MXPA98001991A

MXPA98001991A - System and document authentication method

Info

Publication number: MXPA98001991A
Application number: MXPA/A/1998/001991A
Authority: MX
Inventors: F Bisbee Stephen; J Moskowitz Jack; R Sheehan Edward; H Trotter Douglas; W White Michael
Original assignee: Document Authentication Systems Inc
Priority date: 1995-09-15
Filing date: 1998-03-13
Publication date: 1999-01-11

Abstract

The present invention relates to methods and apparatus that implement digital signature (2 and 3) and / or coding for electronic transmission, (3) storage, and retrieval of authenticated documents and that allow the establishment of the identity of the creator of an electronic document and the integrity of the information contained in said document (1). Together they provide irrevocable proof of authenticity of the document. The methods and devices make it possible to provide "paperless" business transactions, such as real estate transactions and financial transactions backed by real estate. A Certification Authority provides tools to initialize and manage the encoded material required to sign and seal electronic documents. An Authentication Center provides verification by "third parties" that a document is celebrated and transmitted by the creator of the document. The methods and apparatus eliminate the need for "hard copies" of original documents as well as the storage of hard copies. The recovery of an authenticated document from the Authentication Center can be done by any of the authorized parties at any time by means of a capacity in line

Description

SYSTEM AND METHOD OF AUTHENTICATION OF DOCUMENTS BACKGROUND OF THE INVENTION The invention of the applicant _p refers to systems and methods for providing a vepf chain i > _ada de av? denc? a3 and support for the transference and retrieval of documents in digital formats. Paper books are a traditional evidence of commonality, IOIWS and agreements between parties in financial and other transactions »Financial and over-security transactions * are protected by paper-based controls. Personal security signatures and paper, for example preprinted rugs), facilitate the detection of unauthorized ions of 3-i infrmation of commercial transactions. Important documents can also be provided with "third party" controls, through the rert i f i > "Signing of signatures and by means of the sale and attestation of a Ha ta ri" _-> P blic, Without e ba, l »-> s trade methods have changed • dramatically and following This is more obvious in the replacement of the commons on paper by a third party, the electron, and the electron. "3e_ of" due care "employees with paper-based communications do not exist in routine electronic tr.risatx ions.An electronic communication is» .1ar in open systems n »r > has the same capacity to provide authentic ion.

»Privacy and integrity» _ > e the information communicated. By "authentication", we refer to the verification of the? Dent? »- by the signer > _e a document; By "confidentiality" we mean the protection of information in a document against that to unauthorized persons? and by "integrity" we refer to the ability to detect an alteration of the content of a document. When the communication is by means of messages reproduced electronically with, for example, e-ai 1, a machine of electronic exchange of data or electronic funds transfer, no longer has any signature and stamp to authenticate. ic the identity »He is the person who performs the anxiety. The most accepted radiological methods will verify the identity of a creator. The document, such as its physical presentation, a signature, etc. No ink, a permanent eye or the attestation of a Notary Public, are not possible. The continuous evolution of technology compute ada and > ie telecommunications has been challenged by the invention of more sophisticated forms to intercept and alter the information transmitted by the system, including the phenomenon of remote access to computer systems through links. the common i < Í C i s. Some approaches to provide a secure electronic commercial technology through the application of encryption provide the user with a meranism of verification of the authenticity of the confidentiality of the transmission controlled by the user and does not include the element of ignorance. 5 In some cases, the use of confidentiality coding could help detect alterations to the document, promoting the goal of integrity. Generally, however, this is not the case and additional mechanisms may be required to offer integrity.

Currently, there is no system for the au + ation of electronic documents to be able to provide authenticity, as in the case of a> r > from written instruments to printed materials in a way that can not be ignored. Neither commercial system proportion. a verification of electronic documents in a digital file that can not be ignored, even though some attempts have been described. See, for example, D. Chanm, "A hie mg Ele ronic Prtvacy", (achieve * Electronic Confidence) Scientifie American, vol.247, No. 0, pp. 90, -101 (Aug. 1992).} CR 0 Merrill.} "Cry ography for Commerce Beyond Clipper, "f od ifi falls for e omerc io beyond C 11 per), The D a Law Peporl, v »_l. 2, no 2, pgs. 1.4-11 fSep, 1994).

