US20060288216A1 - Long-term secure digital signatures - Google Patents

Long-term secure digital signatures Download PDF

Info

Publication number
US20060288216A1
US20060288216A1 US10548137 US54813704A US2006288216A1 US 20060288216 A1 US20060288216 A1 US 20060288216A1 US 10548137 US10548137 US 10548137 US 54813704 A US54813704 A US 54813704A US 2006288216 A1 US2006288216 A1 US 2006288216A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
digital signature
electronic document
digital
signature
signed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10548137
Inventor
Peter Buhler
Klaus Kursawe
Roman Maeder
Michael Osborne
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Abstract

The present invention relates to digitally signing of electronic documents which are to be kept secure for a very long time, thereby taking into account future cryptographic developments which could render current cryptographic key-lengths insufficient. In accordance with the invention a double signature is issued for each document. A first digital signature (DTS) ensures the long time security, whilst a second digital signature (DUS) ensures the involvement of an individual user. Thereby, the second digital signature is less computationally intensive in its generation than the first digital signature.

Description

    TECHNICAL FIELD
  • The present invention is related to a method, computer device, and system for digitally signing an electronic document that is to be kept secure for a long time period. The invention also relates to a method for verifying an electronic document that has been digitally signed.
  • BACKGROUND OF THE INVENTION
  • More and more documents are stored electronically. This often involves a digital time-stamping mechanism in order to bind the document or its content to a particular point in time. To minimize the risk that either the data or the time-stamp can be tampered with at a later date a cryptographic digital signature is used to protect both elements.
  • US Patent Application Publication US 2002/0120851 A1 refers to a device and method for data time-stamping. The device includes a trusted clock, a memory, a time-stamper and a digital signer. The device is adapted to store to the memory data that has been time-stamped by the time-stamper, with a time obtained from the trusted clock, and digitally signed with a digital signature by the digital signer.
  • However, at present the requirement that a user is legally liable for documents that he/she digitally signs and that the documents remain secure for a long period of time, for example at least 30 years, can not be fulfilled, because of the limited computational power of personal cryptographic tokens.
  • It should not be possible to create any signature without the users consent. This can be forced by an individual cryptographic hardware token which acts as a signing device (e.g. a smart card).
  • Current hardware tokens of this type are restricted in terms of computational power which means that digital signatures with very large key lengths cannot be computed within an acceptable time.
  • It is an object of the present invention to create and verify digital signatures that are secure for a very long time, taking into account future cryptographic developments which could render current cryptographic key-lengths insufficient.
  • SUMMARY AND ADVANTAGES OF THE INVENTION
  • In accordance with the present invention, there is provided a method for digitally signing an electronic document for long term security purposes comprising the steps of marking with a digital mark and signing with a first digital signature the electronic document. The marked and signed electronic document is then signed with a second digital signature that is less computationally intensive in its generation than the first digital signature. In most cases the second digital signature is based on a shorter cryptographic key then the first digital signature.
  • The electronic document and the first digital signature or part thereof can be provided to a client computer where under use of a cryptographic token the second digital signature which depends on the content of the electronic document and the first digital signature or the part thereof is generated. This allows a presenting or displaying of the electronic document to a user, who can review the electronic document and sign it with an individual cryptographic token, for example with a smart card, which belongs to the user and is also referred to as signing device.
  • The cryptographic token can be related to a user group which then shares one cryptographic token making the group or a department liable.
  • The digital mark can comprise a unique number that is a sequence number, a time-stamp, or a value derived thereof. The digital mark allows a unique number to be allocated which later on can be used for revocation purposes.
  • The signed electronic document can additionally be signed with a third digital signature or a further digital mark, i.e. after the user has signed. This would be performed where the first digital signature was created, e.g. at a time-stamping or signature server. The revocation process could be simplified because it would allow an easier key revocation, as it is sufficient to tell the signature server which keys are invalid.
  • The digital signatures may use asymmetrical as well as symmetric encryption. Public/secret- key cryptography can be applied advantageously by using first and second signature keys. The individual key for the second signature has a length that can be handled by the individual signing devices. However this might be insufficient to guarantee security for the long-term future. The first signature key on the other hand is of sufficient length such that by all reasonable predictions it can not be broken within the desired live-time of the key.
  • In general, the invention solves the problem of creating digital signatures that must be secure for a very long time, taking into account future cryptographic developments which could render current cryptographic key-lengths insufficient. Having a digital signature or part thereof calculated on an easy transportable device, such as a smart card, makes a user legally liable for documents that he/she digitally signs. In accordance with the invention a double signature is issued for each document, one ensuring the long time security, the other one ensuring the involvement of the individual user. The final signature of the document is therefore a combination of these two signatures. Taking into account the nature of the two signatures in terms of used key size and of the calculation algorithms, it seems not to be useful to regenerate the signatures during the life of a document. The combination of these two signatures allows a very high security level, for short tern and overall for long term.
  • The first stage involves a trusted digital marking which may add time and date and certificate information to the document or a document hash value, and signing it with the first digital signature.
  • This first stage can be performed by a trusted server that uses a very strong key length, e.g. 3072-4096 bits, and may use several different signature schemes in parallel, e.g. RSA, ECC, to maintain security even if a particular scheme is compromised.
