In a public computing network, such as the Internet, any user can distribute files. Unfortunately, this means that malicious persons can distribute fake versions or virus infected versions of legitimate popular software programs and other types of files. Several “Trojan horse” attacks have occurred in recent years to popular programs distributed over the Internet. In addition to the distribution using the Internet, there are also many ways a file can be distributed publicly, for example, using “Shareware” CDs (compact disks). In all these cases, there is a need for the end user to make sure that a file received through a public distribution channel is authentic and safe before using it.
File safety is conventionally provided in two ways. First, an individual user can utilize conventional anti-virus software to scan received files. This solution is reactionary, in that first a virus must be identifiable by the anti-virus software. Conventional anti-virus software programs provide little or no protection against new viruses. A virus has to first be discovered, then a considerable amount of research may be required to be performed to find ways to detect and destroy the virus. Finally, the solution has to be distributed to potentially millions of anti-virus software users. This is very inefficient.
Alternatively, a digital signature can be applied to a file to ensure file authenticity. The digital signature can be verified prior to using or accessing the file. This solution is also problematic. The creator of a file has to take actions to certify their public keys and sign the file to be distributed. Digital signature generation requires a considerable amount of work and cost, and as such few files distributed over the Internet are signed by their authors. Many useful files that are distributed publicly are not signed. A malicious person can attack these unsigned files. Another problem of this approach is that the files are not generally authenticated in the real time. That is, in general the file is authenticated one time by the creator. If some virus or other defects are discovered in the file after it is signed, the creator may not be able to communicate to all the users to avoid the signed file, especially when the file has already been burned into CDs and distributed publicly.