Paper documents are the traditional credentials for both parties to communicate and agree on people in commerce and other transactions. Financial and real estate transactions are protected by paper-based oversight. The use of signatures and security papers (e.g., pre-printed checks) facilitates the detection of unauthorized alteration of commercial transaction information. Important documents also require "third-person" surveillance, i.e. signing and stamping of notarization by notary.
However, the trading method has changed significantly and is still evolving. This most obviously appears to be the replacement of communications using paper documents with electronic communications. There is no "due care" supervision employed in communicating with paper documents in conventional electronic transactions. Standard electronic communications over open systems do not have the ability to provide authentication, privacy, and integrity of the communicated information. Wherein "authenticatable" means verification of identity of a signature of a document; "confidentiality" means protecting the contents of a file from unauthorized viewing; by "integrity" is meant that any changes to the contents of the file can be checked.
When communicating by means of electronically reproduced information, such as e-mail, fax, images, electronic data exchange or electronic money transfer, no signature or seal can be used to authenticate the identity of the sender. Traditional legal methods of verifying the identity of the issuer of a document, such as personal presence, ink signatures, testimonials or notarization, are not possible.
Unfortunately, with the continued development of computer and communication technologies, the methods of intercepting and altering electronically transmitted information have become increasingly complex, including the phenomenon of an increasing flood of distant intrusions into computer systems over communication links.
Some methods of providing secure electronic transaction techniques through encryption provide a user with a verification mechanism for the verifiability or confidentiality of electronically transmitted documents, but such verification mechanisms are controlled by the user and do not have non-repudiatable efficacy. In some cases the use of passwords for security purposes helps to check file changes, preserving file integrity. This is not always the case and in practice it is often necessary to provide other mechanisms to ensure integrity. Currently, there is no distributed electronic document authentication system that can provide authentication in combination with writing or printing devices in a form that cannot be repudiated. Although many attempts have been made to disclose, no commercial system currently exists that can provide electronic document verification based on digital signatures with non-repudiation capability. See, e.g., D.Chaum, "Achieving Electronic Privacy",ScientificAmerican,vol.247,no.8,pp96-101(8.1992);C.R.Merrill,“Cryptography for Commerce Beyond Clipper”,The Data LawReportvol.2, No.2, ppl, 4-11 (Sep.1994). Since the promulgation of the Data Encryption Standard (DES), government agencies or other standard-making organizations have not or cannot make universal standards (i.e., such as encryption strength, methods, etc.) acceptable for commercial transactions. The technology described in this application has sufficient security to be synergistic and fully equivalent to that required to support conventional commercial transactions.
The applicant's Document Authentication System (DAS) provides the required security and protection for electronic transport. More importantly for commercial and financial institutions, the DAS of the present applicant envisages the risks and liability of document authentication. The DAS of the applicant employs an asymmetric cryptographic system, known as a public key system, to ensure that the original document issuer can be electronically authenticated.
Various aspects relating to Public Key Cryptography (PKC) systems are described in the following, including "A Method for organizing digital signatures and Public-Key cryptography" by R.L.Rives et al,Communications ofthe ACM,vol.21,pp120-126(Feb.1978);M.E.Hellman,“TheMathematics of Public-Key Cryptography”,ScientificAmericanvol.234, No.8, pp.146-152, 154-157 (aug.1979); and W.Diffie, "The First Ten Yeast of Public-KeyCryptographic",Proceedings of the IEEEvol.76, pp.560-577(May 1988). Existing PKC systems apply the principle: finding large prime numbers is computationally easy, but decomposing a number into the product of two large prime numbers is computationally difficult. The PKC system is an asymmetric encryption system in the sense that it applies two keys, one for encryption and one for decryption. Asymmetric systems are based on the principle that one key (public key) is known and the second key (private key) cannot be deduced from this. Thus, the PKC system allows the user's public key to be known to the public (e.g., through a registry or a bulletin board) without posing a threat to the user's private key. This common key concept simplifies the key distribution approach.