Since DES, no governmental organization or other body that establishes norms has wanted or could establish 5 standards, ie, in relation to coding length, process, etc.) acceptable for general commercial use. "The techniques described in this application are synergistic. and of a conf i abi 11 > : ia > _ enough to match the required level to support a typical business transaction. The document authentication system (DAS) of the applicant provides the necessary security and protection for electronic transmissions. More important for eating utensils -, the 1 e -. and financial, the applicant's DAS assumes the risk and responsibility for the authenticity of a document. The applicant's DAS employs an asymmetric coding system, known as a public-key system, to help ensure that the creating part of a document can be identified electronically as such. Several aspects of 1 > :? rip public key signature systems? PKC) are de_cpben in literature, influencing P.L. P i ves et l., "Ft Method fo Ob i ni g Di ia 1 Big na res and Public -ly Cryp.") Systems, "(A method for obtaining digital signatures and» ti pt »3%? as of public key), Communicat ons of the ACM vol. 21, pgs. 120-12Ó, (Feb. 1978)} ME. Hellman, "The Ma bhema 1": .s of Public-Key Orytography ", (the mathematics of the cryptography with public key), Scientifi Ameritan, vol. 27.4, no. 8, pgs. 146-152, 154-157 (Aug. 1979)} and W. Diffie, "The First Year of Publicity and Crytography," fL > _ ~ > first ten years of public-key cryptography), Proceedmgs of the 1EE.E, vol. 76, p. »Gs. 560-577 (May 1988). The popular PKC systems employ > It is easy to find large first numbers through the application of computational capabilities, but factoring in the products of two large prime numbers is difficult with computational costs. A si -terna Pl C is a system, of asymmetric coding, which means that to employ * two laves, one for the coding and another pair * to the decoding. A .symmetric system is based on the principle of knowledge of a key (the public key) does not allow derivation of the second key (the private key). Consequently, a PK'C system allows the public key of the user to be publicly placed (for example, v in a directory or on a bulletin board), without compromising the user's private key.This concept of public key simplifies the process of rí i = »tr * ibuc ion of vPS cia.In addition to the method Pl C, another method of coding is the symmetric algorithm.An example» "e this is the Standard Data Coding (DES), > R &D in Ertcryption Standard, (Standard > and Data Coding), Federal Information Processing Standards Publication 46 (1977) ("FTP_ PUB 46", republished again in FIPS PUB 46-1 (1988)) and DES Modes of Qperation (Mode of Operation DES), FTPS PUB 81 (1980) which are useful in the Department of Commerce of the United States of America, see also Diffie et al., Ppvacy and Authentication: An Introduction to Cr-yptography (Confidence?): iad and Auten ia ion An Introduction to Cryptography), Proc. IEEE vol. 67, p. 7,97-427 (Mar. 1979), In general, a system c r iptográ f i > or symmetric is a set of? nstru »r > - ions, implied either in the team, in the programmatic obi er \ in both things, "which can convert an elar text" "(the uncoded information) into a coded text, or vice versa,": In several ways, use a specific key known to users but unknown. <I = l => etc. For a symmetric system as well as for a PlC system, the security of a message depends to a large extent on the length > ^ the key, as described in CE Shannon, "Comm? ni at ion Theory f Sec recy Systems," (Theory »The communication of confidentiality systems), E ^ ll Sys. Tech I Volume 28, pp. 656-715 (Oct. 1949) COMPENDIUM OF THE INVENTION These and >; .- > tro objects and advantages provided by the DAS, which includes the ability to identify the creator of an electronic document, provide irrevocable proof of the integrity of the transmission > ie an electronic document and the means to prevent the creator of the document from denying the creator of the document, that is, 1 i mpos ib 11 idad > "I do not know. In one aspect of the invention - of the Applicant, a method of au + tion > of an electronic document comprises the steps of; sign the electronic document with a digital signature of a Transfer Agent; attach * a certificate to the electronic document by the Agent »ie Transfer; and validate the digital signature and certificate »_the Tran F ren ia Agent. The certificate may include information regarding the identity »! of the Agent of Tranf rencia, lave cryptographic public, and predetermined attributes. The signature step may include the steps of placing an electronic function to the electronic document to determine * a message digest and encoding the message digest with a secret ip code key > _the Transfer Agent. The validation step of the digital page then comprises the steps d > _ * description of the compendium of the message to the public cryptographic key of the Transference Agent, apply the function of > ... link to the electronic document to determine a second digest of message, and compare the digest of mens and decoded on the second ") message digest The method can also include the step> ie apply a stamp of date and a time stamp to the electronic document The stamps of faith can be applied either before or after the signature of the signature and the electronic document. Using the certificate, the method may also include the step of signing the electronic document with a second digital signature In another aspect of the invention, an apparatus for authenticating an electronic document comprises a device for signing. the electronic document with a digital signature of an A n n> 1 Transference, a device for attaching a certificate to the electronic document, and a device for validating the digital signature and the cerfication.The certificate may include 'information as to the identity > "the Transfer Agent, public cryptographic key, and r *? buttes p erminated. The signature device may comprise a device for applying a key to the electronic document to determine a compendium of messages and a device for encoding the digest of messages with the secret password of the transfer agent. . The validation device may then comprise a device for decoding the mens compendium with a public cryptographic key > of the Transfer Agent, a device to apply the function to the electronic document to "determine a second compendium > of message, and a device for comparing the digest of message digest with the second message compensation. The apparatus may further comprise a "device for applying a date stamp and a stamp". of time to the electronic document. The date and time stamps can be applied either before or after the validation of the digital signature and the electronic document using the certificate. Likewise, the apparatus may further comprise a device for signing the electronic document with a second signature di it. In another aspect of the Applicant's invention, an authentication system for the electronic transmission of documents comprises a device for digitally encoding a document; a device to certify the identity of the document; a device to generate * a public key and a private key; a device to sign the document with a firm signature; a device for transmitting verifiably the electronic document; and a device for authenticating the transmission of the electronic document; where the system ensures the integrity of the transmitted document and the non-ignorance of the document transmitted by the creator of the document. In otr > - > aspect of the invention, an electronic document storage and retrieval system comprises a device for safely storing digitally encoded electronic devices; a provision to authenticate electronic documents recovered from the stockpile; and a device to verify the authority »ie the part q? e p?» of the authenticated electronic document. Where does the system ensure the authenticity of the electronic document stored within the system and the transfer of the electronic document to parties? on. In another aspect or of the invention, a method of authenticating electronically transmitted documents comprises the steps of digitally encoding a document; cer ificar] á identity > of the person «who transfers the document; generate a public key and a private key; sign * the document with a digital signature; transmit in a transparent manner the document ele < tronic; and authenticate the transmission of the electronic dotTu; so that the integrity of the document transmitted and the non-knowledge of the document transmitted by the person transferring the document is assured, BRIEF DESCRIPTION OF THE DRAWINGS The various characteristics and advantages of the invention of the sun will be apparent reading this description in combination with the drawings in which: Figure 1 is a block diagram of the assignment of responsibility for authentication in the DAS; Figure 2 summarizes the functions of the DAS in relation to the authorization of transmission of document and protection; Figure 3 is a simple diagram of the architecture of the YOU GIVE; Figure 4 is a functional block diagram of 1 i between the Transfer Agent and an Auxiliary Center in 1 cation; Figure 5 is a block diagram of the cont1 functions of the A; Figures 6a, 6b are diagrams that illustrate the application of the DAS in the mortgage finance industry with a Company > of Tí ulos / Closing agent for a loan as Agent »of Tr nsf rencia; Figure 7 illustrates the process of document quantification in a more general way; Figure 8 illustrates the generation of a digital signature; Figure 9 illustrates the digital signature of a document and the validity of the digital signature; Figure 10 illustrates the format of a certificate used by a user or 1¡A authority > d »: j certification; Figure 11 illustrates the validation of the certificates; and Figure 12 illustrates the generation of ce ificates. DETAILED DESCRIPTION The invention of the applicant can be achieved using computer systems, only and wearable, and technoloyta for C? ^? . An integrated closed system for the auten ation of electronic documents. With reference 3 to Fig. 1, which is a block diagram of the backup assignment 11 for the authentication in the DAS of the request, the DAS employs a Certification Authority structure by which key 1 / is / pr i vada, which are used to cook / discard? To sign a document digitally, and provide a document creator by mediation. . an established device that can be audi ed. CERTIFIED AND CERTIFICATE RATINGS ARE DESCRIBED IN THE P &T; The aforementioned mention by C.R. Merrill in I TU- 7 Remen tion X.509 (1993) ISO / IEC 9594-8? 1995 Information Technology Ojien Systems Interconnect ion The Di er ory: Authen icat ion Framewort (Information Technology Interconnection of »Open Systems the Directory; Reference Framework of Authentication) (including the amendments), which are expressly incorporated here by reference. The definitions of certificate and infrastructure used in this application are based on these documents. As de_cpb_ c n inu ión, the public / private key is supplied > : preference in the form of a symbol, such as an electronic circuit folder »conforming to the rules of the PO Memory Oa r»: l rt ter Asso ia t ion s »3» iation »of» Inte fa_ of Card »ie PC Memory) (a PCMCIA card or? n:? PC card) for use in the computer of the creator. In general, a symbol is a portable transfer device that is used to transport keys or parts of keys. It will be understood that PC Cards (PCs) are only a form of supply. * mechanisms pd. The key is p? bl i r 3 / private for the applicant's DAS; Other types of symbols can also be used, such as bland iscos and Smart Cards. . ra To ensure a reliable service, a service can be used, such as services. They are frequently employed to transfer sectoralities between parties, to provide the means to the sender. _The