AU758834B2 - Document authentication system and method - Google Patents

Document authentication system and method Download PDF

Info

Publication number
AU758834B2
AU758834B2 AU55972/99A AU5597299A AU758834B2 AU 758834 B2 AU758834 B2 AU 758834B2 AU 55972/99 A AU55972/99 A AU 55972/99A AU 5597299 A AU5597299 A AU 5597299A AU 758834 B2 AU758834 B2 AU 758834B2
Authority
AU
Australia
Prior art keywords
digital signature
certificate
document
information object
entity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired
Application number
AU55972/99A
Other versions
AU5597299A (en
Inventor
Stephen F. Bisbee
Jack J. Moskowitz
Edward R. Sheehan
Douglas H. Trotter
Michael W. White
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
eOriginal Inc
Original Assignee
Document Authentication Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU71058/96A external-priority patent/AU714220B2/en
Application filed by Document Authentication Systems Inc filed Critical Document Authentication Systems Inc
Priority to AU55972/99A priority Critical patent/AU758834B2/en
Publication of AU5597299A publication Critical patent/AU5597299A/en
Application granted granted Critical
Publication of AU758834B2 publication Critical patent/AU758834B2/en
Assigned to EORIGINAL, INC. reassignment EORIGINAL, INC. Amend patent request/document other than specification (104) Assignors: DOCUMENT AUTHENTICATION SYSTEMS, INC.
Anticipated expiration legal-status Critical
Expired legal-status Critical Current

