Method and apparatus for self-authenticating digital records
First Claim
1. A self-authenticating digital document comprising:
- a digital document;
a digital signature, wherein the digital signature was generated from the document using a digital key;
certificate chain data, where certificate chain data is a subset of a chain of m+1 digital certificates issued by m certification authorities, wherein m≧
1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
j≦
m+1, a jth level certificate is signed by a digital certificate key corresponding to the (j−
1)th certificate in the chain. certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and
digital timestamp data, wherein timestamp data is generated by applying at least one secure digital timestamp to at least one record comprising at least one of the digital document, digital signature, chain data, and revocation information.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for proving the validity of a digital document digitally signed using a digital key that corresponds to a digital certificate in a chain of digital certificates issued by certification authorities within a hierarchy of certification authorities. At least one secure digital time stamp is applied to at least one record comprising the digital document, the digital signature, certificate chain data, and information relating to the revocation of certificates by certification authorities within the certificate chain. If, at some later time, one or more digital certificates either expire or are revoked, the timestamp serves as evidence of the integrity of the signed digital document.
-
Citations
20 Claims
-
1. A self-authenticating digital document comprising:
-
a digital document;
a digital signature, wherein the digital signature was generated from the document using a digital key;
certificate chain data, where certificate chain data is a subset of a chain of m+1 digital certificates issued by m certification authorities, wherein m≧
1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
j≦
m+1, a jth level certificate is signed by a digital certificate key corresponding to the (j−
1)th certificate in the chain.certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and
digital timestamp data, wherein timestamp data is generated by applying at least one secure digital timestamp to at least one record comprising at least one of the digital document, digital signature, chain data, and revocation information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 18)
-
-
11. A method of verifying a self-authenticating digital document, wherein the digital document comprises a document;
- a digital signature, wherein the digital signature was generated from the document using a digital key;
chain data, where chain data is a subset of a chain of m digital certificates issued by m+1 certification authorities, wherein m≧
1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
j≦
m+1, a jth level certificate is signed by the digital certificate key corresponding to a (j−
1)th certificate in the chain;
certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and
digital timestamp data, wherein timestamp data is generated by applying at least one secure digital timestamp to at least one record comprising at least one of the document, the digital signature, the chain data, and the revocation information; and
wherein the method comprises;
validating the digital signature;
validating the certificate chain data;
validating that at the time the digital signature was generated, a digital certificate in the chain data had not expired or been revoked; and
validating the timestamp data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 19, 20)
- a digital signature, wherein the digital signature was generated from the document using a digital key;
Specification