Besides the PKC method, other encryption methods are symmetric algorithms. An example of such a method is the Data Encryption Standard (DES), which is disclosed in the following documents:Data EncrytionStanardfederal Information Processing Standards Publication46(1977) ("FIPS PUB 46", reissued as FIPS PUB 46-1 (1988)), and issued by the U.S. department of commerceDES Modes of OperrationFIPS PUB81 (1980). See also, diffie et al, written: privacy and Authentication: an Introduction to Cryptography,Proc.IEEEVol.67, pp/397-427 (Mar.1979). Generally, a symmetric encryption system is a set of instructions implemented in hardware, software, or a combination of hardware and software that can transform plaintext (unencrypted information) into ciphertext, or vice versa, in a variety of ways, using a special cipher known to the user, but unknown to others.
Whether a symmetric system or a PKC system, the security of information depends to a large extent on the length of the key, as described below, c.e. shannon, "Communication theryof security Systems",Bell Sys.Tech.J,vol.28,pp656-715(Oct.1949)。
summary of The Invention
These and other objects and advantages are achieved by a Document Authentication System (DAS) of the present invention, the DAS including means for authenticating an issuer of an electronic document, providing non-revocable certification of the integrity of transmission of the electronic document, and means for preventing the issuer of the document from being repudiated as the issuer of the document, i.e., having non-repudiation capability.
According to one aspect of the invention, a method of authenticating an electronic document comprises the steps of: signing said electronic document using the digital signature of the sender; attaching a certificate to said electronic document by said sender; validating said sender's digital signature and certificate. The certificate may include information indicating the identity of the transmitter, a public key, and a predetermined token.
The signing step may comprise the steps of: a hash function is performed on the electronic file to determine a digest, which is encrypted with the secret key of the sender. The step of validating the digital signature comprises the steps of: decrypting the digest with the sender's public key, performing the hash function on the electronic file to determine a second digest, and comparing the decrypted digest with the second digest.
The method further comprises the step of date stamping and time stamping the electronic document. The date stamp and the time stamp may be added before or after the digital signature and the certificate of use of the electronic document are validated. The method further comprises the step of signing said electronic document with a second digital signature.
According to another aspect of the present invention, an apparatus for authenticating an electronic document comprises means for signing said electronic document with a digital signature of a sender; means for attaching a certificate to said electronic document; and means for validating said digital signature and certificate. The certificate may include information indicating the identity of the transmitter, a public key, and a predetermined token.
The signing means may comprise means for performing a hash function on the electronic document to determine a digest and means for encrypting the digest using the secret key of the sender. Said validating means comprises means for decrypting said digest using the public key of the sender, means for performing a hash function on said electronic file to determine a second digest, and means for comparing the decrypted digest with said second digest.
The apparatus may further comprise means for date stamping and time stamping the electronic document. The date stamp and time stamp may be added before or after the digital signature and electronic document have been validated using the certificate. The apparatus may further include means for signing the electronic document with a second digital signature.
According to yet another aspect of the present invention, an authentication system for electronic document transmission includes a means for digitally encrypting a document; a means for certifying the identity of the document deliverer; a means for generating a public key and a private key; means for signing said electronic document with a digital signature; means for authentically transmitting said electronic document; and a means for authenticating the transmitted electronic file; the system thus ensures the integrity of the transmitted file and the non-repudiation of the file transmitted by the file transferor.
In accordance with yet another aspect of the present invention, a file storage and retrieval system includes a means for securely storing a digitally encrypted electronic file; means for authenticating the electronic file retrieved from the storage means; and means for verifying an authority of an agent requesting the authenticated electronic document; the system is thus able to ensure authentication of electronic files stored in the system and transfer of said electronic files to authorized agents.
