AU9579698A - Method and system for transient key digital time stamps - Google Patents

Method and system for transient key digital time stamps Download PDF

Info

Publication number
AU9579698A
AU9579698A AU95796/98A AU9579698A AU9579698A AU 9579698 A AU9579698 A AU 9579698A AU 95796/98 A AU95796/98 A AU 95796/98A AU 9579698 A AU9579698 A AU 9579698A AU 9579698 A AU9579698 A AU 9579698A
Authority
AU
Australia
Prior art keywords
key
time interval
private key
time
certification request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
AU95796/98A
Other versions
AU760742C (en
AU760742B2 (en
Inventor
Michael D. Doyle
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Proofspace Inc
Original Assignee
Proofspace Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Proofspace Inc filed Critical Proofspace Inc
Publication of AU9579698A publication Critical patent/AU9579698A/en
Assigned to PROOFSPACE, INC. reassignment PROOFSPACE, INC. Alteration of Name(s) of Applicant(s) under S113 Assignors: EOLAS TECHNOLOGIES, INCORPORATED
Application granted granted Critical
Publication of AU760742B2 publication Critical patent/AU760742B2/en
Publication of AU760742C publication Critical patent/AU760742C/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Circuits Of Receivers In General (AREA)

Description

WO99/16209 PCT/US98/20036 METHOD AND SYSTEM FOR TRANSIENT KEY DIGITAL TIME STAMPS FIELD OF THE INVENTION The present invention relates to a method for digital time stamping data. More particularly, the present invention relates to the digital time stamping of data, without the need 5 for subsequent third party verification, by the chaining of key pairs, the key pairs being generated for particular time intervals. BACKGROUND INFORMATION 10 The concept of chain of evidence has long been a fundamental tenet of the U.S. judicial system. Many legal situations depend upon the ability to prove that a certain piece of evidence existed at a certain point in time and that it has not been subsequently altered. In the past, when most of the 15 possible types of evidence consisted of material objects, there was a need for a protocol of a "chain of witnesses" to testify to the veracity of an evidentiary object in question. Historically, if the evidence was under the control of only a finite set of individuals, and if all of those individuals 20 could testify as to the location and state of the object, then the court would accept the claim of authenticity of the evidence. Of course, such a system is dependent upon the availability of 25 trustworthy witnesses that will be available and willing to testify in any given circumstance. Often times, witnesses are available, but not trustworthy, or vice versa. This is particularly the case with respect to document authentication, 1 WO99/16209 PCT/US98/20036 where the details of when a specific document was created or signed is in question. Clearly, a system was needed to allow one to easily obtain a "witness on demand" in many situations. 5 This concept of evidentiary authentication is so important to so many areas of endeavor, that a formalized system of professional document witnesses was developed, for example, called the Notary Public service. Notary Publics would, for a fee, attest to such things as the existence of a document and 10 the identity of the document holder or signer. Of course a notary could not swear to any knowledge of the actual contents of a document, since that would have required that the notary keep copies, in perpetuity, of every document ever witnessed -- an impractical requirement. Much of the trust held in the 15 notary public system related to a generally-held belief that it was impossible or impractical to forge a notary public's stamp and signature, or to buy a notary public's testimony. As computer graphics and desktop publishing technology advances, however, the level of difficulty of creating forged 20 documents and signatures decreases significantly. A result of this technological advance is the fact that some states, such as California, no longer accept notarization as absolute proof of document validity. 25 As more and more of the information of import in personal and business transactions becomes digital in form, the usefulness of notary-public-style authentication mechanisms decreases. Much of this information is stored, accessed and managed through computer database management systems. All major 30 database systems permit time stamping of data in records. Many commercial and governmental systems depend upon the assumption of veracity of such database time stamps. The presumption is that, if the organization is trustworthy, then 2 WO99/16209 PCT/US98/20036 the time stamps in their databases can be believed. In practice, this assertion requires a large degree of, to borrow a literary term, "willing suspension of disbelief." No one, of course, can safely assume that all individuals within a 5 large organization are trustworthy, even if the organization, itself, is believed to be so. Furthermore, it is now well known that no conventional computer database system is immune from the possibility of data tampering or "hacking" by dishonest individuals. 10 One approach that has been developed to deal with some of this problem is based upon a technology called "public key" cryptography. One of the most well known of this type of system is the program called Pretty Good Privacy, distributed 15 by the Massachusetts Institute of Technology, which makes use of the Rivest-Shamir-Adleman (RSA) public key cryptosystem. Such systems are built around the concept of encrypting data in such a way that allows both secure transmission and authentication of sensitive data. Public key systems employ a 20 pair of cryptographic keys for each encryption/decryption event. One key is kept secret by the owner (e.g., the private key), and the other key is publicly distributed (e.g., the public key). A message encrypted with one of the keys in a key pair can only be decrypted with the other key, and vice 25 versa. This system allows, for example, the encryption of data by one individual, using a second individual's public key. The message could then be sent to a second individual over 30 unsecure channels, and only the second individual could access the unencrypted data, since it could only be decrypted with the second individual's private key. 3 WO 99/16209 PCT/US98/20036 Prior to using the second individual's public key to encrypt the data, the first individual could have used his or her private key to encrypt the data, thereby digitally "signing" the data. The recipient could then use the sender's public 5 key to decrypt it, thus proving that it actually came from the sender, since only the sender could have used the correct secret key to sign the data. Such a system provides both confidentiality of data and a mechanism for authentication of the identity of the sender. It also proves that the data 10 could not have been altered in any way since the time it was encrypted by the sender. Public keys, themselves, can be "certified" by signing them with a trusted individual's secret key (e.g., a