Method and system for transient key digital time stamps
First Claim
Patent Images
1. A method for certifying data, comprising the steps of:
- generating a key pair at a first time interval, the key pair including a private key and a public key;
receiving a certification request;
determining if the certification request was received within the first time interval;
if the certification request was received within the first time interval, automatically responding to the certification request by digitally signing data associated with the certification request using the private key; and
deleting the private key.
6 Assignments
0 Petitions
Accused Products
Abstract
Irrefutable public key digital signature time-stamps are created and used based upon, for example, the concept of transient time-interval-related secret cryptographic keys, which are used to digitally sign submitted data during specific time intervals, and then are permanently destroyed. The public-key correlate for each time interval is saved for future authentication of the content of time-stamped data and time of creation of time-stamped data. The validity of the public keys is ensured through the certification of each time interval'"'"'s public key using the previous time interval'"'"'s secret key, immediately before that secret key is destroyed.
-
Citations
60 Claims
-
1. A method for certifying data, comprising the steps of:
-
generating a key pair at a first time interval, the key pair including a private key and a public key;
receiving a certification request;
determining if the certification request was received within the first time interval;
if the certification request was received within the first time interval, automatically responding to the certification request by digitally signing data associated with the certification request using the private key; and
deleting the private key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
generating a key pair at a next time interval, the key pair including a private key and a public key;
receiving a next certification request;
determining if the next certification request was received within the first time interval;
if the next certification request was received within the next time interval, automatically responding to the next certification request by digitally signing data associated with the next certification request using the private key of the next time interval; and
deleting the private key for the next time interval.
-
-
8. A method for certifying data, comprising the steps of:
-
generating a first key pair at a first time interval, the first key pair including a first public key and a first private key;
generating a second key pair at a second time interval, the second key pair including a second public key and a second private key;
signing the second public key using the first private key;
deleting the first private key;
determining if a certification request was received within the second time interval;
if the certification request was received within the second time interval, processing the certification request during the second time interval using the second private key; and
deleting the second private key. - View Dependent Claims (9, 10, 11, 12, 13, 14, 16, 18)
-
-
15. A system for certifying data, comprising:
-
a general purpose computer; and
an I/O device coupled to the general purpose computer, wherein the general purpose computer includes a memory containing a program executable by the general purpose computer, the executable program instructing the general purpose computer to generate a key pair at a first time interval, the key pair including a private key and a public key, receive a certification request, determining if the certification request was received within the first time interval;
if the certification request was received within the first time interval, automatically respond to the certification request by digitally signing data associated with the certification request using the private key, and delete the private key.
-
-
17. A system for certifying data, comprising:
-
a general purpose computer; and
an I/O device coupled to the general purpose computer, wherein the general purpose computer includes a memory containing a program executable by the general purpose computer, the executable program instructing the general purpose computer to generate a first key pair at a first time interval, the first key pair including a first public key and a first private key, generate a second key pair at a second time interval, the second key pair including a second public key and a second private key, sign the second public key using the first private key, delete the first private key, determine if a certification request was received within the second time interval;
if the certification request was received within the second time interval, process the certification request during the second time interval using the second private key, and delete the second private key.
-
-
19. A computer readable medium having stored instructions for causing a central processing unit to execute the following method:
-
generating a key pair at a first time interval, the key pair including a private key and a public key;
receiving a certification request;
determining if the certification request was received within the first time interval;
if the certification request was received within the first time interval, automatically responding to said certification request by digitally signing data associated with said certification request using said private key; and
deleting said private key.
-
-
20. A computer readable medium having stored instructions for causing a central processing unit to execute the following method:
-
generating a first key pair at a first time interval, said first key pair including a first public key and a first private key;
generating a second key pair at a second time interval, said second key pair including a second public key and a second private key;
signing said second public key using said first private key;
determining if a certification request was received within the second time interval;
if the certification request was received within the second time interval;
processing the certification request during said second time interval using said second private key; and
deleting said first and second private keys.
-
-
21. A system for certifying data comprising:
-
means for generating a key pair at a first time interval, the key pair including a private key and a public key;
means for receiving a certification request;
means for determining if the certification request was received within the first time interval;
means for automatically responding to said certification request by digitally signing data associated with said certification request using said private key if the certification request was received within the first time interval; and
means for deleting said private key. - View Dependent Claims (22, 23, 24, 25, 26, 27)
means for generating a key pair at a next time interval, the key pair including a private key and a public key;
means for receiving a next certification request;
means for determining if the next certification request was received within the next time interval;
means for automatically responding to the next certification request by digitally signing data associated with the next certification request using the private key of the next time interval if the next certification request was received within the next time interval; and
means for deleting the private key for the next time interval.