According to yet another aspect of the present invention, a method for authenticating an electronically transmitted document includes the steps of: digitally encrypting a file; verifying the identity of the document transferor; generating a public key and a private key; signing said document with a digital signature; -authenticatable transmission of said electronic document; thereby ensuring the integrity of the transmitted file and the non-repudiation of the file transmitted by the file transferor.
According to another aspect of the present invention there is provided a method of authenticating an electronic document, comprising the steps of: signing said electronic document with a first digital signature of a sender; attaching a first certificate to said electronic document, wherein said first certificate relates a key to said sender identity; applying a date stamp and a time stamp to said electronic document; validating a first digital signature and a first certificate of said sender; signing the electronic document with a second digital signature and attaching a second certificate to the electronic document signed with the second digital signature after the first digital signature has been validated, wherein the second certificate associates the key with the second digital signature; and storing, in a device represented by the second digital signature, a document signed with the second digital signature and having a second certificate attached thereto, such that the device assumes control of the document.
According to another aspect of the present invention there is provided an apparatus for authenticating an electronic document, comprising: means for signing said electronic document with a first digital signature of a sender; means for attaching a first certificate to said electronic document, wherein said first certificate relates a key to said sender identity; means for applying a date stamp and a time stamp to said electronic document; means for validating the first digital signature and the first certificate; means for signing said electronic document with a second digital signature, and for attaching a second certificate to said electronic document signed with said second digital signature after said first digital signature has been validated by said means for validating, wherein said second certificate associates a key with said second digital signature; and means, identified by the second digital signature, for storing a document signed with the second digital signature and having a second certificate attached thereto, such that said means for storing assumes control of said document.
According to a further aspect of the present invention there is provided a method of conducting a transaction by transmitting an authenticated information tag having verifiable data tracking characteristics, the method comprising the steps of: signing said message label by a first entity using a first digital signature; attaching, by the first entity, a first certificate to the information object, wherein the first certificate associates at least one identifying characteristic and a key with the first entity; authenticating, by a second entity, the message label signed with the first digital signature and having the first certificate attached thereto to form an authenticated message label, wherein said authenticating step comprises: validating the first digital signature and the first certificate; a date stamp and a time stamp are added on the information label which is signed by the first digital signature and attached with the first certificate; and after said validating and sealing steps, controlling the validated sealed information object by signing said information object with a second digital signature of the second entity, attaching a second certificate to said information object, and storing the information object signed with the second digital signature and sealed with the validated second certificate as the authenticated information object, wherein the second certificate associates at least one identification feature and a key with the second entity; and transmitting the authenticated information object to an entity according to an instruction.
According to another aspect of the present invention there is provided apparatus for conducting a transaction by transmitting an authenticated transaction message having verifiable data tracking characteristics, comprising: first means for signing said information label with a first digital signature by a first entity and attaching a first certificate to said information label by the first entity, wherein the first certificate associates at least one identification feature and a key with the first entity; and an authentication device for authenticating an information object signed with a first digital signature and attached with a first certificate by a second entity to constitute an authenticated object, wherein said authentication device comprises: means for validating the first digital signature and the first certificate; means for applying a date stamp and a time stamp to an information label attached with a first certificate and using a first digital signature; and control means for controlling a validated information label, wherein said control means comprises second means for signing an information label with a second digital signature of a second entity and attaching a second certificate to said information label, and a storage means; wherein said storage means comprises storage space for a validated information object signed with a second digital signature and attached with a second certificate, the validated information object stored in said storage means being transferable in accordance with an instruction, the second certificate relating at least one identification feature and a secret key to the second entity.
Detailed Description
The present invention may be implemented using commercially available computer systems and techniques to create a comprehensive closed system for authenticating electronic documents.
