| CPC G06F 21/62 (2013.01) [H04L 9/0643 (2013.01); H04L 9/3073 (2013.01); H04L 9/3247 (2013.01); H04L 9/3268 (2013.01); H04L 9/3297 (2013.01)] | 18 Claims |
|
1. A media-capture device, comprising:
one or more sensors;
a hardware processor; and
a non-transitory machine-readable storage medium encoded with instructions executable by the hardware processor to perform a method comprising:
initiating acquisition of one or more sensor data samples representing analog phenomena captured by the one or more sensors;
receiving the one or more sensor data samples;
responsive to receiving the one or more sensor data samples, encoding the one or more sensor data samples;
generating a to-be-signed data structure comprising at least one of:
the one or more encoded sensor data samples, or
one or more cryptographic hashes of the one or more encoded sensor data samples;
generating a cryptographic hash of the to-be-signed data structure;
determining whether a time-stamping server is reachable over a network connection by the media capture device;
responsive to determining the time-stamping server is reachable:
transmitting a time-stamping request to the time-stamping server, wherein the time-stamping request includes the cryptographic hash of the to-be-signed data structure;
receiving a signed time-stamp from the time-stamping server; and
generating a digital signature data structure over the to-be-signed data structure using the private key of a short-validity cryptographic key pair and including the received signed time-stamp in the digital signature data structure;
responsive to determining the time-stamping server is reachable, and prior to transmitting the time-stamping request to the time-stamping server:
determining whether a certificate for a short-validity cryptographic key pair is valid; and
responsive to determining the certificate of the short-validity cryptographic key pair is invalid:
generating a new short-validity cryptographic key pair comprising a new short-validity public key and a new short-validity private key with short-validity key attributes,
generating a certificate signing request for the new short-validity public key,
signing the certificate signing request with the new short-validity private key, and
transmitting the signed certificate signing request to a registration authority server at the designated logical service endpoint for short-validity key pairs; and
configuring a second data structure based on the determination of whether the time-stamping server is reachable and to include the one or more sensor encoded or unencoded data samples, the to-be-signed data structure, and the digital signature data structure,
wherein, responsive to receiving the signed certificate signing request:
the registration authority server validates eligibility of the media-capture device to receive a certificate, and
validates that the certificate signing request for the new short-validity public key meets required attributes for short-validity key pairs; and
wherein, responsive to a successful validation of both device eligibility and short-validity key attributes, the registration authority server relays the signed certificate signing request for the new short-validity public key to a certification authority server;
wherein, responsive to receiving the related signed certificate signing request for the short-validity public key, the certification authority server issues a signed certificate for the new short-validity public key and relays the signed certificate to the registration authority server;
wherein, responsive to receiving the signed certificate for the new short-validity public key, the registration authority server relays the signed certificate for the new short-validity public key to the media-capture device; and responsive to receiving the signed certificate for the new short-validity public key, storing the signed certificate for the new short-validity public key.
|