digital signature). Others can then assess the authenticity of published public keys by authenticating them 15 using that trusted individual's public key. If that trusted individual later loses faith in the validity of the certified key, then he can issue a so-called revocation certificate, signed by the trusted individual's private key, that notifies others that the previously-certified public key is no longer 20 to be trusted in the future. Public key algorithms are notoriously slow. For this reason, virtually all public key digital signature systems use what is called a "cryptographically-strong one-way hash function" to 25 create what is called a "message digest" from the data to be signed. This message digest is a unique representation of that data, sort of a data fingerprint, that is typically much smaller than the original data. For example, the message digests that PGP uses are only 128 bits in length. The 30 message digest is then encrypted using the sender's secret key before sending the data to the recipient. The recipient can then use the sender's public key to automatically decrypt the message digest and then verify that it does indeed match the original data. This is a very secure system, since it is 4 WO99/16209 PCT/US98/20036 computationally infeasible for an attacker to devise a substitute message that would provide an identical message digest. Most estimates state that it would take 10^12 or more years (taking into account Gordon Moore's "law" relating to 5 increases in chip capacity over time) to successfully fake a 128-bit message digest using the algorithm employs by the PGP software package. Also, changing even a single byte of a digested message would cause the hash function to be unable to match the message digest to the unencrypted data. 10 Public key digital signatures, therefore, can irrefutably prove that signed data was originally signed by a given secret key and that the data has not changed in any way since the signature was made. Systems such as PGP routinely attach 15 time-stamps to both key pairs at their creation, and to digital signatures, each time they are created. Such time stamps, however, are dependent only upon the internal clocks within the computers being used, and thus are subject to inaccuracies or falsification by, for example, an individual 20 intentionally changing the time on a computer's clock in order to make it falsely appear that a given digital signature was created at a specific point in time. For this reason, a new type of notary public has arisen, which 25 uses public-key digital signatures to notarize, for a fee, digital information typically submitted over the Internet. These so-called "digital notaries" are, essentially, businesses that provide such a service and agree to attest to the veracity of both the content of the original data, as well 30 as the time at which the signature was made. This is a major improvement over the notary public concept of old, since the new digital notary services can testify to the fact that data which has been digitally signed by their service existed at a 5 WO99/16209 PCT/US98/20036 certain point in time, and that it hasn't been altered in any way since that point in time. The largest problem with such digital notary services, and also a motivating reason for the method according to the present invention, is the fact that 5 the authenticity of such digital-notary-generated digital signatures is wholly dependent upon the trustworthiness of the institution and individuals running the digital notary service. 10 To solve this problem, a system is needed that will automatically and rigorously prove the veracity of digital signature time-stamps, without depending upon the trustworthiness of the institution or individuals administering a digital notary service. Transient-key digital 15 time-stamps according to an embodiment of the present invention provide these capabilities. SUMMARY OF THE INVENTION According to an embodiment of the present invention, 20 irrefutable public key digital signature time-stamps are created and used. The system is based upon, for example, the concept of transient time-interval-related secret cryptographic keys, which are used to digitally sign submitted data during specific time intervals, and then are permanently 25 destroyed. The public-key correlate for each time interval is saved for future authentication of the content of time-stamped data and time of creation of time-stamped data. The validity of the public keys is ensured through the certification (e.g., signing) of each time interval's public key using the previous 30 time interval's secret key, immediately before that secret key is destroyed. 6 WO99/16209 PCT/US98/20036 BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 illustrates an exemplary flowchart for a method for digital time stamping according to an embodiment of the present invention. 5 Figure 2A illustrates a portion of an exemplary flowchart for another method for digital time stamping according to an embodiment of the present invention. 10 Figure 2B illustrates another portion of an exemplary flowchart for another method for digital time stamping according to an embodiment of the present invention. Figure 3A illustrates a first exemplary embodiment for a time stamping system according to the present invention. 15 Figure 3B illustrates a second exemplary embodiment for a time stamping system according to the present invention. DETAILED DESCRIPTION OF THE INVENTION 20 The digital time stamping method according to an embodiment of the present invention provides a mechanism to irrefutably prove that a collection of data existed at a given interval of time and has not changed since that interval of time. A significant advantage of the present invention is that it 25 provides non-repudiation to the user. It is difficult to deny the veracity of the time-stamp certificates generated by the method according to an embodiment of the present invention. For example, the system does not depend upon the trustworthiness (or later existence) of any external 7 WO99/16209 PCT/US98/20036 "certification authority" or any external time tracking system. Rather, all that is needed to authenticate the time stamp generated according to an embodiment of the present invention is, for example, the time-stamped data, the 5 signature from the time-stamp certificate, the time interval's public key from the time-stamp certificate, and a standard public-key authentication program, such as either the free or commercial version of PGP. Other public key encryption programs such as the J/CRYPTO Professional Cryptography 10 Classes for Java Developers (http://www.baltimore.ie/products/jcrypto/index.html) could also be used with the present invention. Moreover, the method according to an embodiment of the present invention will work with any kind of computer data. 15 Systems utilizing the method for transient-key digital time stamps according to the present invention can be set up as, for example, Internet servers, stamping all requests on a fee for-service basis. The time of creation and the internal 20 state of information can be proven without endangering the confidentiality of sensitive data. The time stamping method according to an embodiment of the present invention makes the method suitable for use in, for example, invention documentation systems. Accordingly, the method according to 25 an embodiment of the present invention can also be used to authenticate critical confidential records, such as medical records and financial transactions, can be easily adapted to any computing platform, and is not dependent upon any specific public-key algorithm. 