  • The user then verifies the document, which now includes the signed digital mark, and signs it again using his/her individual signing device with the second digital signature digital which is less computationally intensive in its generation than the first digital signature. The document is then contemplated as a validly signed electronic document. An advantage of this is the long term security, while still allowing every individual user to have his/her private key that never leaves the individual signing device. This allows that users be liable for their signatures, while giving assurance that the key-length on the final signature is sufficient to last for a long time. Thus, the scheme allows a long-term personal liability on digital signatures.
  • It is also possible to revoke a key if one individual signing device gets lost. Because every signature comes with a reliable digital mark, signatures signed after the revocation time of one individual signing device are simply declared invalid.
  • If—due to technical developments—the key length of the individual singing keys become into danger of being insufficient, all individual signing keys are revoked and replaced by longer keys. To increase security, the digital marking key may be destroyed, such that it is impossible to issue any digital mark compatible with the old keys.
  • A computer device, e.g. a laptop computer, with an electronic smart card reader for reading a smart card can be used to generate the second digital signature. Also possible is to use a personal digital assistant (PDA) which at the same time can be the cryptographic token. The cryptographic token is contemplated as an individual signing device or part thereof which is a small device in the possession of the user that issues the second digital signature.
  • In another aspect of the invention there is provided a system for digitally signing an electronic document for long term security purposes. The system comprises a document repository for storing and providing the electronic document, a digital signature computing device connected to the document repository for deriving from a digital mark and the electronic document a first digital signature, and a cryptographic device for generating a second digital signature that is less computationally intensive in its generation than the first digital signature.
  • The digital signature computing device could comprise a tamperproof clock, which can be used to create the digital mark and therewith the first digital signature. In addition, the digital signature computing device could comprise an internal clock for verifying a predefined time-interval between the issuance of the first digital signature and the second digital signature to be issued. For example, the individual digital signature computing device only issues the second digital signature on the electronic document that was digitally marked and signed within the last, for example, ten minutes. This makes it harder to stage long term attacks that try to gather the components of a valid digital signature over a certain time period.
  • The digitally signed electronic document can be verified under use of a first public key corresponding to the first digital signature and a second public key corresponding to the second digital signature. The use of public-key cryptography allows an easy verification process.
  • In yet another aspect of the invention there is provided a method for verifying an electronic document that has been digitally signed by a first digital signature under use of a digital mark and thereon with a second digital signature. The method comprises the step of verifying the validity of the digitally signed electronic document by using a first public key corresponding to the first digital signature and a second public key corresponding to the second digital signature that is less computationally intensive in its generation than the first digital signature.
  • DESCRIPTION OF THE DRAWINGS
  • Preferred embodiments of the invention are described in detail below, by way of example only, with reference to the following schematic drawings.
  • FIG. 1 shows a schematic illustration of components in accordance with the present invention.
  • FIG. 2 shows a schematic illustration of the creation of a first digital signature
  • FIG. 3 shows a schematic illustration of the creation of a second digital signature
  • FIG. 4 shows a schematic illustration of a verification of the digital signature
  • FIG. 5 shows a schematic illustration of a process flow for the creation of the digital signatures
  • The drawings are provided for illustrative purpose only and do not necessarily represent practical examples of the present invention to scale.
  • DETAILED DESCRIPTION OF THE INVENTION
  • In the following, the various exemplary embodiments of the invention are described.
  • FIG. 1 shows a schematic illustration of units within a system for digitally signing and verifying an electronic document that is to be kept secure for many years. A document repository 10, which can be a database server, stores electronic documents. The document repository 10 is connected to a digital signature computing device 12 that is contemplated as a digital signature server or time-stamping server, hereafter also referred to as signature server 12. This server is regarded as a highly secure server with an accurate tamperproof clock 11. A cryptographic device 13 is connected to the signature server 12 usually via a network. In-between might be an application server located (not shown) for forwarding of requests. The cryptographic device 13 comprises a computer device 14, which here is a client computer 14, a card or smart card reader 16, and a smart card 18 which operates together with the smart card reader 16 and the client computer 14.
  • For the understanding of the process flow, the steps are labeled at the connections with numbers in a circle which correspond to the numbers 1-8 mentioned hereafter. As indicated with 1, the electronic document to be signed is retrieved from the document repository 10 and presented to the signature server 12 where a system signature is created and attached. This is described in more detail with reference to FIG. 2. The electronic document and system signature are presented to the client computer 14, as indicated with 2. As indicated with 3, the user's client computer 14 presents the electronic document and system signature, or hash thereof, to the attached card reader 16. As indicated with 4, the card reader 16 presents the electronic document and system signature, or the hash thereof, to the smart card 18 inserted in to the card reader 16 that is a card reading device. As indicated with 5, the smart card 18 creates a user signature from the presented data which is returned to the smart card reader device 16. As indicated with 6, the smart card reader device 16 returns the user signature to the user's client computer 14. As shown with 7, the user's client computer 14 returns the electronic document, the system signature, and the user signature to the signature server 12 for verification purposes where also a third signature can be added. As indicated with 8, the verified electronic document, the system signature, and the user signature are saved in the document repository 10.
  • The system signature is created at the signature server 12 usually located at a central site. For the creation of the system signature two algorithms with public/private double-key based on a key size of, for example, 4096 bits, can be used. A respective private key can be stored in a hyper-secure cryptographic coprocessor card which generates a reference time-stamp. A corresponding public key can be stored in the signature server 12 which can also be used as public keys server located at the central site.