Links

Description

r I DOCUMENT AUTHENTICATION SYSTEM AND METHOD
BACKGROUND
Applicant's invention relates to systems and methods for providing a verifiable chain of evidence and security for the transfer and retrieval of documents in digital formats.
Paper documents are the traditional evidence of the communications and agreements between parties in commercial and other transactions. Financial and real-estate transactions are protected by paper-based controls. Signatures and 10 safety paper (such as pre-printed checks) facilitate detection of unauthorized alterations of the information of commercial transactions. Important documents may also be provided with "third man" controls, by the witnessing of signatures and by the seal and acknowledgement of a Notary Public.
The methods of commerce, however, have changed dramatically and continue to evolve. This is most evident in the replacement of paper-based communications with electronic communications. The "due care" controls used with paper-based communications do not exist in routine electronic transactions.
Standard electronic communication over open systems does not have the same ability to provide authentication, privacy, and integrity of the communicated information. By "authentication" is meant verification of the identity of the signatory of a document; by "privacy" is meant protection of the information in a document from unauthorized eyes; and by "integrity" is meant the ability to detect any alteration of the contents of a document.
When communication is by electronically reproduced messages such as e-mail, facsimile machine, imaging, electronic data interchange or electronic fund transfer, there no longer exists a signature or seal to authenticate the identity of the transferor. The traditional legally accepted methods of verifying the identity of a document's originator, such as physical presence or appearance, an ink signature, personal witness or Notary Public acknowledgement, are not possible.
-2- The continued evolution of computer and telecommunications technology has regretfully been accompanied by the invention of more and more sophisticated ways to intercept and alter information electronically transmitted, including the widespread phenomenon of remote intrusion of computer systems through telecommunication links.
Some approaches to providing secure electronic commerce technology by applying cryptography give the user a verification mechanism for the authenticity or privacy of the transmission that is controlled by the user and does not include the element of non-repudiation. In some cases the use of encryption for privacy could aid in the detection of document alterations, advancing the goal of integrity.
This is not generally the case, however, and additional mechanisms may be required for providing integrity. At present, no distributed electronic document authentication system exists that can provide authentication, as with written or printed instruments, in a manner that cannot be repudiated. No commercial system provides electronic document verification based on a digital signature that cannot be repudiated, although some attempts have been described. See, D.
Chaum, "Achieving Electronic Privacy", Scientific American, vol. 247, no. 8, pp.
96-101 (Aug. 1992); C.R. Merrill, "Cryptography for Commerce Beyond Clipper", The Data Taw Report, vol. 2, no. 2, pp. 1, 4-11 (Sep. 1994). Since DES, no governmental organization or other standards-setting body has been willing or able to set standards as to cryptographic strength, process, etc.) acceptable for general commercial use. The techniques described in this application are synergistic and of sufficient assurance to be on par with the security needed to support a typical business transaction.
Applicant's document authentication system (DAS) provides the needed security and protection of electronic transmissions. Most important to commercial and financial institutions, Applicant's DAS assumes the risk and responsibility of a document's authenticity. Applicant's DAS utilizes an asymmetric cryptosystem, r -3known as a public-key system, to help ensure that the party originating a document is electronically identifiable as such.
Various aspects of public-key cryptographic (PKC) systems are described in the literature, including R.L. Rivest et al., "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM vol. 21, pp. 120-126 (Feb. 1978); M.E. Hellman, "The Mathematics of Public-Key Cryptography", Scientific American, vol. 234, no. 8, pp. 146-152, 154-157 (Aug.
:e 1979); and W. Diffie, "The First Ten Years of Public-Key Cryptography", Prnoereings of the TFFF, vol. 76, pp. 560-577 (May 1988). Popular PKC systems make use of the fact that finding large prime numbers is computationally easy but factoring the products of two large prime numbers is computationally difficult. A PKC system is an asymmetric encryption system, meaning that it employs two keys, one for encryption and one for decryption. Asymmetric systems adhere to the principle that knowledge of one key (the public key) does not permit derivation of the second key (the private key). Thus, PKC permits the user's public key to be publicly posted in a directory or on a bulletin board), without compromising the user's private key. This public key concept simplifies the key distribution process.
Besides the PKC method, another encryption method is the symmetric algorithm. An example of this is the Data Encryption Standard (DES), which is described in Data Fnrryprion .tandard, Federal Information Processing Standards Publication 46 (1977) ("FIPS PUB 46", republished as FIPS PUB 46-1 (1988)) and DF_ Modes of Operainn, FIPS PUB 81 (1980) that are available from the U.S. Department of Commerce. See also W. Diffie et al., Privacy and Authentication: An Introduction to Cryptography Prnc TEE vol. 67, pp. 397- 427 (Mar. 1979). In general, a symmetric cryptographic system is a set of instructions, implemented in either hardware, software or both that can convert plaintext (the unencrypted information) to ciphertext, or vice versa, in a variety of -4ways, using a specific key that is known to the users but is kept secret from others.
For either a symmetric or PKC system, the security of a message is dependent to a great extent on the length of the key, as described in C.E.
Shannon, "Communication Theory of Secrecy Systems", Bell Sys TPech.
vol. 28, pp. 656-715 (Oct. 1949).
SUMMARY
S. These and other objects and advantages are provided by the DAS which comprises the means to identify the originator of the electronic document, to 10 provide irrevocable proof of the integrity of the transmission of an electronic document and the means to prevent the originator of the document from denying the document's originator, non-repudiation.
In one aspect of Applicant's invention, a method of authenticating an electronic document comprises the steps of: signing the electronic document with 15 a digital signature of a Transfer Agent; appending a certificate to the electronic document by the Transfer Agent; and validating the digital signature and certificate of the Transfer Agent. The certificate may include information representing the Transfer Agent's identity, public cryptographic key, and predetermined attributes.
The signing step may comprise the steps of applying a hash function to the electronic document to determine a message digest and encrypting the message digest with a secret cryptographic key of the Transfer Agent. The step of validating the digital signature then comprises the steps of decrypting the message digest with the Transfer Agent's public cryptographic key, applying the hash function to the electronic document to determine a second message digest, and comparing the decrypted message digest to the second message digest.
The method may further comprise the step of applying a date stamp and a time stamp to the electronic document. The date and time stamps may be applied either before or after validation of the digital signature and electronic document using the certificate. Also, the method may further comprise the step of signing the electronic document with a second digital signature.