30 Figure 1 illustrates an exemplary flowchart for a digital time stamping method according to an embodiment of the present invention. In step 1010 a key pair is generated at time 8 WO99/16209 PCTIUS98/20036 interval t n . As is known in the art, the key pair includes a public key and a private key. The time interval can be any defined period, e.g., every second, 10 seconds, minute or 10 minutes. The current time interval is referred to as t n . In 5 step 1020, it is determined if a time stamp request is received during time interval t n . If no time stamp request is received during time interval tn, then the process returns to step 1010 to generate a new key pair for the next time interval, n being incremented by 1 to indicate the next time 10 interval. If a time stamp request is received during time interval tn, in step 1030 the data accompanying the time stamp request is automatically signed. For example, a conventional message 15 digest for the data could be generated that would be automatically encrypted using the private key of time interval t n . As a result of signing the data, the signature of the time stamp can only be decrypted using the public key of time interval tn. In step 1040, a time stamp certificate is 20 generated for delivery to the requestor indicating the temporal existence of the data. In step 1050, it is determined if additional time stamp requests are received within time interval t n . 25 If no additional time stamp requests are received, then the private key for time interval t n is deleted in step 1060 and the process returns to step 1010 to generate a key pair for the next time interval, n being incremented by 1. If further time stamp requests are received during time interval tn, then 30 the process returns to step 1030 to process each further time stamp request. As indicated in step 1060, the private key for time interval t n is deleted at the end of the time interval and the public key would be, for example, archived for subsequent 9 WO99/16209 PCT/US98/20036 use to decrypt the time stamp. Thus, a separate private key is used to automatically time stamp the data associated with a time stamp request received during each defined time interval according to an embodiment of the present invention. 5 The process according to an embodiment of the present invention illustrated in Figure 1 differs from prior art systems in that, for example, the key pairs are automatically generated every defined time interval and the data 10 accompanying the time stamp request is automatically signed using the private key of the time interval that the time stamp request is received, the private key being deleted after the time interval. In contrast, prior art time stamping systems would use a single private key to sign all time stamp requests 15 and employ a separate mechanism, usually based on the computer system implementing the time stamp, to provide the time stamp data. Also unlike the time stamping method according to an embodiment of the present invention, some prior art systems would chain together the message digests for sequentially 20 submitted documents that have been signed to generate the message digest encrypted for the time stamp, for example, as described in U.S. Patent No. 5,136,647, which is hereby incorporated by reference. 25 Figure 2A illustrates an exemplary flowchart for a digital time stamping method according to another embodiment of the present invention. In step 2010 a key pair is generated. As is known in the art, the key pair includes a public key and a private key. According to an embodiment of the present 30 invention, a key pair is generated for each time interval utilized by the system implementing the time stamping method. The implementing system can include, for example, a conventional general purpose computer, such as a 10 WO 99/16209 PCT/US98/20036 microprocessor based personal computer or server. In an embodiment of the present invention, the method is implemented in software that executes on a client-server computer system architecture. The time interval can be any defined period, 5 e.g., every second, 10 seconds, minute or 10 minutes. The current time interval is referred to as t n and the next time interval is referred to as to.,. For the purposes of time stamping documents, accuracy to the minute may be sufficient for subsequent authentication purposes. 10 In step 2020, another key pair is generated at time t... Like the first key pair, the next key pair also has a public key and a private key. To generate the key pairs in steps 2010 and 2020, a conventional digital time stamping system such as 15 PGP could be modified to automatically generate key pairs every defined time interval. For example, conventional digital time stamping systems are designed for users to generate key pairs, usually via user I/O with the system to input the information necessary to generate a key pair (e.g., 20 a pass phrase and a random seed required by PGP). According to an embodiment of the present invention, the source code for such systems could be modified to generate, for example, a pass phrase and a random seed that would be automatically fed to the key pair generation algorithm for each defined time 25 interval, thereby automatically providing the input normally provided by a user to generate a key pair. In step 2030, the public key of time interval tn, is signed using the private key of time interval t n . For example, a conventional message digest for the public key of time 30 interval tn, could be generated that would be encrypted using the private key of time interval t n . As a result of signing the public key of time interval tn1, the signature of the public key can only be decrypted using the public key of time 11 WO99/16209 PCT/US98/20036 interval t n . The signing of the public key of time interval tn, 1 using the private key of time interval tn could be accomplished, for example, using script based control of existing software, such as the PGP software (e.g., a single 5 command line instructing that one key sign another key). In step 2040, the private key of time interval t n is deleted. Thus, the private key for time interval t, exists for the duration of time interval tn and for the time necessary during time interval tn,+ 1 to sign the public key of time interval tn
.
,
