The rapid growth of electronic mail systems, electronic fund transfer systems, electronic document transfer systems and the like has increased concerns over the security of the data transferred over unsecured communication channels. Cryptographic systems are widely used to ensure the privacy and authenticity of messages communicated over such unsecured channels.
Now that information and documents are being created, transferred and stored digitally, new requirements now exist for authentication and authorization of such information and documents.
Unlike paper media, digital originals are able to be readily altered. Furthermore, there is no prima facia method for estimating the age or authenticity of digital information--unlike physical written specimens where age and behavior of chemicals and handwriting provides some means for estimating authenticity and age.
The advent of public key algorithms now allow for a means of digital authentication. These systems range from basic signature systems, such as afforded by the straightforward use of, for example, the RSA Cryptosystem described by U.S. Pat. No. 4,450,829 to more complex authorization systems such as described by the applicant's U.S. Pat. No. 4,868,877, which allows for interlocking protection of coordinated signatures.
Typically in digital signatures, an individual's certification (his authorization to use his public key) is inherently bounded by an expiration date. There are many reasons for such a bound. One of these stems from the fact that in any such system there is a need to be able to receive and retain cancellation notices for public keys which have been (accidentally) exposed, or whose owners have been prematurely deprived of authorization. In general, such cancellation notices need to be kept by all parties at least until the certificate's prima facia expiration. If expiration dates were not specified, such notices would have to be retained forever.
If a culprit wishes to circumvent their expiration date, he might, in some cases, simply set back the clock in their computer and perform their signature at an apparently past time.
Also, there are many situations (especially now that an ever increasing amount of business is done electronically) where it is useful or sometimes critically important to ensure that the time and/or date associated with a particular event is in fact correct. For example, the date of an invention disclosure document can make the difference between an inventor securing a valuable proprietary interest in his invention or acquiring no such interest. In a business transaction, it may be important to ensure that the time reported as being associated with a contract or a purchase order is, in fact, correct. In either example, if it were possible for a user to create a back dated signature, the user could create a document which misrepresents itself chronologically.
One way to resolve this problem is to have all critical documents signed and time stamped by an impartial third party "digital notary" service. It may be difficult to find such a third party; or it may be difficult to obtain the services in a timely manner. For isolated users, such a digital notary might not be readily available. Moreover, this process may become error-prone, tedious, and a source of bottlenecks, while also creating potential security breaches.
The present invention is directed to an apparatus and method for performing a time notarization in a secure way, while eliminating the above-mentioned "digital notary" accessibility problems, thereby making such notarization easy for any individual or corporation to utilize. Moreover, the present invention performs the time notarization so as to make it easy for anyone to verify the notarization and to rely on the notarization time stamp. The apparatus is economical, and can be used locally without regard to using any external services.
The present invention provides a means whereby any digital information can be effectively notarized to have been in existence at the time explicitly stated in the notarization. This eliminates the possibly of electronic backdating through any subterfuge.
The time notarization apparatus and method of the present invention uses a secure, microprocessor based hardware platform which performs public key cryptographic operations to obtain trusted time stamping with a minimum of intervention by third parties. The hardware platform is encapsulated in a secure fashion so that the device's timestamping mechanism may not be feasibly subverted with or altered.
The hardware platform includes at least one digital clock and a stable, secure storage device to record the private half of a public/private key pair. Coupled to both the digital clock and the storage device is a data processing device which performs public key signature operations in a secure and tamper-proof manner. Only the processing device has access to the secure storage device and its associated private key.
The hardware platform also includes input/output means which receives a digital message which is to be digitally signed and timestamped. The input/output means may return the resulting timestamped signature generated by the device to the presenter of the document or store the digital timestamp or dispose of it in any other appropriate means. The hardware platform also includes a power source, (e.g., an on-board battery) to ensure the accuracy of the device's digital clock and the security of stored data continuously during all times during device's useful life.