In another aspect of the invention, an apparatus for authenticating an electronic document comprises means for signing the electronic document with a digital signature of a Transfer Agent; means for appending a certificate to the electronic document; and means for validating the digital signature and certificate.
10 The certificate may include information representing the Transfer Agent's identity, public cryptographic key, and predetermined attributes.
The signing means may comprise means for applying a hash function to the electronic document to determine a message digest and means for encrypting the message digest with the Transfer Agent's secret cryptographic key. The validating means may then comprise means for decrypting the message digest with a public cryptographic key of the Transfer Agent, means for applying the hash function to the electronic document to determine a second message digest, and means for comparing the decrypted message digest to the second message digest.
The apparatus may further comprise means for applying a date stamp and a time stamp to the electronic document. The date and time stamps may be applied either before or after the digital signature and electronic document have been validated using the certificate. Also, the apparatus may further comprise means for signing the electronic document with a second digital signature.
In another aspect of Applicant's invention, an authentication system for the electronic transmission of documents comprises a device for digitally encrypting a document; a device for certifying the identity of the document transferor; a device for generating a public key and a private key; a device for signing the document with a digital signature; a device for verifiably transmitting the electronic -6document; and a device for authenticating transmission of the electronic document; whereby the system ensures the integrity of the transmitted document and the nonrepudiation of the transmitted document by the document transferor.
In another aspect of the invention, an electronic document storage and retrieval system comprises a device for securely storing of digitally encrypted i electronic documents; a device for authenticating of electronic documents retrieved from storage; and a device for verifying the authority of the party requesting the authenticated electronic document; whereby the system ensures the authenticity of the electronic document stored within the system and the transfer of the electronic document to authorized parties.
In another aspect of the invention, a method of authenticating electronically transmitted documents comprises the steps of digitally encrypting a document; certifying the identity of the document transferor; generating a public key and a private key; signing the document with a digital signature; verifiably transmitting the electronic document; and authenticating transmission of the electronic document; whereby the integrity of the transmitted document and the nonrepudiation of the transmitted document by the document transferor is ensured.
BRIEF DESCRIPTION OF THE DRAWINGS The various features and advantages of Applicant's invention will become apparent by reading this description in conjunction with the drawings in which: FIG. 1 is a block diagram of the liability allocation for authentication in the
DAS;
FIG. 2 summarizes the functions of the DAS relating to document transmission authorization and protection; FIG. 3 is a simple diagram of the DAS architecture; FIG. 4 is a block diagram of the functional interrelationship between a Transfer Agent and an Authentication Center; FIG. 5 is a block diagram Of DAS control functions; FIGs. 6a, 6b are diagrams illustrating application of the DAS in the mortgage finance industry with a title company/closing agent for a loan as a Transfer Agent; FIG. 7 illustrates the document certification process more generally; FIG.. 8 illustrates generation of a digital signature; FIG. 9 illustrates digitally signing a document and validation of the digital signature; *FIG. 10 illustrates the format of a certificate employed by a user or the 10 Certification Authority; FIG. 11I illustrates validation of certificates; and FIG. 12 illustrates generation of certificates.
DETAIELED DES CRIZPTION Applicant's invention can be implemented utilizing commercially available 15 computer systems and technology to create an integrated closed system for authentication of electronic documents.
Referring to FIG. 1, which is a block diagram of the liability allocation for authentication in Applicant's DAS, the DAS uses a Certification Authority framework by which public/private keys, that are utilized to encrypt/decrypt and/or digitally sign a document, are delivered to a document's originator by an established, auditable means. Certificates and certification frameworks are described in the above-cited publication by C.R. Merrill and in ITU-T Recommendation X.509 (1993)1 ISO/IEC 9594-8:1995 Information Technology Open Systems Interconnection The Directory: Authentication Framework (including all amendments), which are expressly incorporated here by reference. The infrastructure and certificate definitions used in this application are based on these documents.
-8 As described below, the p'ublic/private key is advantageously delivered in the form of a token such as an electronic circuit card conforming to the standards of the PC Memory Card Interface Association (a PCMCIA card or PC Card) for use in the originator's computer. In general a token is a portable transfer device that is used for transporting keys, or parts of keys. It will be understood that PC Cards are just one form of delivery mechanism for public/private keys for *Applicant's DAS; other kinds of tokens may also be used, such as floppy diskettes and Smart Cards. To ensure reliable delivery a service such as the bonded courier services commonly used to ferry securities between parties could be used to deliver the media to the document originator.
Advantageously, many commercially available tokens that embody onboard cryptography generate the public/private key pairs on the cards, and the private keys never leave the cards unencrypted. The public keys are exported to the Certification Authority for inclusion, with the identity of the intended recipient and appropriate user attributes among other things, into a "certificate". Principal 5: components of the DAS system assurance are the correct operation of the Certification Authority framework, the tight binding of user identity and attributes to the public key in the certificate, and the reliable delivery of the PC Card to the authorized recipient.
In an additional aspect of Applicant's invention, the public/private key is only effective when it is used in conjunction with a certificate and personal identification information such as the recipient's biometric information retina-, finger-, and voice-prints) or a personal identification number that is assigned to the recipient of the card by the Certification Authority and that may be delivered separate from the originator's card. Any subsequent transmitter of the document who is required to digitally sign or encrypt the document would similarly be provided with a respective card and personal identification information.
-9- In FIG. 1, a document's originator and any subsequent transmitter are called a Transfer Agent, and it will be appreciatedi that a Transfer Agent is identified to the DAS by its possession and use of a valid certificate and a valid PN Inisigthe key and PIN to the Transfer Agent, teDSavnaeul P IN In ad va tagiusl records one or more attributes, or characteristics, of the Transfer Agent in association with the key and PIN. For example, the Transfer Agent may be authorized to conduct only certain types of transactions and/or transactions hvn less than a predetermned value.
.Issuance by the Certification Authority of a digitally signed certificate ensures the verifiability of the identity of each transmitter of a digitally signed or encrypted document. The Certification Authority also retains the ability to revoke a public/private key, or to reissue a public/private key, from a remote location electronically. The Certification Authority can also support privilege management in accordance with the policy set for the system. For example, the Certification Authority can set financial or other limits on the authority granted to the Transfer Agent by conveying those authorizations or restrictions as certificate attributes.
