WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Implementing digital signatures for data streams and data archives    

Get related patents on CD
United States Patent5958051   
Link to this pagehttp://www.wikipatents.com/5958051.html
Inventor(s)Renaud; Benjamin J. (Woodside, CA); Pampuch; John C. (Morgan Hill, CA); Hodges Wilsher; Avril E. (Palo Alto, CA)
AbstractMethods, apparatuses and products are provided for establishing and verifying the authenticity of data within one or more data files. In accordance with one aspect of the present invention, a method for verifying the authenticity of data involves providing at least one data file which includes an identifier and a signature file which includes the identifier for the data file as well as a digital signature. The digital signature is then verified using a computer system, and the identifier in the data file is compared with the identifier in the signature file using the computer system. In one embodiment, the identifier for the data file includes at least one certificate authority, site certificate, software publisher identifier, or a site name, and verifying the authenticity of data involves setting a security level for at least one of the certificate authority, the site certificate, the software publisher identifier, and the site name.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History Custom Search
Inventor     Renaud; Benjamin J. (Woodside, CA); Pampuch; John C. (Morgan Hill, CA); Hodges Wilsher; Avril E. (Palo Alto, CA)
Owner/Assignee     Sun Microsystems, Inc. (Palo Alto, CA)
Patent assignment
All assignments
Company News
Publication Date     September 28, 1999
Application Number     08/780,817
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     January 9, 1997
US Classification    
Int'l Classification    
Examiner     Beusoliel Jr.; Robert W.
Assistant Examiner     Elmore; Stephen C.
Attorney/Law Firm     Beyer & Weaver, LLP
Address
Parent Case     CROSS REFERENCE TO RELATED APPLICATION The present invention is a continuation-in-part of U.S. patent application Ser. No. 08/753,716, entitled "Digital Signatures for Data Streams and Data Archives," filed Nov. 27, 1996, which is incorporated herein by reference in its entirety.
Priority Data    
USPTO Field of Search    
Patent Tags     implementing digital signatures data streams data archives
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5703951
Dolphin
705/51
Dec,1997
[0 after 0 votes]		5677953
Dolphin

Oct,1997
[0 after 0 votes]
5675650
Cordery
705/60
Oct,1997
[0 after 0 votes]		5619571
Sandstrom
380/200
Apr,1997
[0 after 0 votes]
5579393
Conner
713/176
Nov,1996
[0 after 0 votes]		5572590
Chess
726/22
Nov,1996
[0 after 0 votes]
5572673
Shurts
726/17
Nov,1996
[0 after 0 votes]		5499294
Friedman
713/179
Mar,1996
[0 after 0 votes]
5457746
Dolphin

Oct,1995
[0 after 0 votes]		5311591
Fischer
713/156
May,1994
[0 after 0 votes]
5191613
Graziano
713/176
Mar,1993
[0 after 0 votes]		5163091
Graziano
713/176
Nov,1992
[0 after 0 votes]
5031214
Dziewit
713/176
Jul,1991
[0 after 0 votes]		5005200
Fischer
380/30
Apr,1991
[0 after 0 votes]
4981370
Dziewit
713/176
Jan,1991
[0 after 0 votes]		4868877
Fischer
713/157
Sep,1989
[0 after 0 votes]
4405829
Rivest
380/30
Sep,1983
[0 after 0 votes]		5214702
Fischer
380/30
Dec,1969
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B

[0 market size comments]
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 market share comments]
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 reasonable royalty comments]
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A

[0 Guesstimation of Royalty Value Comments]
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 license availability comments]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 owner/assignee comments]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]

[0 competitive advantage comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]

[0 commercial alternatives comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed is:

1. A computer-implemented method for verifying the authenticity of data, the method comprising:

a) receiving at least one data file and a signature file, wherein the data file and the signature file are separate, the data file including a first identifier, the signature file including a representation of the first identifier for the data file and a digital signature, the signature file being arranged to include representations of identifiers for additional data files; and

b) processing the signature file using a computer system to determine the authenticity of the signature file;

c) comparing the first identifier in the data file with the representation of the first identifier in the signature file using the computer system to determine the authenticity of the data file, wherein processing the signature file further includes processing the digital signature using the computer system to determine the authenticity of the signature file; and

d) marking the data file as signed when the first identifier in the data file and the representation of the first identifier in the signature file match.

