Over the past decade, as computers and computer users have grown more sophisticated, the use of electronic media to transfer information has rapidly increased. Many applications, including electronic mail ("e-mail") systems, banking systems and various electronic commerce and data processing systems, require such transfers to take place over unsecure communications channels that may be monitored by electronic "eavesdroppers." While the degree of security required will vary with respect to the particular application and the information being transferred, there will nearly always exist a requirement that the substance of a particular communication be transmitted from a sender to an intended recipient without interception and subsequent interpretation by an intermediate party. Additionally, there will typically exist a related requirement that the identity of the parties sending and/or receiving such communications be authenticated.
Accordingly, a number of cryptographic encoding systems, or cryptosystems, are available which provide some degree of confidentiality and authentication for electronic communications. In general, such cryptosystems are adapted to transfer electronic communications between remote locations and include at least one encoding device at a first location coupled to at least one decoding device at a second location via a communications channel, which may comprise a network.
Symmetric, or "private key," and asymmetric, or "public key," encryption algorithms may be employed for realizing cryptographic functions in a cryptosystem. In cryptosystems employing a symmetric encryption algorithm, such as the data encryption standard ("DES") algorithm, identical keys are employed for encrypting and decrypting messages. One problem with symmetric algorithms is that, in order for both the sender and receiver of the message to use the key, it must be transmitted to one or both of the parties in advance over a secure channel to which intermediate parties do not have access, such as registered mail or private courier. Unfortunately, such secure channels are often far too slow to be practical. It should be noted that such a key exchange may be as simple as two parties exchanging a password or as complicated as a cryptographic exchange through a trusted third party.
Alternatively, in cryptosystems that employ asymmetric encryption algorithms, different keys are used for encrypting and decrypting messages. Such cryptosystems are commonly referred to as "public key" systems and involve the generation of a key pair, one of which is "private," i.e., known to and controlled by only the party who generated, or requested the generation of, the key pair, and the other of which is "public," i.e., published for use by other users. For example, in one such system, once such a key pair has been generated, the party in possession of the keys publishes one of the keys, thereby creating a "public key," and retains control of the other key, which will function as a "private key." As a result, the public key may be used by anyone having access thereto to encrypt a message for transmission to the publishing party. However, only the private key, which is controlled by the recipient of the message, can be used to decrypt messages encrypted using the public key. Alternatively, the public key may also be used to decrypt messages that have been encrypted using the private key.
Authentication is a process whereby the receiver of an electronic communication can be confident of the identity of the sender and/or the integrity of the message. There are myriad authentication protocols known in the art and based on either conventional private key systems, such as MIT's Kerberos, or public key systems, such as RSA by RSA Data Security, Inc. For example, see B. Bryant, "Designing an Authentication System: A Dialogue in Four Scenes," Project Athena, Massachusetts Institute of Technology, Cambridge, Mass., February, 1988, DRAFT, pp. 1013; Steiner et al., "Kerberos: An Authentication Service for Open Network Systems," Proceedings of the Winter USENIX Conference, Dallas, Tex., Mar. 30, 1988, pp. 1-15; P. Fahn, "Answers to Frequently Asked Questions About Today's Cryptography," RSA Laboratories, a division of RSA Data Security, Inc., Redwood City, Calif., Sep. 14, 1992, version 1.0, DRAFT 1e, pp. 1-52. In either case, authentication services are typically provided by a trusted central administrator willing to accept the role of verifying the identity of keyholders registered with the administrator.
One problem which has not been adequately addressed in connection with electronic communications is that of providing a sender with proof that the transmitted communication, or electronic artifact, was in fact received by the intended recipient. This deficiency is especially problematic in connection with electronic commerce, wherein the sender is a vendor of an electronic product, or "artifact," such as data or software, requested by the intended recipient. Typically, the recipient will not be required to pay the vendor until he or she has received and perhaps performed a limited evaluation of the artifact. Unlike physical objects, for which the recipient's signature may be required upon delivery to serve as proof of receipt thereof, the only proof of receipt by the recipient provided to the vendor of an electronic artifact will comprise, at most, a return message generated by the computer at which the artifact was received. While such a message provides some quantum of proof that the artifact was received by someone, it does not provide adequate proof as to its receipt by the intended recipient. On the contrary, the return message may easily have been generated by an unauthorized third party masquerading as the intended recipient's computer. As a result, the vendor has extremely limited means of disproving a claim by the intended recipient that he or she never received the transmitted artifact.
Therefore, what is needed is a convenient and reliable system for providing to a sender proof of receipt by an intended recipient of an artifact conveyed as an encrypted electronic message.