The present invention relates to a method for digital time stamping data. More particularly, the present invention relates to the digital time stamping of data, without the need for subsequent third party verification, by the chaining of key pairs, the key pairs being generated for particular time intervals.
The concept of chain of evidence has long been a fundamental tenet of the U.S. judicial system. Many legal situations depend upon the ability to prove that a certain piece of evidence existed at a certain point in time and that it has not been subsequently altered. In the past, when most of the possible types of evidence consisted of material objects, there was a need for a protocol of a xe2x80x9cchain of witnessesxe2x80x9d to testify to the veracity of an evidentiary object in question. Historically, if the evidence was under the control of only a finite set of individuals, and if all of those individuals could testify as to the location and state of the object, then the court would accept the claim of authenticity of the evidence.
Of course, such a system is dependent upon the availability of trustworthy witnesses that will be available and willing to testify in any given circumstance. Often times, witnesses are available, but not trustworthy, or vice versa. This is particularly the case with respect to document authentication, where the details of when a specific document was created or signed is in question. Clearly, a system was needed to allow one to easily obtain a xe2x80x9cwitness on demandxe2x80x9d in many situations.
This concept of evidentiary authentication is so important to so many areas of endeavor, that a formalized system of professional document witnesses was developed, for example, called the Notary Public service. Notary Publics would, for a fee, attest to such things as the existence of a document and the identity of the document holder or signer. Of course a notary could not swear to any knowledge of the actual contents of a document, since that would have required that the notary keep copies, in perpetuity, of every document ever witnessed xe2x80x94an impractical requirement. Much of the trust held in the notary public system related to a generally-held belief that it was impossible or impractical to forge a notary public""s stamp and signature, or to buy a notary public""s testimony. As computer graphics and desktop publishing technology advances, however, the level of difficulty of creating forged documents and signatures decreases significantly. A result of this technological advance is the fact that some states, such as California, no longer accept notarization as absolute proof of document validity.
As more and more of the information of import in personal and business transactions becomes digital in form, the usefulness of notary-public-style authentication mechanisms decreases. Much of this information is stored, accessed and managed through computer database management systems. All major database systems permit time stamping of data in records. Many commercial and governmental systems depend upon the assumption of veracity of such database time stamps. The presumption is that, if the organization is trustworthy, then the time stamps in their databases can be believed. In practice, this assertion requires a large degree of, to borrow a literary term, xe2x80x9cwilling suspension of disbelief.xe2x80x9d No one, of course, can safely assume that all individuals within a large organization are trustworthy, even if the organization, itself, is believed to be so. Furthermore, it is now well known that no conventional computer database system is immune from the possibility of data tampering or xe2x80x9chackingxe2x80x9d by dishonest individuals.
One approach that has been developed to deal with some of this problem is based upon a technology called xe2x80x9cpublic keyxe2x80x9d cryptography. One of the most well known of this type of system is the program called Pretty Good Privacy, distributed by the Massachusetts Institute of Technology, which makes use of the Rivest-Shamir-Adleman (RSA) public key cryptosystem. Such systems are built around the concept of encrypting data in such a way that allows both secure transmission and authentication of sensitive data. Public key systems employ a pair of cryptographic keys for each encryption/decryption event. One key is kept secret by the owner (e.g., the private key), and the other key is publicly distributed (e.g., the public key). A message encrypted with one of the keys in a key pair can only be decrypted with the other key, and vice versa.
This system allows, for example, the encryption of data by one individual, using a second individual""s public key,. The message could then be sent to a second individual over unsecure channels, and only the second individual could access the unencrypted data, since it could only be decrypted with the second individual""s private key.
Prior to using the second individual""s public key to encrypt the data, the first individual could have used his or her private key to encrypt the data, thereby digitally xe2x80x9csigningxe2x80x9d the data. The recipient could then use the sender""s public key to decrypt it, thus proving that it actually came from the sender, since only the sender could have used the correct secret key to sign the data. Such a system provides both confidentiality of data and a mechanism for authentication of the identity of the sender. It also proves that the data could not have been altered in any way since the time it was encrypted by the sender. Public keys, themselves, can be xe2x80x9ccertifiedxe2x80x9d by signing them with a trusted individual""s secret key (e.g., a digital signature). Others can then assess the authenticity of published public keys by authenticating them using that trusted individual""s public key. If that trusted individual later loses faith in the validity of the certified key, then he can issue a so-called revocation certificate, signed by the trusted individual""s private key, that notifies others that the previously-certified public key is no longer to be trusted in the future.
Public key algorithms are notoriously slow. For this reason, virtually all public key digital signature systems use what is called a xe2x80x9ccryptographically-strong one-way hash functionxe2x80x9d to create what is called a xe2x80x9cmessage digestxe2x80x9d from the data to be signed. This message digest is a unique representation of that data, sort of a data fingerprint, that is typically much smaller than the original data. For example, the message digests that PGP uses are only 128 bits in length. The message digest is then encrypted using the sender""s secret key before sending the data to the recipient. The recipient can then use the sender""s public key to automatically decrypt the message digest and then verify that it does indeed match the original data. This is a very secure system, since it is computationally infeasible for an attacker to devise a substitute message that would provide an identical message digest. Most estimates state that it would take 10{circumflex over ( )}12 or more years (taking into account Gordon Moore""s xe2x80x9clawxe2x80x9d relating to increases in chip capacity over time) to successfully fake a 128-bit message digest using the algorithm employs by the PGP software package. Also, changing even a single byte of a digested message would cause the hash function to be unable to match the message digest to the unencrypted data.
Public key digital signatures, therefore, can irrefutably prove that signed data was originally signed by a given secret key and that the data has not changed in any way since the signature was made. Systems such as PGP routinely attach time-stamps to both key pairs at their creation, and to digital signatures, each time they are created. Such time-stamps, however, are dependent only upon the internal clocks within the computers being used, and thus are subject to inaccuracies or falsification by, for example, an individual intentionally changing the time on a computer""s clock in order to make it falsely appear that a given digital signature was created at a specific point in time.
For this reason, a new type of notary public has arisen, which uses public-key digital signatures to notarize, for a fee, digital information typically submitted over the Internet. These so-called xe2x80x9cdigital notariesxe2x80x9d are, essentially, businesses that provide such a service and agree to attest to the veracity of both the content of the original data, as well as the time at which the signature was made. This is a major improvement over the notary public concept of old, since the new digital notary services can testify to the fact that data which has been digitally signed by their service existed at a certain point in time, and that it hasn""t been altered in any way since that point in time. The largest problem with such digital notary services, and also a motivating reason for the method according to the present invention, is the fact that the authenticity of such digital-notary-generated digital signatures is wholly dependent upon the trustworthiness of the institution and individuals running the digital notary service.
To solve this problem, a system is needed that will automatically and rigorously prove the veracity of digital signature time-stamps, without depending upon the trustworthiness of the institution or individuals administering a digital notary service. Transient-key digital time-stamps according to an embodiment of the present invention provide these capabilities.
According to an embodiment of the present invention, irrefutable public key digital signature time-stamps are created and used. The system is based upon, for example, the concept of transient time-interval-related secret cryptographic keys, which are used to digitally sign submitted data during specific time intervals, and then are permanently destroyed. The public-key correlate for each time interval is saved for future authentication of the content of time-stamped data and time of creation of time-stamped data. The validity of the public keys is ensured through the certification (e.g., signing) of each time interval""s public key using the previous time interval""s secret key, immediately before that secret key is destroyed.