2. The method as recited in claim 1 wherein when the first identifier in the data file and the representation of the first identifier in the signature file do not match, the method further includes at least one selected from the group of ignoring the data file, aborting the loading of the data file, and alerting a user.

3. A computer-implemented method for verifying the authenticity of data as recited in claim 1 further including:

comparing a second identifier in a second data file with a representation of the second identifier in the signature file using the computer system.

4. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein processing the digital signature further includes verifying the digital signature with a signature algorithm, the signature algorithm being a keyed algorithm.

5. A computer-implemented method for verifying the authenticity of data as recited in claim 4 wherein the signature algorithm is selected from a group consisting of a DSA algorithm, and a combined Message Digest and RSA algorithm.

6. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein comparing the first identifier in the data file with the representation of the first identifier in the signature file further includes generating one or more of the identifiers with a one-way hash function algorithm.

7. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein comparing the first identifier in the data file with the representation of the first identifier in the signature file further includes checking one or more of the identifiers with a cyclic redundancy checksum algorithm.

8. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein the signature file includes additional data selected from the group consisting of a text, a name, an author, a version, a time-stamp, and a rating.

9. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein the identifier is generated using one of a one-way hash function algorithm and a cyclic redundancy checksum algorithm.

10. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein receiving the data file and the signature file further includes transferring the data file and the signature file among networked computers.

11. A computer-implemented method for verifying the authenticity of data as recited in claim 1 wherein the first identifier in the data file includes at least one of a certificate authority, a site certificate, a software publisher identifier, and a site name, the method further including setting a security level for at least one of said certificate authority, said site certificate, said software publisher identifier, and said site name.

12. A computer-implemented method for verifying the authenticity of data as recited in claim 11 including downloading the data file to the computer system, and when the data file comprises an applet and when the digital signature is verified, the method includes branding the applet as verified and running the applet.

13. A computer-implemented method for verifying the authenticity of data as recited in claim 12 wherein when the data file comprises an applet, and when the signature is not verified, the method includes determining whether an unsigned data file is acceptable for execution on the computer, and terminating the applet if an unsigned data file is not acceptable for execution on said computer.

14. A computer-implemented method for verifying the authenticity of data as recited in claim 13 including branding the applet when the unsigned data file is determined acceptable for execution on said computer.

15. A computer-implemented method for verifying the authenticity of data as recited in claim 14 including the running the applet and determining whether the applet performs an action that triggers a security check.

16. A computer-implemented method for verifying the authenticity of data as recited in claim 15 wherein the security check includes comparing the brand with the security level and allowing the action when the security check is satisfied and disallowing the action if the security check is not satisfied.

17. A computer-implemented method for verifying the authenticity of data as recited in claim 1, further including establishing a data communication connection with a remote site using the computer system, determining whether the site requires a secure connection, and determining whether a site certificate for the site is valid in response to a determination that a secure connection is required.

18. A computer-implemented method for verifying the authenticity of data as recited in claim 17, further including determining whether the site certificate is trusted in response to a determination that the site certificate is valid.

19. An apparatus for verifying the authenticity of at least one data file and a signature file, the data file including an identifier, the signature file including a representation of the identifier for the data file and a digital signature, the apparatus comprising:

a processor for processing the digital signature to determine the authenticity of the signature file; and

a comparator for comparing the identifier in the data file with the representation of the identifier in the signature file using the computer system to determine the authenticity of the data file, wherein the processor is further arranged to process the digital signature using the computer system to determine the authenticity of the signature file, the comparator further including a marker for marking the data file as signed when the identifier in the data file and the representation of the identifier in the signature file match.

20. An apparatus for verifying the authenticity of data as recited in claim 19 wherein the comparator for comparing the identifier in the data file with the representation of the identifier in the signature file using the computer system is further arranged to alert a user when the identifier in the data file and the representation in the signature file do not match.

