Method and apparatus for self-authenticating digital records

US 8,032,744 B2
Filed: 03/20/2006
Issued: 10/04/2011
Est. Priority Date: 05/16/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for generating a self-authenticating digital document comprising:

receiving or generating a digital document at a computing device;

generating a digital signature using the computing device, wherein the digital signature is generated from signature data and wherein the signature data comprises the digital document;

receiving at the computing device certificate chain data, where certificate chain data is a subset of a chain of m+1 digital certificates issued by m certification authorities, wherein m≧

1, wherein the chain comprises a self-signed 1^st(root) level certificate, k intermediate level certificates, and an (m+1)^th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<

j≦

m+1, a j^thlevel certificate is signed by a digital certificate key corresponding to the (j−

1)^thcertificate in the chain;

receiving at the computing device certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and

generating digital timestamp data using the computing device, wherein the digital timestamp data is generated by applying at least one secure digital timestamp to a record comprising the digital document, the digital signature, the chain data, and the revocation information, and wherein the at least one secure digital timestamp comprises a digital representation of the record cryptographically bound to a digital representation of a current time.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for proving the validity of a digital document digitally signed using a digital key that corresponds to a digital certificate in a chain of digital certificates issued by certification authorities within a hierarchy of certification authorities. At least one secure digital time stamp is applied to at least one record comprising the digital document, the digital signature, certificate chain data, and information relating to the revocation of certificates by certification authorities within the certificate chain. If, at some later time, one or more digital certificates either expire or are revoked, the timestamp serves as evidence of the integrity of the signed digital document.

Citations

21 Claims

1. A method for generating a self-authenticating digital document comprising:
- receiving or generating a digital document at a computing device;
  
  generating a digital signature using the computing device, wherein the digital signature is generated from signature data and wherein the signature data comprises the digital document;
  
  receiving at the computing device certificate chain data, where certificate chain data is a subset of a chain of m+1 digital certificates issued by m certification authorities, wherein m≧
  
  1, wherein the chain comprises a self-signed 1^st(root) level certificate, k intermediate level certificates, and an (m+1)^th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
  
  j≦
  
  m+1, a j^thlevel certificate is signed by a digital certificate key corresponding to the (j−
  
  1)^thcertificate in the chain;
  
  receiving at the computing device certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and
  
  generating digital timestamp data using the computing device, wherein the digital timestamp data is generated by applying at least one secure digital timestamp to a record comprising the digital document, the digital signature, the chain data, and the revocation information, and wherein the at least one secure digital timestamp comprises a digital representation of the record cryptographically bound to a digital representation of a current time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the signature data further comprises at least one of the certificate chain data and the certificate revocation information.
  - 3. The method of claim 1, wherein applying at least one secure digital timestamp to a record comprises applying a first secure digital timestamp to a first record using a computing device, wherein the first record comprises the digital document and the digital signature, and applying a second digital timestamp to a second record, wherein the second record comprises the chain data and the revocation information.
  - 4. The method of claim 1, wherein the record is formatted as one in a group consisting of a compressed archive, a portable document format file, and a multipart encoded file.
  - 5. The method of claim 3 wherein the second record is formatted as one in a group consisting of a compressed archive, a portable document format file, and a multipart encoded file.
  - 6. The method of claim 1, wherein the certificate revocation information includes at least one certificate revocation list identifying digital certificates revoked by one of the m certification authorities.
  - 7. The method of claim 6, wherein the certificate revocation list comprises a CRLDP.
  - 8. The method of claim 1, wherein the certificate revocation information includes at least one OCSP response for one of the m+1 digital certificates.
  - 9. The method of claim 1, wherein at least one digital certificate, corresponding to one of the m certification authorities, is obtained pursuant to at least one of an X. 500 directory query, an LDAP query, a certification management protocol query, and an electronic mail transfer.
  - 10. The method of claim 1, wherein chain data comprises all m+1 certificates in the certificate chain.