1 10 In step 2050, the public key for time interval t n is archived for subsequent use, e.g., to decrypt the time stamp on the public key of time interval to . In step 2060, it is determined if a time stamp request is 15 received during time interval tn,,. If no time stamp request is received, then the process returns to step 2020 to generate a key pair for the next time interval, n being incremented by 1. If a time stamp request is received during time interval to,, in step 2070, illustrated in Figure 2B, the data 20 accompanying the time stamp request is signed using the private key of time interval too. For example, as is known in the art, a conventional message digest for the data to be time stamped according to an embodiment of the present invention could be generated that would be encrypted using the private 25 key of time interval tno. As a result of signing the data using the private key of time interval to., the signature of the time stamp could only be decrypted using the public key of time interval tn, 1 , which public key itself has been time stamped according to an embodiment of the present invention 30 and can be authenticated only using the public key of the prior time interval t n as described above. Therefore, using an embodiment of the method according to the present invention, authentication of the time stamp on data is self-validated as the keys for two time intervals have been chained together. 12 WO99/16209 PCT/US98/20036 No independent third party is required to verify that the time stamp on the data is accurate. In another exemplary embodiment, the key pair for to.
1 is generated and certified in advance, during the end of the prior time interval t,, to 5 insure that the key pair for time interval tn+ 1 is available immediately at the beginning of t,,. In step 2080, a stamp certificate is generated for delivery to the requesting party. According to an exemplary embodiment of 10 the present invention, such a stamp certificate includes a digital signature of the submitted data and the certified public keys for time intervals t n and to i . In step 2090, it is determined if any additional time stamp requests are received within time interval t,,. If no further time stamp requests 15 are received within time interval tn 1 , the process returns to point B on Figure 2A to generate the key pair for the next time interval. If another time stamp request is received during time interval tn, in step 2100 the data accompanying the time stamp request is signed using the private key of time 20 interval too as described above and the process loops back to step 2090 until no further time stamp requests are received during time interval to 1. The method according to an embodiment of the present invention 25 for time stamping data can be implemented, for example as software, firmware or hard-wired logic using a suitable general purpose computer. For example, the software implementation of the present invention can be written in the Java programming language, that can run on any platform. 30 Figure 3A illustrates an exemplary client-server architecture 13 WO99/16209 PCTIUS98/20036 for implementing the time stamping method according to an embodiment of the present invention. In a client-server architecture, the server portion of time stamping program for an embodiment of the present invention would reside in, for 5 example, a memory 3015 of the server 3010. The time stamping program would execute on the cpu 3016 connected to the memory 3015. The server 3010 is connected to the client 3020 via, for example, a connection 3030, such as a LAN, WAN or Internet connection. The client computer 3020 would include a time 10 stamping client portion of the method according to an embodiment of the present invention residing in a memory 3025, the time stamping client program executing on the cpu 3026 connected to the memory 3025. An I/O device 3040, such as a keyboard or mouse provides user access to the time stamping 15 method according to an embodiment of the present invention. In operation, for example, a user would identify data to be time stamped via the I/O device 3040 which would cause the client application program stored in memory 3025 to execute in 20 memory 3026 and generate a message digest for the data, for example in a manner known in the art. The message digest would be transmitted via connection 3030 to server 3010, where the application program stored in memory 3015 would execute in memory 3016 to time stamp the message digest and return a time 25 stamp certificate to client computer 3020 via connection 3030, for example as described in Figures 1 or 2A-2B. In an alternative implementation of the client-server architecture illustrated in Figure 3A, the signing could occur 30 at the client computer 3020. For example, via the I/O device 3040, a user could identify data to be time stamped and submit the stamp request to the server computer 3010 via connection 3030 without providing a message digest for the data. In 14 WO99/16209 PCTIUS98/20036 response to the stamp request, the server 3010 would generate a key pair for the current time interval according to an embodiment of the present invention (e.g., with a public key signed by the private key of the prior time interval key pair) 5 and return the key pair for the current time interval, the passphrase for the time interval's private key, and the public key from the prior time interval to the client computer 3020. To ensure the secrecy of the transmission from the server 3010 to the client 3020, the connection 3030 can include, for 10 example, a secure channel using SECURE SOCKETS LAYER (SSL). Once the client 3020 receives the transmission from the server 3010, the client can generate the message digest and sign the message digest of the time stamp request using the private key of the current time interval, for example in a manner as is 15 known in the art. After the time stamp is created, the client-side copies of the associated private key and passphrase are then immediately deleted. In yet another alternative embodiment of the client-server 20 architecture illustrated in Figure 3A, the client computer 3020 can generate its own key pair and use a key pair generated by the server 3010 to time stamp the public key of the key pair generated by the client computer 3020. For example, the client computer 3020 would generate a key pair 25 and transmit the public key of the key pair to the server 3010 via connection 3030. The private key of a key pair generated by the server 3010 for the current time interval would be used to sign the public key from the client 3020. The signed public key and the public key of the key pair generated by the 30 server would be transmitted back to the client 3020. The private key from the key pair generated by the client 3020 would be used to time stamp the data. Immediately after the time stamp was produced, the client-side private key would be immediately deleted, then the client-side public key would be 15 WO99/16209 PCT/US98/20036 revoked by using the server-side private key to issue a revocation certificate for the client-side public key. The private key from the server 3010 would be destroyed. The revocation certificate would be incorporated into the time 5 stamp certificate, together with the signature of the data, the server-side public keys for the current and previous time intervals, and the