-
-
28. A system for certifying data comprising:
-
means for generating a first key pair at a first time interval, said first key pair including a first public key and a first private key;
means for generating a second key pair at a second time interval, said second key pair including a second public key and a second private key;
means for signing said second public key using said first private key;
means for determining if a certification request was received within the second time interval;
means for processing a certification request during said second time interval using said second private key if the certification request was received within the second time interval; and
means for deleting said first and second private keys. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A server for certifying data comprising:
-
a key generator for generating a first public key and a first private key during a first time interval and a second public key and a second private key during a second time interval;
reception means for receiving a certification request, said certification request arriving at said reception means during said second time interval;
determination means coupled to said key generator and said reception means for determining if the certification request was received within the second time interval;
first signature means coupled to said key generator and said reception means for signing said second public key with said first private key in response to said certification request if the certification request was received within the second time interval; and
second signature means coupled to said key generator and said reception means for signing data received during said second time interval with said second private key. - View Dependent Claims (36, 37, 38)
-
-
39. A method for digitally signing data received from a customer comprising the steps of:
-
creating a first public key during a first time interval and a second public key during a second time interval;
signing said second public key with a first private key created during said first time interval;
receiving a request to certify data from a user;
determining if the request to certify data was received from the user within the second time interval;
if the request was to certify data was received from the user within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval; and
returning said second public key and said signature to said user. - View Dependent Claims (40, 41)
-
-
42. A computer readable medium having stored instructions for causing a central processing unit to execute the following method:
-
creating a first public key during a first time interval and a second public key and second private key during a second time interval, signing said second public key with a first private key created during said first time interval;
receiving a request to certify data from a user;
determining if the request to certify data was received within the second time interval;
if the request was to certify data was received within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval; and
returning said second public key and said signature to said customer.
-
-
43. A method for authenticating data comprising the steps of:
-
accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
determining if a request to certify data was received within the second time interval;
if the request was to certify data was received within the second time interval, receiving a certificate, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
authenticating said second public key using said first public key; and
authenticating said signature using said second public key.
-
-
44. A computer readable medium having stored instructions for causing a central processing unit to execute the following method:
-
accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
determining if the request to certify data was received within the second time interval;
if the request was to certify data was received within the second time interval, receiving a certificate, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
authenticating said second public key using said first public key; and
authenticating said signature using said second public key.
-
-
45. A method for certifying data comprising the steps of:
-
creating a first public key during a first time interval and a second public key during a second time interval;
signing said second public key with a first private key created during said first time interval;
receiving a request from a customer to certify data;
determining if the request from the customer to certify data was received within the second time interval;
if the request was to certify data was received within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval;
returning said second public key and said signature to said customer in a certificate;
storing in an archive said first public and said second public key;
authenticating said second public key using said first public key; and
authenticating said signature using said second public key.
-
-
46. A computer readable medium having stored instructions for causing a central processing unit to execute the following method:
-
creating a first public key during a first time interval and a second public key during a second time interval;
signing said second public key with a first private key created during said first time interval;
receiving a request from a customer to certify data;
determining if the request from the customer to certify data was received within the second time interval;
if the request was to certify data was received within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval;
returning said second public key and said signature to said customer in a certificate;
storing in an archive said first public and said second public key;
authenticating said second public key using said first public key; and
authenticating said signature using said second public key.
-
-
47. A system for digitally signing and authenticating data comprising:
-
means for creating a first public key during a first time interval and a second public key during a second time interval;
means for signing said second public key with a first private key created during said first time interval;
means for receiving a request from a customer to certify data, means for determining if the request to certify data was received within the second time interval;
means for creating a signature using a second private key and said data, said second private key created during said second time interval if the request was to certify data was received within the second time interval;
means for returning said second public key and said signature to said customer in a certificate;
means for storing in an archive said first public and said second public key;
means for authenticating said second public key using said first public key; and
means for authenticating said signature using said second public key.
-
-
48. A computer program for digitally signing data comprising, in combination:
-
first code for creating a first public key during a first time interval and a second public key during a second time interval;
second code for signing said second public key with a first private key created during said first time interval;
third code for receiving a request to certify data from a customer;
fourth code for determining if the request from the customer to certify data was received within the second time interval;
fifth code for creating a signature using a second private key and said data, said second private key created during said second time interval if the request was to certify data was received within the second time interval;
sixth code for returning said second public key and said signature to said customer; and
a computer-readable storage medium that stores said first, second, third, fourth, and fifth, and sixth codes.
