1. Field of the Invention
The present invention relates to digital signatures, and more particularly, to a method and system for maintaining the integrity of an electronic document signed with digital signatures.
2. Background
Electronic documents (interchangeably referred to as “content” or “document” throughout this specification) are commonly stored, transferred, shared and viewed. Examples include e-mails, spreadsheets, text files, XML files, videos, music, executable programs, selected content within a document, and numerous other forms of digital data or content.
Encryption and digital signatures are used in the electronic world to secure electronic documents. A digital signature (interchangeably referred to as “signature” throughout this specification) can provide assurance that an electronic document is authentic. Authentic in this sense means that one knows who signed the document and that the document has not been altered since it was signed.
As is the usual practice in public key cryptography, a key pair is composed of a private key and a corresponding public key. They work only with each other, that is, something signed with one private key cannot be verified with any other key except the public key of the same key pair. Users (signers) are to keep their private signing keys secret.
The public key, on the other hand, can be made very public, but it is important to know which public key belongs to whom. This is solved by creating and publishing, or otherwise making available, public key certificates digitally signed by a Certificate Authority (CA). The certificates, or “certs”, are a specialized document that binds a public key to the identity of its owner and commonly have an expiration date of two years hence. All this is common practice in most Public Key Infrastructures (PKI) and forms the basis of knowing the identity of the signer.
Just as users protect their private signing keys, users should also securely receive and store, by trusted processes, the public key certificates of the CAs they trust so they can rely on the results of the digital signature verification process.
Signing a document involves passing the document or data to be signed through a hashing algorithm to create a hash, also known as a message digest. This hash is a string of bits, sometimes viewed as a number, which represents the document. The hash is constructed in such a way that any change to the document results in a different hash value. Further, the hash algorithm is cryptographically strong, that is, the hash is a calculated in such a way that it is computationally infeasible to find a second change, perhaps indiscernible to a human reader, which would yield the same hash value. This gives high assurance that if the hash remains the same, the document remains unaltered.
The hash, along with the signer's private key, is then fed to another algorithm to produce a signature (another string of bits). The signature, along with some descriptive information, is frequently appended to the document, and should remain with the document for later verification. Digital signatures are flexible. A single signature can cover, or apply to, all combinations of single or multiple documents in their entirety, and/or single or multiple portions of documents.
Another variation makes use of transitive properties where one signature can sign other hashes and/or other signatures, depending on one's objective. For example, it is not uncommon to see a hash of a document be itself the target of a signature (where the first hash is itself hashed to create a second hash which is then provided to the signing algorithm). Signing a hash of a document can, under the right conditions, provide the same integrity protection as signing the document directly. Again, under the right conditions, a similar result can be obtained by signing another signature.
Verifying the signed document to determine its authenticity involves calculating a fresh hash of the document in question. This new hash, the signature, and the signer's public key are then provided to another algorithm which will identify whether the document is or is not authentic. The verification process continues with several steps to assure the public key certificate, from which the signer's public key was extracted, is also authentic. There are other technical attributes and functions such as ensuring the signer's key wasn't revoked and posted on a Certificate Revocation List (CRL).
Various standard techniques exist for digital signatures. For example, the Digital Signature Standard (DSS) is based on a type of public key encryption method that uses the Digital Signature Algorithm (DSA). The DSS is a format for digital signatures that has been endorsed by the United States government. The DSA algorithm uses public and private keys, the internals of which are specific to that algorithm. Different algorithms typically require key pairs with different internals.
All this and more are well defined, common practices of public key cryptography and Public Key Infrastructures. They are not described in further detail here but are important foundations upon which this invention depends.
Faster computers and advances in cryptanalysis are the primary reasons algorithms used for digital signatures tend to become weak over time. Conventional digital signature schemes do not provide any assurance that over an extended period of time, a digital signature will continue to provide integrity.
There is, therefore, a need for a method and system that maintains the integrity of digital signatures/signed electronic documents.