client-side public key. Figure 3B illustrates an alternative embodiment for a system 10 implementing the time stamping method according to an embodiment of the present invention. In Figure 3B, the time stamping method is carried out in a single computer system 3100, such as a relational database system or a financial transaction system. Computer system 3100 includes a memory 15 3115 connected to a cpu 3116. An I/O device 3140, such as a keyboard or mouse, is connected to the computer 3100 and provides user access to the time stamping method according to an embodiment of the present invention. The memory 3115 would contain, for example, both the resident program to generate 20 the message digests for data to be time stamped and the time stamping program according to an embodiment of the present invention. According to the illustrative embodiment of Figure 3B, either 25 the user would identify data to be time stamped via the I/O device 3140 or the system would automatically identify data to be time stamped, for example as in response to a database transaction. Identification of the data to be time stamped then would cause the resident program stored in memory 3115 to 30 execute in CPU 3116 and generate a message digest for the data. The message digest would be provided to the application program, also stored in memory 3115, which would execute in CPU 3116 to time stamp the data and return a time stamp 16 WO99/16209 PCT/US98/20036 certificate to the resident program, which could cause the time stamp certificate to be forwarded to the I/O device 3140 for the user. 5 Therefore, according to the present invention, key pairs are generated for particular time intervals and time stamp requests are automatically carried out using the private key for the time interval, the private key being destroyed after the time interval. In another embodiment of the present 10 invention, the private key of a prior time interval is used to sign the public key for a subsequent time interval before the private key of the prior time interval is destroyed. In this embodiment of the present invention, every time interval has its own key pair for which the private key is destroyed after 15 signing the public key for the next time interval. According to the present invention, key pairs do not have to be continuously generated every time interval, but can be pre generated and selected from a queue for each time interval that a time stamp request is received. 20 The time stamping method according to an embodiment of the present invention uses public key cryptography in a new way to, first, create key pairs that correspond not to fixed entities, such as previous systems employ, but which 25 correspond to transient time intervals; and second, to provide a mechanism to use the keys, and signatures created by those keys, to provide rigorous proof of the time of existence and the authenticity of the content within data signed by the system. As mentioned above, a feature of the system is that 30 the secret key for a given time interval only exists for a finite, typically very short, period of time, and is replaced by subsequent secret keys as subsequent time intervals proceed. A public key cryptography system, such as PGP with 17 WO99/16209 PCT/US98/20036 the above-described modifications, is employed to automatically generate a series of public-key encryption key pairs at regular time intervals. Each key contains a designation, for example typically within the key's user ID, 5 which identifies the specific time interval during which it is to be (or was) used. For dynamically-created keys, the minimum possible duration of a time interval is limited by the time necessary for creation of a key pair and the use of that key pair to validate a public key. As indicated above, 10 shorter time intervals can be enabled by pre-generating the key pairs. As illustrated above, the veracity of the time designation is proven by "chaining" of signatures, so that each new time 15 interval's public key is certified (e.g., digitally signed) using the prior interval's secret key, immediately prior to deleting that prior time interval's secret key. This is done, for example, by using the prior time interval's secret key to digitally sign the new time interval's public key. 20 Immediately after the public key is signed, the prior interval's secret key is deleted The public key of each key pair is stored for future use. Any given private key is used for time-stamping data only during 25 the time interval immediately following the interval within which the private key was generated. During its interval of use, the secret key is used to digitally sign and time-stamp all data submitted to the system for such processing. As data is submitted to the system for time-stamping, these data are 30 processed by signing them using the respective time interval's private key. This signing process generates a time-stamp certificate. Each time-stamp certificate includes, for example, the digital signature of the data generated by the 18 WO99/16209 PCT/US98/20036 secret key and the certified public key for the current time interval of use. Each interval-of-use's public key can be also archived for future reference. For use in easy authentication of time-stamp certificates in the future, all 5 time-stamp certificates can be archived as well, although such time-stamp certificate archiving is not necessary for later proof of the veracity of time-stamps generated by the system. At the end of each time interval, a new key pair is generated, 10 the public key of the new pair is certified (e.g., signed) by the current time interval's secret key, and that secret key is then deleted, and the cycle continues. Validation of a time stamp at any later point requires using the respective time interval's public key to authenticate the digital signature in 15 the time-stamp certificate. Validation of that public key is accomplished by using the previous time interval's public key to authenticate the certification signature on the public key to be authenticated. The ability to trace back through the "chain" of public key certification signatures provides 20 irrefutable proof of the location, in time, of any individual time interval's stamp within the chain of signatures. Further evidence of the exact time that a given time interval key was in use can be provided by tracking other certificates that were generated by the same key and collecting evidence of the 25 time of generation of those signatures and the signed data relating to them. Since the secret key for each time interval is destroyed immediately after that time interval passes, it is virtually impossible to create a bogus time-stamp after the fact. 30 Many other implementations of the time stamping method according to an embodiment of the present invention are possible as well. As described above, for example, one could 19 WO99/16209 PCT/US98/20036 calculate the message digests at the users' sites, and send only those message digests to the server for signing. This would both insure confidentiality of data and efficient network bandwidth usage. 5 20

