The following relates to a method and an apparatus for digitally signing, particularly signing multiple times, a file that has hierarchically structured data objects.
Digital signatures are used to establish the authenticity of electronically transmitted messages or electronic files or documents. By checking the digital signature, it is possible to establish whether these messages or files have been altered. The files to be signed normally have a few thousand bytes. In order to keep the computation time for forming a cryptographic checksum within acceptable limits, the checksum is usually not computed over the whole data string, but rather a hash function is first of all used to form a hash value by way of the data string to be signed. Hash functions are one-way functions for compressing data.
The files to be signed have a prescribed file structure. In the case of many file types, each file has hierarchically structured data objects. Particularly multimedia files that have an ISO base media file format contain hierarchically structured data objects that are also referred to as boxes. Hierarchically structured data objects of this kind offer a flexible extendible file format that facilitates interchange, file management, editing and presentation of the media data. The presentation of the data can take place locally or via a network or a data stream. In this case, the file format with the hierarchically structured file objects contained therein is designed such that it is independent of particular network protocols.
As can be seen in
Yongdong, Wu et al.: “Scalable authentication of MPEG-4 streams”, IEEE Transactions on Multimedia, Volume 8, issue 1, describes multiple authentication methods for MPEG-4 data streams. All the authentication methods proposed each require just a single digital signature for a compressed MPEG-4 object group.
In many instances of application, it is desirable for files to be signed multiple times by various entities or units. In a release process for a film, for example, it is necessary for the film or movie to be released or signed by different offices within the production company and also by various authorities. A further application example is evidence files in court proceedings. If a file, particularly a video file, contains evidence that may be relevant to a lawsuit, for example, the file can first of all be signed by the investigating officer and then forwarded to the public prosecution department, for example, which for its part signs the received file and finally forwards it to a receiving office at the court as relevant evidence, with the receiving office at the court for its part possibly signing the file received from the public prosecution department. In many instance of application, it is therefore necessary for a file, particularly a media file, to be signed multiple times by various entities in a chain, the number of signing entities possibly varying. In many cases, it is also not certain how many entities in the chain will sign the file. With conventional methods of signing, it is not possible for hierarchically structured file objects to be signed multiple times. A reason for this is that when new content is added, the interleaved data objects of the file require the magnitudes of the superordinate data objects or mother boxes to be aligned, which makes it impossible to check a signing that has already taken place.
An aspect relates to a method and an apparatus for digitally signing a file that has hierarchically structured data objects that allow the file to be signed multiple times.
In one possible embodiment of the method according to embodiments of the invention, the digital signature is computed for all or at least some of the data of the file, including the at least one generated signature data object.
In one possible embodiment of the method according to the invention, a signature data object comprises
an identifier for identifying the signature data object,
a data magnitude of the signature data object,
a reference list that contains references to signature data objects that there are already within the file, and
a memory area for writing the computed digital signature to the signature data object.
In a further possible embodiment of the method according to the invention, the digital signature is computed by computing a value, particularly a hash value, for the data of the file and encrypting the computed value by means of a cryptographic key to form the digital signature.
In a further possible embodiment of the method according to the invention, the file to be signed is first of all parsed to determine whether there is already a signature data object at file level.
In a further possible embodiment of the method according to the invention, if there are already signature data objects in the file to be signed, that signature data object that has the longest reference list is selected and its reference list is extended with the identifier of the generated signature data object as reference.
In a further possible embodiment of the method according to the invention, the signature data object has a time statement indicating the time of production of the signature data object.
In a further possible embodiment of the method according to the invention, the signature data object has a time statement indicating the time of production of the digital signature stored therein.
In a further possible embodiment of the method according to the invention, in the reference list of a signature data object, the digital signature produced first and/or the order of the digital signatures produced and/or the digital signature produced last is identifiable, particularly on the basis of the time statements.
In a further possible embodiment of the method according to the invention, the file to be signed has an ISO base media file format.
In a further possible embodiment of the method according to the invention, the file to be signed is signed multiple times by various signing units, wherein a method for digitally signing the file is performed sequentially for each signing unit, said method comprising the following steps:
generating at least one signature data object at file level,
computing a digital signature for data of the file and
writing the computed digital signature to the generated signature data object.
In a further possible embodiment of the method according to the invention, a determined digital signature of the file signed multiple times is verified independently of the other digital signatures that there are within the file.
In one possible embodiment of the method according to the invention, the independent verification of a determined digital signature of the file signed multiple times is effected by virtue of all signature data objects whose reference list is longer than the reference list of the data object to be verified in which the determined digital signature to be verified is located being rejected and a value, particularly a hash value, being computed for all or at least some of the remaining files of the file signed multiple times, which value is used to verify the digital signature by comparing said value with a comparison value that is computed by decrypting the digital signature by means of a cryptographic key.
In a further alternative embodiment of the method according to the invention, the independent verification of a determined digital signature of the file signed multiple times is effected by virtue of the signature data objects whose time statement is older than that of the signature data object to be verified being rejected and a value, particularly a hash value, being computed for all or at least some of the remaining data, which value is used to verify the digital signature by comparing said value with a comparison value that is computed in order to decrypt the digital signature by means of a cryptographic key.