21. An apparatus for verifying the authenticity of data as recited in claim 19 wherein the comparator for comparing the identifier in the data file with the representation of the identifier in the signature file using the computer system is further arranged to compare each identifier for each data file with the representation of the identifier in the signature file.

22. An apparatus for verifying the authenticity of data as recited in claim 19 wherein the processor for processing the digital signature is further arranged to verify the digital signature with a signature algorithm.

23. An apparatus for verifying the authenticity of data as recited in claim 22 wherein the signature algorithm is selected from a group consisting of a DSA algorithm, and a combined Message Digest and RSA algorithm.

24. An apparatus for verifying the authenticity of data as recited in claim 19 wherein the identifier in the data file includes at least one of a certificate authority, a site certificate, a software publisher identifier, and a site name, the apparatus further including:

a mechanism for setting a security level for at least one of the certificate authority, the site certificate, the software publisher identifier, and the site name.

25. An apparatus for verifying the authenticity of data as recited in claim 19 further including a mechanism for establishing a data communication connection with a remote site using the computer system, wherein the mechanism for establishing the data communication connection is arranged to determine whether the site requires a secure connection, and to determine whether a site certificate for the site is valid in response to a determination that a secure connection is required.

26. An apparatus for verifying the authenticity of data as recited in claim 25 wherein the mechanism for establishing the data communication system is further arranged to determine whether the site certificate is trusted in response to a determination that the site certificate is valid.

27. A computer program product for verifying the authenticity of data, the computer program product comprising:

computer code that receives at least one data file and a signature file, the data file including an identifier, the signature file including a representation of the identifier for the data file and a digital signature;

computer code that process the signature file using a computer system to determine the authenticity of the signature file, wherein the computer code that processes the signature file further includes computer code that processes the digital signature using the computer system to determine the authenticity of the signature file;

computer code that compares the identifier in the data file with the representation of the identifier in the signature file using the computer system to determine the authenticity of the data file, wherein the computer code that compares the identifier in the data file with the representation of the identifier in the signature file using the computer system further includes computer code that marks the data file as signed when the identifier in the data file and the representation of the identifier in the signature file match; and

a computer-readable medium that stores the computer codes.

28. A computer program product as recited in claim 27 wherein the identifier in the data file includes at least one of a certificate authority, a site certificate, a software publisher identifier, and a site name, the computer program product further including computer code that sets a security level for at least one of said certificate authority, said site certificate, said software publisher identifier, and said site name.

29. A computer program product as recited in claim 28 further including computer code for downloading the data file to the computer system, the computer program product further including computer code that brands the applet as verified and computer code that runs the applet when the data file includes an applet and when the digital signature is verified.

30. A computer program product as recited in claim 29 further including computer code for determining whether an unsigned data file is acceptable for execution on the computer, and terminating the applet if an unsigned data file is not acceptable for execution on said computer when the data file comprises an applet, and when the signature is not verified.

31. A computer program product as recited in claim 27 further including computer code for establishing a data communication connection with a remote site using the computer system, computer code for determining whether the site requires a secure connection, and computer code for determining whether a site certificate for the site is valid in response to a determination that a secure connection is required.

32. A computer program product as recited in claim 31 further including computer code for determining whether the site certificate is trusted in response to a determination that the site certificate is valid.
 Description Submit all comments and votes
 


FIELD OF THE INVENTION

The present invention relates generally to the sharing of data among computing resources. More specifically, the present invention relates to methods, apparatuses and products for securing and verifying the authenticity of data being processed on a computer system.

BACKGROUND OF THE INVENTION

With the increasing popularity of networked computing environments, such as the Internet, there has been a corresponding increase in the demand to provide for the transferring of shared information among the networked computers in a secure manner. For example, when a user of the Internet sends information in the form of data to another user it may be useful for the receiving user to verify that the data received has not been corrupted or otherwise altered in some manner. Furthermore, the receiving user may also find it useful to verify that the data received was actually sent by the proper sending user rather than an impostor.