Claims (18)

1. A method for certifying data, comprising the steps of: generating a key pair at a first time interval, the key pair including a private key and a public key; receiving an certification request; automatically responding to the certification request by digitally signing data associated with the certification request using the private key; and deleting the private key.
2. The method according to claim 1, further comprising the step of generating a time stamp certificate confirming the digital signing of the data.
3. The method according to claim 1, further comprising the step of archiving the public key of the first time interval.
4. The method according to claim 1, further comprising the step of authenticating the digitally signed data using the public key.
5. The method according to claim 1, further comprising the step of determining if a further certification request is received during the first time interval.
6. The method according to claim 5, further comprising the step of, for the further certification request, automatically 21 WO99/16209 PCT/US98/20036 responding to the further certification request by digitally signing data associated with the further certification request using the private key, wherein the step of deleting the private key is performed after the further certification request has been responded to.
7. The method according to claim 1, further comprising the steps of: generating a key pair at a next time interval, the key pair including a private key and a public key; receiving a next certification request; automatically responding to the next certification request by digitally signing data associated with the next certification request using the private key of the next time interval; and deleting the private key for the next time interval.
8. A method for certifying data, comprising the steps of: generating a first key pair at a first time interval, the first key pair including a first public key and a first private key; generating a second key pair at a second time interval, the second key pair including a second public key and a second private key; signing the second public key using the first private key; deleting the first private key; processing an certification request during the 22 WO99/16209 PCT/US98/20036 second time interval using the second private key; and deleting the second private key.
9. The method according to claim 8, further comprising the step of archiving the first public key.
10. The method according to claim 8, wherein the step of processing the certification request includes automatically responding to the certification request by digitally signing data associated with the certification request using the second private key.
11. The method according to claim 10, further comprising the step of generating an time stamp certificate confirming the digital signing of the data.
12. The method according to claim 11, wherein the time stamp certificate includes the digital signature and the second public key.
13. The method according to claim 12, wherein the time stamp certificate further includes the first public key.
14. The method according to claim 8, further comprising the step of certifying the digitally signed data using the first public key. 23 WO99/16209 PCTIUS98/20036
15. A system for certifying data, comprising: a general purpose computer; and an I/O device coupled to the general purpose computer, wherein the general purpose computer includes a memory containing a program executable by the general purpose computer, the executable program instructing the general purpose computer to generate a key pair at a first time interval, the key pair including a private key and a public key, receive an certification request, automatically respond to the certification request by digitally signing data associated with the certification request using the private key, and delete the private key.
16. The system according to claim 14, wherein the general purpose computer has a client-server architecture including a client computer and a server computer.
17. A system for certifying data, comprising: a general purpose computer; and an I/O device coupled to the general purpose computer, wherein the general purpose computer includes a memory containing a program executable by the general purpose computer, the executable program instructing the general purpose computer to generate a first key pair at a first time interval, the first key pair including a first public key and 24 WO99/16209 PCT/US98/20036 a first private key, generate a second key pair at a second time interval, the second key pair including a second public key and a second private key, sign the second public key using the first private key, delete the first private key, process an certification request during the second time interval using the second private key, and delete the second private key.
18. The system according to claim 16, wherein the general purpose computer has a client-server architecture including a client computer and a server computer. 25
AU95796/98A 1997-09-22 1998-09-22 Method and system for transient key digital time stamps Ceased AU760742C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US5945597P 1997-09-22 1997-09-22
US60/059455 1997-09-22
PCT/US1998/020036 WO1999016209A1 (en) 1997-09-22 1998-09-22 Method and system for transient key digital time stamps