  • The user signature is calculated and generated under use of a cryptographic token that here is the smart card 18. For that, an algorithm with public/private double-key based on a key size of, for example, 2048 bits can be used. The double-key is generated once by the user or a user group. A users private key is only stored in the electronic card, the smart card 18. It is not on transit on any network and it cannot be copied. A corresponding user public key can be stored in a public keys server located at the central site whereto it is transmitted by order.
  • In a further embodiment, the user asks for displaying one electronic document he/she wants to sign. Consequently, a request is sent to the application server or directly to the document repository 10 in order to obtain the data in question which has to be presented to the user for his/her signature. The set of data, that is the requested electronic document and the user's identity are sent to the signature server 12 in order to be signed. At this step, the system signature is added to the electronic document. The electronic document and system signature are then forwarded and presented to the user. The data can then be checked by the user.
  • In another embodiment, the user signs by placing his/her finger on a fingerprint reader which can be on the card reader 16.
  • The same reference numbers are used to denote the same or like parts.
  • FIG. 2 shows a schematic illustration of the creation of a first digital signature 28, also referred to as digital timestamp signature and abbreviated to DTS, which is also called system signature with reference to FIG. 1. The electronic document is hereafter also referred to as document 20. In summary, the signature server 12 attaches a digital mark 23 (DM), comprising time and date and/or a sequence number, as well as the first digital signature 28 to the document 20 resulting in a digitally marked and signed electronic document 29. This first digital signature 28 signs the digital mark 23 and the document 20 in question or a hash thereof. In detail, from the document 20 a first hash 21 is generated resulting in a first hash value 22. Further, from the digital mark 23 a second hash 24 is generated resulting in a second hash value 25. Under use of the first and second hash value 22, 25, a first private key 26 that belongs to the signature server 12 and a cryptographic encryption algorithm the first digital signature 28 is created.
  • The long term security of the scheme relies on the security of the first digital signature 28. Performance is a minor issue here, as the system signature DTS is usually generated by a stationary server with sufficient resources. Therefore, the key length used here will be rather large, e.g., 4096 bit RSA, and possibly several different schemes basing on different cryptographic assumptions are used in parallel in case there is a total break of cryptographic algorithm, e.g., RSA and DSA.
  • FIG. 3 shows a schematic illustration of the creation of a second digital signature 38. The second digital signature 38 is called user signature with reference to FIG. 1 and also abbreviated to DUS. To bind the signature to a particular user, the user signature, that is the second digital signature 38, is added to the digitally marked and signed electronic document 29 which was signed by the signature server 12. In detail, from the digitally marked and signed electronic document 29 a third hash 30 is generated resulting in a third hash value 31. Under use of the third hash value 31, a second private key 37 that belongs to the user, and a cryptographic encryption algorithm the second digital signature 38 is created. The second digital signature 38 is then added to the digitally marked and signed electronic document 29 resulting in a digitally signed electronic document 39 which is verifiable.
  • The second digital signature 38 is issued by a small cryptographic token being the smart card 18, in possession of the user. Therefore, the computing power may be limited. This imposes a restriction on the key length and thus also on the long-term security of the users signature. Furthermore, it is possible that the cryptographic token, i.e. the smart card 18, is lost or stolen. The token can thus not be used to ensure long-term security. Over the lifetime of the system, it can be replaced or retired at any time without endangering the security if signatures issued before or afterwards.
  • FIG. 4 shows a schematic illustration of a verification of the digitally signed electronic document 39.
  • To verify the signature 28, 38, the user first verifies the second digital signature 38 by applying a second public key. The user also should verify whether or not the second public key 47 is valid for the time or sequence number contained in the digital mark 23. As the second private Key 37 may be revoked, the document signed with it after revocation is not valid.
  • If the second digital signature 38 is valid, the user verifies if the first digital signature 28 is correct by using a first public key 46, the key that corresponds to the first private key 26 used by the signature server 12. If both signatures DTS, DUS are correct and the second public key 47 is valid for the time in question, the whole signature is considered correct.
  • In detail, from the document 20, the digital mark 23, and the first digital signature 28 a first verification hash 41 is derived resulting in a first verification hash value 43. Furthermore, under use of the second public key 47, the second digital signature 38, and a cryptographic decryption algorithm a second verification hash value 45 is derived. The first and second verification hash values 43, 45 can then be compared easily.
  • From the document 20 and the digital mark 23 a second verification hash 40 is derived resulting in a third verification hash value 42. Further, under use of the first public key 46, the first digital signature 28, and a cryptographic decryption algorithm a fourth verification hash value 44 is derived. The third and fourth verification hash values 42, 44 can then be compared easily. If the hash values 43, 45 and 42, 44 match respectively, the signatures are valid.
  • FIG. 5 shows a schematic illustration of a process flow for the creation of the digital signatures DTS and DUS. With reference to FIG. 1, the target document 20 is retrieved from the document repository 10 and presented to signature server 12, as indicated with 1. The signature server 12 creates the first digital signature DTS and attaches it to the document 20 together with the digital mark DM. This results in the digitally marked and signed electronic document 29. This document 29, as indicated with 2, is then presented to the cryptographic device 13 which creates the user signature, i.e. the second digital signature DUS, and attaches it to the system signed document. The resulting digitally signed electronic document 39 is forward by the cryptographic device 13. Finally, as indicated with 7 and 8, the digitally signed electronic document 39 is verified and returned to the document repository 10.
  • Any disclosed embodiment may be combined with one or several of the other embodiments shown and/or described. This is also possible for one or more features of the embodiments.