iJocumeu to. Beneficially, many commercially available symbols that incorporate "on-board coding" generate the values of the public / private key on the card, and 13 private keys can never be used for the non-coding technique. The public keys are exported to the Authority in order to be included, with the identity of the intended recipient and of appropriate user attributes, among other things, in a "qualified" manner. DAS insurance principals with the correct operation of the Cerification Authority structure, the close relationship between the user's identity and attributes and the password in the certificate, and the reliable summ »» From PC to Authorized Recipient In a further aspect of the applicant's invention, the public / private key is effective only when used in combination with a certificate and personal identification information such as for example bio-etric ation the receiver (for example, fingerprints, digital, e vo :) or you in a number of i »Jent i f i >;: a > Personal ion (PIN) assigned to the receiver * of the card by the Authorization of Certificate and that can be supplied- '»separately from the creator's card. Any subsequent transmitter of the document you are required to sign in order to properly encode the document should > Je la mi'- '. in a way to be equipped > - "> "_> a card and information of respective personal information." In Figure 1, a document router, a document creator and any subsequent transmitter are called an Agent of Transfers, and It will be noted that a Transfer Agent is notified in the DAS by the session and that a valid certificate and a valid IM1P certificate are issued by issuing the key and the MIP to the Agent. In the case of the DAS, the DAS profitably reuses one or several attributes, > > well-being of the Transfer Agent in relation to the t.1 a ve and the PIN. Transfer Agent, which may be authorized to carry out only certain types of transactions and / or transactions that have a value less than a predetermined value. * The award by the Certification Authority of a digital certificate. The signed mind ensures the ability to verify the identity of each transmitter of a cumento > d? g? l to the signed mind to codified. The Authoring Authority also retains the ability to override a public / private key, or to re-evaluate a public / private key, from a remote location electronically. The cerfication authority may also soup the privilege administration in accordance with the policy established by the system. For example, the Authority > Certification may establish financial or other types of limits on the authority granted to the Agent > The transfer will be signed by these authors, such as 3tr? L > uto. »of certificate. These at tbut »» can be retrieved from certíf? «Aclo and applied by other elements in the system. In an important aspect of l a. invention of the applicant, the DAS is a system for authenticating a document by applying »digital signature coding technology for the electronic transmission of the document. As used herein, the term "authentication" refers to the corroboration and verification of * the identity of the real party and / or sealed or transmitted the original document and the verification that the "encoded document received is the document sends or by this part. The DAS employs an Authentication Center to provide a trail of evidence or audit, for applications that require this capability, from »the original realization» of the document held, encoded or stamped to all its subsequent transmissions. 1.3 Certification Authority could use a physically secure facility that is a "center of trust" that has security 24 hours a day, an alarm system, and a construction of you or "vault". Due to its importance, an installation would include with controls controls by * parts of two people, without any individual person having access to the generation of keys or b? E * n to the systems of handling of keys. All personnel involved in the operation of critical document management and the transmission of electronic documents should be submitted to reliability tests in the safest possible manner, by means of staff interviews, re of background, polygraphs, etc. A »íem? , the administration of the Cer ifica ión Authority should implement procedures that avoid failures in public points, requiring collaboration to reach a compromise. In this way, a person n »D could get full access to the generation of keys m to the administration > of keys. Another aspect of authenticity: a > - What is the use of the DAS applicant that contrasts with the previous systems is the use of? an integrity block and a "sell" :) "of faith»:. ha and time in each document) transmitted. Suitable date and time stamps are those provided by the systems "described in the North American patents." Nos. 5, 126,646 and No. 5,136,647 of Stuart A. Haber and W.S. Stornetta, Ir., Both are incorporated herein by reference, and are commercially available at Sur-ety Technologies, Inc. The integrity block, is the digital signature, and the date and time stamp. hori applied by 'the Center' of Authentication, eliminate the possibility of an alteration or unauthorized affectation of »a do um not by the signatories after its original CJ seal celebration. The integrity block of the Authentication Center for a document received from >; a Transfer Agent1 is generated using any of the known digital algorithms d & keys This integrity block ensures that the document can not be altered without detection. In addition, the use of the > digital signature by the Authentication Center can you provide? It is helpful not to reject, that is, it can prevent the creator from rejecting the document. The combination of the integrity block requestor, date and time stamp, and authority provides notice and evidence of any attempt at alteration or substitution, even by the originator of the document when an attempt is made to alter said document after its creation.