In one possible embodiment of the method according to the invention, if the computed value matches the comparison value, then the digital signature of the file is recognized as valid.
Embodiments of the invention additionally provide an apparatus for digitally signing a file.
In one possible embodiment of the apparatus according to the invention, the generated signature data object comprises
an identifier for identifying the signature data object,
a data magnitude of the signature data object,
a reference list that contains references to signature data objects that there are already within the file, and
a memory area for writing the computed digital signature to the signature data object.
In a further possible embodiment of the apparatus according to the invention, the computation unit computes the digital signature by computing a value, particularly a hash value, for all or least some of the data of the file and forms the digital signature by encrypting the computed value by means of a cryptographic key.
In a further possible embodiment of the apparatus according to the invention, the apparatus contains a parser unit that parses the file to be signed to determine whether there is already a signature data object at file level,
wherein if there are already signature data objects in the file to be signed, then that signature data object that has the longest reference list is selected and its reference list is extended with the identifier of the generated signature data object as reference or its reference list is extended with the identifier of the selected signature data object as reference.
In one possible embodiment of the apparatus according to the invention, the signature data object has at least one time statement indicating the time of production of the signature data object and/or of production of the digital signature stored therein.
In a further possible embodiment of the apparatus according to the invention, in the reference list of a signature data object, the digital signature produced first and/or the order of the digital signatures produced and/or the digital signature produced last is identifiable, particularly on the basis of the time statements.
In a further possible embodiment of the apparatus according to the invention, the file to be signed has an ISO base media file format.
Some of the embodiments will be described in detail, with reference to the following figures, wherein like designations denote like members, wherein:
As can be seen from
The file to be signed may be a media file that has hierarchically structured data objects. In one possible embodiment, the file to be signed has an ISO base media file format [1]. The ISO base media file format contains what are known as boxes that are hierarchically structured. An example of a file D to be signed that comprises hierarchically structured data objects is shown in
The files D to be signed can be stored in a buffer store and supplied to the apparatus 1, which is shown in
To produce or generate the signature data object, the computation unit 3 computes a value, preferably a hash value H, by way of data of the file D to be signed and then encrypts the computed value, particularly the hash value, by means of a cryptographic key K to form the digital signature.
In one possible embodiment, the digital signature is computed by the computation unit 3 for all or at least some of the data of the file, including the at least one generated signature data object SIG. In one possible embodiment, the bits or memory areas into which the digital signature is later entered are set to a predefined value, for example to the value 0. This predefined value is included in the computation of the digital signature and replaced at the end by the actual digital signature that is produced by the computation unit 3. In an alternative embodiment, the bits into which the digital signature is later entered are precluded for computation by the computation unit 3.
In one possible embodiment, the computation unit 3 has at least one microprocessor for performing the computation. This microprocessor computes a digital signature for data of the file D to be signed and then writes the computed digital signature to the generated signature data object that is produced by the generation unit 2. In one possible embodiment, the computation unit 3 has access to a cryptographic key K that is stored in a protected memory area, for example. In one possible embodiment, the computation unit 3 uses a hash function to compute a hash value H for all or at least some of the data of the file D to be signed and then encrypts the computed hash value H by means of the read cryptographic key K to form the digital signature, which is then written to the memory area provided for this purpose in the signature data object SIG formed by the generation unit 2.
The file D′ digitally signed by the apparatus 1 can be transmitted via a transmission channel to a receiver that verifies the digital signature. In a further possible embodiment, the signed file D′ can be transmitted to a further apparatus 1 that digitally signs the already signed file D′ again. In this embodiment, an originally produced file D that has hierarchically structured data objects can be signed multiple times successively or sequentially by various apparatuses 1. In a further possible embodiment, the signed file D′ produced by the computation unit 3 is fed back and is signed multiple times by the same apparatus 1. In this embodiment, various users can use the same apparatus 1 to sign an originally present file multiple times, for example. Alternatively, various users each have a dedicated apparatus 1, which is shown in
In one possible embodiment of the apparatus according to the invention, a signature data object has at least one time statement indicating the time of production of the signature data object and/or of production of the digital signature stored therein. In the reference list VL of a signature data object, the digital signature produced first and/or the order of the digital signatures produced and/or the digital signature produced last is identifiable. In one possible embodiment, this is possible on the basis of the time statements that the signature data object contains.
The file D to be signed is signed multiple times by various units or the same unit, each signing unit first of all generating a signature data object at file level and then computing a digital signature for data of the file that is written to the generated signature data object. In this case, a determined digital signature of the file signed multiple times can be verified independently of the other digital signatures that there are within the file. In one possible embodiment, this involves signature data objects whose reference list VL is longer than the reference list of the signature data object to be verified in which the determined digital signature to be verified is situated being rejected and a value, particularly a hash value H, being computed for all or at least some of the other data of the file signed multiple times. This computed value, particularly hash value, is then used to verify the digital signature by comparing said value with a comparison value that is computed by decrypting the digital signature by means of a cryptographic key K. If the computed value matches the comparison value, then the digital signature of the file is recognized as valid.
