| CPC G06F 16/2365 (2019.01) [G06F 16/27 (2019.01); H04L 9/3247 (2013.01); H04L 9/50 (2022.05)] | 18 Claims |
|
1. A method comprising:
receiving, by a centralized records auditing system, an audit block, the audit block comprising one or more audit files generated by an audit agent running in an audited device, a first digital signature corresponding to a previous audit block, and a second digital signature generated based at least on the one or more audit files and the first digital signature, the centralized records auditing system including an audit block store having an audit register;
verifying, by the centralized records auditing system, an integrity of the received audit block, wherein verifying the integrity of the received audit block comprises:
identifying the previous audit block in the audit register;
retrieving the second digital signature stored in the identified previous audit block; and
comparing the first digital signature stored in the received audit block with the retrieved second digital signature stored in the identified previous audit block;
responsive to verifying the integrity of the received audit block:
storing, by the centralized records auditing system, the received audit block in the audit register, the audit register comprising a plurality of audit blocks, each audit block of the audit register linked to a second audit block preceding the audit block by the second digital signature of the second audit block, and
adding, by the centralized records auditing system, the one or more audit files included in the audit block to an audit database of the centralized records auditing system that is operatively coupled to the audit block store; and
responsive to determining a trigger condition is met, verifying, by the centralized records auditing system, the integrity of the audit register, wherein verifying the integrity of the audit register comprises, for each audit block of the plurality of audit blocks of the audit register:
verifying the second digital signature of the audit block, and
comparing the first digital signature corresponding to the previous audit block and stored in the audit block with the second digital signature stored in the previous audit block.
|