1. Field of the Invention
The present invention relates to electronic documents, and more particularly, to a method and system for endorsing and verifying the authority of a signer of an electronic document.
2. Background
Electronic documents (interchangeably referred to as “content” or simply “document” throughout this specification) are commonly transferred, shared and viewed using present day networks. Examples include e-mails, spreadsheets, text files, XML files, videos, music, executable programs and numerous other forms of digital data or content.
Encryption and digital signatures are used in the electronic world to secure electronic documents. A digital signature (interchangeably referred to as “signature” throughout this specification) can provide assurance that an electronic document is authentic. Authentic in this sense means that one knows who signed the document and that the document has not been altered since it was signed.
A “key pair” is typically used in public key cryptography. A key pair is composed of a private key and a corresponding public key. The public and private key work only with each other, that is, something signed with one private key cannot be verified with any other key except the public key of the same key pair.
Users (signers) keep their private signing keys secret, however, the public key, can be made public, as long as one knows which public key belongs to whom. This is handled by creating and publishing, or otherwise making available, public key certificates digitally signed by a Certificate Authority (CA). The certificates, or “certs”, are a specialized document that binds a public key to the identity of its owner and commonly have an expiration date, for example, two years. This is commonly used in Public Key Infrastructures (PKI) and forms the basis of knowing the identity of the signer.
Just as users protect their private signing keys, they also securely receive and store, by trusted processes, the public key certificates of the CAs they trust so that they can rely on the results of the digital signature verification process.
Signing a document involves passing the document or data to be signed through a hashing algorithm to create a hash, also known as a message digest. This hash is a string of bits, sometimes viewed as a number, which represents the document. The hash is constructed in such a way that any change to the document results in a different hash value. Further, the hash algorithm is cryptographically strong, that is, the hash is a calculated in such a way that it is computationally infeasible to find a second change, perhaps indiscernible to a human reader, which would yield the same hash value. This gives high assurance that if new hash values remain the same, the document remains unaltered.
The hash, along with the signer's private key, is then fed to another algorithm to produce a signature (another string of bits). The signature, along with some descriptive information, is frequently appended to the document, and should remain with the document for later verification.
Signatures are flexible. A single signature can cover, or apply to, all combinations of single or multiple documents in their entirety, and/or single or multiple portions of documents.
Another variation makes use of transitive properties where one signature can sign other hashes and/or other signatures, depending on one's objective. For example, it is not uncommon to see a hash of a document be itself the target of a signature (where the first hash is itself hashed to create a second hash which is then provided to the signing algorithm). Signing a hash of a document can, under the right conditions, provide the same integrity protection as signing the document directly.
Verifying the signed document to determine its authenticity involves calculating a fresh hash of the document in question. This new hash, the signature, and the signer's public key are then provided to another algorithm which will identify whether the document is or is not authentic. The verification process continues with several steps to assure the public key certificate, from which the signer's public key was extracted, is also authentic. (The certificate is also a signed document, signed by the CA, certifying the embedded public key belongs to the stated identity.) To be complete, there are other technical functions that need to be performed such as ensuring the certificate hasn't expired and the signer's certificate wasn't revoked and posted on a Certificate Revocation List (CRL).
Various standard techniques exist for digital signatures. For example, the Digital Signature Standard (DSS) is based on a type of public key encryption method that uses the Digital Signature Algorithm (DSA). The DSS is a standard for digital signatures that has been endorsed by the United States government. The DSA algorithm uses public and private keys, the internals of which are specific to that algorithm. Different algorithms typically require key pairs with different internals.
Conventional digital signature schemes focus on establishing the identity of the signer. This is usually accomplished by verifying the signer's digital signature (establishing the document remains unchanged since originally signed), and then verifying the Certificate Authority's (CA) signature of the signer's public key certificate.
When a signed document names a person in the document and obligates that person in some way, as in a mortgage loan agreement, then the authority of the signer can be inferred from the context of the situation and the signer's attestation.
But when a person signs a document on behalf of a company, or the signer has been granted some special privileges or authority, there is typically no convenient way to know the authority of the signer just by looking at the document. The signer's title might appear in the document, but any such claim of authority would be self-proclaimed and subject to question. A telephone call or accessing a special database might establish that authority, but simply looking at the document does not. This approach has shortcomings because people and companies change over time, and making telephone calls can be impractical. Maintaining databases for extended period, for example, 10, 20, 30 or more years can become very expensive and problematic, especially when companies merge or are out of business.
Also, the signer may be authorized to sign that kind of document, but with limited authority. For example, a person may be allowed to sign purchase orders, but those purchase orders are not to exceed $100,000. Conventional systems fail to provide a convenient methodology for a relying party to be able to establish that authority years later and perhaps a half a world away.
Therefore, there is a need for a method and system, where information contained within a signed document, by which a relying party can efficiently gain assurances that the authority of a signer, was not exceeded.