This invention relates generally to the authentication of digital payloads transmitted from one processor-based system to another.
A digital signature is a personal authentication method based on encryption and a secret authorization code used for “signing” electronic documents. An electronic document, file or other electronic data in digital form including streaming data may be called a payload. When a payload is transmitted from one processor-based system to another, an issue may arise as to whether or not the payload is an authorized payload.
A number of instances may arise when a payload is unauthorized. In one case, an unauthorized third party may attempt to gain access to a receiving processor-based system for some improper purpose. In another case, the owner of a receiving processor-based system may attempt to use another processor-based system to access his own processor-based system to alter software on his own processor-based system for an improper purpose. Thus, it may be desirable to require the presence of a digital signature on any payload received in a given processor-based system.
One example of a system in which it may be desirable to require authentication of payloads is a network with a plurality of processor-based clients that receive update software from another processor-based system such as a server. The possibility exists that a software update received by a client may be unauthorized. For example, someone may be attempting to improperly gain access to the client by providing software which effectively opens up the client to access by a third party. Examples of situations where this may be problem include systems that implement television distribution, systems that provide access to resources on a restricted basis and systems that allow access to electronic files under limited circumstances. In each case, an access or charge control embedded into the client may be circumvented if an unauthorized party attempts to alter the software which enforces the control on the client.
Still another situation in which it may be desirable to control the way the client operates is in connection with so-called MP3 players. MP3 players play digital files in accordance with the MPEG-1, layer 3 standard (Moving Pictures Experts Group-1 (MPEG-1) available from the International Organization of Standardization, ISO/IEC 11172-3 and ISO/IEC 13818-3 (1993)). In some applications, it may be desirable to restrict users' ability to download electronic files without charge. For example, it may be desirable to require users to pay a fee in order to access music over the Internet. This pay-per-download policy may be enforced by software within the MP3 player itself. Thus, one may attempt to circumvent such software by providing software updates to the MP3 player that are unauthorized.
Digital signature software may involve the use of public key algorithms. An electronic document may be encrypted using a private key to create a secure digital signature. In other cases, a separate algorithm is used for digital signatures that can not be used for encryption. A user encrypts a document with a private key thereby signing the document. The document is then sent to another processor-based system where it is decrypted with a public key provided by the user thereby verifying the signature. Thus, the key for decryption is obtained separately from the signed document.
Once a payload has been verified, it may then be used with impunity within the receiving processor-based system. In a variety of circumstances, it may be desirable to ensure that the payload that was uncorrupted as received is uncorrupted at all times thereafter.
Thus, there is a need for better ways to provide digital signatures in connection with payloads.