As a result, methods and algorithms that increase the security of data transmitted over computer networks and other data links have been developed and deployed with some success. The more secure methods tend to include encrypting all or part of the data prior to sending it, and likewise decrypting the received data prior to using it. Such encryption and decryption techniques may, for example, include adding encryption data to the data file, and encoding or otherwise transforming the data in the data file with a computer system by running a "signature algorithm".

There are currently several signature algorithms in use today. One popular signature algorithm is actually a combination of a Message Digest algorithm and an RSA encryption algorithm (e.g., MD5 with RSA, or MD2 with RSA, or the like). The Message Digest with RSA signature algorithm is a patented algorithm (U.S. Pat. No. 4,405,829 issued Sep. 20, 1983) that is available from RSA Data Security, Inc. of Redwood City, Calif. Another popular signature algorithm is the DSA encryption algorithm. The DSA encryption algorithm, which is available from the United States Government, may be used for limited purposes by private parties as a signature algorithm. These signature algorithms will be discussed in limited detail below. For a more detailed description of these and other signature algorithms and related encryption operations, refer to Applied Cryptography, Second Edition, 1996, by Bruce Schneier which is available from John Wiley & Sons, Inc. New York City, N.Y., and which is herein incorporated, in its entirety, by reference.

The Message Digest with RSA algorithm includes the capability to generate a "digital signature" that can be added to data files. Digital signatures are basically mechanisms through which users may authenticate the source of a received data file. A digital signature is typically a special sequence of data that can be generated and provided along with a related data file to other users. The basic concept behind most signature algorithms is that every user ( e.g., individuals, companies, governments, etc.) will have a "key pair" that includes both a "private key" and a "public key". A key may, for example, be a numerical sequence. The private key is a unique key that is assigned to a single user and intended to be kept secret by that user. The private key may be used by the assigned user to create a digital signature for a data file with a signature algorithm. The public key, on the other hand, is typically made available to all other users. The public key may be used by these other users to verify that the digital signature on a received data file is authentic (i.e., that the digital signature was created with the private key). The verification process is accomplished with the same signature algorithm. In principle, such a verification process may provide a relatively high level of confidence in the authenticity of the source of the received data.

In addition to digital signature generating algorithms, there are also algorithms that may be used to authenticate that the data file has not been corrupted in some manner. These algorithms are typically known as "one-way hash functions". One example of such an algorithm is the Message Digest, introduced above. A one-way hash function usually does not require a key. One-way hash functions typically include additional data that is inserted into the data file. As such, when the data file is received the hash function may be used to verify that none of the data within the data file has been altered since the generation of the hash function. However, hash functions are typically limited in that the user may not necessarily infer anything about the associated file, such as who sent it. It is noted that many signature algorithms use one-way hash functions as internal building blocks.

For relatively open, unsecured networks such as the Internet, it may be useful for users to authenticate received data files prior to using them as intended. Such data files may include, but are not limited to, computer programs, graphics, text, photographs, audio, video, or other information that is suitable for use within a computer system. No matter the type of data file, authentication may be accomplished with a signature algorithm or similar type of encryption algorithm as described above. By way of example, if the data file is a software program the user may wish to authenticate that it was sent by a trustworthy authority prior to exposing his or her computer system to the software program, lest the program include a "Trojan Horse" that infects the user's computer with a virus. In such a case, the sending user may authenticate the data as described above.

Another example is where the receiving user wishes to authenticate a text and/or image data file prior to displaying it on his or her computer screen. This may be useful to control the display of text and images having undesirable content. For example, parents may want to limit any access their children may have to pictures and text relating to adult subjects and materials. This can be accomplished by verifying that the data file (e.g., a text or image file), came from a trusted source. Similarly, providers of text and image files may want to provide a "stamp" of approval or authenticity so as to control the use of tradenames and other intellectual property.

