With the advent of modern computer technology, individuals increasingly use electronic means to transfer information from one location to another. Computer files or other information can be quickly sent, via a computer network, to virtually anyone whether they be in the office down the hall or halfway around the globe. Data is sent very rapidly, enhancing communication and productivity in many organizations. Many different protocols, or formats for transferring data, exist which allow different types of files to be transferred, including the File Transfer Protocol (FTP) and the Simple Mail Transfer Protocol (SMTP).
Often the files to be transferred contain sensitive information that the sender and intended recipient would like to transfer securely. The interception or inadvertent disclosure of sensitive information can have many serious consequences. Some sensitive information must be shielded from third parties because of government regulations. Examples of these forms of sensitive information include health information and data such as a person's social security number. Other forms of sensitive information must be shielded from third parties because disclosure can be financially damaging. Sensitive information of this form includes information such as trade secrets and business information such as merger proposals.
When transferring data files containing sensitive information, conventional organizations use some form of security measures to protect the integrity of the data. One method of securing the data is by having the data time stamped, signed, and encrypted before being sent. A popular way to encrypt files uses public key encryption. Public key encryption is an asymmetrical encryption method. A public key is used to encrypt data while a corresponding private key is used to decrypt the data. While many individuals may be able to encrypt data for an individual, only the individual(s) in possession of the private key is able to decrypt the data.
Because of the wider access to public keys, it is important for public keys of the sender and recipient to be certified by a certificate authority to insure the authenticity of the encryption. Additionally, any time stamp on the data should be tied to a hash of the data (e.g., the underlying message) in order to ensure the data has not been tampered with in transit. A hash is a number that can be generated from a string of text. The hash is generated by a formula that makes it extremely difficult to find a text that will result in a given hash value, and extremely unlikely for any two non-identical strings to produce the same hash value. By comparing hash values, a comparison routine can determine whether or not strings of text are identical.
Use of a transaction certificate is one method that combines key certification with the message hash and time stamp. A transaction certificate ties together the sender's identity, the sender's public key, the recipient's identity, the recipient's public key, the message hash, and message time all in one certificate.
One problem arises, however, when one desires to transmit a large volume of data. Attempts to transmit all the data in one chunk are often disadvantageous because the “bulk” transmission requires considerable processor memory and immediate storage space at the receiving site. Consequently, it is desirable to send large amounts of data in a pipelined fashion. Pipelines involve breaking the data up into smaller blocks and then sending the blocks one at a time. The pipeline data can then be processed one block at a time resulting in greater performance. Several different protocols are capable of supporting pipelined data transfers, including FTP, SMTP, and HTTP (HyperText Transfer Protocol).
When pipeline transfers are employed, a transaction certificate cannot be used in a traditional way to provide time stamping, key certification, and message integrity protection at the same time. The reason a transaction certification cannot be used in the traditional way is because the transaction certificate and recipient's public key need to be retrieved before the sender transmits the first block of data. However, the message hash that must be sent as part of the request for the transaction certificate can generally only be obtained after the last block of data is processed.