This invention relates to systems and methods for providing a verifiable chain of evidence and security for the transfer and retrieval of documents and other information objects in digital formats.
The continuing evolution of the methods of commerce is evident in the increasing replacement of paper-based communications with electronic communications. When communication is by electronically reproduced messages such as e-mail, facsimile machine, imaging, electronic data interchange or electronic fund transfer, however, there no longer exists a signature or seal to authenticate the identity of a party to a deal or transaction. The traditional legally accepted methods of verifying the identity of a document""s originator, such as physical presence or appearance, a blue-ink signature, personal witness or Notary Public acknowledgment, are not possible.
To address these problems, a document authentication system (DAS) has been described that provides the needed security and protection of electronic information objects, or electronic documents and other information objects, and that advantageously utilizes an asymmetric cryptographic system to help ensure that a party originating an information object is electronically identifiable as such. This system is one aspect of the methods and apparatus for secure transmission, storage, and retrieval of information objects that are described in U.S. Pat. No. 5,615,268 to Bisbee et al. and U.S. Pat. No. 5,748,738 to Bisbee et al. and in U.S. patent application Ser. No. 09/072,079 filed on May 4, 1998, by Bisbee at al. These patents and application are expressly incorporated by reference in this application.
As an initial matter, it will be helpful to understand the following terminology that is common in the field of secure electronic commerce and communications.
xe2x80x9cPublic key cryptography (PKC)xe2x80x9d uses pairs of cryptographic xe2x80x9ckeysxe2x80x9d, each pair having a private (secret) key and a public key, that are associated with respective registered users. The public keys are published for anyone to use for encrypting information intended for the respective users. Only the holder of the paired private key can read information, i.e., an electronic document or more generally an information object, that was encrypted using the respective public key. Conversely, an electronic document that is xe2x80x9cdigitally signedxe2x80x9d using a user""s private key can be verified as that user""s by anyone who knows the user""s public key. The encrypt and decrypt functions of both keys are truly xe2x80x9cone-wayxe2x80x9d, meaning that no one can determine a private key from the corresponding public key, and vice versa, which in popular PKC systems is due to the fact that, at least currently, finding large prime numbers is computationally easy but factoring the products of two large prime numbers is computationally difficult. Example PKC algorithms, which comply with applicable government or commercial standards, are the digital signature algorithm (DSA/RSA) and secure hash algorithm (SHA-1/MD5).
Various aspects of public-key cryptographic (PKC) systems are described in the literature, including R. L. Rivest et al., xe2x80x9cA Method for Obtaining Digital Signatures and Public-Key Cryptosystems,xe2x80x9d Communications of the ACM vol. 21, pp. 120-126 (February 1978); M. E. Hellman, xe2x80x9cThe Mathematics of Public-Key Cryptographyxe2x80x9d, Scientific American, vol. 234, no. 8, pp. 146-152, 154-157 (August 1979); and W. Diffie, xe2x80x9cThe First Ten Years of Public-Key Cryptographyxe2x80x9d, Proceedings of the IEEE, vol. 76, pp. 560-577 (May 1988). It can also be noted that for a PKC system, as for other cryptographic systems, the system""s strength, i.e., the computational effort needed to break an encrypted message, depends to a great extent on the length of the key, as described in C. E. Shannon, xe2x80x9cCommunication Theory of Secrecy Systemsxe2x80x9d, Bell Sys. Tech. J. vol. 28, pp. 656-715 (October 1949).
A xe2x80x9cdigital signaturexe2x80x9d is an unforgeable data element, which asserts that the user(s) corresponding to the digital signature wrote or otherwise agreed to the contents of an electronic document or other information object to which the digital signature is appended. A digital signature is typically created by xe2x80x9chashingxe2x80x9d the electronic document, encrypting the resulting hash (integrity block) using the user""s private (secret) key, and appending the encrypted hash to the electronic document.
An xe2x80x9cauthentication certificatexe2x80x9d is an unforgeable digitally signed data element that binds a user""s public key to the user""s identity information and that advantageously, but not necessarily, conforms to the international standard X.509 version 3, xe2x80x9cThe Directory-Authentication Framework 1988xe2x80x9d, promulgated by the International Telecommunications Union (ITU). Each authentication certificate includes the following critical information needed in the signing and verification processes: a version number, a serial number, an identification of the Certification Authority (CA) that issued the certificate, identifications of the issuer""s hash and digital signature algorithms, a validity period, a unique identification of the user who owns the certificate, and the user""s public cryptographic signature verification key. Authentication certificates are issued and digitally signed by a CA that is responsible for insuring the unique identification of all users.
