US 9754131 B2 - Page Substitution Verification Preparation - The Lens

Page Substitution Verification Preparation

Published: Sep 5, 2017
Earliest Priority: Mar 22 2008
Family: 16
Cited Works: 18
Cited by: 1
Cites: 34
Additional Info: Full text

Abstract

A system and method are disclosed for rendering published documents tamper evident. Embodiments render classes of documents tamper evident with cryptographic level security or detect tampering, where such security was previously unavailable, for example, documents printed using common printers without special paper or ink. Embodiments enable proving the date of document content without the need for expensive third party archival, including documents held, since their creation, entirely in secrecy or in untrustworthy environments, such as on easily-altered, publicly-accessible internet sites. Embodiments can extend, by many years, the useful life of currently-trusted integrity verification algorithms, such as hash functions, even when applied to binary executable files. Embodiments can efficiently identify whether multiple document versions are substantially similar, even if they are not identical, thus potentially reducing storage space requirements.

Claims

A computer-implemented document integrity verification method, executable by a processor, the method comprising:
receiving a digital document in a word processing format into a non-transitory computer readable medium;

generating a first baseline data sequence from the digital document, the first baseline data sequence having a first printable element and a final printable element following the first printable element of the first baseline data sequence;

generating a first modified data sequence from the first baseline data sequence in accordance with a set of modification rules, the first modified data sequence having a first printable element and a final printable element following the first printable element of the first modified data sequence,
wherein the first printable element of the first modified data sequence is identical to the first printable element of the first baseline data sequence,

wherein the final printable element of the first modified data sequence is identical to the final printable element of the first baseline data sequence,

wherein at least one unprintable element of the first baseline data sequence, between the first and final printable elements of the first baseline data sequence, is not within the first modified data sequence, so that the first modified data sequence is shorter than the first baseline data sequence,

and wherein an integrity verification code (IVC) generated for the first modified data sequence will differ from an IVC generated for the first baseline data sequence;

generating a first original IVC, wherein generating a first original IVC comprises performing a one-way operation on the first modified data sequence, and wherein the modification rules render tampering of the digital document undetectable for the at least one unprintable element within the first baseline data sequence;

generating a second baseline data sequence from the digital document, the second baseline data sequence having a first printable element and a final printable element following the first printable element of the second baseline data sequence;
wherein the second baseline data sequence is different than the first baseline data sequence,

generating a second modified data sequence from the second baseline data sequence in accordance with the set of modification rules, the second modified data sequence having a first printable element and a final printable element following the first printable element of the second modified data sequence,
wherein the first printable element of the second modified data sequence is identical to the first printable element of the second baseline data sequence,

wherein the final printable element of the second modified data sequence is identical to the final printable element of the second baseline data sequence,

wherein at least one unprintable element of the second baseline data sequence, between the first and final printable elements of the second baseline data sequence, is not within the second modified data sequence, so that the second modified data sequence is shorter than the second baseline data sequence,

and wherein an IVC generated for the second modified data sequence will differ from an IVC generated for the second baseline data sequence;

generating a second original IVC, wherein generating a second original IVC comprises performing a one-way operation on the second modified data sequence, and wherein the modification rules render tampering of the digital document undetectable for the at least one unprintable element within the second baseline data sequence; and

publishing the digital document with at least a portion of the first original IVC and the second original IVC rendered on a face of the published document.
The method of claim 1 wherein publishing the digital document comprises printing the document onto paper.
The method of claim 1 wherein the second baseline data sequence is a subset, less than all, of the first baseline data sequence.
The method of claim 3 wherein both the portion of the first original IVC and the portion of the second original IVC are published on a page corresponding to the second baseline data sequence.
The method of claim 1 wherein the first baseline data sequence corresponds to a different published page than a published page corresponding to the second baseline data sequence.
The method of claim 5 wherein both the portion of the first original IVC and the portion of the second original IVC are published on pages corresponding to each of the first baseline data sequence and the second baseline data sequence.
The method of claim 1 wherein publishing a portion of an IVC on a page comprises placing the portion of the IVC in a footer of the page.
The method of claim 1 further comprising
generating a third baseline data sequence from the digital document, the third baseline data sequence having a first printable element and a final printable element following the first printable element of the third baseline data sequence;
wherein the third baseline data sequence is different than the first baseline data sequence and the second baseline data sequence,

