P2P A Technique For P2P-Downloaded File Trust Assurance

摘要

PURPOSE: A file reliability guaranteeing system is provided to enable a user to check whether a file downloaded from a P2P network is the same as the file, authored by an original producer, by using a digital signature of the original producer, a certificate, a message digest function on a program file or a user signature. CONSTITUTION: The software comprises a message digest function tool(10), a digital signature tool(20), a certificate issue tool(30), and a user reliability signature tool(40). The message digest function tool(10) extracts a unique message digest function on a software file before the software file is transmitted over a P2P network. The digital signature tool(20) makes a private and a public certification signature for assuring an original author. At this time, the private authentication signature is kept by the original author, and the public authentication signature being packed with the software file and the message digest function. The certificate issue tool(30) checks the identity of the original author, issues a certificate, and transmits the package with the certificate to other personal user, a file receiving user, over a P2P network. The file receiving user checks the identity of the original author from the certificate and the private authentication signature by the public authentication signature if he or she downloads the package over a P2P network. The file receiving user finally checks the software file by using the message digest function tool(10). If the overall authentication is finished, the file receiving user attaches a user signature to the software file by using a user reliability signature tool(40), and registers the software file with the user signature as an effective file.