An authentication certificate is a digital xe2x80x9cIDxe2x80x9d, much like a driver""s license or other documentation that is used to verify a person""s identity. The e-original public key infrastructure can use the X.509v3 certificate that is based on an ISO/ITU standard, as interpreted by the Internet Engineering Task Force (IETF) Public Key Infrastructure X.509 (PKIX) recommendations. These certificates are digitally signed by the issuing Certification Authority, which ensures both content and source integrity. The act of digitally signing makes the certificates substantially tamper-proof, and therefore further protection is not needed. The intent of the certificate is to reliably associate (bind) a user""s name to the user""s public cryptographic key. The strength of protection equates directly to the strength of the algorithm and key size used in creating the issuer""s digital signature (hash and digital signature algorithms). A certificate therefore securely identifies the owner of the public key pair, which is used to provide authentication, authorization, encryption, and non-repudiation services. A typical certificate has the following form:
[Version, Serial No., Issuer Algorithm (Hash and Digital Signature), Issuer Distinguished Name (DN), Validity Period, Subject DN, Subject Public Key Info, Issuer Unique Identifier (optional), Subject Unique Identifier (optional), Issuer Public Key, Extensions (e.g., Subject Alt Name)] Issuer Digital Signature
A unique DN is formed by concatenating naming specific information (e.g., country, locality, organization, organization unit, e-mail address, common name).
Certificate extensions can also be used as a way of associating additional attributes with users or public keys, and for managing the public key infrastructure certificate hierarchy. Guidance for using extensions is available in the recommendations of ITU X.509v3 (1993) |ISO/IEC 9594-8:1995, xe2x80x9cThe Directory: Authentication Frameworkxe2x80x9d or in IETF Internet X.509 Public Key Infrastructure Certificate and CRL Profile  less than draft-ietf-pkix-ipki-part1-11 greater than .
A user""s authentication certificate is advantageously and preferably appended to an electronic document with the user""s digital signature so that it is possible to verify the digital signature. Alternatively, the certificate may be retrieved from the issuing CA or directory archive.
xe2x80x9cPublic Key Infrastructure (PKI)xe2x80x9d is the hierarchy of CAs responsible for issuing authentication certificates and certified cryptographic keys used for digitally signing and encrypting information objects. Certificates and certification frameworks are described in C. R. Merrill, xe2x80x9cCryptography for Commercexe2x80x94Beyond Clipperxe2x80x9d, The Data Law Report, vol. 2, no. 2, pp. 1, 4-11 (September 1994) and in the X.509 specification, which are expressly incorporated by reference in this application.
As described in the cited patents and application, an electronic original object having the same legal weight as a blue-ink-signed paper document (e.g., a negotiable instrument) is made possible by contract and by the PKI and associated technology. An electronic document, or more generally an information object, is created, and the information object is executed by appending one or more digital signatures and authentication certificates. Control of the resulting digitally signed information object is then transferred to a Trusted Custodial Utility (TCU) that is a trusted third-party repository of information objects and that is specifically designed and empowered by contract to store reliably any such object for its full effective life. The contractual aspect is an agreement between the TCU and the party submitting or relying on a digitally signed object to be bound by their digital signatures and to accept reliance on the TCU as custodian of the information objects.
The TCU implements defined business rules for the transactions handled by the TCU (i.e., a complete set of authorized actions). The TCU also implements a defined security policy (i.e., a set of protective measures that is necessary to prevent unauthorized actions). The TCU uses its business rules and security policy to govern transaction requests and access to the repository over the respective life cycles of all documents and objects within its control, verifying the identities and authorities of parties (local and remote) requesting repository services. The TCU securely stores and securely retrieves digitally signed, authenticated, and encrypted electronic documents or information objects. Upon request, the TCU prints and issues certified documents. The TCU advantageously supports a multi-port token server for proving document authenticity, for verifying the identities of signing parties, and for authenticating document submissions. The TCU provides for backup and disaster recovery, and ensures that stored information is not lost within a specified retention period, whether that period is specified by a user, law, or regulation.
With all of the advantages of electronic original information objects that are provided by the U.S. patents and application incorporated by reference above, it is important to realize that a digital signature is not valid indefinitely but only during the validity period of its authentication certificate. The validity period of an authentication certificate is also not indefinite but typically is set so as to limit the chances for compromise of the digital signature, e.g., as a result of theft of the secret signature key or decreased cryptographic viability. Validity periods can be in the range of one year to three years, although other periods are also possible. A TCU""s authentication certificate""s validity period is normally longer than the validity period of a user""s certificate, and the cryptographic strength of a TCU""s certificate is normally stronger than that of a user""s certificate. For these reasons and because of the TCU""s verification of content integrity and of digital signature(s) and certificate(s) validity on receipt of an information object, the validity period of the TCU""s digital signature as conveyed in the TCU""s certificate may supersede, or extend, the validity period(s) of the received information object""s digital signature(s), provided the TCU physically protects the received object""s contents from external tampering.
Such extension is not unlimited, however, because the validity period of a TCU""s signature is itself limited. This poses a problem for information objects that are intended to have legal weight for periods longer than the remaining validity period of a TCU""s signature.
Applicants"" invention solves this and other problems suffered by prior approaches to authentication of information objects.