Claims (20)

  1. 1. A method comprising: digitally signing an electronic document for long term security purposes, the step of digitally signing comprising the steps of:
    marking electronic document with a digital mark forming a marked electronic document, and
    signing the marked electronic document with a first digital signature forming a signed electronic document, wherein the signed electronic document is signed with a second digital signature that is less computationally intensive in its generation than the first digital signature.
  2. 2. The method according to claim 1, further comprising
    generating the digital mark to be dependent upon the content of the electronic document; and
    generating the first digital signature using the digital mark.
  3. 3. The method according to claim 1, further comprising
    providing the electronic document and the first digital signature to a client computer; and
    using a cryptographic token to generate the second digital signature that depends on the content of the electronic document and the first digital signature.
  4. 4. The method according to claim 3, wherein the cryptographic token is related to at least one of an individual user and a user group.
  5. 5. The method according to claim 1, wherein the digital mark comprises a unique number that is at least one of a sequence number, a timestamp, and a value derived thereof.
  6. 6. The method according to claim 1, wherein the second digital signature is based on a shorter cryptographic key then the first digital signature.
  7. 7. The method according to claim 1, further comprising signing the signed electronic document additionally with a third digital signature.
  8. 8. A method according to claim 1, further comprising: employing a computer device for performing the signing of the second digital signature.
  9. 9. The method according to claim 8 wherein the computer device comprising an electronic smart card reader for reading a smart card.
  10. 10. A system for digitally signing an electronic document for long term security purposes, the system comprising:
    a document repository for storing and providing the electronic document;
    a digital signature computing device connected to the document repository for deriving from a digital mark and the electronic document a first digital signature; and
    a cryptographic device for generating a second digital signature that is less computationally intensive in its generation than the first digital signature.
  11. 11. The system according to claim 10, wherein the digital signature computing device comprises a tamperproof clock.
  12. 12. The system according to claim 1, wherein the cryptographic device comprises an internal clock for verifying a predefined time-interval between the issuance of the digital mark signature and the second digital signature.
  13. 13. The system according to claim 10, used for verifying the digital signed electronic document using a first public key corresponding to the first digital signature and a second public key corresponding to the second digital signature.
  14. 14. A method comprising verifying an electronic document that has been digitally signed by a first digital signature using a digital mark, and signed by a second digital signature forming a digitally signed electronic document, the step of verifying comprising the step of:
    verifying a validity of the digitally signed electronic document by using a first public key corresponding to the first digital signature and a second public key corresponding to the second digital signature, said second digital signature being less computationally intensive in its generation than the first digital signature.
  15. 15. The method according to claim 14, further comprising:
    generating the digital mark to be dependent upon the content of the electronic document; and
    generating the first digital signature using the digital mark.
  16. 16. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for causing functions of signing an electronic document, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect the steps of:
    marking electronic document with a digital mark forming a marked electronic document, and
    signing the marked electronic document with a first digital signature forming a signed electronic document, wherein the signed electronic document is signed with a second digital signature that is less computationally intensive in its generation than the first digital signature.
  17. 17. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for signing an electronic document, said method steps comprising the steps of claim 1.
  18. 18. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing functions of a system for digitally signing an electronic document, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of;
    a document repository for storing and providing the electronic document;
    a digital signature computing device connected to the document repository for deriving from a digital mark and the electronic document a first digital signature; and
    a cryptographic device for generating a second digital signature that is less computationally intensive in its generation than the first digital signature.
  19. 19. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for causing verification of an electronic document, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect the steps of claim 14.
  20. 20. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for verifying an electronic document, said method steps comprising the steps of claim 14.
US10548137 2003-03-04 2004-03-03 Long-term secure digital signatures Abandoned US20060288216A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP03405143 2003-03-04
EP03405143.3 2003-03-04
PCT/IB2004/000626 WO2004079986A1 (en) 2003-03-04 2004-03-03 Long-term secure digital signatures