generating a third modified data sequence from the third baseline data sequence in accordance with the set of modification rules, the third modified data sequence having a first printable element and a final printable element following the first printable element of the third modified data sequence,
wherein the first printable element of the second modified data sequence is identical to the first printable element of the third baseline data sequence,

wherein the final printable element of the third modified data sequence is identical to the final printable element of the third baseline data sequence,

wherein at least one unprintable element of the third baseline data sequence, between the first and final printable elements of the third baseline data sequence, is not within the third modified data sequence, so that the third modified data sequence is shorter than the third baseline data sequence,

and wherein an IVC generated for the third modified data sequence will differ from an IVC generated for the third baseline data sequence;

generating a third original IVC, wherein generating a third original IVC comprises performing a one-way operation on the third modified data sequence, and wherein the modification rules render tampering of the digital document undetectable for the at least one unprintable element within the third baseline data sequence;
wherein the third baseline data sequence corresponds to a different published page than the second baseline data sequence and both the third baseline data sequence and the second baseline data sequence are each a subset, less than all, of the first baseline data sequence; and

publishing at least a portion of the third original IVC the face of the published document.
The method of claim 8 wherein
the portion of the first original IVC, the portion of the second original IVC and the portion of the third original IVC are all published on the pages corresponding to each of the second baseline data sequence and the third baseline data sequence.
The method of claim 9 wherein
publishing a portion of an IVC on a page comprises placing the portion of the IVC in a footer of the page;

the footer of each page has a first position, a second position, a third position, and a fourth position, all corresponding on each page;

the portion of the first original IVC is placed in the first position in the footer of the page corresponding to the second baseline data sequence;

the portion of the second original IVC is placed in the second position in the footer of the page corresponding to the second baseline data sequence;

the portion of the third original IVC is placed in the third position in the footer of the page corresponding to the second baseline data sequence;

the portion of the first original IVC is placed in the first position in the footer of the page corresponding to the third baseline data sequence;

the portion of the second original IVC is placed in the fourth position in the footer of the page corresponding to the third baseline data sequence; and

the portion of the third original IVC is placed in the second position in the footer of the page corresponding to the third baseline data sequence.
A computer program embodied on a non-transitory computer executable medium and configured to be executed by a processor, the program comprising:
code for receiving a digital document in a word processing format into a non-transitory computer readable medium;

code for generating a first baseline data sequence from the digital document, the first baseline data sequence having a first printable element and a final printable element following the first printable element of the first baseline data sequence;

code for generating a first modified data sequence from the first baseline data sequence in accordance with a set of modification rules, the first modified data sequence having a first printable element and a final printable element following the first printable element of the first modified data sequence,
wherein the first printable element of the first modified data sequence is identical to the first printable element of the first baseline data sequence,

wherein the final printable element of the first modified data sequence is identical to the final printable element of the first baseline data sequence,

wherein at least one unprintable element of the first baseline data sequence, between the first and final printable elements of the first baseline data sequence, is not within the first modified data sequence, so that the first modified data sequence is shorter than the first baseline data sequence,

and wherein an integrity verification code (IVC) generated for the first modified data sequence will differ from an IVC generated for the first baseline data sequence;

code for generating a first original IVC, wherein generating a first original IVC comprises performing a one-way operation on the first modified data sequence, and wherein the modification rules render tampering of the digital document undetectable for the at least one unprintable element within the first baseline data sequence;

code for generating a second baseline data sequence from the digital document, the second baseline data sequence having a first printable element and a final printable element following the first printable element of the second baseline data sequence;
wherein the second baseline data sequence is different than the first baseline data sequence,

code for generating a second modified data sequence from the second baseline data sequence in accordance with the set of modification rules, the second modified data sequence having a first printable element and a final printable element following the first printable element of the second modified data sequence,
wherein the first printable element of the second modified data sequence is identical to the first printable element of the second baseline data sequence,