Referring to fig. 1, there is shown a schematic diagram showing the distribution of certification responsibility in applicants' digital certification system which employs a certifying authority by which public/private keys used to encrypt/decrypt and/or digitally sign a document can be delivered to the original issuer of the document using an established, verifiable device. The contents of the certification and certification authorities are disclosed in the above-mentioned article written by c.r.merrill and ITU-t recommendation x.509(1993) | ISO/IEC 9594-8: 1995 information technology open systems interconnection, introduction: a certification authority (including all modifications) incorporated herein by reference. The basic techniques and definitions of proof in this application are based on these documents.
As described below, the public/private key is preferably communicated in the form of a feature carrier, such as an electronic circuit Card (PCMCIA Card or PC Card) compatible with the PC Memory Card Interface Association standard employed in the issuer's computer. Typically the feature carrier is a portable transfer device for transferring the key, or part of the key. It should be understood that PC card is only one form of public/private key transport mechanism in applicants' DAS; other kinds of feature carriers, such as floppy disks and smart cards, may also be used. To ensure reliable delivery, the media may be delivered to the issuer of the document using a service such as a guaranteed express service commonly used to ship confidential information between actors on the air.
Preferably, a pair of public/private keys can be generated on the cards using a variety of commercially available feature carriers with embedded passwords, and the private keys never leave the cards unencrypted. The public key is exported to a certifying authority to include the intended assignee and appropriate user indicia beyond that in a "certificate". The main parts of DAS system assurance include proper functioning of the certification authority, tight coupling of the user identity and token with the public key in the certificate, and reliable transmission of the PC card to the authorized transferee.
According to another aspect of the invention, the public/private key is valid only when it is used in combination with a certificate and personal identification information, such as the assignee's biometric information (e.g., retinal, fingerprint, and voiceprint) or a Personal Identification Number (PIN) assigned to the recipient by a certification authority and transmitted separately from the issuer's card. Any subsequent transmitter of the document that requires signing or encryption of the document is also provided with a respective card and personal identification information.
In fig. 1, the issuer of a document and other subsequent transmitters are referred to as senders, and it is understood that the DAS system identifies a sender by holding the document and using a valid certificate and a valid PIN. In issuing the key and PIN to the transmitter, the DAS system preferably records one or more indicia, or characteristics, of the transmitter in conjunction with the key and PIN. For example, the transmitter may be authorized to only conduct certain types of transactions and/or transactions below a predetermined amount.
The issuance of a digitally signed certificate by a certifying authority ensures the verifiability of the identity of each transmitter of a digitally signed or encrypted document. The certification authority also has the ability to electronically revoke a public/private key, or reissue a public/private key, from a remote location. The certification authority can also support privilege administration based on policies set for the system. For example, a certification authority may set funds or other restrictions on the authorization given to the transmitter by converting the relevant authorization or restrictions into certification attributes. These attributes may be obtained from the certificate and enforced by other parts of the system.
According to an important aspect of the present invention, the DAS is a system that authenticates a document by using digital signature encryption techniques for electronic transmission of the document. As used in this application, "authentication" refers to the verification and verification of the identity of an agent that signed, or transmitted the original document, and to verify that the received encrypted document is the one issued by the agent. DAS uses a certification center to provide audit trails or data trails from signing or encrypting or signing the original behavior of the document to all subsequent transport processes to accommodate applications requiring such capabilities.
The certification authority uses a physical security device, which is a 24-hour security "escrow center", an alarm system, and a "library" construct. In view of its importance, it is desirable that the entire device be controlled by two people, one not having access to a key generation or key management system. All persons involved in key management and electronic file transfer operations have their own credit rating, which is assessed by the most reliable means possible, such as personal interviews, background review, lie detector, etc. Furthermore, the certifying authority manages the execution of procedures that prevent single point failures, requiring cooperation to avoid losses. In this way, a person is prevented from gaining full access to the key generation and key management system.
