Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Signed XML Dynamic Metadata Injection Method

IP.com Disclosure Number: IPCOM000248526D
Publication Date: 2016-Dec-14
Document File: 6 page(s) / 61K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to exploit the portion of an Extensible Markup Language (XML) information set that XML canonicalization algorithms suppress in order to encode the desired metadata information virtually anywhere in the document, without invalidating an XML signature over the document and without changing the meaning of the document within its business process solution context.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 26% of the total text.

1

Signed XML Dynamic Metadata Injection Method

An Extensible Markup Language (XML) signature is a cryptographic token, expressed in XML, which both protects content from tampering and associates an identity with the immutable content. An XML signature is capable of referencing any number of physical resources that, together, become the content being protected from tampering by the XML signature . A hash value computed for each resource is placed in a manifest , the hash of that manifest is computed, and then a signer's private key is used to encrypt the hash of the manifest. XML signatures are used not only to sign documents, but also to sign web service payloads.

For any XML resource, XML canonicalization is an important step of signature processing that occurs before hash calculation . Many syntactic variations occur in XML that have no semantic impact and, because of this, various XML processing agents can take liberties of changing the surface form of an XML resource. For example, the order of attributes of an XML element is not supposed to matter, so various agents use a hash table to store the elements on input ; therefore, a subsequent serialization may change the order of the attributes. A challenge for XML signatures, though, is that cryptographic hash algorithms operate over bit streams (i.e., the exact XML surface forms), so that meaningless changes actually do result in a different hash value that can break a digital signature. XML canonicalization was created to solve this problem by defining a set way of writing each grammatical element of XML.

An important variant called exclusive XML canonicalization is more useful for signing web service payloads that had to be taken out of the original namespace context. It can be requested in XML signature processing as an alternative to the default XML canonicalization.

Once an XML signature has covered an XML resource with a hash value, any changes to the XML resource, other than those syntactic changes that can be factored out by XML canonicalization, result in a different have value that is detected as a forbidden change by the XML signature validation process. To put it simply, the XML resource cannot be changed once covered by an XML signature.

Although immutability of signed resources is the point of a digital signature, there are nonetheless times when it would be useful to add or edit certain information within the signed XML resource without invalidating an XML signature that covers the XML resource. In particular, a method is needed to enable certain processing agents to add or edit metadata about the XML resource or how to process the XML resource.

The novel idea is to exploit the portion of the XML information set that XML canonicalization algorithms suppress in order to

2

encode the desired metadata information virtually anywhere in the document , without invalidating an XML signature over the document and without changing the meaning of the document within its business proces...