Unfortunately, the process of encrypting and decrypting, signing and verifying, and/or generating hash functions places an additional burden on the sending and receiving user's computational resources. The burden is compounded for users who send and receive several data files. By way of example, the growth of that aspect of the Internet known as the World-Wide Web has lead to a tremendous increase in the transfer of multiple data files between users. These multiple data files often include the components or objects that constitute an object-oriented software process, such as a Java.TM. applet. To illustrate the potential burden that can be placed on the receiving user's computer resources in such a multiple data file transfer, one need only calculate the resulting processing time associated with verifying the digital signatures for each of the files. For example, if an Java.TM. applet included 200 digitally signed Java.TM. class files (including data files), assuming that the average verification process took about 1 second on a conventional desktop personal computer, then the user would have to wait for about 200 seconds after receiving the data files to use the applet. Such delays may significantly reduce the effectiveness of such a computer network environment. This is especially true for data files relating to a timed process, such as streaming audio or video data file in real (or near-real) time.

Therefore, what is desired are more efficient methods, apparatuses and products for securing and verifying the authenticity of data files, especially for data files intended to be transferred over computer networks.

SUMMARY OF THE INVENTION

The present invention provides more efficient methods, apparatuses and products for securing and verifying the authenticity of data files, such as data files intended to be transferred over computer networks. In accordance with one aspect of the present invention, a method for verifying the authenticity of data involves providing at least one data file which includes an identifier and a signature file which includes the identifier for the data file as well as a digital signature. The digital signature is then verified using a computer system, and the identifier in the data file is compared with the identifier in the signature file using the computer system.

In one embodiment, the identifier for the data file includes at least one certificate authority, site certificate, software publisher identifier, or a site name, and verifying the authenticity of data involves setting a security level for at least one of the certificate authority, said site certificate, said software publisher identifier, and said site name. In such an embodiment, the data file is downloaded to the computer system, and if the data file is an applet and the digital signature is verified, then verifying the authenticity of data also involves branding and running the applet accordingly.

In another embodiment, a data communication connection is established between the computer system and a remote site, and a determination is made regarding whether the site requires a secure connection, and when a secure connection is required, a determination is made regarding whether a site certificate for the site is valid. In such an embodiment, a determination can be made as to whether the site certificate is trusted if it is determined that the site certificate is valid.

In another aspect of the present invention, an apparatus for verifying the authenticity of at least one data file, which includes an identifier, and a signature file which includes the identifier for the data file in addition to a digital signature, includes a verifier for verifying the digital signature and a comparator for comparing the identifier in the data file with the identifier in the signature file. In one embodiment, the digital signature is verified with a signature algorithm. In another embodiment, the comparator includes a one-way hash function algorithm.

In still another aspect of the present invention, a computer program product including a computer-usable medium having computer-readable program code embodied thereon for use in verifying the authenticity of data provides at least one data file and a signature file, where the data file includes an identifier and the signature file includes the identifier for the data file and a digital signature. Program code for verifying the digital signature using the computer system and comparing the identifier in the data file with the identifier in the signature file is also included in the computer program product.

In one embodiment, the computer program product includes computer-readable program code for downloading the data file to the computer system and verifying the digital signature when the data file is an applet, and appropriately branding the applet. In another embodiment, computer-readable program code includes code for running the applet and code for determining whether the applet performs an action that triggers a security check. In another embodiment, code is included for use in establishing a secure connection with a remote site.

In yet another aspect of the present invention, a computer system arranged to verify the authenticity of a data file, which includes an identifier and is associated with a signature file that has the identifier for the data file and a digital signature, includes a processor, a memory coupled to the processor, and a verifier arranged to verify the digital signature and compare the identifier in the data file with the identifier in the signature file. In one embodiment, the identifier for the data file includes at least one of a certificate authority, a site certificate, a software publisher identifier, and a site name. In such an embodiment, the verifier is further arranged to set a security level for at least one of the certificate authority, the site certificate, the software publisher identifier, and the site name. In another embodiment, the data file is an applet and the verifier is arranged both to brand the applet and to run the applet.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention, together with further advantages thereof, may best be understood by reference to the following description taken in conjunction with the accompanying drawings in which:

FIG. 1 illustrates a networked computing environment;

FIG. 2 illustrates a typical computer system for use with the networked computing environment in FIG. 1;

FIG. 3a illustrates an embodiment of an archival data structure, including a signature file, for use with an embodiment of the present invention;

FIG. 3b illustrates an embodiment of a signature file, for use with an embodiment of the present invention; and

FIG. 4 is a flow chart of an embodiment of the present invention for use with data structures having signature files.