In accordance with the invention of the applicant, each transaction and its documoritor »are authenticated by means of the» transmission to the Authentication Center from the Transfer Agent terminal. As described below, the Transfer Agent provides the document in digital form, such as the output of a conventional word processor, 3 the PCMCIA card of the Transfer Agent. As an option, you can also provide a device to digitally sign a handwritten signature and the digital signature can add 3] digital document. The digital document is signed di gi tately and / or coded by the PCMCIA card "of DAS, and the signed version 1 i t 1 and / or encoded is electronically co nt to the Centr > _ > of Authentication (by eiemp! •. •>, c-> r means of a computer network i? -? da or modem). Other »forms» ie communication of signed or coded documents can be used (for example, sending a disl-ette containing the document), but the great advantage of electronic communication is speed. The Authentication Center verifies the identity of the Transfer Agent and the authenticity of the documents, and anei < ? a digital signature and a stamp »of date and time to the document, thus establishing each transaction so that it can not be unknown. The combination of these functions, in combination with a protected audit trail, can be used in the future to provide definitive proof that a party "starts \ ni? transaction. Parcululamente- ", the invention of the applicant provides the authentication of a document in such a way that a creator can not deny that he originated the document and provides irrevocable proof of au-entity. These authenticated, signed and / or encoded documents are stored in the Authentication Center in any convenient way, as for example in optical and / or magnetic disks. Once the transaction is finished and once the document and / or coding is signed, said document or documents are transferred and authenticated by the Authentication Center, any authorized party can have access to the Cent or of Authentication through an electronic device such as a modem, to obtain or transmit an additional authenticated document, to the transmissions. The electronic documents of the creator are made to the Authentication Center that provides authentication in accordance with 1 or described above and stores the documents authenticated for transmission to the authorized parties and on behalf of authorized parties whose identities and policies are similarly authenticated by * the Authentication Center. The authorization to access may be restricted to the level of a single document or a group of documents. ? 0 In accordance with the applicant's invention, the DAS verifies and assures that the documents that have been transmitted, stored, recovered have not been accidentally modified or intertwined. The DAS can verify at any time and at any stage that a document is exactly, until the last digital bit, the document held transmitted by the creator and that the document has not been altered or affected »in any way. This element of integrity combined with a digital signature and a date and time stamp allows the DAS assurance that the document is not a manufacturing, production, packaging, or unauthorized replacement of the product. a document originally celebrated or sealed by the creator of the document. Why the creators of the document to sign-or code, for example loan and mortgage documents, commercial documents and other titles, deeds and leases, etc., should be able to make their reports from several locations. .. i one, the DAS replaces the cryptographic process center with a PCMCIA cryptographic folder assigned to a respective authorized Transfer Agent. This allows the individual use of any DAS-enabled computer in any location connected to the e3 Authentication Center. As described above, cryptographic cards and certificates are issued and monitored by the Certification Authority. Can they be controlled at the canvas and through the inclusion of a field of? "expiration period", which allows the periodic replacement if 1 »3 certificates of agent of des tranfrenci. It will be noted that these certi fi cates in accordance with X.5 <;, < they include a plurality of fields of this type, but only the fields important for the understanding of the operation of the invention are described here, FIG. 2 summarizes the functions of the DAS in relation to document transmission and protection authorization. In the left-hand column - you can find the functions of a PC card of a transfer agent ', in the center column there are other functions carried out by the transmission agent of the Transfer Agent; and DAS functions are found in the right column. FIG. 7 is a diagram illustrating interconnections between three terminals of Transfence Agent and a subsystem of a server and a subsystem > to the Center at the Center of Au ention in the architecture of DAS. Figure 4 is a block diagram of the functional interface between a Transfer Agent and the Authentication Center, the graphic card includes components, such as a mirro-processor and electronic memory devices. , to carry out the steps »of an algorithm P1C as well as an algorithm > of symmetric coding such as DES. Likewise, the card could be proof of > manipulation, which can be ensured through its design to erase critical lapses and / or algorithms when detecting any attempt at penetration or alteration. The National Institute of Standards and Technology 11 is responsible for certifying the self-assessment of the cryptographic card providers that may be employed by the DAS. In accordance with the invention of the applicant, each transaction and its documents are authenticated using a bitch key! ica contained in the Transfer Agent certificate. Devices and programs of confidentiality, signature, and / or integrity are available commercially from various sources, including PSA Data Sscupty, Inc .5 Public Law Partners; S? Rety Tec hnolo »g? and? , nc; Ascom Tech AG, Swtzerland; National Semiconductor; Nrthern Telecom Ltd.; and Spy rus. The Center > A? Tent icac ón employs its own secret key to sign the transaction again in such a way that it can not be - unknown, the combination of the signatures of the Transfer Age and the Auteurization Center (in combination with the track> of the physically protected) can be used in the future to definitively verify that? agent, employee, > : > good company (the transfer agent) initiated a specific transaction.

