1. Field of the Invention
The present invention relates generally to a secure communication protocol for providing document services on a network, and more particularly, to a protocol for performing secure token-based document transaction services that includes services for emailing and printing secure document tokens.
2. Description of Related Art
While the use of mobile computing devices is becoming more prevalent among mobile workers, transfer of document information between mobile computing devices is often limited due to inadequate storage capacity on such devices or due to inadequate communication channel bandwidth. To overcome these limitations, many mobile workers carry a laptop computer with them while traveling. Although laptop computers are increasingly smaller and lighter, their functionality, which is designed to meet the requirements of office-based document work, is determined largely by the desktop machines from which they evolved. Powerful editors and spreadsheet applications, for example, that are essential in certain office-based work environments have limited utility while away from the office. In some circumstances, mobile workers carry laptop computers simply to be able to access their documents, and not necessarily to create or edit them.
One mobile document transaction service for overcoming these limitations is disclosed in U.S. Pat. No. 5,862,321 (published also as European Patent Application EP 691,619 A2). More specifically, U.S. Pat. No. 5,862,321 (entitled: xe2x80x9cSystem and Method for Accessing and Distributing Electronic Documentsxe2x80x9d) discloses a system for transferring between computers document identifiers that represent a particular document, rather than the document itself. This system can include any number of workstations, file servers, printers and other fixed devices (including multifunction devices) coupled to a network, as well as a number of mobile computing devices mobile computing device appears to hold a user""s personal collection of documents, carried by users and coupled to the network by an infrared (IR) or radio (RE) link. Each with the devices being programmed to receive, transmit, and store document identifiers (e.g., a URLxe2x80x94xe2x80x9cUniform Resource Locatorxe2x80x9d) or document tokens, as defined herein.
Each document token is associated with an electronic document stored in an electronic repository or database. The mobile document transaction service effectively distributes references to documents between mobile computing devices by transmission of document tokens, rather than the documents themselves. For example, a document can be sent to an IR transceiver equipped network printer by xe2x80x9cbeamingxe2x80x9d a document token, which references the document, from a mobile computing device to the network printer. The network printer retrieves the complete document referenced by the document token, and immediately prints a copy of the document. Thus, to a user of the mobile document transaction service, documents are seamlessly passed between users and output or input to devices coupled to networks as expansive as the Internet. Since the document references are small and defined, the documents that they reference can have an arbitrary size and not impact the performance of the mobile computing devices. Advantageously, token based document references can be passed between two mobile computing devices without having to transmit large amounts of data.
Document tokens that are modeled after URLs are not secure. That is, anyone who obtains a copy of a URL is capable of accessing the document to which the URL references. Currently there exists a need for secure document tokens that are not as freely accessible as URLs. It would therefore be desirable to provide a mobile document transaction service that ensures secure transfer of document tokens between mobile computing devices. Such systems would advantageously support document tokens that can only be used a limited number of times or a limited length of time to retrieve the document, thereby avoiding replay attacks. In addition, it would be advantageous to provide an electronic mail system that supports secure transfer of document tokens between mail clients. Such a system would minimize the impact on data throughput of email servers when large files are attached to email messages.
In accordance with the invention, there is provided a method and apparatus therefor, for operating on a network a secure document server (or a token-enabled server). The secure document server receives from a holder of a document token a request for a copy of a document identified by the document token. The document token includes issuer content and a signature from an issuer and holder content and a signature from the holder. The secure document server locates in the issuer content a document identifier, a hint to a public key of the issuer, and a public key of the holder. The document identifier specifies where the document is stored on the network. In a key list on the secure document server, the server locates the public key of the issuer using the hint to the public key of the issuer. Subsequently, the server authenticates the issuer content of the document identifier with the public key of the issuer. The server then locates in the holder content of the document a time stamp. The time stamp identifies when the holder of the document token requested the copy of the document. Using the public key of the holder, the server authenticates the holder content of the document identifier. Also, the server verifies that the time stamp is within a predetermined window of time relative to a current time. Finally, the secure document server issues, to the holder of the document identifier, a copy of the document identified by the document identifier when the document token is authenticated. The authentication process allows the secure document server to authenticate a request for the document identified by the document token without prior knowledge of the identity of the holder of the document token.