A conventional solution to associating a specific date with a document is to provide the document in a physical format and to notarize the document. The notarization serves to place the existence of the document in time, it being assumed that it is relatively difficult to alter the notarized document without the alteration being detectable. However, this conventional approach is generally inappropriate for use with electronically stored documents in that electronically stored documents can, by their nature, be readily altered without the alteration being detectable. For example, it is a relatively simple task to access a stored document to change numbers, dates, text and other features of the document. The information regarding the date of creation and/or last alteration of the document can also be modified easily.
As a result, one typical solution is to maintain the original physical document, or to convert an electronically stored document to a physical format, and to notarize and store the physical document. However, this is an expensive undertaking and defeats in large measure the advantages of electronically storing documents.
One proposed solution is store a copy of the document on a Write Once Read Many (WORM) type of optical disk. This solution has the advantage that the document, once written, cannot be modified. However, this solution also requires a large number of disks for any reasonably sized application. The procurement and storage of such disks is expensive and furthermore presents the problem of locating a desired document among a potentially large number of stored documents.
However, neither of the approaches of notarizatin of a physical document or storage of a document on a write only medium are totally fool proof. For example, a notarization can be forged or falsified, the deception being difficult to detect especially if only the date is falsified. Furthermore, in the write-only type of media solution a modified disk may be substituted for an original disk, thereby providing an opportunity to modify any documents so stored.
The authentication of electronically stored documents is achieving a greater significance in that it is becoming relatively common to exchange electronically stored documents between parties to a transaction. By example, using Electronic Document Interchange (EDI) many companies now exchange purchase orders, invoices and similar documents electronically. However, if a dispute arises as to what was transmitted as opposed to what was received it may be difficult to establish which version of a document is correct and/or has precedence in time. As a result, many EDI transactions having any monetary significance are normally confirmed with physical documents to provide a paper audit trail. However, reducing documents to physical form defeats in large measure the advantages of EDI.
It is known in the prior art to provide in an encrypted form certain data associated with a date and/or a time. For example, it is known to encrypt postage indicia, wherein a portion of the indicia is a date and a time. It is also known in check writing applications to provide certain information relating to the check in an encrypted form, this information typically including the date the check was issued. In the first example of an encrypted postage indicia the postal authority is enabled to decrypt the postage information to verify the validity of the postage indicia. In the second example a bank may decrypt the encrypted check information to verify the authenticity of a check presented for payment.
However, in neither of these examples is the date associated with the encrypted information a "secure date". That is, in these examples the date may be readily modified by the party accomplishing the original encryption. As such, although there may be a presumption that the encrypted date is the date that the postage indicia was created or the check was issued, there is no effective method to verify that this is true.
It is therefore an object of the invention to provide an electronic notarization apparatus and method for electronically stored or transmitted documents and other data.
It is another object of the invention to provide method and apparatus for authenticating a document or other electronically stored or transmitted data to ensure that the document has not been altered subsequent to a date and a time associated with the document.
It is a further object of the invention to provide a cryptographic method and apparatus for authenticating a document stored or transmitted in electronic format, to ensure that both the date of creation and/or last date of alteration and the contents of the document have not been altered.