System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
First Claim
1. A method of handling stored e-original objects that have been created by signing information objects by respective transfer agents, submitting signed information objects to a trusted custodial utility, validating the submitted signed information objects by at least testing the integrity of the contents of each signed information object and the validity of the signature of the respective transfer agent, and applying to each validated information object a date-time stamp and a digital signature and authentication certificate of the trusted custodial utility, comprising the steps of:
- selecting a stored e-original object;
re-validating the selected e-original object by at least verifying the digital signature of the trusted custodial utility applied to the selected e-original object; and
applying to the re-validated e-original object a current date-time stamp and a digital signature and current authentication certificate of the trusted custodial utility.
9 Assignments
0 Petitions
Accused Products
Abstract
Digital signatures are not valid indefinitely but only during the validity periods of their authentication certificates, which themselves are not indefinite but typically expire in order to limit the chances for compromise of the digital signatures. This poses a problem for electronic information objects that are intended to have legal weight for periods longer than the remaining validity period of a signature. There are thus provided methods of handling stored electronic original objects that have been created by signing information objects by respective transfer agents, submitting signed information objects to a trusted custodial utility, validating the submitted signed information objects by at least testing the integrity of the contents of each signed information object and the validity of the signature of the respective transfer agent, and applying to each validated information object a date-time stamp and a digital signature and authentication certificate of the trusted custodial utility. One method includes re-validating an electronic original object by verifying the digital signature of the trusted custodial utility applied to the object and applying to the re-validated object a current date-time stamp and a digital signature and current authentication certificate of the trusted custodial utility. Another method includes the step of creating an object-inventory from at least one stored electronic original object, where the object-inventory includes an object identifier and a signature block for each object from which the object-inventory is created. A date-time stamp and a digital signature and authentication certificate of the trusted custodial utility is applied to the object-inventory.
591 Citations
68 Claims
-
1. A method of handling stored e-original objects that have been created by signing information objects by respective transfer agents, submitting signed information objects to a trusted custodial utility, validating the submitted signed information objects by at least testing the integrity of the contents of each signed information object and the validity of the signature of the respective transfer agent, and applying to each validated information object a date-time stamp and a digital signature and authentication certificate of the trusted custodial utility, comprising the steps of:
-
selecting a stored e-original object;
re-validating the selected e-original object by at least verifying the digital signature of the trusted custodial utility applied to the selected e-original object; and
applying to the re-validated e-original object a current date-time stamp and a digital signature and current authentication certificate of the trusted custodial utility. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 57, 58, 60, 62, 64, 66, 67)
exporting to a second trusted custodial utility the re-validated e-original object and applied date-time stamp, digital signature, and authentication certificate of the trusted custodial utility;
re-validating, in the second trusted custodial utility, the exported e-original object by at least verifying the digital signature of the trusted custodial utility applied to the exported e-original object; and
applying to the re-validated exported e-original object a current date-time stamp and a digital signature and current authentication certificate of the second trusted custodial utility.
-
-
6. The method of claim 3, wherein ownership of the re-validated e-original object is transferred in the trusted custodial utility based on the validated received instruction.
-
7. The method of claim 3, wherein a right to the re-validated e-original object is transferred in the trusted custodial utility based on the validated received instruction.
-
8. The method of claim 7, wherein the right to the re-validated e-original object is a right to revenue represented by the re-validated e-original object.
-
9. The method of claim 3, wherein access to the re-validated e-original object is granted in the trusted custodial utility to a member of a syndicate based on the validated received instruction.
-
10. The method of claim 3, wherein access to the re-validated e-original object is controlled in the trusted custodial utility based on the validated received instruction, and the applying step is performed before expiration of a validity period of the current authentication certificate of the trusted custodial utility applied to the selected e-original object, whereby a validity period of the re-validated e-original object is extended to the current authentication certificate'"'"'s validity period.
-
11. The method of claim 1, wherein a transfer agent signs an information object by appending a verifiable digitized signature and a content integrity block to the information object.
-
31. The method of claim 1, wherein the e-original object includes a wrapper, and the e-original object is authenticated at an enabled client workstation by validating contents of the wrapper, thereby permitting demonstration of an identity of a submitter of an information object and of the integrity of the information object.