Publications (3)

Publication Number Publication Date
AU9579698A true AU9579698A (en) 1999-04-12
AU760742B2 AU760742B2 (en) 2003-05-22
AU760742C AU760742C (en) 2006-11-09

Family

ID=22023060

Family Applications (1)

Application Number Title Priority Date Filing Date
AU95796/98A Ceased AU760742C (en) 1997-09-22 1998-09-22 Method and system for transient key digital time stamps

Country Status (7)

Country Link
EP (1) EP1018239A4 (en)
JP (2) JP4563577B2 (en)
KR (1) KR100563515B1 (en)
AU (1) AU760742C (en)
CA (1) CA2304342C (en)
IL (1) IL135069A0 (en)
WO (1) WO1999016209A1 (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7047415B2 (en) * 1997-09-22 2006-05-16 Dfs Linkages, Inc. System and method for widely witnessed proof of time
US7017046B2 (en) * 1997-09-22 2006-03-21 Proofspace, Inc. System and method for graphical indicia for the certification of records
US7490241B1 (en) 1999-12-10 2009-02-10 International Business Machines Corporation Time stamping method employing user specified time
US6965998B1 (en) 1999-12-10 2005-11-15 International Business Machines Corporation Time stamping method using time-based signature key
US6742119B1 (en) 1999-12-10 2004-05-25 International Business Machines Corporation Time stamping method using time delta in key certificate
US6993656B1 (en) 1999-12-10 2006-01-31 International Business Machines Corporation Time stamping method using aged time stamp receipts
US7315948B1 (en) 1999-12-10 2008-01-01 International Business Machines Corporation Time stamping method employing a separate ticket and stub
US7519824B1 (en) 1999-12-10 2009-04-14 International Business Machines Corporation Time stamping method employing multiple receipts linked by a nonce
KR101298562B1 (en) * 2004-07-23 2013-08-22 데이터 시큐어리티 시스템즈 솔루션스 피티이 엘티디 System and method for implementing digital signature using one time private keys
US7801871B2 (en) 2005-08-09 2010-09-21 Nexsan Technologies Canada Inc. Data archiving system
JP4150037B2 (en) 2005-09-30 2008-09-17 株式会社東芝 Time stamp acquisition system, time stamp acquisition device, time stamp acquisition program, and time stamp acquisition method
US7904725B2 (en) * 2006-03-02 2011-03-08 Microsoft Corporation Verification of electronic signatures
JP2009212747A (en) * 2008-03-04 2009-09-17 Nec Corp Electronic signature system
JP5518668B2 (en) * 2010-10-14 2014-06-11 日本電信電話株式会社 Electronic signature key management apparatus, electronic signature key management method, electronic signature key management program
JP2016116134A (en) * 2014-12-16 2016-06-23 パナソニックIpマネジメント株式会社 Signature verification device, signature generation device, signature processing system, signature verification method, and signature generation method
CN109687967B (en) * 2017-10-18 2022-02-08 克洛斯比尔有限公司 Electronic signature method and device
SG11202010346TA (en) 2018-05-14 2020-11-27 Nchain Holdings Ltd Computer-implemented systems and methods for using a blockchain to perform an atomic swap
KR20210062488A (en) 2019-11-21 2021-05-31 대한민국(전북기계공업고등학교장) 2axis motion simulator
US20240250935A1 (en) * 2022-02-28 2024-07-25 Rakuten Group, Inc. Communication system, communication method, and program

