Method and system for transient key digital time stamps

US 6,381,696 B1
Filed: 09/22/1998
Issued: 04/30/2002
Est. Priority Date: 09/22/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for certifying data, comprising the steps of:

generating a key pair at a first time interval, the key pair including a private key and a public key;

receiving a certification request;

determining if the certification request was received within the first time interval;

if the certification request was received within the first time interval, automatically responding to the certification request by digitally signing data associated with the certification request using the private key; and

deleting the private key.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Irrefutable public key digital signature time-stamps are created and used based upon, for example, the concept of transient time-interval-related secret cryptographic keys, which are used to digitally sign submitted data during specific time intervals, and then are permanently destroyed. The public-key correlate for each time interval is saved for future authentication of the content of time-stamped data and time of creation of time-stamped data. The validity of the public keys is ensured through the certification of each time interval'"'"'s public key using the previous time interval'"'"'s secret key, immediately before that secret key is destroyed.

Citations

60 Claims

1. A method for certifying data, comprising the steps of:
- generating a key pair at a first time interval, the key pair including a private key and a public key;
  
  receiving a certification request;
  
  determining if the certification request was received within the first time interval;
  
  if the certification request was received within the first time interval, automatically responding to the certification request by digitally signing data associated with the certification request using the private key; and
  
  deleting the private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising the step of generating a time stamp certificate confirming the digital signing of the data.
  - 3. The method according to claim 1, further comprising the step of archiving the public key of the first time interval.
  - 4. The method according to claim 1, further comprising the step of authenticating the digitally signed data using the public key.
  - 5. The method according to claim 1, further comprising the step of determining if a further certification request is received during the first time interval.
  - 6. The method according to claim 5, further comprising determining if the further certification request was received within the first time interval;
    - and if the further certification request was received within the first time interval, automatically responding to the further certification request by digitally signing data associated with the further certification request using the private key, wherein the step of deleting the private key is performed after the further certification request has been responded to.
  - 7. The method according to claim 1, further comprising the steps of:

8. A method for certifying data, comprising the steps of:
- generating a first key pair at a first time interval, the first key pair including a first public key and a first private key;
  
  generating a second key pair at a second time interval, the second key pair including a second public key and a second private key;
  
  signing the second public key using the first private key;
  
  deleting the first private key;
  
  determining if a certification request was received within the second time interval;
  
  if the certification request was received within the second time interval, processing the certification request during the second time interval using the second private key; and
  
  deleting the second private key.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 16, 18)
- - 9. The method according to claim 8, further comprising the step of archiving the first public key.
  - 10. The method according to claim 8, wherein the step of processing the certification request includes automatically responding to the certification request by digitally signing data associated with the certification request using the second private key.
  - 11. The method according to claim 10, further comprising the step of generating a time stamp certificate confirming the digital signing of the data.
  - 12. The method according to claim 11, wherein the time stamp certificate includes the digital signature and the second public key.
  - 13. The method according to claim 12, wherein the time stamp certificate further includes the first public key.
  - 14. The method according to claim 8, further comprising the step of certifying the digitally signed data using the first public key.
  - 16. The system according to claim 14, wherein the general purpose computer has a client-server architecture including a client computer and a server computer.
  - 18. The system according to claim 16, wherein the general purpose computer has a client-server architecture including a client computer and a server computer.

15. A system for certifying data, comprising:
- a general purpose computer; and
  
  an I/O device coupled to the general purpose computer, wherein the general purpose computer includes a memory containing a program executable by the general purpose computer, the executable program instructing the general purpose computer to generate a key pair at a first time interval, the key pair including a private key and a public key, receive a certification request, determining if the certification request was received within the first time interval;
  
  if the certification request was received within the first time interval, automatically respond to the certification request by digitally signing data associated with the certification request using the private key, and delete the private key.

17. A system for certifying data, comprising:
- a general purpose computer; and
  
  an I/O device coupled to the general purpose computer, wherein the general purpose computer includes a memory containing a program executable by the general purpose computer, the executable program instructing the general purpose computer to generate a first key pair at a first time interval, the first key pair including a first public key and a first private key, generate a second key pair at a second time interval, the second key pair including a second public key and a second private key, sign the second public key using the first private key, delete the first private key, determine if a certification request was received within the second time interval;
  
  if the certification request was received within the second time interval, process the certification request during the second time interval using the second private key, and delete the second private key.

