1. Field of the Disclosed Embodiments
This disclosure relates to systems and methods for implementing a digital signature scheme for embedding and validating multiple nested digital signatures in a digitally produced document without modifying a file size of the digitally produced and signed document.
2. Related Art
Conventionally, the terms “digital signatures,” and “schemes for implementing digital signatures,” are generally understood to refer to a class of computing techniques that apply mathematical algorithms as encryption techniques to digitally produced documents. An objective of applying digital signatures to a digitally produced document is to demonstrate the authenticity of a digitally produced and signed document. Recipients rely on valid and verifiable digital signatures as an indication that the digitally produced document (a) was created by a known entity/author, and (2) has not been altered in transmission to the recipient, including in any intervening review process.
Multiple digital signatures may be applied to a digitally produced document in order to indicate a chain of custody, or otherwise to indicate a list of individuals who have accessed the digitally produced and signed document. Digital signatures are commonly used for applications in which it is important to be able to detect alteration of the digitally produced documents. Digital signatures also aid in potentially providing a list of individuals who may have altered the digitally produced and signed document once an unauthorized alteration is detected.
Digital signatures, in this context, refer to a subset of what could be considered to constitute electronic signatures. The latter term refers to a broader class of electronic data that is intended to convey the intent of a signature on a paper produced and ink signed document. Digital signatures make use of differing levels of cryptographic methods in order to provide an ability not only to verify the digitally produced document, but also to verify and validate the applied signatures. Although basically equivalent to traditional handwritten signatures, digital signatures are much more difficult to forge based on the application of these cryptographic techniques. As organizations move away from paper documents with ink signatures, digital signatures can provide added assurances of authenticity, accuracy and integrity of the digitally produced and signed documents.
Typically, there are two general categories of techniques for applying digital signatures to digitally produced documents.
The first, and perhaps most commonly employed, general category of digital signature applying techniques “wraps” the digitally produced document in a digitally signed “envelope.” A shortfall of these digital signature applying techniques is that such a “wrapped” file is no longer readily identifiable as the original file in the original file format until the file is “unwrapped.” Additionally, the “unwrapping” effectively detaches the digital signature from the digitally produced and signed document. In so doing, the unwrapping breaks the association of digital signature with the digitally signed document. As such, even though the wrapping technique may be able to wrap the digitally produced document in multiple layers of wrapping corresponding to multiple individual and separate digital signatures, the effective detachment of the one or more of the digital signatures, in sequence, from the digitally produced and signed document may present difficulties in preserving and defending any chain of evidence or chain of custody of the digitally produced document.
The second general category of digital signature applying techniques involves embedding the digital signature within the digitally produced document itself This method, while forensically stronger because the embedded signature cannot be stripped off, can result in alteration of the digitally produced document. In other words, because the digital signature is embedded in the digitally produced document, the content of the digitally produced document is effectively changed with the embedding of the digital signature in the digitally produced document. Additionally, the size of the digitally produced document is necessarily changed with the inclusion of the digital signature. Finally, these embedding digital signature applying techniques have generally been considered impossible to effectively implement with regard to multiple digital signatures. The difficulty lies in the fact that the addition of a second digital signature, in sequence after the first digital signature, generally corrupts the first digital signature thereby rendering difficult precise reconstruction of, for example, a chain of custody for, or a list of individuals who had access to, the digitally produced and signed document.
With the wide proliferation of all manner of digitally produced documents, as government agencies and business entities move away from paper produced and ink signed documents and recordkeeping, techniques and methods for applying digital signatures in a manner that meets an objective of maintaining a clean, unalterable, verifiable and readily accessible list of individuals who produced, reviewed or otherwise accessed, a digitally produced and signed document are increasingly essential to preservation of the information produced and in deterring alteration of the digitally produced and signed documents.