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12128019 US8271791B2 (en) 2003-03-04 2008-05-28 Long-term secure digital signatures

Publications (1)

Publication Number Publication Date
US20060288216A1 true true US20060288216A1 (en) 2006-12-21

Family

ID=32946976

Family Applications (2)

Application Number Title Priority Date Filing Date
US10548137 Abandoned US20060288216A1 (en) 2003-03-04 2004-03-03 Long-term secure digital signatures
US12128019 Active 2026-05-16 US8271791B2 (en) 2003-03-04 2008-05-28 Long-term secure digital signatures

Family Applications After (1)

Application Number Title Priority Date Filing Date
US12128019 Active 2026-05-16 US8271791B2 (en) 2003-03-04 2008-05-28 Long-term secure digital signatures

Country Status (5)

Country Link
US (2) US20060288216A1 (en)
EP (1) EP1599965B1 (en)
KR (1) KR20060006770A (en)
CN (1) CN1717896B (en)
WO (1) WO2004079986A1 (en)

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050273614A1 (en) * 2004-06-07 2005-12-08 Ahuja Ratinder P S Generating signatures over a document
US20060291700A1 (en) * 2005-06-08 2006-12-28 Ogram Mark E Internet signature verification system
US20060294383A1 (en) * 2005-06-28 2006-12-28 Paula Austel Secure data communications in web services
US20070220260A1 (en) * 2006-03-14 2007-09-20 Adobe Systems Incorporated Protecting the integrity of electronically derivative works
US20090144552A1 (en) * 2006-02-08 2009-06-04 Pierre Fort Method of Electronic Archiving, In Particular Remote Archiving, of Documents or Objects
US20090265558A1 (en) * 2007-01-12 2009-10-22 Fujitsu Limited Document verifying apparatus, document verifying method, and computer product
US7657104B2 (en) 2005-11-21 2010-02-02 Mcafee, Inc. Identifying image type in a capture system
US7689614B2 (en) 2006-05-22 2010-03-30 Mcafee, Inc. Query generation for a capture system
US7730011B1 (en) 2005-10-19 2010-06-01 Mcafee, Inc. Attributes of captured objects in a capture system
US7774604B2 (en) 2003-12-10 2010-08-10 Mcafee, Inc. Verifying captured objects before presentation
US20100246547A1 (en) * 2009-03-26 2010-09-30 Samsung Electronics Co., Ltd. Antenna selecting apparatus and method in wireless communication system
US7814327B2 (en) 2003-12-10 2010-10-12 Mcafee, Inc. Document registration
US7818326B2 (en) 2005-08-31 2010-10-19 Mcafee, Inc. System and method for word indexing in a capture system and querying thereof
US7899828B2 (en) 2003-12-10 2011-03-01 Mcafee, Inc. Tag data structure for maintaining relational data over captured objects
US7907608B2 (en) 2005-08-12 2011-03-15 Mcafee, Inc. High speed packet capture
US7930540B2 (en) 2004-01-22 2011-04-19 Mcafee, Inc. Cryptographic policy enforcement
US7949849B2 (en) 2004-08-24 2011-05-24 Mcafee, Inc. File system for a capture system
US7958227B2 (en) 2006-05-22 2011-06-07 Mcafee, Inc. Attributes of captured objects in a capture system
US7962591B2 (en) 2004-06-23 2011-06-14 Mcafee, Inc. Object classification in a capture system
US7984175B2 (en) 2003-12-10 2011-07-19 Mcafee, Inc. Method and apparatus for data capture and analysis system
US8010689B2 (en) 2006-05-22 2011-08-30 Mcafee, Inc. Locational tagging in a capture system
US8205242B2 (en) 2008-07-10 2012-06-19 Mcafee, Inc. System and method for data mining and security policy management
US8447722B1 (en) 2009-03-25 2013-05-21 Mcafee, Inc. System and method for data mining and security policy management
US8473442B1 (en) 2009-02-25 2013-06-25 Mcafee, Inc. System and method for intelligent state management
US8479006B2 (en) 2008-06-20 2013-07-02 Microsoft Corporation Digitally signing documents using identity context information
US8504537B2 (en) 2006-03-24 2013-08-06 Mcafee, Inc. Signature distribution in a document registration system
US8548170B2 (en) 2003-12-10 2013-10-01 Mcafee, Inc. Document de-registration
US8560534B2 (en) 2004-08-23 2013-10-15 Mcafee, Inc. Database for a capture system
US8656039B2 (en) 2003-12-10 2014-02-18 Mcafee, Inc. Rule parser
US8667121B2 (en) 2009-03-25 2014-03-04 Mcafee, Inc. System and method for managing data and policies
US8700561B2 (en) 2011-12-27 2014-04-15 Mcafee, Inc. System and method for providing data protection workflows in a network environment
US8706709B2 (en) 2009-01-15 2014-04-22 Mcafee, Inc. System and method for intelligent term grouping
US8806615B2 (en) 2010-11-04 2014-08-12 Mcafee, Inc. System and method for protecting specified data combinations
US8850591B2 (en) 2009-01-13 2014-09-30 Mcafee, Inc. System and method for concept building
US9253154B2 (en) 2008-08-12 2016-02-02 Mcafee, Inc. Configuration management for a capture/registration system
US20170054561A1 (en) * 2015-08-17 2017-02-23 The Boeing Company Double authenitication system for electronically signed documents

