Method and apparatus for self-authenticating digital records
First Claim
1. A method of authenticating a first document, the method comprising:
- a step of digitally signing the first document using a first digital certificate provided by a first certification authority to produce a first digital signature;
a step of obtaining a second digital certificate issued by a second certification authority to the first certification authority, wherein the second digital certificate was used to issue the first digital certificate;
a step of obtaining first and second certificate revocation information identifying digital certificates which have been revoked by said first and second certification authorities, respectively; and
a step of requesting that at least one secure digital timestamp be applied to the digitally signed first document, the first and second digital certificates, and the first and second certificate revocation information, to thereby establish a point in a time when the first digital signature was valid.
11 Assignments
0 Petitions
Accused Products
Abstract
A method for proving the validity of a record digitally signed by a user having a digital certificate issued by a certification authority within a hierarchy of certification authorities. The user signs the record, and obtains the digital certificates and certificate revocation information for all the certification authorities in the chain of the hierarchy extending from the user to the root certification authority. A timestamp is applied to the record, the digital certificates and the certificate revocation information to establish a point in time in which all items were created, current and valid. If, at some later point, one or more of the digital certificates either expire or are revoked, the timestamp serves as evidence of the integrity of the signed record.
97 Citations
29 Claims
-
1. A method of authenticating a first document, the method comprising:
-
a step of digitally signing the first document using a first digital certificate provided by a first certification authority to produce a first digital signature; a step of obtaining a second digital certificate issued by a second certification authority to the first certification authority, wherein the second digital certificate was used to issue the first digital certificate;
a step of obtaining first and second certificate revocation information identifying digital certificates which have been revoked by said first and second certification authorities, respectively; anda step of requesting that at least one secure digital timestamp be applied to the digitally signed first document, the first and second digital certificates, and the first and second certificate revocation information, to thereby establish a point in a time when the first digital signature was valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for a user to authenticate a first document in a hierarchy of certification authorities including a chain of certification authorities having at least an integer number N levels, N≧
- 2, the chain including a first level certification authority having an associated self-signed root certificate and an N-th level certification authority, wherein the kth certification authority is issued a kth-level digital certificate by the certification authority in the k-1th level, for k;
2≧
k≧
N, and wherein an mth level certification authority, for some m;
2≧
m≧
N, issues a user'"'"'s digital certificate to the user, the method comprising;a step of digitally signing the first document using the user'"'"'s digital certificate to produce a first digital signature; a step of obtaining a certificate chain corresponding to the user'"'"'s digital certificate, the certificate chain comprising a total of m digital certificates, one from each of the m certification authorities in the certificate chain; a step of obtaining certificate revocation information corresponding to the m certification authorities, the certificate revocation information identifying digital certificates which have been revoked by the m certification authorities; and a step of requesting that at least one secure digital timestamp be applied to the digitally signed first document, the user'"'"'s digital certificate, the certificate chain and the certificate revocation information. - View Dependent Claims (20, 21)
- 2, the chain including a first level certification authority having an associated self-signed root certificate and an N-th level certification authority, wherein the kth certification authority is issued a kth-level digital certificate by the certification authority in the k-1th level, for k;
-
22. A method of authenticating a first document, the method comprising:
-
a step of digitally signing the first document to thereby create a digital signature; and a step of requesting that at least one secure digital timestamp be applied to the digitally signed first document and also to validation information which attests to the validity of the digital signature. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A system for authenticating a first document comprising:
-
a computing device, wherein the computing device is responsive to software instructions;
software instructions adapted to enable the computing device to;digitally sign a first document to thereby create a first digital signature; and request that at least one secure digital timestamp be applied to the digitally signed first document and to validation information which attests to the validity of the digital signature. - View Dependent Claims (28, 29)
-
Specification