Another aspect of the DAS authentication of the applicant that differs from previous systems is the use of an integrity word and a date and time "stamp" on each file transferred. Suitable time and date stamps may be provided by the systems described in US-5136646 and US-5136647 to Stuart a. haber and w.s.stonetta, jr., both of which are incorporated herein by reference and are commercially available from surety technologies inc. The integrity word, i.e., digital signature, and date and time stamp applied by the certification authority eliminates the possibility of unauthorized alteration or tampering with the signature after the document was originally signed or approved. The integrity word applied by the certification authority to a file received from a sender is generated using any of the known digital hashing algorithms. This integrity word ensures that the file cannot be altered without being adjacent. Furthermore, it is desirable that the certification authority may provide non-repudiation efficacy using digital signature algorithms, i.e. excluding the possibility that the document is not approved by the issuer. The applicant's solution of combining integrity word, date and time stamp, and data check tracking enables to give notice and proof of persistence for any change or substitution after the initial issuance, even by the issuer of the document.
According to the invention, each transaction and its documents are transmitted from the terminal of the sender to the authentication center for authentication. As described below, the transmitter transmits the file to the transmitter's PCMCIA card in digital form, such as a conventional word processor. Alternatively, a means for digitizing a handwritten signature and adding the digitized signature to the digital file may be provided. This digital file is digitally signed and/or encrypted using a PCMCIA card in the DAS system, and the digitally signed and/or encrypted version is then electronically transmitted to an authentication center (e.g., via a modem or computer network). Other ways of transferring digitally signed or encrypted files may be used (e.g. to deliver a floppy disk containing the file), but the greatest advantage of electronic communication is the rapidity.
The authentication center verifies the identity of the sender and the authenticity of the document and adds a digital signature and a date and time stamp to the document to confirm each transaction in a non-repudiatable manner. A combination of these functions may be used at some future date to conclusively identify the agent that initiated a transaction, in conjunction with the protected data audit trail. In particular, the present invention provides document authentication in a manner that prevents an issuer from denying that the document was originally issued by the issuer and provides an irrevocable proof of authenticity.
The authenticated, digitally signed and/or encrypted file is stored by the third party certificate authority in any convenient form, for example on an optical disc or on a floppy disc. Once a transaction is completed and the digitally signed and/or encrypted document is transmitted to and authenticated by the authentication center, any authorized party to the transaction may enter the authentication center via an electronic device, such as a modem, to obtain or re-transmit an authenticated document. All electronic documents are transmitted from the issuer to the authentication center which provides authentication of the documents as described above and stores the authenticated documents for transmission and representation to authorized parties whose identity and credit are also authenticated by the authentication center. Access authorization may be limited to the level of a file or a group of files.
In accordance with the present invention, the DAS system verifies and ensures that files that have been transmitted, stored, or retrieved have not been altered, either unintentionally or intentionally. Such DAS systems can verify at any stage and at any time that a document is complete, to the very last digit, that is the document that was signed and transmitted by the original issuer, and that the document has not been altered or corrupted in any way. This integrity in combination with the digital signature and date and time stamp enables the DAS system to ensure that a document is not a digest, counterfeit, or replacement for the document originally signed or approved by the document issuer.
Since the issuers of signed and/or encrypted documents, such as loan and mortgage contracts, business papers and other securities, title certificates and leases, etc., should be able to issue transactions that complete them from place to place, the DAS transfers the core of the encryption process to the PCMCIA encryption card that is entrusted to the various authorized transferors. This allows the use of a DAS-capable computer anywhere in a computer network or connected to an authentication center alone. As described above, the encryption card and certificate are issued and regulated by a certification authority. The certificate can be further controlled by including a "expiration" data field, which allows the sender certificate to be periodically replaced if needed. It will be appreciated that such a certificate includes many such data segments in accordance with the x.509 standard, but only those data segments are described in this application as being useful for understanding the present invention.
Fig. 2 generally illustrates various functions related to file transfer and protection in a DAS system. The left column is the function of the PC card of the transmitter; the middle column is the other functions performed by the sender's transmission device; the right column is the function of the DAS system. Figure 3 schematically shows the interconnection between three transmitter terminals and one service subsystem and a backup subsystem of a certificate authority in a DAS architecture. FIG. 4 is a block diagram illustrating the functional relationship between a sender and an authentication center.