These attributes can be retrieved from the certificate and enforced by other elements in the system.
In an important aspect of Applicant's invention, the DAS is a system for authenticating a document by applying digital signature encryption technology for the electronic transmission of the document. As used here, "authentication" is the corroboration and verification of the identity of the part which executed, sealed, or tr-al~smtted the original document and verification that the encrypted document received is the document sent by that party. The DAS uses an Authentication Center to provide an audit or evidence trail, for applications that require this capability, from the original execution of the executed or encrypted or sealed document through all subsequent tawsmissions.
The Certification Authority would use a physically secure facility that is a "trusted center" having twenty-four-hour security, an alarm system, and "vaulted" construction. In view of its importance, a facility would advantageously include two-person controls, with no single person having access to key generating or key management systems. All personnel connected with the operations of cryptographic key management and transmission of electronic documents would have their trustworthiness evaluated in the surest ways possible, personal interviews, background checks, polygraphs, etc. Moreover, the Certification Authority management would implement procedures that prevent single-point failures, requiring collaboration for compromise to take place. In this way, one individual would be prevented from obtaining complete access to key generation and to key management.
Another aspect of Applicant's DAS authentication that is in contrast to prior systems is the utilization of an integrity block and a date and time "stamp" on each transmitted document. Suitable time and date stamps are those provided by systems described in U.S. Patents No. 5,136,646 and No. 5,136,647 to Stuart A. Haber and W.S. Stornetta, Jr., both of which are expressly incorporated here by reference, and commercially available from Surety Technologies, Inc. The integrity block, the digital signature, and the date and time stamp, which are applied by the Authentication Center, eliminate the possibility of unauthorized alteration or tampering with a document by the signatories subsequent to its original execution or sealing. The Authentication Center's integrity block for a document received from a Transfer Agent is generated using any of several known digital hashing algorithms. This integrity block ensures that the document cannot be altered without detection. In addition, use of the digital signing algorithm by the Authentication Center can advantageously provide for non-repudiation, i.e., precluding the originator from disavowing the document. Applicant's combination of the integrity block, date and time stamp, and audit provide notice and evidence 11 of any attempt at alteration or substitution, even by a document's originator when the alteration is attempted after origination.
In accordance with Applicant's invention, each transaction and its documents are authenticated by transmission to the Authentication Center from the Transfer Agent's terminal. As described below, the Transfer Agent provides the document in. digital form, such as the output of a conventional word processor, to Transfer Agent's PCMCIA card. As an option, a device for digitizing a hand- *5w-ritten signature may also be provided and the digitized signature may be added to :the digital document. The digital document is digitally signed and/or encrypted by the DAS PCMCIA card, and the digitally signed and/or encrypted version is communicated to the Authentication Center electronically by modem or St 9 computer network). Other ways of communicating the digitally signed or .crypted~ documents might be used (for example, dispatching a diskette cotinn the do u etbut t eg atadvantage of electrni.lc communicationis ped The Authentication Center verifies the identity of the Transfer Agent and 06 S the authenticity of the documents, and appends a digital signature and a date and time stamp to the document, thereby establishing each transaction in a manner which can not be repudiated. The combination of these functions, in conjunction with a protected audit trai, can be used at a future date to prove conclusively that a party initiated a transaction. In particular, Applicant's invention provides for authentication of a document in a way that prohibits an originator from denying that the document originated with that originator, and provides irrevocable proof of authenticity.
The authenticated, digitally signed and/or encrypted documents are stored by the third-party Authentication Center in any convenient form, such as on optical and/or magnetic disks. Once a trasaction is completed and the digitally signed and/or encrypted document or documents are transmitted and authenticated by the Authentication Center, any authorized party can access the Authentication 12- Center through an electronic device such as a modem to obtain or further transmit an authenticated document. All transmissions of electronic documents from the originator are made to the Authentication Center, which provides authentication as described above and stores the authenticated documents for transmission to and on 5 behalf of authorized parties whose identities and policies are similarly authenticated by the Authentication Center. Authorization for access may be restricted to the level of a single document or group of documents.
In accordance with Applicant's invention, the DAS verifies and ensures that documents that have been transmitted, stored, or retrieved have not been 10 accidentally or intentionally modified. The DAS can verify at any stage and at any time that a document is exactly, to the last digital bit, the document which was executed and transmitted by the originator and that the document has not been 0 altered or impaired in any manner. This element of integrity combined with a digital signature and a date and time stamp enable the DAS to ensure that a 15 document is not a fabrication, forgery, impersonation, or unauthorized replacement of a document originally executed or sealed by the document's originator.
Since originators of documents to be signed and/or encrypted, such as loan and mortgage documents, commercial paper and other securities, property deeds and leases, etc., should be able to execute their transactions from a variety of locations, the DAS moves the heart of the cryptographic process to a PCMCIA cryptographic card entrusted to a respective authorized Transfer Agent. This permits individual utilization of any DAS enabled computer in any location that is networked or connected with the Authentication Center. As described above, the cryptographic cards and certificates are issued and monitored by the Certification Authority. Certificates may be further controlled through the inclusion of an "expiration period" field, which enables the periodic replacement if desired of the Transfer Agent certificates. It will be appreciated that certificates in accordance
~L.
13 with X.509 include a plurality of such fields, but only those fields important to understanding the operation of the invention are described here.
FIG. 2 summarizes the functions of the DAS relating to document transmission authorization and protection. In the left column are the functions of a Transfer Agent's PC Card; in the center column are other functions carried out by the Transfer Agent's transmission device; and in the right column are functions of the DAS. FIG. 3 is a diagram illustrating interconnections among three Transfer .Agent terminals and a server subsystem and backup subsystem in the Authentication Center in the DAS architecture. FIG. 4 is a block diagram of the functional interrelationship between a Transfer Agent and the Authentication Center.