In a further possible embodiment, the digital signature is verified by virtue of signature data objects whose time statement is older than that of the signature data object to be verified being rejected and a value, particularly a hash value H, being computed for all or at least some of the other data of the file signed multiple times, which value is used to verify the digital signature by comparing said value with a comparison value that is computed by decryption of the digital signature by means of a cryptographic key K. Provided that the computed value matches the comparison value, the digital signature of the file is recognized as valid.
In one possible embodiment, the time statement comprises a date and a time of day. In one possible embodiment, the time statement is produced by a timer of the apparatus 1. In one possible embodiment, the timer of the apparatus 1 produces a time stamp or a time statement indicating the time of production of the signature data object by the generation unit 2 and/or the time for computation of the digital signature by the computation unit 3. The method according to embodiments of the invention can be used to verify inner and outer digital signatures at any time independently of one another. The order of verification of the various digital signatures that are stored in the various generated signature data objects is therefore variable. The various digital signatures can be verified by the same or different units or entities. In the case of the apparatus 1 according to embodiments of the invention, the computation unit 3 can use symmetric or asymmetric decryption methods.
The containers or boxes or signature data objects may be embodied such that already existing definitions of box structures, for example ONVIF, can be adopted. In addition, the containers or boxes or signature data objects can be embodied such that signatures as are used for e-mail (RFC1847), for example, can be inserted directly. A container can therefore have a prescribed data structure. In one possible embodiment, each generated signature data object has not only the reference list VL but also a dedicated memory area or container for writing the computed digital signature to the signature data object.
The references or entries that the reference lists VL contain may be embodied differently. In one possible embodiment, the references have links or pointers to the respective signature box or the respective signature data object.
In a first step S1, at least one signature data object SIG is generated at file level.
In a further step S2, a digital signature is computed for data of the file. In this case, in one possible embodiment, the digital signature is computed for all or at least some of the data of the file, including the at least one signature data object generated in step S1.
In a further step S3, the computed digital signature is written to the generated signature data object SIG. In this case, the digital signature is preferably written or copied in a memory area M provided for this purpose in the signature data object produced.
To compute the digital signature in step S2, in one possible embodiment, a value, particularly a hash value H, is first of all computed for all or at least some of the data of the file and then the value is encrypted by means of a cryptographic key K to form the digital signature. The digital signature formed in this manner is then written to the generated signature data object SIG in step S3.
In one possible embodiment of the method shown in
In a further possible embodiment of the method according to the invention, a determined digital signature of the file signed multiple times is verified by first of all evaluating the time statements of the signature data objects. In this variant embodiment, all signature data objects whose time statement is older than that of the signature data object to be verified are first of all rejected and a value, particularly a hash value H, is computed for all or at least some of the remaining data of the file signed multiple times, which value is used to verify the digital signature by virtue of said value being compared with a comparison value that is computed by decryption of the digital signature by means of a cryptographic key K. If the computed value matches the comparison value, then the digital signature of the file is recognized as valid in this variant embodiment.
The data transmitted in the verified file can then be evaluated or can be output via an output unit. Transmitted audio-visual data of a media file are output to a user via an audio-visual output unit. The method according to embodiments of the invention allows multiple signing with digital signatures in a signature chain without preceding intervention in the data content of the file. The method according to embodiments of the invention allows digital signatures to be inserted into a multimedia file without the need for existing data content to be altered. In the case of the method according to embodiments of the invention, each digital signature uses a freshly generated associated signature box or an associated signature data object. A signature data object that has been produced has an associated box ID or identifier. In this case, the identifier may be situated outside or inside a reference list VL of the signature data object SIG. By way of example, a box ID used may be the serial number of a certificate issued by a certification center, or a key ID when a PGP encryption method is used.
In one possible embodiment, the signature data object generated in the method according to the invention can also be stored and/or used separately from the file. The reference list VL generated in the method according to embodiments of the invention for a signature data object that comprises references to existent digital signatures allows applications in which the order of the digital signatures is significant. The reference list with the digital signatures that it contains additionally makes it difficult for third parties to introduce incorrect or forged digital signatures into the system without this being recognized.
The method according to embodiments of the invention and the apparatus according to embodiments of the invention for digitally signing a file can be used for any hierarchically structured data objects that need to be signed multiple times, depending on the application.
Although the present invention has been disclosed in the form of preferred embodiments and variations thereon, it will be understood that numerous additional modifications and variations could be made thereto without departing from the scope of the invention.
For the sake of clarity, it is to be understood that the use of ‘a’ or ‘an’ throughout this application does not exclude a plurality, and ‘comprising’ does not exclude other steps or elements.
Number | Date | Country | Kind |
---|---|---|---|
10 2013 226 780.0 | Dec 2013 | DE | national |
This application claims priority to PCT Application No. PCT/EP2014/072551, having a filing date of Oct. 21, 2014, based off of DE Application No. 102013226780.0 having a filing date of Dec. 19, 2013, the entire contents of which are hereby incorporated by reference.
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/EP2014/072551 | 10/21/2014 | WO | 00 |