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5001752A (en) * 1989-10-13 1991-03-19 Fischer Addison M Public/key date-time notary facility
ES2142307T3 (en) * 1990-08-02 2000-04-16 Telcordia Tech Inc METHOD OF SAFE TIME MARKING IN DIGITAL DOCUMENTS.
US5201000A (en) * 1991-09-27 1993-04-06 International Business Machines Corporation Method for generating public and private key pairs without using a passphrase
US5422953A (en) * 1993-05-05 1995-06-06 Fischer; Addison M. Personal date/time notary device
US5787172A (en) * 1994-02-24 1998-07-28 The Merdan Group, Inc. Apparatus and method for establishing a cryptographic link between elements of a system
US5469507A (en) * 1994-03-01 1995-11-21 International Business Machines Corporation Secure communication and computation in an insecure environment
US5604801A (en) * 1995-02-03 1997-02-18 International Business Machines Corporation Public key data communications system under control of a portable security device
IL113259A (en) * 1995-04-05 2001-03-19 Diversinet Corp Apparatus and method for safe communication handshake and data transfer
US5673316A (en) * 1996-03-29 1997-09-30 International Business Machines Corporation Creation and distribution of cryptographic envelope
JP3659791B2 (en) * 1998-03-23 2005-06-15 インターナショナル・ビジネス・マシーンズ・コーポレーション Method and system for generating a small time key
JPH11296078A (en) * 1998-04-15 1999-10-29 Yrs:Kk Souvenir

Also Published As

Publication number Publication date
AU760742C (en) 2006-11-09
IL135069A0 (en) 2001-05-20
JP4563577B2 (en) 2010-10-13
CA2304342C (en) 2009-01-27
EP1018239A1 (en) 2000-07-12
KR20010040248A (en) 2001-05-15
EP1018239A4 (en) 2005-07-13
AU760742B2 (en) 2003-05-22
JP2001517818A (en) 2001-10-09
KR100563515B1 (en) 2006-03-27
CA2304342A1 (en) 1999-04-01
WO1999016209A1 (en) 1999-04-01
JP2010148098A (en) 2010-07-01

Similar Documents

Publication Publication Date Title
US6381696B1 (en) Method and system for transient key digital time stamps
AU760742B2 (en) Method and system for transient key digital time stamps
US7770009B2 (en) Digital signing method
US7797544B2 (en) Attesting to establish trust between computer entities
US20070118732A1 (en) Method and system for digitally signing electronic documents
EP0859488A2 (en) Method and apparatus for authenticating electronic documents
US20050132201A1 (en) Server-based digital signature
US20020023220A1 (en) Distributed information system and protocol for affixing electronic signatures and authenticating documents
US20100031039A1 (en) Method and apparatus for data protection system using geometry of fractals or other chaotic systems
US20070294537A1 (en) Time Stamping Method Employing a Separate Ticket and Stub
US9356926B1 (en) Security system
CN102077213A (en) Techniques for ensuring authentication and integrity of communications
JP2001237827A (en) Structural digital certificate
WO2003034308A1 (en) Electronic document management system
CN111698093B (en) Digital timestamp issuing and verifying method based on PKI system
WO2020143318A1 (en) Data verification method and terminal device
JP3873603B2 (en) Digital signature method and apparatus
KR100646948B1 (en) A Notarizing center server for notarizing and verifying electronic documents and method using the Same
EP1125393B1 (en) Method of sending and receiving secure data with a shared key
US7124190B1 (en) Method for verifying chronological integrity of an electronic time stamp
US6839842B1 (en) Method and apparatus for authenticating information
EP1185024A2 (en) System, method, and program for managing a user key used to sign a message for a data processing system
JP2000099421A (en) Method for confirming reception of electronic information
JP2001147899A (en) System for distributing contents
TWM579789U (en) Electronic contract signing device

Legal Events

Date Code Title Description
PC1 Assignment before grant (sect. 113)

Owner name: PROOFSPACE, INC.

Free format text: THE FORMER OWNER WAS: EOLAS TECHNOLOGIES, INCORPORATED

FGA Letters patent sealed or granted (standard patent)