The cryptographic card includes components, such as a microprocessor and electronic memory devices, for carrying out the steps of a PKC algorithm as well as a symmetric encryption algorithm such as DES. Also, the card should be 15 tamper-proof, which can be assured by designing it to delete critical keys and/or algorithms upon any attempted penetration or alteration. The National Institute of Standards and Technology has been chartered to certify the authentication implementation of the cryptographic card suppliers that may be used by the DAS.
In accordance with Applicant's invention, each transaction and its documents are authenticated using a public key contained in the Transfer Agent's certificate. Privacy, signature, and/or integrity devices and software are commercially available from a number of sources, including RSA Data Security, Inc.; Public Key Partners; Surety Technologies, Inc.; Ascom Tech AG, Switzerland; National Semiconductor; Northern Telecom Ltd.; and Spyrus.
The Authentication Center makes use of its own secret key to sign again the transaction in a manner that cannot be repudiated. The combination of the Transfer Agent's and Authentication Center's signatures (in conjunction with the physically protected audit trail) can be used at a future date to prove conclusively' 14 that an agent, employee, or firm (the Transfer Agent) initiated a specific transaction. In addition, a Notary Public support function is available for implementation as described below.
Employee or agent sign-on at the Transfer Agent's terminal is protected by the personal identification information and the cryptographic features of the cryptographic card held by that Transfer Agent. The combination of these controls uniquely identifies the agent or employee, thereby enabling DAS. In :addition, agent or employee authorization and attribute information may be stored in the certificates or PCMCIA card memory in protected or sealed form as described above. The DAS uses this information in conjunction with the PIN to set privilege, access, volume and fund amount limits.
The DAS provides a distributed validation capability using a "signature" that cannot be repudiated. The strategy uses PKC to reduce the key management overhead and to provide a digital signature that cannot be repudiated for all documents and transactions. Encryption is used to provide confidentiality protection of the PIN and other transaction details as described above. These control functions of the DAS are summarized in FIG. Additionally, the DAS is compatible with the full range of modem distributed, and client/server transactional based applications. It operates effectively in LAN, WAN, and dial-up networks. The DAS preferably utilizes modem database tools, and thus the server can advantageously utilize relational technology with a SQL interface SYBASE).
The DAS can utilize a variety of technology based tools that may be outlined as follows. The security architecture may allocate liability on a basis that cannot be repudiated by using approved industry standards. In particular ANSI X9.9 and X9. 19, which are incorporated here by reference, may be used for authentication. The DES may be used for encryption of the documents, and triple encryption may be used to protect key encrypting. The session key management 15 option of ANSI X9.24, Financial. Institution Retail Key Management, which is incorporated here by reference, may be used in conformance with the security architecture.
In one aspect of Applicant's invention, documents, transactions and other 5 information may be protected by using ANSI standard cryptographic techniques.
PINs may be encrypted using DES; selected message elements may be authenticated using the methods defined in ANSI X9.9, Financial Institution Message Authentication (Wholesale); and cryptographic key management may conform to ANSI X9. 17, Financial Institution Key Management (Wholesale), which is incorporated here by reference. The technology specified in these standards protects the integrity of tranisactions against fraud and manipulation.
As illustrated in FIG. 4, the originator of an electronic document or other ***Transfer Agent may implement the DAS with a typical 486 desktop or laptop computer having the DAS encryption subsystem (PCMCIA card) installed and optionally an electronic digital signature pad for hand-signed "execution" of the document. It is not required for the function of the DAS to have a hand-signed instrument since a digital signature on the document is sufficient. However, at this time, a typical party in loan or other commercial transactions requires the comfort of receiving laser-printed copies of documents which have been executed by hand. Other components and software typically provided in the Transfer Agent terminal are a communication subsystem for handling transmission of encrypted or digitally signed documents to the Authentication Center by a modem telephone line or other suitable communication [ink, a PCMCIA card inter-face, a message handler, input/output inter-face, and multimessage input application.
The Authentication Center is advantageously organized as a server subsystem, a crypto backup subsystem, and storage. As part of the server subsystem, which may be implemented with a 486 computer running under a UNIX-type operating system, a terminal communication subsystem includes a 16multiport controller (see also FIG. 3) that handles communications with the Transfer Agent terminals. Also provided in the server subsystem are a cryptographic key management subsystem, a backup subsystem, a relational database management system, input/output system administration, and audit 5 subsystem. A PCMCIA Card and backup communication subsystem interfaces with the backup subsystem mentioned above that may be implemented as a 486 computer running under a DOS-type operating system. A storage communication subsystem interfaces with the document storage device or devices mentioned above.
10 The DAS also would permit a "Notary Public" type of secondary support e function. This would permit a third party present at the document's execution to also have a cryptographic card which would "seal" the transaction for further verification that the parties executing or sealing the document to be signed were in fact the proper parties. This additional notary function is not required, but would 15 assist in the further authentication of the identities of the parties.
FIGs. 6a, 6b are diagrams illustrating a typical application of the DAS in the mortgage finance industry with a title company/closing agent for the loan as a Transfer Agent. In step 1, the Certification Authority completes code generation and issues PCMCIA cards to authorized parties for transferring documents and establishing legal evidence trails. The parties, who would generally not be individuals but commercial and financial institutions such as a BANK/Mortgage Co. and a Tide Co./Closing Agent, would be equipped to transmit and receive documents electronically. In step 2, a Bank/Mortgage Co. loads and electronically transmits loan documents to the Authentication Center, which forwards them to a Title Co./Closing Agent after adding integrity blocks and date and time stamps.
In step 3, the Authentication Center transmits the authenticated loan documents to the Title Co./Closing Agent.
-17- In step 4, the Title Co./Closing Agent has the documents executed by digitized autograph signature by a Homebuyer/Homeowner. In step 5, the Title Co./Closing Agent provides Homeowner/Homebuyer with "hard copies" of the signed documents. In step 6, the Title Co./Closing Agent transmits the 5 documents to the Authentication Center, which adds the integrity blocks and dates and time stamps the executed documents, forwards the documents to the Bank/Mortgage Co., and stores the documents. Whenever the Bank/Mortgage S: Co. needs copies of the authentic documents, they can be retrieved on-line from Authentication Center storage.
0 In step 7, the Bank/Mortgage Co. directs that the authentic documents be transferred by the Authentication Authority to a secondary-market Mortgage Bank/Investor. In step 8, whenever the Investor needs authentic documents, they can be retrieved on-line from the Authentication Center.