19. A computer readable medium having stored instructions for causing a central processing unit to execute the following method:
- generating a key pair at a first time interval, the key pair including a private key and a public key;
  
  receiving a certification request;
  
  determining if the certification request was received within the first time interval;
  
  if the certification request was received within the first time interval, automatically responding to said certification request by digitally signing data associated with said certification request using said private key; and
  
  deleting said private key.

20. A computer readable medium having stored instructions for causing a central processing unit to execute the following method:
- generating a first key pair at a first time interval, said first key pair including a first public key and a first private key;
  
  generating a second key pair at a second time interval, said second key pair including a second public key and a second private key;
  
  signing said second public key using said first private key;
  
  determining if a certification request was received within the second time interval;
  
  if the certification request was received within the second time interval;
  
  processing the certification request during said second time interval using said second private key; and
  
  deleting said first and second private keys.

21. A system for certifying data comprising:
- means for generating a key pair at a first time interval, the key pair including a private key and a public key;
  
  means for receiving a certification request;
  
  means for determining if the certification request was received within the first time interval;
  
  means for automatically responding to said certification request by digitally signing data associated with said certification request using said private key if the certification request was received within the first time interval; and
  
  means for deleting said private key.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The system of claim 21, further comprising means for generating a time stamp certificate confirming the digital signing of the data.
  - 23. The system of claim 21, further comprising means for archiving the public key of the first time interval.
  - 24. The system of claim 21, further comprising means for authenticating the digitally signed data using the public key.
  - 25. The system of claim 21, further comprising means for determining if a further certification request is received during the first time interval.
  - 26. The system of claim 25, further comprising means for determining if the further certification request was received within the first time interval;
    - and means for automatically responding to the further certification request by digitally signing data associated with the further certification request using the private key if the further certification request was received within the first time interval, wherein the step of deleting the private key is performed after the further certification request has been processed.
  - 27. The system of claim 21 further comprising:

28. A system for certifying data comprising:
- means for generating a first key pair at a first time interval, said first key pair including a first public key and a first private key;
  
  means for generating a second key pair at a second time interval, said second key pair including a second public key and a second private key;
  
  means for signing said second public key using said first private key;
  
  means for determining if a certification request was received within the second time interval;
  
  means for processing a certification request during said second time interval using said second private key if the certification request was received within the second time interval; and
  
  means for deleting said first and second private keys.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The system of claim 28, further comprising means for archiving the first public key.
  - 30. The system of claim 28, wherein the means for processing the certification request includes means for automatically responding to the certification request by digitally signing data thereby creating a digital signature associated with the certification request using the second private key.
  - 31. The system of claim 30, further comprising means for generating an time stamp certificate confirming the digital signing of the data.
  - 32. The system of claim 31, wherein the time stamp certificate includes said digital signature and the second public key.
  - 33. The system of claim 32, wherein the time stamp certificate further includes the first public key.
  - 34. The system of claim 30, further comprising means for certifying the digitally signed data using the first public key.

35. A server for certifying data comprising:
- a key generator for generating a first public key and a first private key during a first time interval and a second public key and a second private key during a second time interval;
  
  reception means for receiving a certification request, said certification request arriving at said reception means during said second time interval;
  
  determination means coupled to said key generator and said reception means for determining if the certification request was received within the second time interval;
  
  first signature means coupled to said key generator and said reception means for signing said second public key with said first private key in response to said certification request if the certification request was received within the second time interval; and
  
  second signature means coupled to said key generator and said reception means for signing data received during said second time interval with said second private key.
- View Dependent Claims (36, 37, 38)
- - 36. The server of claim 35, further comprising means for returning said second public key and said signed data to said user.
  - 37. The server of claim 35 further comprising means for deleting said first and second private keys.
  - 38. The server of claim 35, further comprising the step of archiving the first public key.

39. A method for digitally signing data received from a customer comprising the steps of:
- creating a first public key during a first time interval and a second public key during a second time interval;
  
  signing said second public key with a first private key created during said first time interval;
  
  receiving a request to certify data from a user;
  
  determining if the request to certify data was received from the user within the second time interval;
  
  if the request was to certify data was received from the user within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval; and
  
  returning said second public key and said signature to said user.
- View Dependent Claims (40, 41)
- - 40. The method of claim 39 further comprising the step of deleting said first and second private keys.
  - 41. The method of claim 39, further comprising the step of archiving the first and second public keys.

42. A computer readable medium having stored instructions for causing a central processing unit to execute the following method:
- creating a first public key during a first time interval and a second public key and second private key during a second time interval, signing said second public key with a first private key created during said first time interval;
  
  receiving a request to certify data from a user;
  
  determining if the request to certify data was received within the second time interval;
  
  if the request was to certify data was received within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval; and
  
  returning said second public key and said signature to said customer.