In one aspect of Applicants"" invention, there is provided a method of handling stored e-original objects that have been created by signing information objects by respective Transfer Agents, submitting signed information objects to a TCU, validating the submitted signed information objects by at least testing the integrity of the contents of each signed information object and the validity of the signature of the respective Transfer Agent, and applying to each validated information object a date-time stamp and a digital signature and authentication certificate of the TCU. The method includes the steps selecting a stored e-original object; re-validating the selected e-original object by at least verifying the digital signature of the TCU applied to the selected e-original object; and applying to the re-validated e-original object a current date-time stamp and a digital signature and current authentication certificate of the TCU.
The method""s applying step may be performed before the expiration of the validity period of the current authentication certificate of the TCU applied to the selected e-original object. In this way, the validity period of the re-validated e-original object is extended to the current authentication certificate""s validity period. Also, a Transfer Agent may sign an information object by appending a verifiable digitized signature and a content integrity block to the information object.
Also, the method may be carried out in response to at least one instruction received and validated by the TCU, which validates a received instruction by at least testing an integrity of contents of the received instruction and a validity of a signature of a Transfer Agent on the received instruction, and applies to a validated received instruction a date-time stamp and a digital signature and current authentication certificate. The received instruction may be issued by an authorized entity, and the TCU may validate the received instruction by also checking the authorized entity""s authority to issue the received instruction. Ownership of or a right to the re-validated e-original object may be transferred in the TCU based on a validated received instruction. Access to the re-validated e-original object may be granted or controlled in the TCU based on a validated received instruction.
The method may further include the steps of exporting to a second TCU the re-validated e-original object and applied date-time stamp, digital signature, and authentication certificate of the TCU; re-validating, in the second TCU, the exported e-original object by at least verifying the digital signature of the TCU applied to the exported e-original object; and applying to the re-validated exported e-original object a current date-time stamp and a digital signature and current authentication certificate of the second TCU.
In another aspect of Applicants"" invention, there is provided a method of handling stored e-original objects that have been created by signing information objects by respective Transfer Agents, submitting signed information objects to a TCU, validating the submitted signed information objects by at least testing the integrity of the contents of each signed information object and the validity of the signature of the respective Transfer Agent, and applying to each validated information object a date-time stamp and a digital signature and authentication certificate of the TCU. The method includes the steps of creating an object-inventory from at least one stored e-original object, with the object-inventory including at least an object identifier and a signature block for each e-original object from which the object-inventory is created; applying a date-time stamp and a digital signature and authentication certificate of the TCU to the object-inventory; and storing the object-inventory having the applied date-time stamp, digital signature, and authentication certificate. A Transfer Agent may sign an information object by appending a verifiable digitized signature and a content integrity block to the information object.
The method may further include the steps of retrieving a copy of the object-inventory; signing the retrieved copy; submitting the signed copy to the TCU; verifying the signature on the submitted copy; and applying to the copy a current date-time stamp and a digital signature and current authentication certificate of the TCU. In this way, the TCU""s control of the e-original objects corresponding to the copy can be affirmed. In addition, an object identifier and a signature block for the object-inventory from which the copy was created can be added to the copy before the current date-time stamp, digital signature, and certificate are applied. These steps can be performed on the copy of the object-inventory before expiration of a validity period of the authentication certificate of the TCU applied to the object-inventory from which the copy was created. In this way, a respective validity period of the object-inventory and of each e-original object from which the object-inventory was created is extended to the current authentication certificate""s validity period.
The method may be carried out in response to at least one instruction, and the TCU validates the instruction by at least testing an integrity of contents of the instruction and a validity of a signature of a Transfer Agent on the instruction, and applies to a validated instruction a date-time stamp and a digital signature and current authentication certificate; and at least one of the validated instruction and a reference to the validated instruction is added to the copy. The instruction may be issued by an authorized entity, and the TCU validates the instruction by also checking the authorized entity""s authority to issue the instruction.
The TCU may respond to a validated instruction by exporting to a second TCU copies of the new object-inventory and the e-original objects corresponding to the new object-inventory, and the second TCU may perform the steps of re-validating the exported e-original objects corresponding to the exported copy of the new object-inventory by at least verifying the digital signature of the TCU applied to the exported e-original objects; and then applying to the exported copy of the new object-inventory a current date-time stamp and a digital signature and current authentication certificate of the second TCU. An authorized entity may then retrieve, from the second TCU, a copy of the exported copy of the new object-inventory; sign the retrieved copy; and submit the signed retrieved copy to the second TCU; and the second TCU may then apply to the submitted signed retrieved copy a current date-time stamp and its digital signature and current authentication certificate. In this way, transfer of custody and control to the second custodial utility of the e-original objects corresponding to the new object-inventory is affirmed and a respective validity period of each e-original object corresponding to the new object-inventory is extended to the validity period of the current authentication certificate applied by the second custodial utility.
Ownership of e-original objects corresponding to the copy may be transferred in the TCU based on the validated instruction, or at least one right to e-original objects corresponding to the copy may be transferred in the TCU based on the validated instruction. The right may be a right to revenue represented by the e-original objects. Access to at least one e-original object corresponding to the copy may be granted in the TCU to a member of a syndicate based on the validated instruction, or access to at least one e-original object corresponding to the copy may be controlled in the TCU based on the validated instruction.