In the arts organizations interested in protecting intellectual property or investigatory bodies, e.g. local and state police, FBI, private investigators, and the like, it is important to be able to verify ownership and time/date of creation of electronic papers and other electronic recordations thereby legally establishing what has happened, when something happened, and by whom. Since electronic media is alterable, establishing the accuracy of ownership and the date/time of creation can be difficult because computer system clocks can be set to inaccurate dates and/or times and electronic documents or files can be readily altered.
Much work has been done to date in the electronic document security and verification area in regards to the “what” and “by whom” (called non-repudiation) but typically time is not included in electronic non-repudiation because it is easy to set and change on computers. To overcome this, time of creation of electronic documents is established by other means such as sequencing of events. Emails are a good example of this. The order of emails sent and received can help investigators narrow down the time and date of creation by their order in the sequence. But, for other documents or files this sequencing for time and date of creation is not viable and, as the world quickly progresses to an electronic “paperless” environment, solid techniques for establishing originality and time and date of origin are increasingly needed.
In order to secure passwords, system executables and high value data secure hash algorithms often are used to produce a “signature” that can later be verified as originating from the owner. To secure data transmission integrity, several steps are typically employed. For instance, files are frequently combined into a “folder” or some other archive format and a data signature is generated of the archive file. Afterwards, the original archived file and its signature is placed in another archive file which is then encrypted with a private key. The use of a certification authority or certificate authority can be additionally employed to ensure integrity of originality. For example, to support digital signatures, a trusted third party verifies the identity of that person or entity and then issues a digital certificate to the user that they sign digitally. The receiving person then verifies the digital signature as coming from a certified party.
There are cryptographic two signature algorithms in popular use, MD5 by RSA Data Security Inc and SHA1 by National Institute of Standards and Technology. Snefru was a signature algorithm developed by Xerox Corp, but is not used extensively. MD5 is the most common, but is also regarded as being likely to be compromised in the not too distant future. SHA1 was basically designed as an open standard signature algorithm, but some trust the cryptographic strength behind it less than MD5 because of the general reputation of RSA.
At this point all of the focus on compromise of signature algorithms has been on the prevention replacement of an existing file with a substitute file with the same signature. What will also be needed is to prevent the creation of a file with the same signature which can be associated with a previously generated time. Associating a signature with a file, its file size, and potentially with the signature of an encrypted transform of the file, and the signature of the encryption key is what this invention will use to prevent this type of forgery.
In cryptography, there are various techniques of enhancing the “cryptographic” strength of a solution. Such techniques often involve the use of multiple encryptions or the use of encryptions where keys are of limited use (e.g. session keys). In mathematics there is a whole field of study in error correcting codes. Applications in the computer field include parity bits. But error correcting codes extend to where errors can be both detected and corrected. For recoverability of a reliable time of existence, and the attributes of the files associated with the time, error detection and correction will be employed. Use of error correcting codes in itself is a mathematical transformation of the electronic data. This invention will utilize error correcting codes to increase integrity, but also to increase cryptographic strength.
What is needed in the art and what is provided by this invention, is a method for securing the integrity of the time of existence of documents or files in preparation archiving such that the files' origin and authenticity can be subsequently verified.