-
32. The method of claim 3, wherein the trusted custodial utility responds to a received and validated instruction relating to a stored e-original object that includes a wrapper by carrying out the steps of:
-
checking that a sender of the instruction is authorized to send such an instruction;
printing an information object derived from the wrapper with a forgery-resistant indicium signifying that the printed information object is certified by the trusted custodial utility; and
recording a date and time of printing of the printed information object.
-
-
33. The method of claim 3, wherein the trusted custodial utility destroys the stored e-original object based on the received and validated instruction.
-
34. The method of claim 3, wherein, based on the received and validated instruction, the trusted custodial utility designates the stored e-original object as a copy.
-
35. The method of claim 3, wherein the trusted custodial utility responds to a received and validated instruction relating to a stored e-original object that includes a wrapper by carrying out the steps of:
-
checking that a sender of the instruction is authorized to send such an instruction; and
printing an information object derived from the wrapper with a forgery-resistant indicium at a printer controlled by the trusted custodial utility; and
recording a date and time of printing of the printed information object.
-
-
36. The method of claim 35, wherein the trusted custodial utility carries out the further step of destroying the stored e-original object based on the received and validated instruction.
-
37. The method of claim 35, wherein, based on the received and validated instruction, the trusted custodial utility carries out the further step of designating the stored e-original object as a copy.
-
38. The method of claim 3, wherein the trusted custodial utility responds to a received and validated instruction relating to a stored e-original object that includes a wrapper by carrying out the steps of:
-
checking that a sender of the instruction is authorized to send such an instruction;
exporting a copy of the stored e-original object, wherein the wrapper includes at least one forgery-resistant indicium signifying that the exported copy is certified by the trusted custodial utility and at least one instruction controlling rendering of the exported copy; and
recording a date and time of exporting of the exported copy.
-
-
39. The method of claim 3, wherein the trusted custodial utility responds to a received and validated instruction relating to a stored e-original object that includes a wrapper by carrying out the steps of:
-
checking that a sender of the instruction is authorized to send such an instruction;
exporting a copy of the stored e-original object, wherein the wrapper includes at least one forgery-resistant indicium designating the exported copy as an authoritative copy and at least one instruction controlling rendering of the exported copy; and
recording a date and time of exporting of the exported copy.
-
-
40. The method of claim 39, wherein the trusted custodial utility carries out the further step of destroying the stored e-original object based on the received and validated instruction.
-
41. The method of claim 39, wherein, based on the received and validated instruction, the trusted custodial utility carries out the further step of designating the stored e-original object as a copy.
-
42. The method of claim 1, wherein a stored e-original object is an electronic image of a printed original that has been digitally signed by a transfer agent and placed in a wrapper that includes the electronic image, a digital signature, an authentication certificate, instructions, and information needed for signature validation, and the trusted custodial utility has validated integrity of the electronic image and an identity and authority of the transfer agent to submit the electronic image, has applied a date-time stamp, digital signature, and authentication certificate to the electronic image, included the electronic image and associated information in a second wrapper, and stored and assumed control of the electronic image as an e-original object.
-
43. The method of claim 35, wherein a recipient of the printed e-original object verifies a presence of the forgery-resistant indicium and forms an electronic image of the printed e-original object, the electronic image is digitally signed by a transfer agent and placed in a wrapper that includes the electronic image, a digital signature, an authentication certificate, instructions, and information needed for signature validation, and the wrapper is submitted to a trusted custodial utility, which validates the integrity of the electronic image and the identity and authority of the transfer agent to submit the electronic image;
- which applies a date-time stamp, digital signature, and authentication certificate to the electronic image;
which includes the electronic image and associated information in a second wrapper; and
which stores and assumes control of the electronic image as an e-original object.
- which applies a date-time stamp, digital signature, and authentication certificate to the electronic image;
-
44. The method of claim 39, wherein the exported e-original object is submitted to a trusted custodial utility with an instruction to import the exported e-original object, and the trusted custodial utility authenticates the instruction, checks that a sender of the instruction is authorized to send such an instruction, imports the e-original object based on the checking, applies a date-time stamp, digital signature, and authentication certificate, includes the imported e-original object and associated information in a second wrapper;
- and stores and assumes control of the imported e-original object.