43. A method for authenticating data comprising the steps of:
- accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
  
  determining if a request to certify data was received within the second time interval;
  
  if the request was to certify data was received within the second time interval, receiving a certificate, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
  
  authenticating said second public key using said first public key; and
  
  authenticating said signature using said second public key.

44. A computer readable medium having stored instructions for causing a central processing unit to execute the following method:
- accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
  
  determining if the request to certify data was received within the second time interval;
  
  if the request was to certify data was received within the second time interval, receiving a certificate, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
  
  authenticating said second public key using said first public key; and
  
  authenticating said signature using said second public key.

45. A method for certifying data comprising the steps of:
- creating a first public key during a first time interval and a second public key during a second time interval;
  
  signing said second public key with a first private key created during said first time interval;
  
  receiving a request from a customer to certify data;
  
  determining if the request from the customer to certify data was received within the second time interval;
  
  if the request was to certify data was received within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval;
  
  returning said second public key and said signature to said customer in a certificate;
  
  storing in an archive said first public and said second public key;
  
  authenticating said second public key using said first public key; and
  
  authenticating said signature using said second public key.

46. A computer readable medium having stored instructions for causing a central processing unit to execute the following method:
- creating a first public key during a first time interval and a second public key during a second time interval;
  
  signing said second public key with a first private key created during said first time interval;
  
  receiving a request from a customer to certify data;
  
  determining if the request from the customer to certify data was received within the second time interval;
  
  if the request was to certify data was received within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval;
  
  returning said second public key and said signature to said customer in a certificate;
  
  storing in an archive said first public and said second public key;
  
  authenticating said second public key using said first public key; and
  
  authenticating said signature using said second public key.

47. A system for digitally signing and authenticating data comprising:
- means for creating a first public key during a first time interval and a second public key during a second time interval;
  
  means for signing said second public key with a first private key created during said first time interval;
  
  means for receiving a request from a customer to certify data, means for determining if the request to certify data was received within the second time interval;
  
  means for creating a signature using a second private key and said data, said second private key created during said second time interval if the request was to certify data was received within the second time interval;
  
  means for returning said second public key and said signature to said customer in a certificate;
  
  means for storing in an archive said first public and said second public key;
  
  means for authenticating said second public key using said first public key; and
  
  means for authenticating said signature using said second public key.

48. A computer program for digitally signing data comprising, in combination:
- first code for creating a first public key during a first time interval and a second public key during a second time interval;
  
  second code for signing said second public key with a first private key created during said first time interval;
  
  third code for receiving a request to certify data from a customer;
  
  fourth code for determining if the request from the customer to certify data was received within the second time interval;
  
  fifth code for creating a signature using a second private key and said data, said second private key created during said second time interval if the request was to certify data was received within the second time interval;
  
  sixth code for returning said second public key and said signature to said customer; and
  
  a computer-readable storage medium that stores said first, second, third, fourth, and fifth, and sixth codes.

49. A computer program for performing authentication comprising, in combination:
- first code for accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
  
  second code for determining if a request to certify data was received within the second time interval;
  
  third code for receiving a certificate if the request from to certify data was received within the second time interval, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
  
  fourth code for authenticating said second public key using said first public key;
  
  fifth code for authenticating said signature using said second public key; and
  
  a computer-readable storage medium that stores said first, second, third, fourth and fifth codes.

50. A computer program for digitally signing and authenticating data comprising, in combination:
- first code for creating a first public key during a first time interval and a second public key during a second time interval;
  
  second code for signing said second public key with a first private key created during said first time interval;
  
  third code for receiving a request from a customer to certify data from a customer;
  
  fourth code for determining if the request from the customer to certify data was received within the second time interval;
  
  fifth code for creating a signature using a second private key and said data, said second private key created during said second time interval if the request from the customer to certify data was received within the second time interval;
  
  sixth code for returning said second public key and said signature to said customer in a certificate;
  
  seventh code for storing in an archive said first public and said second public key;
  
  eighth code for authenticating said second public key using said first public key;
  
  ninth code for authenticating said signature using said second public key; and
  
  a computer-readable storage medium that stores said first, second, third, fourth, fifth, sixth, seventh, eighth, and ninth codes.

51. A machine having a memory that contains data representing public and private keys, said public and private keys generated by the following method:
- generating a key pair at a first time interval, the key pair including a private key and a public key;
  
  determining if the certification request was received within the first time interval;
  
  if the certification request was received within the first time interval, automatically responding to a certification request from a customer by digitally signing data associated with said certification request using said private key; and
  
  deleting said private key.

