Method and apparatus for self-authenticating digital records

US 20060200661A1
Filed: 03/20/2006
Published: 09/07/2006
Est. Priority Date: 05/16/2000
Status: Active Grant

First Claim

Patent Images

1. A self-authenticating digital document comprising:

a digital document;

a digital signature, wherein the digital signature was generated from the document using a digital key;

certificate chain data, where certificate chain data is a subset of a chain of m+1 digital certificates issued by m certification authorities, wherein m≧

1, wherein the chain comprises a self-signed 1^st(root) level certificate, k intermediate level certificates, and an (m+1)^th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<

j≦

m+1, a j^thlevel certificate is signed by a digital certificate key corresponding to the (j−

1)^thcertificate in the chain. certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and

digital timestamp data, wherein timestamp data is generated by applying at least one secure digital timestamp to at least one record comprising at least one of the digital document, digital signature, chain data, and revocation information.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for proving the validity of a digital document digitally signed using a digital key that corresponds to a digital certificate in a chain of digital certificates issued by certification authorities within a hierarchy of certification authorities. At least one secure digital time stamp is applied to at least one record comprising the digital document, the digital signature, certificate chain data, and information relating to the revocation of certificates by certification authorities within the certificate chain. If, at some later time, one or more digital certificates either expire or are revoked, the timestamp serves as evidence of the integrity of the signed digital document.

28 Citations

View as Search Results

20 Claims

1. A self-authenticating digital document comprising:
- a digital document;
  
  a digital signature, wherein the digital signature was generated from the document using a digital key;
  
  certificate chain data, where certificate chain data is a subset of a chain of m+1 digital certificates issued by m certification authorities, wherein m≧
  
  1, wherein the chain comprises a self-signed 1^st(root) level certificate, k intermediate level certificates, and an (m+1)^th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
  
  j≦
  
  m+1, a j^thlevel certificate is signed by a digital certificate key corresponding to the (j−
  
  1)^thcertificate in the chain. certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and
  
  digital timestamp data, wherein timestamp data is generated by applying at least one secure digital timestamp to at least one record comprising at least one of the digital document, digital signature, chain data, and revocation information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 18)
- - 2. The self-authenticating digital document of claim 1, wherein the at least one record is a compound document comprising the digital document, the digital signature, the chain data, and the revocation information and wherein the digital time stamp data comprises a first secure digital timestamp applied to the compound document.
  - 3. The self-authenticating digital document of claim 1, wherein the at least one record comprises a first record, wherein the first record comprises the digital document and the digital signature, and a second record, wherein the second record comprises the chain data, and revocation information and the digital time stamp data comprises a first secure digital timestamp applied to the first record and a second secure digital timestamp applied to the second record.
  - 4. The self-authenticating digital document of claim 2, wherein the compound document is formatted as one in a group Consisting of a compressed archive, a portable document format file, and a Multipart MIME encoded file.
  - 5. The self-authenticating digital document of claim 3 wherein the second record is formatted as one in a group consisting of a compressed archive, a portable document format file, and a Multipart MIME encoded file.
  - 6. The self-authenticating digital document of claim 1, wherein the certificate revocation information includes at least one certificate revocation list identifying digital certificates revoked by one of the m certification authorities.
  - 7. The self-authenticating digital document of claim 6, wherein certificate revocation list comprises a CRLDP.
  - 8. The self-authenticating digital document of claim 1, wherein the certificate revocation information includes at least one OCSP response for one of the m+1 digital certificates.
  - 9. The self-authenticating digital document of claim 1, wherein at least one digital certificate, corresponding to one of the m certification authorities, is obtained pursuant to at least one of an X.500 directory query, an LDAP query, a CMP query, and an electronic mail transfer.
  - 10. The self-authenticating digital document of claim 1, wherein chain data comprises all m+1 certificates in the certificate chain.
  - 18. The method of claim 1 wherein the certificate revocation information includes at least one OCSP response for one of the m+1 digital certificates.

11. A method of verifying a self-authenticating digital document, wherein the digital document comprises a document;
- a digital signature, wherein the digital signature was generated from the document using a digital key;
  
  chain data, where chain data is a subset of a chain of m digital certificates issued by m+1 certification authorities, wherein m≧
  
  1, wherein the chain comprises a self-signed 1^st(root) level certificate, k intermediate level certificates, and an (m+1)^th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
  
  j≦
  
  m+1, a j^thlevel certificate is signed by the digital certificate key corresponding to a (j−
  
  1)^thcertificate in the chain;
  
  certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and
  
  digital timestamp data, wherein timestamp data is generated by applying at least one secure digital timestamp to at least one record comprising at least one of the document, the digital signature, the chain data, and the revocation information; and
  
  wherein the method comprises;
  
  validating the digital signature;
  
  validating the certificate chain data;
  
  validating that at the time the digital signature was generated, a digital certificate in the chain data had not expired or been revoked; and
  
  validating the timestamp data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 19, 20)
- - 12. The method of claim 11, wherein the at least one record is a compound document comprising the digital document, the digital signature, the chain data, and the revocation information and wherein the digital time stamp data comprises a first secure digital timestamp applied to the compound document.
  - 13. The method document of claim 11, wherein the at least one record comprises a first record, wherein the first record comprises the digital document and the digital signature, and a second record, wherein the second record comprises the chain data, and the revocation information and wherein the digital time stamp data comprises a first secure digital timestamp applied to the first record and a second secure digital timestamp applied to the second record.
  - 14. The method of claim 12, wherein the compound document is formatted as one in a group consisting of a compressed archive, a portable document format file, and a Multipart MIME encoded file.
  - 15. The method of claim 13 wherein the second record is formatted as one in a group consisting of a compressed archive, a portable document format file, and a Multipart MIME encoded file.
  - 16. The method of claim 11, wherein the certificate revocation information includes at least one certificate revocation list identifying digital certificates revoked by one of the m certification authorities.
  - 17. The method of claim 16, wherein certificate revocation list comprises a CRLDP.
  - 19. The method of claim 11, wherein at least one digital certificate, corresponding to one of the m certification authorities, is obtained pursuant to at least one of an X.500 directory query, an LDAP query, a CMP query, and an electronic mail transfer.
  - 20. The method of claim 11, wherein the chain data comprises all m+1 certificates in the certificate chain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Albert J. Wettlaufer, Rone H. Lewis, Wesley Doonan
Original Assignee
Albert J. Wettlaufer, Rone H. Lewis, Wesley Doonan
Inventors
Wettlaufer, Albert J., Lewis, Rone H., Doonan, Wesley

Granted Patent

US 8,032,744 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06F 2221/2151   Time stamp

G06Q 20/40   Authorisation, e.g. identif...

H04L 2209/60   Digital content management,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3297   involving time stamps, e.g....

Method and apparatus for self-authenticating digital records

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for self-authenticating digital records

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links