In addition, the support function of a Notary Public is available for printing according to the deci sion or discontinuance. The employee's signature or a > 3ente- > In the terminal of the »Transfer Agent is protected by the» characteristics of »personal identification and cryptographic information of the cryptographic card in the possession of the Transfer Agent, the combination of these controls identifies only the agent or employee, thus allowing a DAS. Also, authorization of > a »person» or employee and information of > The attribute can be stored in the certificates or tueu in the PCMCIS card memory in a protected manner by sealing as described above. The DAS used this information in combination with the NIP to establish pp 1 egios, accesses, limits, volume and amount of funds. Fl DAS provides a distributed validation capability using a signature that can not be unknown. The strategy uses PKC to reduce spending, key handling and to provide a digital signature that * can not be unknown for all "documents and transactions." The coding -> ee pl par - to provide NIP confidentiality protection and other transaction details of »compliance with the above described • These" control "functions of DAS are summarized in Figure 5. Admittedly, the DAs is compatible with the entire range of applications based on the following. modern lens / server transactions, distributed modernly, operates effectively on LAN, WAN, and dial-up networks, DAS uses modern-day Liase tools preferentially and consequently the server can use a technically advantageous technology. :.] ogl a rel ian-tl with an SQL interface (eg SYBASF) The DAS can employ several technology-based tools that can be designed as follows: The architecture of> security can assign responsibility in a base that can not be "unknown by using > of approved norms. Par- ticularly ANSI X9.9 and X9.19, which are incorporated herein by reference, may be used for authentication. DES can be used to encode documents, and a triplet can be used to protect key coding. The option of the session code of ANSI X9.24, Admi ation »of * Financial Institution Retail Code, which is incorporated herein by reference, can not be used. = »To be used > Je »compliance with the security architecture. In an aspect of the applicant's invention, documents, transactions and other information can be protected against the use of cryptographic techniques of the ANSI standard. You can code NIPs using DES; Selected message elements can be authenticated using the methods described in ANSI X9.17, Authentication of Messages, or another suitable communication link, a PCMCTA card interface, a message nunector, an input interface / exit, and an application > of entering mens is úl t i pl. The Ce * ntro de Au- icaci n is organized with profit co or a subsystem of server, a subsystem of answer of > ~ rshop, and storage. As part of the server subsystem, which can be interfaced with a computer 86 with the UNIX operating system, a terminal communication subsystem includes a multiple port controller (see also figure 3) that handles Communications with Transfusion Agent terminals. Also provided in the server subsystem is a cryptographic key management subsystem, a reply subsystem, a d & management of »relational database, one in d / s and one out (I / O) system administration, and audit subsystem. A PCMCIA card and a backup communication subsystem create an interface with the backup subsystem mentioned above? Mpl * ment in the form of a 486 computer that has the operating system of t? >; 3 DOS. A subsystem of storage communication creates an interface with the device and the devices for the amalgamation of above-mentioned documents. The DAS would also allow a "Notary Public" of the secondary support function type. This will allow a third party present at the conclusion of the document to have a cryptographic document that would "seal" the transaction for an additional publication of the parties that celebrate or seal the document. backwards they were in fact their own births. This additional notary function is not required, but may help to further authenticate the iden tities of the parties. The figures '' .a, h are diagrams illustrating an application Typical of DAS in the mortgage finance industry with an Insurance Company / Agent of Closing for the loan as an Agent > ds »Transfer. In step 1, the Certification Authority terminates the generation of code ".") And issues PCMCIA cards to authorize the parties to transfer documents and to establish a few clues of legal evidence. The parties, which would generally be individual or non-financial and financial institutions such as, for example, a BANK / Mortgage Company, and a Closing Agent, or would be equipped. »To transmit and receive documents electronically. In Step 2, a Bank / Mortgage Company electronically loads and transmits loan documents to the Au- tic ic Center that sends them to a Titleholder / Closing Agent afterwards. ? nte »graph and stamps of date and time. In step? 8 3, the Center »Authentication transmits the authenticated loan documents to the Tíulo Company / Clerk Agent. In e »l step 4, a. Tí ul Company / Closing Agent has the documents * the brads by handwritten signature scattered by a Cas_ Buyer? / Prop tetar IO de Casa. In Step 5, the Closing Title / Agent * Company provides the Home Owner / Home Com- petitioner with "hard copies" of the signed documents. At this step, the Titles Company / Closure Agent transmits the documents to the Authentication Center that adds the integrity blocks and date and time stamps to the documents held, sends the documents to the Bank / Mortgage Company, and store the documents. If the Bank / Mortgage Company receives the copies of »1 > -_) s documents can be retrieved online from the storage in the Authentication Center. In step 7, the Bank / Mortgage Company gives instructions in accordance with which the authenticated documents must be transferred by the Author? »: Authenticati on to a Mortgage Bank / I nversi on in the secondary market. In step 8, when the Investor requires authentic documents, they can be retrieved online from the Authentication Center. Figure 7 further illustrates an example of the document certification process of the Applicant ». In the first step, an electronic document that reflects the agreement between the parties is designed, or an electronic document is prepared, such as, for example, a manufacturing operation that is illustrated by the factory in Figure 7. The electronic document is provided to an Agent Terminal > of Transfer that is illustrated with a portable computer that has a> an authorized PC card and, optionally, a notebook for style to capture handwritten signatures. A typical configuration for a Transfer Agent terminal is at least the equivalent computac inl of a type 306 desktop computer or a laptop computer, with high resolution graphics capability, a PC card reader, and a notebook. notes > : style for capturing handwritten signatures. As shown in figure 7, the electonic document > .: That can be created locally CD remotely, was presented in this terminal. In the second step, the parts of the signed agreement of handwritten signatures in the document using the notebook of »site notes. These signatures are captured and inserted into the appropriate locations in the electronic document. After all the parties have signed e »3 documents, the Agent * > Transfers certifies the termination »of the document's celebration by means of its digital signature and by adding its certificate, using the PC Card. iü If