摘要 |
A data file stored in a file volume is locked such that subsequent alterations to the contents of the file may be detected. A data protection module retrieves the data file from storage, hashes the data file, generating a file digest, and stores the file digest in a record. A data segment comprising the file digest is defined and transmitted to a smart card. The smart card hashes the segment, generating a segment digest, and uses a private key to encode the segment digest, generating a digital signature. The digital signature is stored in the record. The record is subsequently used to verify the contents of the data file. The smart card's public key is used to decode the digital signature, generating a decoded value. The defined segment within the record is retrieved, and a segment digest is recomputed based on the segment. The decoded value is compared to the recomputed segment digest. If the decoded value is the same as the recomputed segment digest, the contents of the segment are determined to be valid.
|