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2618135C (en) 2005-08-09 2014-10-28 Nexsan Technologies Canada Inc. Data archiving system
JP5105291B2 (en) * 2009-11-13 2012-12-26 セイコーインスツル株式会社 Long-term signature server, long-term signature terminal, long-term signature terminal program
CN101834726A (en) * 2010-03-19 2010-09-15 广州广大通电子科技有限公司 Safe encryption method based on bi-dimensional codes
JP5700423B2 (en) * 2011-02-23 2015-04-15 セイコーインスツル株式会社 Long-term signature terminal, long term signature server, long-term signature terminal program, and long-term signature server program

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6367013B1 (en) * 1995-01-17 2002-04-02 Eoriginal Inc. System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US6785815B1 (en) * 1999-06-08 2004-08-31 Intertrust Technologies Corp. Methods and systems for encoding and protecting data using digital signature and watermarking techniques
US6898709B1 (en) * 1999-07-02 2005-05-24 Time Certain Llc Personal computer system and methods for proving dates in digital data files

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5297206A (en) * 1992-03-19 1994-03-22 Orton Glenn A Cryptographic method for communication and electronic signatures
US5422953A (en) * 1993-05-05 1995-06-06 Fischer; Addison M. Personal date/time notary device
US6408388B1 (en) * 1993-05-05 2002-06-18 Addison M. Fischer Personal date/time notary device
US5825880A (en) * 1994-01-13 1998-10-20 Sudia; Frank W. Multi-step digital signature method and system
US5748738A (en) 1995-01-17 1998-05-05 Document Authentication Systems, Inc. System and method for electronic transmission, storage and retrieval of authenticated documents
DE69638307D1 (en) * 1995-06-05 2011-01-27 Cqrcert Llc Method and device for digital signature in several steps
CA2228185C (en) * 1997-01-31 2007-11-06 Certicom Corp. Verification protocol
US6131162A (en) * 1997-06-05 2000-10-10 Hitachi Ltd. Digital data authentication method
US6584565B1 (en) * 1997-07-15 2003-06-24 Hewlett-Packard Development Company, L.P. Method and apparatus for long term verification of digital signatures
GB9901127D0 (en) * 1999-01-20 1999-03-10 Hewlett Packard Co Provision of trusted services
US7194620B1 (en) * 1999-09-24 2007-03-20 Verizon Business Global Llc Method for real-time data authentication
US7315948B1 (en) * 1999-12-10 2008-01-01 International Business Machines Corporation Time stamping method employing a separate ticket and stub
DE10057203C1 (en) * 2000-11-17 2002-06-06 Cv Cryptovision Gmbh Digital signal value calculation method for cryptography calculates scalar product from natural number and point along elliptical curve
CA2329590C (en) * 2000-12-27 2012-06-26 Certicom Corp. Method of public key generation
EP1366595A2 (en) * 2001-02-14 2003-12-03 Scientific Generics Limited Data processing apparatus and method
GB2372597B (en) 2001-02-27 2005-08-10 Hewlett Packard Co Device and method for data timestamping
US7020645B2 (en) * 2001-04-19 2006-03-28 Eoriginal, Inc. Systems and methods for state-less authentication
US7269730B2 (en) * 2002-04-18 2007-09-11 Nokia Corporation Method and apparatus for providing peer authentication for an internet key exchange
US7814327B2 (en) * 2003-12-10 2010-10-12 Mcafee, Inc. Document registration
JP4034743B2 (en) * 2004-01-23 2008-01-16 株式会社東芝 Multisignature method, apparatus, program and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6367013B1 (en) * 1995-01-17 2002-04-02 Eoriginal Inc. System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US6785815B1 (en) * 1999-06-08 2004-08-31 Intertrust Technologies Corp. Methods and systems for encoding and protecting data using digital signature and watermarking techniques
US6898709B1 (en) * 1999-07-02 2005-05-24 Time Certain Llc Personal computer system and methods for proving dates in digital data files