-
57. The method of claim 1, wherein an owner of a stored e-original object grants to a third party access to the stored e-original object based on an instruction submitted to the trusted custodial utility;
- the third party requests from the trusted custodial utility retrieval of the stored e-original object;
the trusted custodial utility verifies that the third party is authorized to make such a request, retrieves the e-original object based on the verification, and exports the retrieved e-original object to the third party; and
an information object corresponding to the retrieved e-original object and executed by the third party is submitted to the trusted custodial utility, which creates a new version of the retrieved e-original object.
- the third party requests from the trusted custodial utility retrieval of the stored e-original object;
-
58. The method of claim 1, wherein the re-validated e-original object is designated as a copy, an e-original object corresponding to a new version of the re-validated e-original object is created and is stored by the trusted custodial utility, and the e-original object corresponding to the new version supersedes the re-validated e-original object.
-
60. The method of claim 1, wherein an owner of a stored e-original object that includes a wrapper grants access to the stored e-original object for viewing based on an instruction submitted to the trusted custodial utility;
- a third party requests from the trusted custodial utility retrieval of the stored e-original object; and
the trusted custodial utility verifies that the third party is authorized to make such a request, retrieves the e-original object based on the verification, extracts from the retrieved e-original object the included information object, designates the extracted information object as a copy, and exports the extracted information object for viewing by the third party.
- a third party requests from the trusted custodial utility retrieval of the stored e-original object; and
-
62. The method of claim 3, wherein ownership of a stored e-original object that includes a wrapper is transferred based on the at least one instruction received and validated by the trusted custodial utility by checking that the instruction was submitted by an owner of the stored e-original object, inserting the instruction in the wrapper, and applying to an e-original object that includes the wrapper having the instruction a current date-time stamp and a digital signature and current authentication certificate of the trusted custodial utility.
-
64. The method of claim 1, wherein the validity of the signature of a transfer agent is tested by checking that a current date and time falls within a validity period of an authentication certificate for the transfer agent'"'"'s signature and by querying a certification authority for status of the transfer agent'"'"'s authentication certificate;
- and if the transfer agent'"'"'s status is not active, the trusted custodial utility rejects a signed information object submitted by the transfer agent, and if the transfer agent'"'"'s status is active, the trusted custodial utility accepts the submitted signed information object.
-
66. The method of claim 3, wherein a stored e-original object includes a wrapper that includes the at least one instruction.
-
67. The method of claim 1, wherein an owner of a stored e-original object that includes a wrapper grants access to the stored e-original object for viewing based on an instruction submitted to the trusted custodial utility;
- a third party requests from the trusted custodial utility retrieval of the stored e-original object; and
the trusted custodial utility verifies that the third party is authorized to make such a request, retrieves the e-original object based on the verification, extracts from the retrieved e-original object the included information object, and exports the extracted information object for viewing by the third party.
- a third party requests from the trusted custodial utility retrieval of the stored e-original object; and
-
12. A method of handling stored e-original objects that have been created by signing information objects by respective transfer agents, submitting signed information objects to a trusted custodial utility, validating the submitted signed information objects by at least testing the integrity of the contents of each signed information object and the validity of the signature of the respective transfer agent, and applying to each validated information object a date-time stamp and a digital signature and authentication certificate of the trusted custodial utility, comprising the steps of:
-
(a) creating an object-inventory from at least one stored e-original object, wherein the object-inventory includes at least an object identifier and a signature block for each e-original object from which the object-inventory is created;
(b) applying a date-time stamp and a digital signature and authentication certificate of the trusted custodial utility to the object-inventory; and
(c) storing the object-inventory having the applied date-time stamp, digital signature, and authentication certificate. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 59, 61, 63, 65, 68)
(d) retrieving, by an authorized entity, a copy of the object-inventory;
(e) signing the retrieved copy by the authorized entity;
(f) submitting the signed copy to the trusted custodial utility;
(g) verifying the signature of the authorized entity on the submitted copy; and
(h) applying to the copy a current date-time stamp and a digital signature and current authentication certificate of the trusted custodial utility;
whereby the authorized entity affirms the trusted custodial utility'"'"'s control of the e-original objects corresponding to the copy.