an original document is desired on paper, the electronic document could be printed first. The paper document will be placed in the notebook of notes of style and the terminal cursor placed in the corresponding place in the electronic document. This allows the capture and transfer of handwritten signatures during the actual signature of the paper document. The electronic version is then an exact duplicate of the paper document. After local certification, the Transfer Agent transmits the electronic document to the Authentication Center in the process step. The Authentication Center included preferably a computer >of a high volume, which has a large capacity capacity and a large backup capacity, and is a safe and highly protected installation. The Authentication Center contains a separate digital signature capability, one or more cards > of PC, and a base of »1e po p rec. i sa When an electronic document is received, the authentication of * the rights of the Center > ie Transfer \ validated by the Authentication Center. { Step by Step). If authenticated, the electronic document is signaled with a date and time stamp (step 5), digitally signed (step 6), filed (step 7), stored by the Center of Authentication. Copies certified in the electronic document can then be distributed »in accordance with instructions from an appropriate party such as, for example, the holder of a beneficial interest (owner) designated by the document. The Authentication Center maintains the electronic document and a log or history, of three transactions, as an example copy requests, < --- »t» r », in relation to said document. It should be noted that the system will be useful for many management functions that contribute to the system's design. For example, the binnacle facilitates the identification of subsequent electronic sub-rela- tions linked to each other. transaction and contributes to limiting the responsibi lity of the Authentication Center. In the same way, the bi-cora is useful as a chain "- 13 of the chain > of protection of the document. The Authentication Center also controls access to the document in accordance with the au ortiz ing instructions provided by the owner of the document. Such authorizations will be updated or revised in accordance with changes (for example, assignments) in relation to ownership of the document. Figure 8 illustrates the process of digitally signing an electronic document, more generally illustrated with an "object of inrmation", by applying a key function. In general, a key function is a truly cryptographic function of a function calculated on the length of the object to be protected. The key function »produces a" message digest "in such a way that two different information objects never predict the same" message digest ". Since a compendium > of different message is produced if it is changed from? n bit of information, the key function is a strong integrity check. In accordance with the invention, the message digest is encoded using the secret key of the signer, thus producing the signer's digital signature. The combi ar? In this way, the function of key and function ensures the integrity of the system (that is, the ability to detect changes), and the attribution capacity, that is, the capacity of identify a signer, or a responsible party). The digital signature (the encoded message digest) is ane.s-ri to the readable information object (see steps 2 and 6 illustrated in Figure 7). From the »many different known key functions», it is considered at present that the functions called MD4 and MD5, which are included in circueating the 1 available-supplied mind, by vendors identified above, and the secure key algorithm published The government of the United States of America is 3: strong in use in the DAS of the codifier. Obviously, it can be expected that other key functions will be available as time passes. The steps of digital signature of an electronic document (steps 2 and 6 illustrated in FIG. 7) and e validation of the digital signatures (step 4 in FIG. 7) are illustrated in FIG. 9). The electronic document has flooded to it one or more digital signatures that are created by means of the algorithm of signature and the (s) clav is) secret (s) of the (s) f irmanteis) in accordance with what is described in relation C »J? Figure 8, and the (the »certi fi ed ones) of the (ele l s) f i rmante i). As described above, each of these certificates bears the identity of the signatory, the signature of the signatory of the verification, the predetermined collateral information as signatory, and the message digest. digitally signed from >; l certificate. The format of these parts per inen is * such a certificate of conformity ».on the X.509 recommendations that r» t »would employ by * part of a user or by the Authority > Certification? illustrated in figure 10. The step of »signature validation, which would be carried out normally but not necessarily by * the Center > of Authentication, includes the decoding of the compendium of message aneyo to the document, the new formation in code of the document to generate another compendium of message, and the comparison of the resulting message compendium with the digest message digest. The public signature of the verification found in the document signed by * the Certification Authority and annex -ti document is used to decode the summary of the appendix. If the two values of the menu digest correspond, the identity of the individual named in the certificate can be determined as > _ »] Signatory of the document, > ?? Another information object. If it is confirmed and the content of the document is intact. An Authentication Center certifies this? result through your digital signature placed on the document. As shown in Figure 11, a certificate > of a user (Transfer Agent, or even of an authority in ceri fi cation, would be automatically preferred by substituting the same method as electronic documents signed in such a way, except for such Certificate is signed by authorities specifically responsible for creating certificates, validation of digital signatures of »a document includes-» the validation of public signatures of »all Authorities of Cerification in a way between the signatory and a Pal Authority, '., which is the superior Certification Authority. ls signing »of these» Certification Authorities are loaded onto the PC Card> of the signer and they are flooded with 1 »DS documents prepared with the PC Card. As illustrated in Figure 12, the path from the signatory to the PaI 7. Authority can be considered as part of an authentication protocol.The certificate of the signer (user) is signed by a competent authority. Cer ification I own certificate (the CA Certificate) is signed by the Country Certification Authority 2. Since it is likely that several certi fi cation authorities will be located in the forest, branches > of the authentication tree, it is only necessary to recover all certificates of Authentication »ie Certification to the l rcj» 3 of both branches until finding a common node, in order to authenticate a digital signature for an entity in a different branch in an authentication tree, and to verify the authentication: 1 certificates of the certificates up to the common node. S will observe that the present? > descr ipe ion and lo. The drawings are for illustrative purposes only and that a person skilled in the art will recognize that various modifications can be made without departing from the spirit or the spirit of the present invention which is limited. only by the claims a.

