification
KR19980042805A (ko) 자료파일내 자료가 진짜임을 검증하기 위한 방법, 장치 및 프로덕트
US7685174B2 (en) Automatic regeneration of computer files
US7389538B2 (en) Static code image modeling and recognition
US11269540B2 (en) Method, apparatus, and computer program product for managing application system
US20020191785A1 (en) Apparatus and method for encrypting and decrypting data with incremental data validation
US5822431A (en) Virtual authentication network for secure processors
CN114612101A (zh) 面向连接的可靠链间路由跨链方法及系统
US11307790B2 (en) Method, device, and computer program product for managing data placement
CN114138562B (zh) 基于备份系统恢复数据的方法及系统
EP1168165A2 (de) Gerät und Verfahren für Kodeaktualisierung
CN117667788B (zh) 数据的交互方法、计算机系统、电子设备和存储介质
CN116185449A (zh) 插件升级方法、装置、系统及终端设备
CN113806780A (zh) 一种基于区块链的部分可变信息存储方法和装置
CN117573399A (zh) 一种数据分布式存储数据错误检测方法及系统

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19991004

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SUN MICROSYSTEMS, INC.

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SUN MICROSYSTEMS, INC.

17Q First examination report despatched

Effective date: 20040216

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20040629