Cited By (63)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7774604B2 (en) 2003-12-10 2010-08-10 Mcafee, Inc. Verifying captured objects before presentation
US8166307B2 (en) 2003-12-10 2012-04-24 McAffee, Inc. Document registration
US8548170B2 (en) 2003-12-10 2013-10-01 Mcafee, Inc. Document de-registration
US9374225B2 (en) 2003-12-10 2016-06-21 Mcafee, Inc. Document de-registration
US7984175B2 (en) 2003-12-10 2011-07-19 Mcafee, Inc. Method and apparatus for data capture and analysis system
US8656039B2 (en) 2003-12-10 2014-02-18 Mcafee, Inc. Rule parser
US9092471B2 (en) 2003-12-10 2015-07-28 Mcafee, Inc. Rule parser
US7899828B2 (en) 2003-12-10 2011-03-01 Mcafee, Inc. Tag data structure for maintaining relational data over captured objects
US8762386B2 (en) 2003-12-10 2014-06-24 Mcafee, Inc. Method and apparatus for data capture and analysis system
US7814327B2 (en) 2003-12-10 2010-10-12 Mcafee, Inc. Document registration
US8301635B2 (en) 2003-12-10 2012-10-30 Mcafee, Inc. Tag data structure for maintaining relational data over captured objects
US8271794B2 (en) 2003-12-10 2012-09-18 Mcafee, Inc. Verifying captured objects before presentation
US7930540B2 (en) 2004-01-22 2011-04-19 Mcafee, Inc. Cryptographic policy enforcement
US8307206B2 (en) 2004-01-22 2012-11-06 Mcafee, Inc. Cryptographic policy enforcement
US20050273614A1 (en) * 2004-06-07 2005-12-08 Ahuja Ratinder P S Generating signatures over a document
US7434058B2 (en) * 2004-06-07 2008-10-07 Reconnex Corporation Generating signatures over a document
US7962591B2 (en) 2004-06-23 2011-06-14 Mcafee, Inc. Object classification in a capture system
US8560534B2 (en) 2004-08-23 2013-10-15 Mcafee, Inc. Database for a capture system
US7949849B2 (en) 2004-08-24 2011-05-24 Mcafee, Inc. File system for a capture system
US8707008B2 (en) 2004-08-24 2014-04-22 Mcafee, Inc. File system for a capture system
US20060291700A1 (en) * 2005-06-08 2006-12-28 Ogram Mark E Internet signature verification system
US20060294383A1 (en) * 2005-06-28 2006-12-28 Paula Austel Secure data communications in web services
US7907608B2 (en) 2005-08-12 2011-03-15 Mcafee, Inc. High speed packet capture
US8730955B2 (en) 2005-08-12 2014-05-20 Mcafee, Inc. High speed packet capture
US8554774B2 (en) 2005-08-31 2013-10-08 Mcafee, Inc. System and method for word indexing in a capture system and querying thereof
US7818326B2 (en) 2005-08-31 2010-10-19 Mcafee, Inc. System and method for word indexing in a capture system and querying thereof
US8463800B2 (en) 2005-10-19 2013-06-11 Mcafee, Inc. Attributes of captured objects in a capture system
US7730011B1 (en) 2005-10-19 2010-06-01 Mcafee, Inc. Attributes of captured objects in a capture system
US8176049B2 (en) 2005-10-19 2012-05-08 Mcafee Inc. Attributes of captured objects in a capture system
US7657104B2 (en) 2005-11-21 2010-02-02 Mcafee, Inc. Identifying image type in a capture system
US8200026B2 (en) 2005-11-21 2012-06-12 Mcafee, Inc. Identifying image type in a capture system
US20090144552A1 (en) * 2006-02-08 2009-06-04 Pierre Fort Method of Electronic Archiving, In Particular Remote Archiving, of Documents or Objects
US20070220260A1 (en) * 2006-03-14 2007-09-20 Adobe Systems Incorporated Protecting the integrity of electronically derivative works
US8504537B2 (en) 2006-03-24 2013-08-06 Mcafee, Inc. Signature distribution in a document registration system
US8307007B2 (en) 2006-05-22 2012-11-06 Mcafee, Inc. Query generation for a capture system
US8010689B2 (en) 2006-05-22 2011-08-30 Mcafee, Inc. Locational tagging in a capture system
US9094338B2 (en) 2006-05-22 2015-07-28 Mcafee, Inc. Attributes of captured objects in a capture system
US8005863B2 (en) 2006-05-22 2011-08-23 Mcafee, Inc. Query generation for a capture system
US7958227B2 (en) 2006-05-22 2011-06-07 Mcafee, Inc. Attributes of captured objects in a capture system
US7689614B2 (en) 2006-05-22 2010-03-30 Mcafee, Inc. Query generation for a capture system
US8683035B2 (en) 2006-05-22 2014-03-25 Mcafee, Inc. Attributes of captured objects in a capture system
US8719578B2 (en) * 2007-01-12 2014-05-06 Fujitsu Limited Document verifying apparatus, document verifying method, and computer product
US20090265558A1 (en) * 2007-01-12 2009-10-22 Fujitsu Limited Document verifying apparatus, document verifying method, and computer product
US8479006B2 (en) 2008-06-20 2013-07-02 Microsoft Corporation Digitally signing documents using identity context information
US8601537B2 (en) 2008-07-10 2013-12-03 Mcafee, Inc. System and method for data mining and security policy management
US8205242B2 (en) 2008-07-10 2012-06-19 Mcafee, Inc. System and method for data mining and security policy management
US8635706B2 (en) 2008-07-10 2014-01-21 Mcafee, Inc. System and method for data mining and security policy management
US9253154B2 (en) 2008-08-12 2016-02-02 Mcafee, Inc. Configuration management for a capture/registration system
US8850591B2 (en) 2009-01-13 2014-09-30 Mcafee, Inc. System and method for concept building
US8706709B2 (en) 2009-01-15 2014-04-22 Mcafee, Inc. System and method for intelligent term grouping
US9602548B2 (en) 2009-02-25 2017-03-21 Mcafee, Inc. System and method for intelligent state management
US8473442B1 (en) 2009-02-25 2013-06-25 Mcafee, Inc. System and method for intelligent state management
US9195937B2 (en) 2009-02-25 2015-11-24 Mcafee, Inc. System and method for intelligent state management
US8918359B2 (en) 2009-03-25 2014-12-23 Mcafee, Inc. System and method for data mining and security policy management
US8447722B1 (en) 2009-03-25 2013-05-21 Mcafee, Inc. System and method for data mining and security policy management
US9313232B2 (en) 2009-03-25 2016-04-12 Mcafee, Inc. System and method for data mining and security policy management
US8667121B2 (en) 2009-03-25 2014-03-04 Mcafee, Inc. System and method for managing data and policies
US20100246547A1 (en) * 2009-03-26 2010-09-30 Samsung Electronics Co., Ltd. Antenna selecting apparatus and method in wireless communication system
US8806615B2 (en) 2010-11-04 2014-08-12 Mcafee, Inc. System and method for protecting specified data combinations
US9794254B2 (en) 2010-11-04 2017-10-17 Mcafee, Inc. System and method for protecting specified data combinations
US9430564B2 (en) 2011-12-27 2016-08-30 Mcafee, Inc. System and method for providing data protection workflows in a network environment
US8700561B2 (en) 2011-12-27 2014-04-15 Mcafee, Inc. System and method for providing data protection workflows in a network environment
US20170054561A1 (en) * 2015-08-17 2017-02-23 The Boeing Company Double authenitication system for electronically signed documents

