Method and apparatus for self-authenticating digital records

US 7,047,404 B1
Filed: 05/16/2000
Issued: 05/16/2006
Est. Priority Date: 05/16/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of authenticating a first document, the method comprising:

a step of digitally signing the first document using a first digital certificate provided by a first certification authority to produce a first digital signature;

a step of obtaining a second digital certificate issued by a second certification authority to the first certification authority, wherein the second digital certificate was used to issue the first digital certificate;

a step of obtaining first and second certificate revocation information identifying digital certificates which have been revoked by said first and second certification authorities, respectively; and

a step of requesting that at least one secure digital timestamp be applied to the digitally signed first document, the first and second digital certificates, and the first and second certificate revocation information, to thereby establish a point in a time when the first digital signature was valid.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for proving the validity of a record digitally signed by a user having a digital certificate issued by a certification authority within a hierarchy of certification authorities. The user signs the record, and obtains the digital certificates and certificate revocation information for all the certification authorities in the chain of the hierarchy extending from the user to the root certification authority. A timestamp is applied to the record, the digital certificates and the certificate revocation information to establish a point in time in which all items were created, current and valid. If, at some later point, one or more of the digital certificates either expire or are revoked, the timestamp serves as evidence of the integrity of the signed record.

97 Citations

View as Search Results

29 Claims

1. A method of authenticating a first document, the method comprising:
- a step of digitally signing the first document using a first digital certificate provided by a first certification authority to produce a first digital signature;
  
  a step of obtaining a second digital certificate issued by a second certification authority to the first certification authority, wherein the second digital certificate was used to issue the first digital certificate;
  
  a step of obtaining first and second certificate revocation information identifying digital certificates which have been revoked by said first and second certification authorities, respectively; and
  
  a step of requesting that at least one secure digital timestamp be applied to the digitally signed first document, the first and second digital certificates, and the first and second certificate revocation information, to thereby establish a point in a time when the first digital signature was valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, comprising:
    - a step of creating a second document comprising the digitally signed first document, the first and second digital certificates, andthe first and second certificate revocation information; and
      
      a step of requesting that a secure digital timestamp be applied to the second document.
  - 3. The method of claim 1 comprising:
    - a step of requesting that a first secure digital timestamp be applied to the digitally signed first document; and
      
      a step of creating a second document comprising the first and second digital certificates, and the first and second certificate revocation information; and
      
      a step of requesting that a second secure digital timestamp be applied to the second document.
  - 4. The method of claim 2 or claim 3 wherein the second document is formatted as one in a group consisting of a compressed archive, a portable document format file, and a Multipart MIME encoded file.
  - 5. The method of claim 1, wherein the second certification authority is a root certification authority within a hierarchy of certification authorities.
  - 6. The method of claim 1, wherein the certificate revocation information comprises a first certificate revocation list identifying digital certificates revoked by the first certification authority and a second certificate revocation list identifying digital certificates revoked by the second certification authority.
  - 7. The method of claim 6, wherein the first and second certificate revocation lists each comprise a CRLDP.
  - 8. The method of claim 1, wherein the certificate revocation information comprises at least one OCSP response per digital certificate.
  - 9. The method of claim 1, wherein the second digital certificate and the second certification information are obtained pursuant to at least one of an X.500 directory query, an LDAP query, a CMP query, and an electronic mail transfer.
  - 10. The method of claim 9, wherein the second digital certificate and the second certification information are obtained pursuant to a transfer of information over the internet.
  - 11. The method of claim 1, further comprising:
    - a step of obtaining a third digital certificate issued by a third certification authority to the second certification authority; and
      
      a step of obtaining third certificate revocation information identifying digital certificates which have been revoked by the third certification authority; and
      
      whereinthe step of requesting requests that said at least one secure digital timestamp be applied to the digitally signed first document, the first, second and third digital certificates, and the first, second and third certificate revocation information.
  - 12. The method of claim 11, wherein the third certification authority is a root certification authority in a hierarchy of certification authorities.
  - 13. The method of claim 11, wherein the certificate revocation information comprises a first certificate revocation list identifying digital certificates revoked by the first certification authority, a second certificate revocation list identifying digital certificates revoked by the second certification authority, and a third certificate revocation list identifying digital certificates revoked by the third certification authority.
  - 14. The method of claim 11, comprising obtaining the certificate revocation information after digitally signing the first document so that the certificate revocation information can be validated as of the time the first digital signature was created.
  - 15. The method of claim 14, wherein the certificate revocation information comprises a first certificate revocation list identifying digital certificates revoked by the first certification authority, a second certificate revocation list identifying digital certificates revoked by the second certification authority, and a third certificate revocation list identifying digital certificates revoked by the third certification authority.
  - 16. The method of claim 15, wherein the third certification authority is a root certification authority in a hierarchy of certification authorities.
  - 17. The method of claim 11, further comprising:
    - obtaining a fourth digital certificate issued by a fourth certification authority to the third certification authority; and
      
      obtaining fourth certificate revocation information identifying digital certificates which have been revoked by the fourth certification authority; and
      
      whereinthe step of requesting requests that said at least one secure digital timestamp be applied to the digitally signed first document, the first, second, third and fourth digital certificates, and the first, second, third and fourth certificate revocation information.
  - 18. A method according to claim 17, wherein the fourth certification authority is a root certification authority in a hierarchy of certification authorities.