FIG. 7 further illustrates an example of Applicant's document certification 15 process. In the first step, an electronic document is designed, or drafted, that S" reflects the agreement of parties, such as a manufacturing operation depicted by the factory in FIG. 7. The electronic document is provided to a Transfer Agent's terminal, which is illustrates as a portable computer having an authorized PC Card and, optionally, a stylus pad for capturing hand-written signatures. A typical configuration for a Transfer Agent's terminal is at least the computational equivalent of a 386 desktop or laptop computer, with high resolution graphics, a PC Card reader, and a stylus pad for capturing hand-written signatures. As shown in FIG. 7, the electronic document, which may be created locally or remotely, is displayed on this terminal.
In the second step, the parties to the agreement execute their hand-written signatures on the document using the stylus pad. These signatures are captured and inserted in appropriate locations in the electronic document. After all parties have signed the document, the Transfer Agent certifies the completion of the 18 document's execution by invoking his or her digital signature and appending his or her certificate, using the PC Card.
If an original paper document were desired, the electronic document would be printed first. The paper document would then be placed on the stylus pad and 5 the terminal's cursor positioned to the corresponding place in the electronic document. This permits the capture and transfer of hand-written signatures during the actual signing of the paper document. The electronic version is then an exact duplicate of the paper document.
After local certification, the Transfer Agent transmits the electronic 10 document to the Authentication Center in the third step of the process. The ;Authentication Center preferably includes a high-volume utility server computer, having substantial storage capacity and backup capability, and is a secure and highly assured facility. The Authentication Center contains a separate digital signature capability, one or more PC Cards, and an accurate time base.
15 When an electronic document is received, the authenticity and rights of the Transfer Agent are validated by the Authentication Center (step If authenticated, the electronic document is time- and date-stamped (step digitally signed (step journaled (step and stored by the Authentication Center.
Certified copies of the electronic document may then be distributed according to instructions from an appropriate party, such as the holder of a beneficial interest (owner) designated by the document.
The Authentication Center maintains the electronic document and a log, or history, of all transactions, such as requests for copies, etc., related to it. It will be appreciated that the log is useful for many management functions that contribute to the usefulness of the system. For example, the log facilitates identifying subsequent electronic submissions related to a transaction and contributes to Liability limitation for the Authentication Center. Also, the log is useful as evidence of the documrn:t's chain of custody.
19- The Authentication Center also controls access to the document in accordance with authorization instructions provided by the owner of the document.
Such authorization instructions would be updated or revised in conformance with changes assignments) in the document's ownership.
FIG. 8 illustrates the process of digitally signing an electronic document, depicted more generally as an "information object", by application of a hash function. In general, a hash function is a truly one-way cryptographic function that is computed over the length of the information object to be protected. The hash function produces a "message digest" in a way such that no two different information objects produce the same message digest. Since a different message digest is produced if even one bit of the information object is changed, the hash function is a strong integrity check.
In accordance with the invention, the message digest is encrypted using the signatory's secret key, thereby producing the signatory's digital signature. The combination of hashing and encryption in this way insures the system's integrity the ability to detect modification) and attribution capability ability to identify a signatory, or responsible party). The digital signature (the encrypted message digest) is appended to the readable information object (see steps 2 and 6 depicted in FIG. 7).
Of the many different hash functions that are known, it is currently believed that those designated MD4 and MD5, which are embodied in circuits commercially available from vendors identified above, and the U.S. government's published secure hash algorithm are suitably robust for use in Applicant's DAS.
Of course, other hash functions can be expected to become available as time passes.
The steps of digitally signing an electronic document (steps 2 and 6 depicted in FIG. 7) and validating the digital signatures (step 4 in FIG. 7) are further illustrated in FIG. 9. The electronic document has appended to it one or more digital signatures, which are created by using a signature algorithm and the secret key(s) of the signatory(s) as described in connection with FIG. 8, and the certificate(s) of the signatory(s). As described above, each such certificate conveys the identity of the signatory, the signatory's public signature/verification key, predetermined collateral information about the signatory, and the digitally signed message digest of the certificate. The format of these pertinent parts of such a certificate in accordance with the X.509 Recommendation that would be employed by a user or the Certification Authority is illustrated in FIG. The signature validation step, which would normally but not necessarily be carried out by the Authentication Center, comprises decrypting the message digest appended to the document, re-hashing the document to generate another message digest, and comparing the resulting message digest to the decrypted message digest. The public signature/verification key found in the certificate signed by the Certification Authority and appended to the document is used for decrypting the appended message digest. If the two message digest values agree, the identity of the individual named in the certificate can be asserted as the signatory of the document, or other information object, and the integrity of the document is confirmed and guaranteed. An Authentication Center attests to this result by itself digitally signing the document.
As shown in FIG. 11, a certificate of a user (Transfer Agent) or even of a Certification Authority is preferably digitally signed in substantially the same way that electronic documents are digitally signed, except that such a certificate is signed by authorities specifically empowered to create certificates. Validation of a document's digital signatures includes validation of the public signatures of all Certification Authorities in a path between the signatory and a Root Authority, which is the most superior Certification Authority. The signatures of these Certification Authorities are loaded in the signatory's PC Card and appended to documents prepared with that PC Card.
-21 As illustrated by FIG. 12, the path from the signatory to the Root Authority may be considered part of an authentication tree. The signatory's (user's) certificate is digitally signed by a Certification Authority whose own certificate (the CA Certificate) is signed by the Root Certification Authority.
Since there is likely to be a plurality of Certification Authorities located on different branches of the authentication tree, it is only necessary to retrieve all Certification Authority certificates along both branches until a common node is encountered, in order to authenticate a digital signature for an entity on a different branch of an authentication tree, and to verify the authenticities of the certificates 10 up to the common node.
It will be noted that the present description and drawings are illustrative only and that one of ordinary skill in the art would recognize that various modifications could be made without departing from the spirit or scope of the present invention which is to be limited only by the following claims.
The terms "comprise", "comprises", "comprised" and "comprising" when used in this specification are taken to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, integers, steps, components or groups thereof.