11. A method of verifying a self-authenticating digital document at a point in time comprising:
- receiving a self-authenticating digital document at a device, wherein the self-authenticating digital document comprises;
  
  a digital document;
  
  a digital signature, wherein the digital signature was generated from signature data, wherein the signature data comprises the digital document;
  
  chain data, where chain data is a subset of a chain of m digital certificates issued by m+1 certification authorities, wherein m≧
  
  1, wherein the chain comprises a self-signed 1^st(root) level certificate, k intermediate level certificates, and an (m+1)^th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
  
  j≦
  
  m+1, a j^thlevel certificate is signed by the digital certificate key corresponding to a (j−
  
  1)^thcertificate in the chain; and
  
  certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities; and
  
  digital timestamp data, wherein timestamp data is generated by applying at least one secure digital timestamp to a record comprising the document, the digital signature, the chain data, and the revocation information and wherein the at least one secure digital time stamp comprises a digital representation of the record cryptographically bound to a digital representation of a current time;
  
  validating by the device the digital signature;
  
  validating by the device the certificate chain data;
  
  validating by the device that at the time the digital signature was generated, a digital certificate in the chain data had not expired or been revoked; and
  
  validating by the device the timestamp data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the signature data further comprises at least one of the certificate chain data and the certificate revocation information.
  - 13. The method document of claim 11, wherein applying at least one secure digital timestamp to a record comprises applying a first secure digital timestamp to a first record, wherein the first record comprises the digital document and the digital signature, and applying a second digital timestamp to a second record, wherein the second record comprises the chain data, and the revocation information.
  - 14. The method of claim 11, wherein the record is formatted as one in a group consisting of a compressed archive, a portable document format file, and a multipart encoded file.
  - 15. The method of claim 13 wherein the second record is formatted as one in a group consisting of a compressed archive, a portable document format file, and a multipart encoded file.
  - 16. The method of claim 11, wherein the certificate revocation information includes at least one certificate revocation list identifying digital certificates revoked by one of the m certification authorities.
  - 17. The method of claim 16, wherein the certificate revocation list comprises a CRLDP.
  - 18. The method of claim 11, wherein the certificate revocation information includes at least one OCSP response for one of the m+1 digital certificates.
  - 19. The method of claim 11, wherein at least one digital certificate, corresponding to one of the m certification authorities, is obtained pursuant to at least one of an X. 500 directory query, an LDAP query, a certification management protocol query, and an electronic mail transfer.
  - 20. The method of claim 11, wherein the chain data comprises all m+1 certificates in the certificate chain.

21. A method for generating a self-authenticating digital document for distribution to others comprising:
- receiving or generating at a first computing device a digital document and a digital signature, wherein the digital signature is generated from signature data and wherein the signature data comprises the digital document;
  
  receiving at the first computing device certificate chain data, where certificate chain data is a subset of a chain of m+1 digital certificates issued by m certification authorities, wherein m≧
  
  1, wherein the chain comprises a self-signed 1^st(root) level certificate, k intermediate level certificates, and an (m+1)^th-level certificate that corresponds to the digital key used to generate the digital signature, and wherein for 1<
  
  j≦
  
  m+1, a j^thlevel certificate is signed by a digital certificate key corresponding to the (j−
  
  1)^thcertificate in the chain;
  
  receiving at the first computing device certificate revocation information corresponding to the m certification authorities wherein the certificate revocation information identifies digital certificates that have been revoked by the m certification authorities;
  
  generating digital timestamp data using the first -computing device, wherein the digital timestamp data is generated by applying at least one secure digital timestamp to a record comprising the digital document, the digital signature, the chain data, and the revocation information, and wherein the at least one secure digital timestamp comprises a digital representation of the record cryptographically bound to a digital representation of a current time; and
  
  distributing the record and the digital timestamp to a second computing device for verification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Addison M. Fischer
Original Assignee
Addison M. Fischer
Inventors
Wettlaufer, Albert J., Lewis, Rone H., Doonan, Wesley
Primary Examiner(s)
Shiferaw; Eleni
Assistant Examiner(s)
FIELDS, COURTNEY D

Application Number

US11/384,671
Publication Number

US 20060200661A1
Time in Patent Office

2,024 Days
Field of Search

713/156, 713/157, 713/158, 713/159, 380/286, 380/30, 705/44, 709/226
US Class Current

713/156
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06F 2221/2151   Time stamp

G06Q 20/40   Authorisation, e.g. identif...

H04L 2209/60   Digital content management,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3297   involving time stamps, e.g....

Method and apparatus for self-authenticating digital records

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for self-authenticating digital records

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links