-
-
14. The method of claim 13, further comprising the step, before step (h), of adding to the copy an object identifier and a signature block for the object-inventory from which the copy was created.
-
15. The method of claim 14, wherein steps (g) and (h) are performed on the copy of the object-inventory before expiration of a validity period of the authentication certificate of the trusted custodial utility applied to the object-inventory from which the copy was created, whereby a respective validity period of the object-inventory and of each c-original object from which the object-inventory was created is extended to the current authentication certificate'"'"'s validity period.
-
16. The method of claim 12, further comprising the steps by the trusted custodial utility of:
-
(d) retrieving a copy of the object-inventory;
(e) re-validating the object-inventory corresponding to the copy by at least verifying the digital signature of the trusted custodial utility applied to the object-inventory;
(f) after step (e), applying to the copy of the object-inventory a current date-time stamp and a digital signature and current authentication certificate of the trusted custodial utility; and
(g) storing the copy in the trusted custodial utility, thereby creating a new object-inventory.
-
-
17. The method of claim 16, wherein steps (e) and (f) are performed on the copy of the object-inventory before expiration of a validity period of the authentication certificate of the trusted custodial utility applied to the object-inventory from which the copy was created, whereby a respective validity period of the object-inventory and of each e-original object from which the object-inventory was created is extended to the current authentication certificate'"'"'s validity period.
-
18. The method of claim 16, further comprising the step, before step (f), of adding to the copy an object identifier and a signature block for the object-inventory from which the copy was created.
-
19. The method of claim 18, wherein steps (e) and (f) are performed on the copy of the object-inventory before expiration of a validity period of the authentication certificate of the trusted custodial utility applied to the object-inventory from which the copy was created, whereby a respective validity period of the object-inventory and of each e-original object from which the object-inventory was created is extended to the current authentication certificate'"'"'s validity period.
-
20. The method of claim 16, further comprising the steps of:
-
(h) retrieving, by an authorized entity, a copy of the new object-inventory;
(i) signing the retrieved copy by the authorized entity;
(j) submitting the signed copy to the trusted custodial utility;
(k) verifying the signature of the authorized entity on the submitted copy; and
(l) applying to the copy a current date-time stamp and a digital signature and current authentication certificate of the trusted custodial utility;
whereby the authorized entity affirms the trusted custodial utility'"'"'s control of the e-original objects corresponding to the copy.
-
-
21. The method of claim 16, wherein the method is carried out in response to at least one instruction;
- the trusted custodial utility validates the instruction by at least testing an integrity of contents of the instruction and a validity of a signature of a transfer agent on the instruction, and applies to a validated instruction a date-time stamp and a digital signature and current authentication certificate; and
at least one of the validated instruction and a reference to the validated instruction is added to the copy before step (f).
- the trusted custodial utility validates the instruction by at least testing an integrity of contents of the instruction and a validity of a signature of a transfer agent on the instruction, and applies to a validated instruction a date-time stamp and a digital signature and current authentication certificate; and
-
22. The method of claim 21, wherein the instruction is issued by an authorized entity, and the trusted custodial utility validates the instruction by also checking the authorized entity'"'"'s authority to issue the instruction.
-
23. The method of claim 22, wherein the trusted custodial utility responds to a validated instruction by exporting to a second trusted custodial utility copies of the new object-inventory and the e-original objects corresponding to the new object-inventory, and the second trusted custodial utility performs the steps of:
-
re-validating the exported e-original objects corresponding to the exported copy of the new object-inventory by at least verifying the digital signature of the trusted custodial utility applied to the exported e-original objects; and
thenapplying to the exported copy of the new object-inventory a current date-time stamp and a digital signature and current authentication certificate of the second trusted custodial utility.
-
-
24. The method of claim 23, further comprising the steps of:
-
retrieving, by an authorized entity from the second trusted custodial utility, a copy of the exported copy of the new object-inventory;
signing the retrieved copy by the authorized entity;
submitting the signed retrieved copy to the second trusted custodial utility; and
applying to the submitted signed retrieved copy a current date-time stamp and a digital signature and current authentication certificate of the second trusted custodial utility;
whereby transfer of custody and control to the second custodial utility of the e-original objects corresponding to the new object-inventory is affirmed and a respective validity period of each e-original object corresponding to the new object-inventory is extended to the validity period of the current authentication certificate applied by the second custodial utility.