52. A machine having a memory that contains data representing public and private keys, said public and private keys generated by the following method:
- generating a first key pair at a first time interval, said first key pair including a first public key and a first private key;
  
  generating a second key pair at a second time interval, said second key pair including a second public key;
  
  signing said second public key using said first private key;
  
  determining if a certification request from a customer was received within the second time interval;
  
  if the certification request from the customer was received within the second time interval, processing the certification request from the customer during said second time interval using said second private key; and
  
  deleting said first and second private keys.

53. A machine having a memory that contains data representing certificates, said certificates generated for a customer by the following method:
- creating a first public key during a first time interval and a second public key during a second time interval;
  
  signing said second public key with a first private key created during said first time interval;
  
  determining if a certification request was received from a customer within the second time interval;
  
  if the certification request was received from a customer within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval; and
  
  returning said second public key and said signature in a certificate to said customer.

54. A machine having a memory that contains data representing certificates, said certificates being authenticated by the following method:
- accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
  
  determining if a certification request was received within the second time interval;
  
  if the certification request was received within the first time interval, receiving a certificate, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
  
  authenticating said second public key using said first public key; and
  
  authenticating said signature using said second public key.

55. A propagated signal comprising:
- a first component representing a public key, said public key signed by a private key, said private key created in a first time interval, said public key created in a second time interval, said first time interval distinct from said first time interval;
  
  a second component representing a digital signature, said signature created during said second time interval if it is determined the certification request was received within the second time interval; and
  
  wherein said signature is created using a second private key, said second private key created during said second time interval.

56. A user interface located at a user device allowing a user to receive a certificate comprising:
- an input mechanism for receiving a certificate, said input mechanism accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval, said certificate containing a signature if it is determined the certification request was received within the second time interval, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
  
  authentication means for authenticating said second public key and said signature; and
  
  an output mechanism for showing the results of authenticating said second public key using said first public key and the results of authenticating said signature using said second public key to said user.

57. A method for facilitating the sale of certified data to a customer comprising the steps of:
- creating a first public key during a first time interval and a second public key during a second time interval;
  
  signing said second public key with a first private key created during said first time interval;
  
  receiving a request to certify data from said customer;
  
  determining if request to certify data from said customer was received within the second time interval;
  
  if the request to certify data from said customer was received within the second time interval, creating a signature using a second private key and said data, said second private key created during said second time interval;
  
  returning said second public key and said signature to said customer in a certificate; and
  
  charging said customer a fee.

58. A method for facilitating the sale of the authentication of data by a customer comprising the steps of:
- accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
  
  determining if a certification request was received from a customer within the second time interval;
  
  if the certification request was received from a customer within the first time interval, receiving a certificate, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
  
  authenticating said second public key using said first public key;
  
  authenticating said signature using said second public key; and
  
  charging said customer a fee.

59. A customer device for authenticating data comprising:
- means for accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
  
  determination means for determining if a certification request was received within the second time interval;
  
  reception means for receiving a certificate if the certification request was received within the second time interval, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
  
  means for authenticating said second public key using said first public key; and
  
  means for authenticating said signature using said second public key.

60. A method for a customer to certify data comprising the steps of:
- generating a request to certify data;
  
  sending said request to a server;
  
  accessing an archive, said archive including a first public key created during a first time interval and a second public key created during a second time interval, wherein said second public key is signed with a first private key created during said first time interval;
  
  determining if a certification request was received within the second time interval;
  
  if the certification request was received within the second time interval, receiving a certificate, in response to said request, said certificate containing a signature, said signature created using a second private key, said second private key created during said second time interval, said certificate further containing said second public key;
  
  authenticating said second public key using said first public key; and
  
  authenticating said signature using said second public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Michael D. Doyle
Original Assignee
Proofspace Incorporated
Inventors
Doyle, Michael D.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/158,592
Time in Patent Office

1,316 Days
Field of Search

713/156, 713/158, 713/161, 713/168, 713/169, 713/171, 713/175, 713/176, 713/178, 713/180
US Class Current

713/156
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06F 2211/004   Notarisation, Time-Stamp, D...

G06F 2221/2151   Time stamp

H04L 9/3263   involving certificates, e.g...

H04L 9/3297   involving time stamps, e.g....

Method and system for transient key digital time stamps

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

60 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for transient key digital time stamps

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

60 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links