wherein the final printable element of the second modified data sequence is identical to the final printable element of the second baseline data sequence,

wherein at least one unprintable element of the second baseline data sequence, between the first and final printable elements of the second baseline data sequence, is not within the second modified data sequence, so that the second modified data sequence is shorter than the second baseline data sequence,

and wherein an IVC generated for the second modified data sequence will differ from an IVC generated for the second baseline data sequence;

code for generating a second original IVC, wherein generating a second original IVC comprises performing a one-way operation on the second modified data sequence, and wherein the modification rules render tampering of the digital document undetectable for the at least one unprintable element within the second baseline data sequence; and

code for publishing the digital document with at least a portion of the first original IVC and the second original IVC rendered on a face of the published document.
The program of claim 11 wherein the code for publishing the digital document comprises code for printing the document onto paper.
The program of claim 11 wherein the second baseline data sequence is a subset, less than all, of the first baseline data sequence.
The program of claim 13 wherein the code for publishing comprises code for publishing both the portion of the first original IVC and the portion of the second original IVC on a page corresponding to the second baseline data sequence.
The program of claim 11 wherein the second baseline data sequence is a different published page than the first baseline data sequence.
The program of claim 15 wherein both the portion of the first original IVC and the portion of the second original IVC are published on pages corresponding to each of the first baseline data sequence and the second baseline data sequence.
The program of claim 11 wherein the code for publishing a portion of an IVC on a page comprises code for placing the portion of the IVC in a footer of the page.
The program of claim 11 further comprising
code for generating a third baseline data sequence from the digital document, the third baseline data sequence having a first printable element and a final printable element following the first printable element of the third baseline data sequence;
wherein the third baseline data sequence is different than the first baseline data sequence and the second baseline data sequence,

code for generating a third modified data sequence from the third baseline data sequence in accordance with the set of modification rules, the third modified data sequence having a first printable element and a final printable element following the first printable element of the third modified data sequence,
wherein the first printable element of the second modified data sequence is identical to the first printable element of the third baseline data sequence,

wherein the final printable element of the third modified data sequence is identical to the final printable element of the third baseline data sequence,

wherein at least one unprintable element of the third baseline data sequence, between the first and final printable elements of the third baseline data sequence, is not within the third modified data sequence, so that the third modified data sequence is shorter than the third baseline data sequence,

and wherein an IVC generated for the third modified data sequence will differ from an IVC generated for the third baseline data sequence;

code for generating a third original IVC, wherein generating a third original IVC comprises performing a one-way operation on the third modified data sequence, and wherein the modification rules render tampering of the digital document undetectable for the at least one unprintable element within the third baseline data sequence;
wherein the third baseline data sequence is a different published page than the second baseline data sequence and both the third baseline data sequence and the second baseline data sequence are each a subset, less than all, of the first baseline data sequence; and

wherein the code for publishing comprises code for publishing at least a portion of the third original IVC the face of the published document.
The program of claim 18 wherein
the portion of the first original IVC, the portion of the second original IVC and the portion of the third original IVC are all published on the pages corresponding to each of the second baseline data sequence and the third baseline data sequence.
The program of claim 19 wherein
the code for publishing a portion of an IVC on a page comprises code for placing the portion of the IVC in a footer of the page;

the footer of each page has a first position, a second position, a third position, and a fourth position, all corresponding on each page;

the portion of the first original IVC is placed in the first position in the footer of the page corresponding to the second baseline data sequence;

the portion of the second original IVC is placed in the second position in the footer of the page corresponding to the second baseline data sequence;

the portion of the third original IVC is placed in the third position in the footer of the page corresponding to the second baseline data sequence;

the portion of the first original IVC is placed in the first position in the footer of the page corresponding to the third baseline data sequence;

the portion of the second original IVC is placed in the fourth position in the footer of the page corresponding to the third baseline data sequence; and

the portion of the third original IVC is placed in the second position in the footer of the page corresponding to the third baseline data sequence.