19. A method for a user to authenticate a first document in a hierarchy of certification authorities including a chain of certification authorities having at least an integer number N levels, N≧
- 2, the chain including a first level certification authority having an associated self-signed root certificate and an N-th level certification authority, wherein the k^thcertification authority is issued a k^th-level digital certificate by the certification authority in the k-1^thlevel, for k;
  
  2≧
  
  k≧
  
  N, and wherein an m^thlevel certification authority, for some m;
  
  2≧
  
  m≧
  
  N, issues a user'"'"'s digital certificate to the user, the method comprising;
  
  a step of digitally signing the first document using the user'"'"'s digital certificate to produce a first digital signature;
  
  a step of obtaining a certificate chain corresponding to the user'"'"'s digital certificate, the certificate chain comprising a total of m digital certificates, one from each of the m certification authorities in the certificate chain;
  
  a step of obtaining certificate revocation information corresponding to the m certification authorities, the certificate revocation information identifying digital certificates which have been revoked by the m certification authorities; and
  
  a step of requesting that at least one secure digital timestamp be applied to the digitally signed first document, the user'"'"'s digital certificate, the certificate chain and the certificate revocation information.
- View Dependent Claims (20, 21)
- - 20. The method of claim 19, comprising:
    - a step of creating a second document comprising the digitally signed first document, the user'"'"'s digital certificate, the certificate chain and the certificate revocation information; and
      
      a step of requesting that a secure digital timestamp be applied to the second document.
  - 21. The method of claim 19, comprising:
    - a step of requesting that a first secure digital timestamp be applied to the digitally signed first document;
      
      a step of creating a second document comprising the user'"'"'s digital certificate, the certificate chain and the certificate revocation information; and
      
      a step of requesting that a secure digital timestamp be applied to the second document.

22. A method of authenticating a first document, the method comprising:
- a step of digitally signing the first document to thereby create a digital signature; and
  
  a step of requesting that at least one secure digital timestamp be applied to the digitally signed first document and also to validation information which attests to the validity of the digital signature.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The method of claim 22, further comprising:
    - a step of creating a second document comprising the digitally signed first document and the validation information, anda step of requesting that the secure digital timestamp be applied to the second document.
  - 24. The method of claim 22, comprising:
    - a step of requesting that a first secure digital timestamp be applied to the digitally signed first document; and
      
      a step of requesting that a second secure digital timestamp be applied to the validation information.
  - 25. The method of claim 22, wherein the validation information includes a self-signed digital certificate issued by a root certification authority.
  - 26. The method of claim 25, wherein the validation information includes all digital certificates and corresponding certificate revocation information in a certification chain within a hierarchy of certification authorities.

27. A system for authenticating a first document comprising:
- a computing device, wherein the computing device is responsive to software instructions;
  
  software instructions adapted to enable the computing device to;
  
  digitally sign a first document to thereby create a first digital signature; and
  
  request that at least one secure digital timestamp be applied to the digitally signed first document and to validation information which attests to the validity of the digital signature.
- View Dependent Claims (28, 29)
- - 28. The system for authenticating a first document according to claim 27, wherein the software instructions are further adapted to enable the computing device to:
    - create a second document comprising the digitally signed first document and the validation information; and
      
      request that a secure digital timestamp be applied to the second document.
  - 29. The system for authenticating a first document according to claim 27, wherein the software instructions are further adapted to:
    - request that a first secure digital timestamp be applied to the digitally signed first document; and
      
      request that a second secure digital timestamp be applied to the validation information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Surety, LLC
Original Assignee
Surety, LLC
Inventors
Wettlaufer, Albert J., Lewis, Rone H., Doonan, Wes, Haber, Stuart A.
Primary Examiner(s)
Smithers, Matthew
Assistant Examiner(s)
FIELDS, COURTNEY D

Application Number

US09/571,859
Time in Patent Office

2,191 Days
Field of Search

713/156, 713/157, 713/158, 713/159, 705/44, 380/30, 709/226
US Class Current

713/156
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06F 2221/2151   Time stamp

G06Q 20/40   Authorisation, e.g. identif...

H04L 2209/60   Digital content management,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3297   involving time stamps, e.g....

Method and apparatus for self-authenticating digital records

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for self-authenticating digital records

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links