Also Published As

Publication number Publication date Type
WO2004079986A1 (en) 2004-09-16 application
EP1599965B1 (en) 2015-02-11 grant
CN1717896B (en) 2010-06-30 grant
KR20060006770A (en) 2006-01-19 application
CN1717896A (en) 2006-01-04 application
US8271791B2 (en) 2012-09-18 grant
US20090327732A1 (en) 2009-12-31 application
EP1599965A1 (en) 2005-11-30 application

Similar Documents

Publication Publication Date Title
US6925182B1 (en) Administration and utilization of private keys in a networked environment
US5872848A (en) Method and apparatus for witnessed authentication of electronic documents
US5825880A (en) Multi-step digital signature method and system
US6079018A (en) System and method for generating unique secure values for digitally signing documents
US6871276B1 (en) Controlled-content recoverable blinded certificates
US20020004800A1 (en) Electronic notary method and system
US20030120939A1 (en) Upgradeable timestamp mechanism
US6553493B1 (en) Secure mapping and aliasing of private keys used in public key cryptography
US20060095795A1 (en) Document management apparatus and document management method, and storage medium storing program
US20030101348A1 (en) Method and system for determining confidence in a digital transaction
US6981151B1 (en) Digital data storage systems, computers, and data verification methods
US20030233556A1 (en) Method and apparatus for secured digital video and access tracking
US20050138361A1 (en) System and method for generating a digital certificate
US20040250076A1 (en) Personal authentication device and system and method thereof
US6035398A (en) Cryptographic key generation using biometric data
US20050188202A1 (en) Token provisioning
US20020023220A1 (en) Distributed information system and protocol for affixing electronic signatures and authenticating documents
Lee et al. A cryptographic key management solution for HIPAA privacy/security regulations
US6301660B1 (en) Computer system for protecting a file and a method for protecting a file
US20050169461A1 (en) Method and device for anonymous signature with a shared private key
US20040064708A1 (en) Zero administrative interventions accounts
US20090164796A1 (en) Anonymous biometric tokens
US20020141575A1 (en) Method and apparatus for secure cryptographic key generation, certification and use
US6381696B1 (en) Method and system for transient key digital time stamps
US7000118B1 (en) Asymmetric system and method for tamper-proof storage of an audit trial for a database

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BUHLER, PETER;KURSAWE, KLAUS;MAEDER, ROMAN;AND OTHERS;REEL/FRAME:017880/0734;SIGNING DATES FROM 20051208 TO 20060626