1. Technical Field
This invention relates generally to public key cryptography, digital signatures and public key infrastructure (PKI). More specifically, it relates to the generation and use of records and digital receipts for transactions.
2. Background Art
As a result of the increasing popularity and acceptance of the computer and the Internet and other forms of networked communications, electronic transactions and documents are increasing in number and significance. For example, the volume of consumer purchases, business to business commerce, and stock trading and other forms of investing which occur over the Internet and/or wireless networks is steadily increasing, as are other forms of online commerce. In addition, the number of documents which are generated or available electronically and the number of documents which exist only in electronic form (e.g., the paperless office) are also steadily increasing.
The increasing number of electronic transactions and documents leads to a corresponding need for reliable methods for making records of these transactions and documents. For example, when a consumer purchases an item over the Internet using his credit card, it is desirable to make a reliable, non-disputable record of the purchase. If two corporations electronically “sign” a contract, it is desirable to record both the act of signing and the contents of the contract. In the paperless office, it is desirable to “digitally notarize” certain documents, thus ensuring that their existence at a specific time can be proved at a later date.
One approach to the records problem makes use of cryptography. The characteristics of pubic key cryptography in particular may be used in various ways to make strong records of transactions. For example, in the consumer Internet example, a consumer with a digital certificate might create a digital signature of his order including the credit card number, thus creating a record of the purchase. In the contract example, the two corporations might similarly create a two-party digital signature of the contract, each corporation using its digital certificate. In the digital notary example, a third party (i.e., the notary) might witness the document by affixing a time stamp and a digital signature to the document.
However, in order to gain widespread acceptance, these approaches should be intuitive and easy to use. One problem with past attempts to create an infrastructure of transaction records is that they were too cumbersome and difficult to use. For example, in many approaches, a digital signature is generated to witness a transaction and these digital signatures are stored in case there is a future need for them. However, digital signatures are unintelligible to humans. Thus, in order to find the correct digital signature for a specific case, the digital signatures must be securely stored with a description of the transaction. Once the correct digital signature is located, further processing is required to make the contents of the digital signature useful to humans.
These functions are often performed by separate pieces of software. For example, database software may be used to store the digital signatures and their corresponding software in a large central database. Browser plug-in software may be used to process the correct digital signature once it is located. However, this approach may be both cumbersome and non-intuitive. The central database requires access to the database in order to locate the correct records. Thus, it is difficult for one entity to send a copy of the record of the transaction to another entity, particularly if either entity does not have access to the database at the time. A similar problem occurs if an entity does not have the correct browser plug-in or does not know how to use the plug-in.
Thus, there is a need for simple and intuitive approaches to making and using records of transactions and documents. There is a further need for approaches which allow these records to be easily moved around without compromising their integrity.