Claims (19)

1. An electronic document storage and retrieval system that ensures authenticity of electronic documents stored in the system and transfers of electronic documents to authorised parties, including: means for securely storing digitally encrypted electronic documents; means for authenticating electronic documents retrieved from storage; and means for verifying authority of a party requesting retrieval of an authenticated electronic document. '0*V.
2. A method of authenticating an electronic document, including the steps :of: signing the electronic document with a digital signature of a transfer agent; appending a certificate to the electronic document by the transfer agent, wherein the certificate relates a cryptographic key to an identity of the :OO transfer agent; applying a date stamp and a time stamp to the electronic document; validating the digital signature and certificate of the transfer agent; signing the electronic document with a second digital signature and appending a second certificate to the electronic document signed with the second digital signature after the digital signature has been validated, wherein the second certificate relates a cryptographic key to the second digital signature; and storing, in a facility identified by the second digital signature, the document signed with the second digital signature and having the second certificate appended such that the facility assumes control of the document.
3. An apparatus for authenticating an electronic document, including: means for signing the electronic document with a digital signature of a transfer agent; means for appending a certificate to the electronic document, wherein the certificate relates a cryptographic key to an identity of the transfer agent; means for applying a date stamp and a time stamp to the electronic document; means for validating the digital signature and certificate; means for signing the electronic document with a second digital signature and for appending a second certificate to the electronic document signed with the second digital signature after the digital signature has been validated by the validating means, wherein the second certificate relates a cryptographic key to the second digital signature; and means, identified by the second digital signature, for storing the document signed with the second digital signature and having the second certificate appended such that the storing means assumes control of the "document.
4. A method of executing a transaction by transferring an authenticated information object having a verifiable evidence trail, including the steps of: signing, by a first entity, the information object with a first digital •signature; appending, by the first entity, a first certificate to the information object, wherein the first certificate relates at least an identity and a cryptographic key to the first entity; authenticating the information object signed with the first digital signature and having appended the first certificate by a second entity, thereby forming an authenticated object, wherein the step of authenticating includes: validating the first digital signature and first certificate; applying a date stamp and a time stamp to the information object signed with the first digital signature and having appended the first certificate; and after the validating and applying steps, taking control of the validated stamped information object by signing the information object with a second digital signature of the second entity, appending a second certificate to the information object, and storing the validated stamped information object signed with the second digital signature and having the second certificate appended as the authenticated object, wherein the second certificate relates at least an identity and a cryptographic key to the second entity; and transferring the authenticated object to an entity in response to an instruction.
The method of claim 4, wherein the transferring step includes retrieving the stored authenticated object and providing the retrieved authenticated object to the entity in accordance with the instruction.
6. The method of claim 5, wherein the retrieved authenticated object is provided to each of a plurality of entities in accordance with the instruction. 0.
7. The method of claim 4, wherein each signing step includes the steps of applying a hash function to the information object to determine a message digest and using the message digest with a secret cryptographic key of the respective one of the first and second entities to determine the respective digital signature. o
8. The method of claim 7, wherein the validating step includes the step of using the digital signature with a public cryptographic key of the first entity, and with another message digest determined by applying the hash function to the information object.
9. The method of claim 4, further including the step of maintaining a log relating to the authenticated object so as to identify at least one subsequent information object related to the transaction.
The method of claim 9, wherein a subsequent information object is signed by a third digital signature of a third entity.
11. An apparatus for executing a transaction by transferring an authenticated information object having a verifiable evidence trail, including: first means for signing, by a first entity, the information object with a first digital signature and for appending, by the first entity, a first certificate to the information object, wherein the first certificate relates at least an identity and a cryptographic key to the first entity; and means for authenticating an information object signed with the first digital signature and having appended the first certificate by a second entity, thereby forming an authenticated object, wherein the authenticating means includes: means for validating the first digital signature and first certificate; a date stamp and a time stamp for application to an information object signed with the first digital signature and having appended the first certificate; and *'°means for controlling a validated stamped information object, wherein the controlling means includes second means for signing an information object with a second digital signature of the second entity and for appending a second certificate to the information object, and a memory; wherein the memory includes storage locations for validated stamped information objects signed with the second digital signature and having the second certificate appended as authenticated objects, an authenticated object stored in the memory is transferable in response to an instruction, and the O*IS second certificate relates at least an identity and a cryptographic key to the second entity.
12. The apparatus of claim 11, wherein each signing means includes a processor for applying a hash function to the information object to determine a message digest and for using the message digest with a secret cryptographic key of the respective one of the first and second entities to determine the respective digital signature.
13. The apparatus of claim 12, wherein the signing means is an electronic circuit card.
14. The apparatus of claim 12, wherein the validating means includes a processor for using the digital signature with a public cryptographic key of the first entity, and with another message digest determined by applying the hash function to the information object.
The apparatus of claim 11, wherein an authenticated object is transferred in response to the instruction by retrieving the authenticated object from the memory a plurality of times and providing the retrieved authenticated objects to a plurality of entities.
16. The apparatus of claim 11, wherein the authenticating means further includes a log relating to authenticated objects and identifying at least one subsequent information object related to the transaction and stored in the memory.
17. The apparatus of claim 16, wherein a subsequent information object is signed by a third digital signature of a third entity.
18. The system as claimed in claim 1 substantially as herein described with reference to the accompanying drawings.
19. The method as claimed in claims 2 or 4 substantially as herein described with reference to the accompanying drawings. The apparatus as claimed in claims 3 or 11 substantially as herein described with reference to thew accompanying drawings. DATED this 3rd day of February 2003 DOCUMENT AUTHENTICATION SYSTEM, INC. WATERMARK PATENT AND TRADE MARK ATTORNEYS 290 Burwood Road Hawthorn Victoria 3122 Australia P13060AU01 PNF/SWE/HB
AU55972/99A 1995-09-15 1999-10-20 Document authentication system and method Expired AU758834B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU55972/99A AU758834B2 (en) 1995-09-15 1999-10-20 Document authentication system and method