The encryption card includes components such as a microprocessor and electronic memory to perform the various steps of the PKC algorithm as well as a symmetric encryption algorithm such as DES. But such cards should also be tamper-resistant, which can be achieved by designing them to remove critical parts and/or algorithms on which any intrusion or alteration attempts depend. The national standards and technology bureau has licensed to ensure that cryptographic card vendors for DAS systems implement these authentication requirements.
According to the invention, each transaction and its file are authenticated using a public key contained in the sender's certificate. Private, signature, and/or integrity devices and software are commercially available from a number of companies, including RSA Data Security inc; public key Pratners; surety Technologies, inc; ascom Tech AG, Switzland; national Semiconductor; northern Telecom ltd.; and Spyrus.
The authentication center re-signs the transaction document with its own key in a non-repudiatable manner. The agent, employee, or merchant (transmitter) that originally made a particular transaction may be certified at some future date using a combination of the transmitter and certificate authority signature in combination with protected data audit trails. Further, the notarization support function may be implemented as follows.
Employees or agents signed up at the terminal of the transmitter are protected by the pin information and encryption features in the encryption card held by the transmitter. The combination of these controls enables the agent or employee to be uniquely identified, thereby enabling the DAS system to operate. In addition, agent or employee authorization and branding information may be stored in the certificate or PCMCIA card in the protected or approved form described above. The DAS system uses this information in conjunction with the PIN to set limits on privileges, access, transaction volume, and fund volume.
DAS systems have the ability to generate distribution validation using undeniable "signatures". This scheme uses the PKC to reduce key management costs and to provide non-repudiatable digital signatures for all documents and transaction records. As described above, encryption is used to provide privacy protection for the PIN and other transaction detail information. These control functions of the DAS system are generally represented in fig. 5.
Furthermore, DAS systems are compatible with the full range of modern distributed, and client/server transaction-based applications. It can operate over LANs, WANs, and dial-up networks. Preferably, the DAS system utilizes modern database tools so that the server can use a correlation technique with SQL interface (e.g., SYBASE).
The DAS system may use various tools based on the following techniques. Such a security architecture can distribute responsibility on an undeniable basis through the use of approved industry standards. In particular, certification may be performed using ANSI X9.9 and X9.19 standards, which are incorporated by reference herein. The DES may be used to encrypt the file and the triple encryption protection key cipher may be used. Financial institution retail key management methods may be adapted to the security system using ANSI X9.24 standard conversational key management schemes, which are incorporated herein by reference.
According to one aspect of the invention, files, transaction records, and other information may be protected using ANSI standard encryption techniques. The PIN may be encrypted with DES; the selected portion of information may be authenticated using the method defined in ANSIX9.9, financial institution information authentication (wholesale); the encryption key management may be in accordance with ANSI X9.17, financial institution key management (wholesale), which is incorporated by reference in this application. Techniques implemented in accordance with these standards may prevent the integrity of transaction records from being spoofed and transformed.
As shown in fig. 4, the issuer or other transferor of the electronic file may run the DAS system using a conventional 486 desktop or laptop computer equipped with a DAS encryption subsystem (PCMCIA card) and optionally an electronic digital signature pad for personally signing the file. The DAS does not require a hand-held device since it is sufficient to perform a digital signature on the document. Currently, however, the parties to a loan or other commercial transaction require the receipt of a laser-printed copy of a manually-signed document. Other components and software typically provided on the sender's terminal include a communications subsystem for transmitting encrypted or digitally signed files to an authentication center over a modem telephone line or other suitable communications link, a PCMCIA card interface, an information processor, input/output interfaces, and multiple information input devices.