FIG. 5 is a flow chart which illustrates the steps associated with setting security levels in a security manager in accordance with an embodiment of the present invention.

FIG. 5a is a diagrammatic representation of a browser interface which illustrates advanced settings in accordance with an embodiment of the present invention.

FIG. 6 is a flow chart which illustrates the steps associated executing an applet which uses verification settings in accordance with an embodiment of the present invention.

FIG. 7 is a flow chart which illustrates the steps associated with establishing a connection across a computer network in accordance with an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Several embodiments of the present invention provide novel methods, apparatuses and products that reduce the computational demands placed on both source user computer systems and receiving user computer systems by requiring the implementation and the verification of only a single digital signature for an arbitrary number of data files. In accordance with an embodiment of the present invention the data files need not be individually signed. Instead, a separate signature file is created such that when the separate signature file is digitally signed and later verified, the data files to which it corresponds can be authenticated without running the signature algorithm for each of these data files. In one embodiment, the signature file includes a list of "identifiers", such as one-way hash functions, that are associated with each of the data files to be transferred. As such, the signature file is essentially the cryptographic equivalent of a digital signature for each of the data files.

Thus, with an embodiment of the present invention a user can create a signature file that includes unique identifiers for each data file. The signature file can be digitally signed by using a signature algorithm. The signed signature file and data files can then be sent to a receiving user, who can then verify the digital signature using the appropriate signature algorithm. Once the digital signature has been verified, the identifiers within the signature file can be compared to the identifiers within the data files. If the identifier within a given data file matches the corresponding identifier in the signature file, then the data file can be verified as being authentic. The receiving user can then proceed to process the verified data files with confidence in their authenticity. As a result, computational delays can be reduced because there is no longer the need to digitally sign and later verify the digital signature for each of the data files.

FIG. 1 illustrates a networked computing environment 10, as represented by a block diagram of a source user computer system 12 coupled to exchange information in the form of data with a receiver user computer system 14 over a data link 16. Source user computer system 12 can, for example, take the form of a server computer such as a web server associated with the Internet. Likewise, receiving user computer system 14 can, for example, take the form of a client system that is networked via data link 16 to a web server. In such a case, data link 16 can therefore represent a portion of, or the entire, Internet and other connected networks. Data link 16 can also represent one or more local area networks (LANs), wide area networks (WANs), "intranets" or "extranets", or other like telecommunication or data networks.

FIG. 2 illustrates a typical computer system 20 that can be used by either a sending user or a receiving user, in accordance with FIG. 1. Alternatively, computer system 20 can be a stand-alone computer capable of receiving data through computer useable products. Computer system 20 includes one or more processors 22, a primary memory 24, a secondary memory 26, one or more input/output (I/O) devices 28, one or more network communication devices 30, and one or more buses 32.

Processors 22 provide the capability to execute computer instructions. Processors 22 can, for example, be microprocessors, central processing units (CPUs),or microcontrollers such as found in many of the desktop, laptop, workstation, and mainframe computers available on the market. Processors 22 can also take the form of conventional or even customized or semi-customized processors such as those typically used in special purpose or larger frame computers, telecommunication switching nodes, or other networked computing devices. Processors 22 are coupled to output data to buses 32 and to input data from buses 32.

Buses 32 are capable of transmitting or otherwise moving data between two or more nodes. Buses 32 can, for example, take the form of a shared general purpose bus or can be dedicated to transmitting specific types of data between specific nodes. Buses 32 can include interface circuitry and software for use in establishing a path between nodes over which data can be transmitted. It is recognized that some devices, such as processors 22 can also include one or more buses 32 internally for transmitting data between internal nodes therein. Data can include processed data, addresses, and control signals.

Primary memory 24 typically provides for the storage and retrieval of data. Primary memory 24 can, for example, be a random access memory (RAM) or like circuit. Primary memory 24 can be accessed by other devices or circuits, such as processors 22, via buses 32.

Secondary memory 26 typically provides for additional storage and retrieval of data. Secondary memory 26 can, for example, take the form of a magnetic disk drive, a magnetic tape drive, an optically readable dev