CLAIMS 1. A method for authenticating an electronic document, which includes the steps of: signing the single document with a digital signature of a transfer agent 135 attaching a certificate to the electronic document by par of] agent »of transfer; and validate a. digital signature and certificate of the agent of »r-insferenc. ta. 2. The method of conformance with the rei indication 1, where the certificate comprises »? Na identity,? Na. public cryptographic view, and attribute- »predc'termin.dop of»! agen de t ra ns ferenr.1a. 3. The method according to claim 1, wherein the signing step comprises the steps of applying a key function to the electronic document to determine a message digest and encoding the message digest with a secret cryptographic key of the agent of transfer. 4. The method according to claim 3, wherein the step of validating the digital signature comprises the steps of decoding? the message digest »» has a key public cryptographic attribute of the transfer agent, apply * the function of »» wash »to the electronic document to determine * a second digest of message, and compare the message compendium * decode 1 file gives the second message digest.

Claims

5. The method according to claim 1, which comprises in this way steps to apply a stamp and a date to it. the time to the electronic document. 6. The method of compliance »on re-introduction 5, which shows the step of signing the electronic document »-.».? N a second digital signature > after the validation of the i rm i i t 1. 7. A device for authenticating a document that complies: a device for signing the electronic document »:) with a digital signature to a transfer agent; a device to add a certificate to the document t romi 05 and a device to validate the digital signature and the certificate. B. The "conformity" of claim 7, wherein the certificate comprises an identity, a public cryptographic code, and predetermined attributes of the "faith". 9. The item according to claim 7, wherein the signature device comprises a device for applying a key function "to the electronic document to determine a digest of men3 and a device for the purpose of • compiling the compendium of message with a key »- ri pl gr" f? »" -? secreta > del agent * »cíe» tr nsf renci. 3T 10. The apparatus according to claim 9, wherein »the validation device comprises a device to be» »»:! I f ica r the menu digest with a cryptographic key of the transfer agent, a device to apply the key function to the document. To determine a second compendium of message, and to make a positive contribution to the compensation of the second message digest. 11. The appearance of conformity with the indication 7, including "- in addition a device for applying a date stamp and a time stamp to the electronic document. 12. The device > in accordance with claim 11, which also comprises a device for signing the electronic document with a second "digital signature" after the validation of the digital signature and the digital signature. A system -authentication for electronic communication of documents and to ensure the completeness of the transmitted documents and the non-ignorance of the transmitted documents, which includes: a means to digitally encode the document; certify the identity of a person transferring documents, a device to generate a public key and a private key, the menu-i one of the public domain and the private key is e? mp> read ptara digitally encode the document, a device for signing the document with a digital signature, a device for transmitting in a visible manner a coded, signed document, and a device for authenticating a signed document, > r.od i f i ca o, t rai rsm 111 do. 14. A system for storing and curating electronic documents that ensures the authenticity of electronic documents stored in the system and transfers electronic documents to authorized parties, cp < and understands. devices for securely storing electronically digitized documents; devices for the authentication of electronic documents- »recovered from storage; and devices for verifying the authority of a party requesting the retrieval of a document and the process c > 3 autent? > . ado. 15. A method for the authentication of electronically communicated documents that will inform the integrity of the documents, and the non-ignorance of the transmitted documents, which includes the following: > s pia sos d c difi g d i g i tally * the document; certify the identity of a person who transfers the document; generate a public key and a private key, at least one of the public key and the key code used to code the document; sign * ol document cor »a digital signature; rsmitting a signed, codified document in a vepfiable manner; and authenticate a signed, coded, transmitted document. 16. The method of claim 15, wherein the certification step includes a step of supplying a piersanal identification number and at least one of the -tv piúblua and of * the private key to a document creator. 17. The method of conformance with the rei indication 15, where the authentication step comprises a step of including an integrity block and a date and time stamp in the signed, requested, requested document. GO. The authentication system of claim 13, which also comprises? device to seal the signed, codified document, where the seal device fi xes the signed, coded document, with a second signature di it l. SUMMARY OF THE INVENTION It is provided methods and apparatus that implement digital signature < 2 and 3) and / or coding for electronic transmission, < ) storage, and retrieval of authenticated documents and which allow for the e gility > J > - 'the identity of the creator of? an electronic document and integrity > of the information contained in said document (1). Points provide irrevocable proof of document authentication. The methods and devices make it possible to provide "paperless" commercial transactions, or for "-? in transactions on real estate and financial transactions backed by real estate. A Certification Authority provides tools to iniflate and ma nage the material c o > d i f i »: ado re uer i d».? to sign and seal electronic documents. An Authentication Center provides a verification by "third parties" that a document is held and transmitted by the c-r-de ?! document. The methods and apparatus eliminate the need for printed copies; of original documents as well as the storage of printed copies. The recovery of an authenticated document from the Center and Authentication can be done by any of the parties a? They are available at any time by means of ".Miability online. I / IO FIG. 1