Method and apparatus for self-authenticating digital records
First Claim
1. A method for generating a self-authenticating digital document comprising:
- receiving or generating a digital document at a computing device;
generating a digital signature using the computing device, wherein the digital signature is generated from signature data and wherein the signature data comprises the digital document;
receiving at the computing device certificate chain data, where certificate chain data is a subset of a chain of m+1 digital certificates issued by m certification authorities, wherein m≧
1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
j≦
m+1, a jth level certificate is signed by a digital certificate key corresponding to the (j−
1)th certificate in the chain;
receiving at the computing device certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and
generating digital timestamp data using the computing device, wherein the digital timestamp data is generated by applying at least one secure digital timestamp to a record comprising the digital document, the digital signature, the chain data, and the revocation information, and wherein the at least one secure digital timestamp comprises a digital representation of the record cryptographically bound to a digital representation of a current time.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for proving the validity of a digital document digitally signed using a digital key that corresponds to a digital certificate in a chain of digital certificates issued by certification authorities within a hierarchy of certification authorities. At least one secure digital time stamp is applied to at least one record comprising the digital document, the digital signature, certificate chain data, and information relating to the revocation of certificates by certification authorities within the certificate chain. If, at some later time, one or more digital certificates either expire or are revoked, the timestamp serves as evidence of the integrity of the signed digital document.
-
Citations
21 Claims
-
1. A method for generating a self-authenticating digital document comprising:
-
receiving or generating a digital document at a computing device; generating a digital signature using the computing device, wherein the digital signature is generated from signature data and wherein the signature data comprises the digital document; receiving at the computing device certificate chain data, where certificate chain data is a subset of a chain of m+1 digital certificates issued by m certification authorities, wherein m≧
1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
j≦
m+1, a jth level certificate is signed by a digital certificate key corresponding to the (j−
1)th certificate in the chain;receiving at the computing device certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and generating digital timestamp data using the computing device, wherein the digital timestamp data is generated by applying at least one secure digital timestamp to a record comprising the digital document, the digital signature, the chain data, and the revocation information, and wherein the at least one secure digital timestamp comprises a digital representation of the record cryptographically bound to a digital representation of a current time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of verifying a self-authenticating digital document at a point in time comprising:
-
receiving a self-authenticating digital document at a device, wherein the self-authenticating digital document comprises; a digital document; a digital signature, wherein the digital signature was generated from signature data, wherein the signature data comprises the digital document; chain data, where chain data is a subset of a chain of m digital certificates issued by m+1 certification authorities, wherein m≧
1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
j≦
m+1, a jth level certificate is signed by the digital certificate key corresponding to a (j−
1)th certificate in the chain; andcertificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and digital timestamp data, wherein timestamp data is generated by applying at least one secure digital timestamp to a record comprising the document, the digital signature, the chain data, and the revocation information and wherein the at least one secure digital time stamp comprises a digital representation of the record cryptographically bound to a digital representation of a current time; validating by the device the digital signature; validating by the device the certificate chain data; validating by the device that at the time the digital signature was generated, a digital certificate in the chain data had not expired or been revoked; and validating by the device the timestamp data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for generating a self-authenticating digital document for distribution to others comprising:
-
receiving or generating at a first computing device a digital document and a digital signature, wherein the digital signature is generated from signature data and wherein the signature data comprises the digital document; receiving at the first computing device certificate chain data, where certificate chain data is a subset of a chain of m+1 digital certificates issued by m certification authorities, wherein m≧
1, wherein the chain comprises a self-signed 1st (root) level certificate, k intermediate level certificates, and an (m+1)th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
j≦
m+1, a jth level certificate is signed by a digital certificate key corresponding to the (j−
1)th certificate in the chain;receiving at the first computing device certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; generating digital timestamp data using the first -computing device, wherein the digital timestamp data is generated by applying at least one secure digital timestamp to a record comprising the digital document, the digital signature, the chain data, and the revocation information, and wherein the at least one secure digital timestamp comprises a digital representation of the record cryptographically bound to a digital representation of a current time; and distributing the record and the digital timestamp to a second computing device for verification.
-
Specification