Computer networks are being used extensively to enable groups of two or more people to communicate. For example, many offices utilize local area networks that enable employees to communicate with each other via electronic mail. In addition, individual computers or local area networks may be linked to form a broad-based network to facilitate communications between remote persons. The Internet is but one example of such a broad-based network.
One effect of the increasing use of computer networks for communication is that electronic documents are fast replacing paper documents in both business and non-business environments. For example, letters and routine business forms can be represented in electronic form. In addition, specifications and control drawings, spreadsheets and other electronic forms, artwork or blueprints, video images and the output from electronic scanners can be generated and transferred as electronic documents using computers. Moreover, electronic representation of documents will increase as automated equipment becomes more prevalent in offices and homes.
Paper documents are typically signed or initialed and, in many cases, dated by the author or reviewer using a pen or other indelible marker. In this way, the signator manifests his or her approval of the document as it exists at that time. The signature or initials can be examined at a later time by an expert, the signator, or another familiar with the signature to verify whether the purported signator actually signed the document. Moreover, alteration of paper documents, for example, after signing, is difficult because the printed words are fixed on the paper.
Like paper documents, many electronic documents are circulated among several persons who may be asked to comment on, approve, confirm, or otherwise acknowledge the electronic document. Some electronic documents are generated co-operatively by several authors. Consequently, it is often desirable to confirm who originated and/or who approved an electronic document. It also may be important to establish the time at which the particular electronic document was generated, approved, or confirmed and to ensure that the electronic document was not altered after origination or approval. However, without some form of protection, electronic documents are easily altered or forged in a manner that may escape detection.
One solution to this problem may be to simply "sign" the electronic document. Signatures may be captured in electronic form using a digitizer, and the digitized signature may then be pasted into an electronic document. The digitized signature may thereafter be displayed within the document on a computer display. Alternatively, the digitized signature may be printed in the document using a standard printer. Accordingly, as used herein, "digitized signature" refers to an electronic graphic representation of a signature obtained using a digitizer, for example, and to the display or print out of such electronic graphic representation. A major disadvantage of using stored digitized signatures is that they can be copied easily from one document to another in a manner which escapes detection. Accordingly, widespread forgery of digitized signatures cannot be prevented.
The disadvantage identified above, among others, have led to a search for alternative means to provide security for electronic documents. One alternative technique is embodied in document configuration management systems, which provide security by using a software-implemented locking mechanism that locks documents into a software library. A document is "signed" by checking it out of the library, modifying it if desired, then checking it back into the software library with appropriate comments. The party that checked out and returned the document may be considered to have "approved" it. The returned document can then be viewed by other users with confidence that it has not been modified since it was last replaced.
The document configuration management systems provide a very high degree of security and are useful for managing sensitive documents such as time cards in a corporation. However, document configuration management systems suffer from numerous disadvantages. For example, they require a central configuration management server that must be available to all users. Linking all users to the central configuration management server is impractical for loosely coupled systems, such as the Internet. Accordingly, document configuration management systems are ill-suited for widespread use by unaffiliated or loosely affiliated users.
A second generally known technique for providing electronic document security is referred to as public key encryption. Many specific types of public key encryption techniques are known. For example, the National Institute of Science and Technology (NIST) has adopted a Digital Signature Standard based on public key encryption. So-called "electronic signature" techniques should be carefully distinguished from the digitized signature technique discussed above. An electronic signature, as used herein and commonly throughout the industry, refers to a block of electronic information, e.g., a bit sequence, which strongly characterizes the state of a document at a particular time, and is typically generated using a secure hashing algorithm. As discussed further below, the electronic information is encrypted using the signator's private key within a public key encryption technique. Subsequent successful decryption and hash confirmation by the recipient verifies the integrity of the document and identity of the signator. On the other hand, a digitized signature, as discussed above, is an electronic graphic representation of an individual's handwritten signature which likewise may be used to identify the signator, but by visual inspection.
In private key encryption techniques, the private key is not mathematically related to any other key. Accordingly, the private key is required for decryption. In general, public key encryption techniques use a public key and a private key that are mathematically related. However, it is practically impossible to derive the private key from the public key. As the name suggests, the public key can be known by anyone and the private key is secret and should be protected from modification and disclosure.
Any person having the public key, the message, and the electronic signature can verify integrity of the document and confirm the signator. Security is ensured because it is computationally infeasible to find an electronic document that corresponds to the information generated using a secure hash algorithm, or to find two different electronic documents that produce the same secure hash output value. Thus, any change in the electronic document will, to a very high degree of probability, result in a different secure hash output value. Such a technique provides very secure verification of the source and integrity of an electronic document.
Existing techniques having electronic signature or document configuration management capabilities provide more security than is required. In addition, current systems enable high-confidence verification by the recipient of the electronic document for each transaction. However, high-confidence verification is unnecessary for the vast majority of transactions. By analogy, a handwritten signature can be fairly easily imitated to deceive a casual recipient, though subsequent examination by an expert or the alleged signator is likely to reveal the forgery. Nonetheless, forgery of any sort is very rare in a business environment. Accordingly, security measures which provide a moderate likelihood of detecting deception are effective for deterring forgery or alterations. Therefore, for the vast majority of electronic communications, only a moderate level of security is required, and verification of "signatures" may not be needed unless the document's integrity is subsequently questioned.
Further, electronic signature and document configuration management systems which provide document security do not currently work within the structure of today's highly integrated electronic office tool sets, and are not easy to use, particularly for computer novices. Electronic signature algorithms, for example, which involve extremely complex mathematics, presume a very sophisticated and experienced computer user. Little effort has been expended to make such techniques accessible to the average computer user, who has a relatively low level of computer expertise. Accordingly, there is a need for electronic data security techniques that are user-friendly, that provide a sufficient degree of security that will deter forgery and alterations, and that can be used in a wide variety of computer systems.