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US08/528841 1995-09-15
AU71058/96A AU714220B2 (en) 1995-09-15 1996-08-23 Document authentication system and method
AU55972/99A AU758834B2 (en) 1995-09-15 1999-10-20 Document authentication system and method

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
AU71058/96A Division AU714220B2 (en) 1995-09-15 1996-08-23 Document authentication system and method

Related Child Applications (1)

Application Number Title Priority Date Filing Date
AU2003200605 Division 1996-08-23

Publications (2)

Publication Number Publication Date
AU5597299A AU5597299A (en) 1999-12-23
AU758834B2 true AU758834B2 (en) 2003-04-03

Family

ID=3754066

Family Applications (1)

Application Number Title Priority Date Filing Date
AU55972/99A Expired AU758834B2 (en) 1995-09-15 1999-10-20 Document authentication system and method

Country Status (1)

Country Link
AU (1) AU758834B2 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5231668A (en) * 1991-07-26 1993-07-27 The United States Of America, As Represented By The Secretary Of Commerce Digital signature algorithm
US5371794A (en) * 1993-11-02 1994-12-06 Sun Microsystems, Inc. Method and apparatus for privacy and authentication in wireless networks
US5373561A (en) * 1992-12-21 1994-12-13 Bell Communications Research, Inc. Method of extending the validity of a cryptographic certificate

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5231668A (en) * 1991-07-26 1993-07-27 The United States Of America, As Represented By The Secretary Of Commerce Digital signature algorithm
US5373561A (en) * 1992-12-21 1994-12-13 Bell Communications Research, Inc. Method of extending the validity of a cryptographic certificate
US5371794A (en) * 1993-11-02 1994-12-06 Sun Microsystems, Inc. Method and apparatus for privacy and authentication in wireless networks

Also Published As

Publication number Publication date
AU5597299A (en) 1999-12-23

Similar Documents

Publication Publication Date Title
AU714220B2 (en) Document authentication system and method
CA2334804C (en) System and method for electronic transmission, storage and retrieval of authenticated documents
US5615268A (en) System and method for electronic transmission storage and retrieval of authenticated documents
US6367013B1 (en) System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US7162635B2 (en) System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US6708893B2 (en) Multiple-use smart card with security features and method
HU216231B (en) Method for creating encripted communication
AU758834B2 (en) Document authentication system and method
EP1267516B1 (en) Method for securing data relating to users of a public-key infrastructure
Kotsakis Secure Information Exchange in Electronic Reporting Systems
MXPA98001991A (en) System and document authentication method

Legal Events

Date Code Title Description
TC Change of applicant's name (sec. 104)

Owner name: EORIGINAL, INC.

Free format text: FORMER NAME: DOCUMENT AUTHENTICATION SYSTEMS, INC.

FGA Letters patent sealed or granted (standard patent)