-
-
25. The method of claim 21, wherein ownership of e-original objects corresponding to the copy is transferred in the trusted custodial utility based on the validated instruction.
-
26. The method of claim 21, wherein at least one right to e-original objects corresponding to the copy is transferred in the trusted custodial utility based on the validated instruction.
-
27. The method of claim 26, wherein the at least one right is a right to revenue represented by the e-original objects.
-
28. The method of claim 21, wherein access to at least one e-original object corresponding to the copy is granted in the trusted custodial utility to a member of a syndicate based on the validated instruction.
-
29. The method of claim 21, wherein access to at least one e-original object corresponding to the copy is controlled in the trusted custodial utility based on the validated instruction.
-
30. The method of claim 12, wherein a transfer agent signs an information object by appending a verifiable digitized signature and a content integrity block to the information object.
-
45. The method of claim 12, wherein an e-original object includes a wrapper, and the e-original object is authenticated at an enabled client workstation by validating contents of the wrapper, thereby permitting demonstration of an identity of a submitter of an information object and of the integrity of the information object.
-
46. The method of claim 14, wherein the trusted custodial utility responds to a received and validated instruction relating to an e-original object that includes a wrapper by carrying out the steps of:
-
checking that a sender of the instruction is authorized to send such an instruction;
printing an information object derived from the wrapper with a forgery-resistant indicium signifying that the printed information object is certified by the trusted custodial utility; and
recording a date and time of printing of the printed information object.
-
-
47. The method of claim 14, wherein the trusted custodial utility responds to a received and validated instruction relating to a stored e-original object that includes a wrapper by carrying out the steps of:
-
checking that a sender of the instruction is authorized to send such an instruction; and
printing an information object derived from the wrapper with a forgery-resistant indicium at a printer controlled by the trusted custodial utility; and
recording a date and time of printing of the printed information object.
-
-
48. The method of claim 47, wherein the trusted custodial utility carries out the further step of destroying the stored e-original object based on the received and validated instruction.
-
49. The method of claim 47, wherein, based on the received and validated instruction, the trusted custodial utility carries out the further step of designating the stored e-original object as a copy.
-
50. The method of claim 14, wherein the trusted custodial utility responds to a received and validated instruction relating to a stored e-original object that includes a wrapper by carrying out the steps of:
-
checking that a sender of the instruction is authorized to send such an instruction;
exporting a copy of the stored e-original object, wherein the wrapper includes at least one forgery-resistant indicium signifying that the exported copy is certified by the trusted custodial utility and at least one instruction controlling rendering of the exported copy; and
recording a date and time of printing of the exported copy.
-
-
51. The method of claim 14, wherein the trusted custodial utility responds to a received and validated instruction relating to a stored e-original object that includes a wrapper by carrying out the steps of:
-
checking that a sender of the instruction is authorized to send such an instruction;
exporting a copy of the stored e-original object, wherein the wrapper includes at least one forgery-resistant indicium designating the exported copy as an authoritative copy and at least one instruction controlling rendering of the exported copy; and
recording a date and time of printing of the exported copy.
-
-
52. The method of claim 51, wherein the trusted custodial utility carries out the further step of destroying the stored e-original object based on the received and validated instruction.
-
53. The method of claim 51, wherein, based on the received and validated instruction, the trusted custodial utility carries out the further step of designating the stored e-original object as a copy.
-
54. The method of claim 12, wherein a stored e-original object is an electronic image of a printed original that has been digitally signed by a transfer agent and placed in a wrapper that includes the electronic image, a digital signature, an authentication certificate, instructions, and information needed for signature validation, and the trusted custodial utility has validated integrity of the electronic image and an identity and authority of the transfer agent to submit the electronic image, has applied a date-time stamp, digital signature, and authentication certificate to the electronic image, included the electronic image and associated information in a second wrapper, and stored and assumed control of the electronic image as an e-original object.
