Online garners are notorious for coming up with creative ways to cheat during online game play. The cheating often involves modifying data saved to a persistent storage (such as a hard drive or a memory card) when concluding a current game session. If the data that are stored are then altered by a user, the modified data will be read when starting the next game session. The modification to the data can enable cheating to occur during game play, alter the previous game results so that the gamer is incorrectly ranked higher in a leaderboard, or provide the cheating gamer with some other unearned advantage.
Clearly, in this and other applications, it would be desirable to ensure that data saved to a persistent storage remain unmodified. If the data have been changed, the computing device with which the data storage is associated can be precluded from using the data that were stored. When applied to online gaming, the present invention can thus be employed to ensure that the data altered by a gamer is not loaded for use in subsequent game play. Similarly, in other applications, knowledge that data stored have been altered can be used to carry out other appropriate measures.
In the past, data signing typically has addressed the problem of ensuring that data being transferred between two parties is indeed being sent by the party purporting to be the source of the data. Data signing for this purpose has employed various methods of encoding, decoding, and verifying the data source. These methods typically involve the sharing of keys, such as a public key and a private key pair. The party sending the data signs it with a private key that is known only to that party, and the party receiving it verifies the data using the public key that will only be successful in verifying the data if the private key was used in signing it. However, the transfer of data between parties is a different problem than ensuring that stored data are not altered by a party having access to the stored data.
What is needed is a method for ensuring that stored data have not been altered that does not require key sharing, but securely signs the data that were stored, while providing a way to verify that the data have not been altered using the signature. In addition, it would be desirable to identify the entity that signed the data by incorporating a signer ID in the signature applied to the data before storage. Successful verification of the data that were stored and of the signer ID being unchanged will thereby ensure that the stored data have not been modified and can be used. Such a method is not restricted to a gaming environment but can be used to ensure the integrity of stored data in many other applications.