Preferably, the authentication center acts as a server subsystem, an encrypted backup subsystem, and storage. As part of the server subsystem, which may be implemented using a 486 computer running under the UNIX operating system, the terminal communication subsystem includes a multi-port controller (see also fig. 3) that handles communications with the sender's terminal. Also provided in the server subsystem is an encryption key management subsystem, a backup subsystem, a relational database management system, input/output interfaces (I/O), system management, and audit subsystem. The PCMCIA card and backup communications subsystem are connected to the backup subsystem described above and may be implemented using a 486 computer running under the DOS operating system. The storage communication subsystem is connected with the file storage device.
Such DAS systems also allow for "notary" auxiliary support functions. This allows a third party to be present with an encrypted card when signing documents, which further ensures that both parties signing or approving the signed document are legitimate agents. This additional notarization functionality is not necessary, but helps to further authenticate the identity of the agent.
Fig. 6a and 6b schematically illustrate typical application of the DAS system in the financial mortgage industry, where a lending real estate company/exchange clearing house acts as the transmitter. At step 1, the certification authority completes the password generation and issues a PCMCIA card to an authorized agent for file transfer and establishment of legal data tracking. Agents, which are not usually natural persons, but commercial or financial institutions such as banks/mortgages and a real estate company/transaction clearing house, transmit and receive documents through electronic devices. At step 2, the bank/mortgage company loads and electronically transmits the loan documents to the authentication center, which transmits the documents to the real estate company/transaction clearing house after adding the integrity word and date and time stamp to the documents. The certification authority transmits the certified loan document to the real estate company/transaction clearing house at step 3.
At step 4, the real estate company/transaction clearing house digitally signs the document thereon by the house purchaser/house property owner. At step 5, the real estate company/transaction clearing house provides the house buyer/house property owner a "hard copy" of the signature file. At step 6 the real estate company/transaction clearing house transmits the document to the authentication center, which adds integrity words and date and time stamps to the signed document, transmits the document to the bank/mortgage company, and stores the document. Whenever banks/mortgages require copies of authenticated documents, they can retrieve the document online from the certificate authority memory.
In step 7, the bank/mortgage company transmits the certified document transmitted from the certification authority to a secondary market mortgage bank/investor. Whenever the investor needs certified documents, they are available from the certification authority via online retrieval, step 8.
FIG. 7 further illustrates an example of a documentation program of the present invention. In a first step, an electronic document is designed or drafted, such as an agreement between two factories as shown in fig. 7 regarding the manufacture of a product. This electronic file is provided to a sender terminal, which is shown in the figure as a portable computer equipped with an authorized PC card, and a writing board for handwritten signature, which can be arbitrarily selected. The typical configuration of the sender's terminal should be at least equivalent to that of a 386 desktop or laptop computer, with a higher image resolution, a PC card reader, and a tablet for hand signing. As shown in fig. 7, the electronic file is displayed on the terminal, and the file may be created locally or remotely.
In a second step, both parties to the agreement sign their handwritten signatures on the document using the writing tablet. These signatures are captured and inserted into the appropriate locations of the electronic file. After all agents have been signed on the document, the sender adds their digital signature to the document using the PC card to complete the signing step and attaches his or her certificate.
If an original paper document is desired, the electronic document is first printed out. And then placing the paper file on a writing board, and placing a terminal cursor at a corresponding position of the electronic file. In this way, a handwritten signature can be obtained and transmitted during the actual paper document signing process. Thus, the electronic document is an accurate twin of a paper document.
After the local attestation, the sender transmits the electronic file to the authentication center in a third step of the program. Preferably, the authentication center has a large capacity system server computer with sufficient storage and backup capability to be a secure and highly reliable device. The authentication center has independent digital signature capability, one or more PC cards, and an accurate time reference.
