Today, organizations and individuals deliver great amounts of information to customers and other communication parties via the Internet. The information may comprise marketing information or subscribed information in the form of e.g. newsletters. To an ever-increasing extent, companies also choose to deliver evidence of legal rights, such as invoices, account statements, insurance statements, salary statements, etc. For this type of information, there is a strong requirement that it should be possible to verify at the recipient side that the information was produced by a known entity, that the entity cannot deny having produced the information, and that the information has not been altered. This is often referred to as authentication, non-repudiation, and integrity of information.
One attempt to meet these requirements is represented by digital signatures employing asymmetric cryptography. According to this mechanism, a hash code and an asymmetric key pair is used for ensuring authenticity, integrity and non-repudiation of the information. The check code, which e.g. corresponds to the hashed information, is encrypted using the private key of the asymmetric key pair, and then delivered with the information and a copy of the public key of the asymmetric key pair. The calculating and encrypting of the check code may be referred to as “signing”, or “sealing”, the information, whereas the encrypted check codes may be referred to as a “signature”. The information may subsequently be verified together with its encrypted check code and the copy of the public key of the asymmetric key pair in analogy with the cryptographic algorithm used for calculating and encrypting the said check code.
An example of an available solution is described in WO 2006/112759 A1, wherein a key history is used for administering the key pairs and to keep track of if and when the keys ceased to be used so as to facilitate monitoring and administering of the validity of the keys over time. However, there is still a need for a mechanism providing enhanced authentication, non-repudiation, and integrity of information.