1. Field of the Invention
The present invention relates generally to methods and apparatuses for document timestamping. More particularly, the invention relates to secure and authenticable timestamping of documents in such a way that the timestamp can be verified by a party who was not necessarily present during the timestamping.
2. Background
In many instances where timestamped documents are to be communicated to a temporally or spatially distant recipient, one would like to be able to verify the authenticity and integrity of the timestamp. For example, consider the problem of proving document creation in the course of business transactions. Both the author and the recipient would like to be able to timestamp the document in a manner that demonstrates to others that it was stamped: 1) by the timestamping device (i.e., knowing which device generated the timestamp), and 2) at the indicated time (i.e., that the timestamp has not been modified during or subsequent to timestamping). The first requirement relates to timestamping device authenticability, while the second requirement relates to time integrity. Either or both of these requirements may exist anytime documents are created by one party (or at one location) not under the direct control of the recipient. Common examples include timestamps at the top of fax pages, timestamps at the bottoms of printouts, and postage marks as evidence of mailing. Besides documents, other examples include timeclocks for hourly employees, or for parking garage patrons, for recording the date/time of entry onto the premises.
As indicated by the above examples, many timestamping applications are associated primarily with physical (e.g., paper-based) applications rather than electronic (e.g., digital) applications. This is especially true for document generation where, despite the almost universal use of computer word processing, the majority of documents are still used and stored on paper because of its advantages over electronic media. Such advantages include: 1) ease of document creation (e.g., taking handwritten notes), 2) ease of document retrieval (e.g., without computers or other specialized document readers and no worries about evolving diskette or word processing file formats), 3) long-term stability of paper (e.g., degradation of magnetic media), 4) low cost, and 5) portability. Therefore, a timestamping device for everyday usage should be particularly suitable for use with paper-based documents.
Traditionally, timestamping devices have relied on mechanical inaccessibility, fixed location, and public display to suggest the accuracy of timestamps produced thereby. Many contemporary electronic timestamping devices provide even less assurance than mechanical devices because their timestamping mechanisms are user-accessible, user-resettable, and hidden from public view. Examples include camera date recorders to timestamp pictures, answering machine/voicemail date/time recorders, and computer clocks to timestamp file creation and output such timestamps on document trailers.
Whether mechanical or electronic, each of the abovementioned examples is prone to resetting of the clock prior to timestamping, or modification of the timestamp after timestamping. For example, the ability to reset the internal date/time is built into almost all personal computer operating systems. Furthermore, the purely electronic devices are especially prone to tampering because of the ease with which a purely electronic document to be timestamped can be accessed and manipulated. Such ease of manipulation has led to the creation of devices which cryptographically certify the authenticity and integrity of electronic documents. Examples of such devices may be seen in several U.S. Pat. Nos. (5,189,700; 5,157,726; 5,136,647; 5,136,646; 5,022,080; 5,001,752; and 4,786,940) disclosing devices that input digital data, crytographically certify the digital data, and output a digital message. In addition, certain of these devices optionally add time from a secure internal clock to the digital message.
The aforementioned devices are directed at applications whose primary goal is digital data certification, and any associated timestamping is an adjunct to that goal. In contrast, in many document timestamping applications, the primary goal is time certification rather than data certification. Although the data certification devices can be used for timestamping, such usage would be relatively complicated, expensive, and ill-suited for paper-based timestamping applications because the document data must be digitized. For example, the use of data certification devices with paper documents would require the addition of a document scanner to generate a digital representation of the document for input to the device, leading to increased device cost and complexity.
Furthermore, because data representing the document would be included in the cryptographic message, one wishing to verify the message (e.g., by recomputing the timestamp) would also have to create a digital representation of the message--a costly and possibly infeasible operation for those with limited capabilities. It is often inefficient to timestamp a paper document such that verification of the timestamp requires the timestamp recipient to re-digitize the paper document.
Therefore, there exists a need for a simple, inexpensive, easy-to-use device that generates an accurate and unalterable timestamp, for application to physical media such as paper documents, that can be easily verified by the document recipient.