When an electronic document is received, the authenticity and authority of the sender is authenticated by the authentication center (step 4). If authenticated, a time stamp and date stamp are added to the electronic document by the authentication center (step 5), digitally signed (step 6), logged in (step 7), and stored. The authenticated copy of the electronic document is then distributed according to the instructions of a legitimate agent, such as a beneficiary (owner) specified by the document.
The authentication center maintains all transactions, such as requests for copies, etc., and electronic files and work records, or history, associated therewith. It will be appreciated that such a working record is useful for many management functions, which have a positive effect on the application of the system. For example, the work record facilitates the confirmation of subsequent electronic submissions related to a transaction and helps in the definition of responsibility for the certification authority. In addition, such work records are useful as documentation evidence.
The authentication center also controls the reading of the file according to the authorization instruction of the owner of the file. Such authorization instructions may be updated or modified to coincide with changes in ownership (e.g., transfer) of the file.
Fig. 8 shows a procedure for digitally signing an electronic document, more precisely, as an "informational sign", using a hash function. In general, a hash function is a true one-way cryptographic function that computes the length of the information object to be protected. This hash function generates a "digest" in such a way that no two different information objects generate the same digest. This hash function is a very good integrity check tool because even a single bit change in the information label will result in a different digest.
According to the invention, the digest is encrypted using the signer's key, thereby generating the digital signature of the signer. This combination of hash function and password ensures the integrity of the system (i.e., the ability to check for modifications) and the signing ability (i.e., the ability to validate the signer, or responsible party). A digital signature (encrypted digest) is attached to the readable label (see steps 2 and 6 in fig. 7).
Of the many different hash functions known, those currently believed to be used in the circuitry sold by the vendors identified above, the MD4 and MD5 hash functions, and the us government promulgated secure hash algorithms, are suitable for use in the DAS system of the present invention. Of course, other hash functions may become available over time.
The steps of signing an electronic document (steps 2 and 6 shown in fig. 7) and validating a digital signature (step 4 shown in fig. 7) are further shown in fig. 9. The electronic document has attached to it one or more digital signatures created using a signing algorithm and the signer's key, as described with reference to figure 8, and the signer's certificate. As described above, each such certificate contains the identity of the signer, the public signing/verification key of the signer, predetermined collateral information about the signer, and a digitally signed certificate digest. The format of the relevant portion of such a certificate, in accordance with the x.509 recommendation, as employed by the user or certifying authority is shown in fig. 10.
The signature validation step includes the steps of decrypting a digest attached to the file, re-hashing the file to produce another digest, and comparing the resulting digest with the decrypted digest, which are typically, but not necessarily, performed by the authentication center. The public signature/verification key found in the certificate signed by the certifying body and attached to the document is used to decrypt the attached digest. If the two digest values match, it can be concluded that the identity of the person in the certificate is the issuer of the document, or other informational object, and the integrity of the document is both assured and guaranteed. The certificate authority certifies this result with its own digital signature of the document.
As shown in fig. 11, the user's (sender) or certificate authority preferably digitally signs the certificate with substantially the same digital signature of the electronic document, except that the certificate is generated by signing in a manner specifically authorized by the certificate authority. Validating the digital signature of a document includes validating the public signatures of all certification authorities on the telecommunication path between the document issuer and the administrative authority, which is the highest certification authority. The signatures of these certifying agencies are loaded on the issuer's PC card and attached to a document made using the PC card.
As shown in FIG. 12, the path from the document issuer to the authority may be considered part of an authentication tree structure. The issuer (user) certificate is digitally signed by a certifying authority whose own certificate (CA certificate) is issued by a regulatory authority. Since there may be many certification authorities located on different branches of the certification tree structure, it is only necessary to retrieve all certification authority certificates along these branches until a common node is encountered, to certify the digital signature of a unit on a different branch of a certification tree structure, and to verify the certification results of all certificates up to the common node.
It should be noted that the description and drawings herein are merely exemplary and that those skilled in the art will recognize that many changes may be made thereto without departing from the spirit or scope of the present invention, which is limited only by the appended claims.