-
55. The method of claim 47, wherein a recipient of the printed e-original object verifies a presence of the forgery-resistant indicium and forms an electronic image of the printed e-original object, the electronic image is digitally signed by a transfer agent and placed in a wrapper that includes the electronic image, a digital signature, an authentication certificate, instructions, and information needed for signature validation, and the wrapper is submitted to a trusted custodial utility, which validates the integrity of the electronic image and the identity and authority of the transfer agent to submit the electronic image;
- which applies a date-time stamp, digital signature, and authentication certificate to the electronic image;
which includes the electronic image and associated information in a second wrapper; and
which stores and assumes control of the electronic image as an e-original object.
- which applies a date-time stamp, digital signature, and authentication certificate to the electronic image;
-
56. The method of claim 51, wherein the exported e-original object and its wrapper are submitted to a trusted custodial utility with an instruction to import the exported e-original object, and the trusted custodial utility authenticates the instruction, checks that a sender of the instruction is authorized to send such an instruction, imports the wrapper based on the checking, applies a date-time stamp, digital signature, and authentication certificate, includes the imported e-original object and associated information in a second wrapper;
- and stores and assumes control of the imported e-original object.
-
59. The method of claim 12, wherein a first e-original object corresponding to the object-inventory is designated as a copy;
- a second e-original object corresponding to a new version of the first e-original object is created and is stored by the trusted custodial utility, the second e-original object superseding the first e-original object; and
the trusted custodial utility retrieves a copy of the object-inventory, updates the retrieved copy based on the second e-original object, and applies to the updated copy a current date-time stamp and a digital signature and current authentication certificate of the trusted custodial utility.
- a second e-original object corresponding to a new version of the first e-original object is created and is stored by the trusted custodial utility, the second e-original object superseding the first e-original object; and
-
61. The method of claim 12, wherein an owner of a stored e-original object that includes a wrapper grants access to the stored e-original object for viewing based on an instruction submitted to the trusted custodial utility;
- a third party requests from the trusted custodial utility retrieval of the stored e-original object; and
the trusted custodial utility verifies that the third party is authorized to make such a request, retrieves the e-original object based on the verification, extracts from the retrieved e-original object the included information object, designates the extracted information object as a copy, and exports the extracted information object for viewing by the third party.
- a third party requests from the trusted custodial utility retrieval of the stored e-original object; and
-
63. The method of claim 13, wherein ownership of a stored e-original object that includes a wrapper and that corresponds to the object-inventory is transferred based on the at least one instruction received and validated by the trusted custodial utility by checking that the instruction was submitted by an owner of the stored e-original object, inserting the instruction in the wrapper, applying to a second e-original object that includes the wrapper having the instruction a current date-time stamp and a digital signature and current authentication certificate of the trusted custodial utility, retrieving a copy of the object-inventory, updating the retrieved copy based on the second e-original object, and applying to the updated copy a current date-time stamp and a digital signature and current authentication certificate of the trusted custodial utility.
-
65. The method of claim 12, wherein the validity of the signature of a transfer agent is tested by checking that a current date and time falls within a validity period of an authentication certificate for the transfer agent'"'"'s signature and by querying a certification authority for status of the transfer agent'"'"'s authentication certificate;
- and if the transfer agent'"'"'s status is not active, the trusted custodial utility rejects a signed information object submitted by the transfer agent such that the object-inventory is not created from the submitted signed information object, and if the transfer agent'"'"'s status is active, the trusted custodial utility accepts the submitted signed information object, applies the date-time stamp and its digital signature and authentication certificate to the submitted information object, and creates the object-inventory from the submitted signed information object.
-
68. The method of claim 12, wherein an owner of a stored e-original object that includes a wrapper grants access to the stored e-original object for viewing based on an instruction submitted to the trusted custodial utility;
- a third party requests from the trusted custodial utility retrieval of the stored e-original object; and
the trusted custodial utility verifies that the third party is authorized to make such a request, retrieves the e-original object based on the verification, extracts from the retrieved e-original object the included information object, and exports the extracted information object for viewing by the third party.
- a third party requests from the trusted custodial utility retrieval of the stored e-original object; and
Specification