-
-
49. A computer program for performing authentication comprising, in combination:
-
first code for accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
second code for determining if a request to certify data was received within the second time interval;
third code for receiving a certificate if the request from to certify data was received within the second time interval, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
fourth code for authenticating said second public key using said first public key;
fifth code for authenticating said signature using said second public key; and
a computer-readable storage medium that stores said first, second, third, fourth and fifth codes.
-
-
50. A computer program for digitally signing and authenticating data comprising, in combination:
-
first code for creating a first public key during a first time interval and a second public key during a second time interval;
second code for signing said second public key with a first private key created during said first time interval;
third code for receiving a request from a customer to certify data from a customer;
fourth code for determining if the request from the customer to certify data was received within the second time interval;
fifth code for creating a signature using a second private key and said data, said second private key created during said second time interval if the request from the customer to certify data was received within the second time interval;
sixth code for returning said second public key and said signature to said customer in a certificate;
seventh code for storing in an archive said first public and said second public key;
eighth code for authenticating said second public key using said first public key;
ninth code for authenticating said signature using said second public key; and
a computer-readable storage medium that stores said first, second, third, fourth, fifth, sixth, seventh, eighth, and ninth codes.
-
-
51. A machine having a memory that contains data representing public and private keys, said public and private keys generated by the following method:
-
generating a key pair at a first time interval, the key pair including a private key and a public key;
determining if the certification request was received within the first time interval;
if the certification request was received within the first time interval, automatically responding to a certification request from a customer by digitally signing data associated with said certification request using said private key; and
deleting said private key.
-
-
52. A machine having a memory that contains data representing public and private keys, said public and private keys generated by the following method:
-
generating a first key pair at a first time interval, said first key pair including a first public key and a first private key;
generating a second key pair at a second time interval, said second key pair including a second public key;
signing said second public key using said first private key;
determining if a certification request from a customer was received within the second time interval;
if the certification request from the customer was received within the second time interval, processing the certification request from the customer during said second time interval using said second private key; and
deleting said first and second private keys.
-
-
53. A machine having a memory that contains data representing certificates, said certificates generated for a customer by the following method:
-
creating a first public key during a first time interval and a second public key during a second time interval;
signing said second public key with a first private key created during said first time interval;
determining if a certification request was received from a customer within the second time interval;
if the certification request was received from a customer within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval; and
returning said second public key and said signature in a certificate to said customer.
-
-
54. A machine having a memory that contains data representing certificates, said certificates being authenticated by the following method:
-
accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
determining if a certification request was received within the second time interval;
if the certification request was received within the first time interval, receiving a certificate, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
authenticating said second public key using said first public key; and
authenticating said signature using said second public key.
-
-
55. A propagated signal comprising:
-
a first component representing a public key, said public key signed by a private key, said private key created in a first time interval, said public key created in a second time interval, said first time interval distinct from said first time interval;
a second component representing a digital signature, said signature created during said second time interval if it is determined the certification request was received within the second time interval; and
wherein said signature is created using a second private key, said second private key created during said second time interval.
-
-
56. A user interface located at a user device allowing a user to receive a certificate comprising:
-
an input mechanism for receiving a certificate, said input mechanism accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval, said certificate containing a signature if it is determined the certification request was received within the second time interval, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
authentication means for authenticating said second public key and said signature; and
an output mechanism for showing the results of authenticating said second public key using said first public key and the results of authenticating said signature using said second public key to said user.
-
-
57. A method for facilitating the sale of certified data to a customer comprising the steps of:
-
creating a first public key during a first time interval and a second public key during a second time interval;
signing said second public key with a first private key created during said first time interval;
receiving a request to certify data from said customer;
determining if request to certify data from said customer was received within the second time interval;
if the request to certify data from said customer was received within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval;
returning said second public key and said signature to said customer in a certificate; and
charging said customer a fee.
-
-
58. A method for facilitating the sale of the authentication of data by a customer comprising the steps of:
-
accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
determining if a certification request was received from a customer within the second time interval;
if the certification request was received from a customer within the first time interval, receiving a certificate, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
authenticating said second public key using said first public key;
authenticating said signature using said second public key; and
charging said customer a fee.
-
-
59. A customer device for authenticating data comprising:
-
means for accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
determination means for determining if a certification request was received within the second time interval;
reception means for receiving a certificate if the certification request was received within the second time interval, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
means for authenticating said second public key using said first public key; and
means for authenticating said signature using said second public key.
-
-
60. A method for a customer to certify data comprising the steps of:
-
generating a request to certify data;
sending said request to a server;
accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
determining if a certification request was received within the second time interval;
if the certification request was received within the second time interval, receiving a certificate, in response to said request, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
authenticating said second public key using said first public key; and
authenticating said signature using said second public key.
-
Specification