Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-05-04
2001-05-22
Swann, Todd (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S176000, C705S051000
Reexamination Certificate
active
06237096
ABSTRACT:
BACKGROUND
Applicant's invention relates to systems and methods for providing a verifiable chain of evidence and security for the transfer and retrieval of documents in digital formats.
Paper documents are the traditional evidence of the communications and agreements between parties in commercial and other transactions. Financial and real-estate transactions are protected by paper-based controls. Signatures and safety paper (such as pre-printed checks) facilitate detection of unauthorized alterations of the information of commercial transactions. Important documents may also be provided with “third man” controls, by the witnessing of signatures and by the seal and acknowledgment of a Notary Public.
The methods of commerce, however, have changed dramatically and continue to evolve. This is most evident in the replacement of paper-based communications with electronic communications. The “due care” controls used with paper-based communications do not exist in routine electronic transactions. Standard electronic communication over open systems does not have the same ability to provide authentication, privacy, and integrity of the communicated information. By “authentication” is meant verification of the identity of the signatory of a document; by “privacy” is meant protection of the information in a document from unauthorized disclosure; and by “integrity” is meant the ability to detect any alteration of the contents of a document.
When communication is by electronically reproduced messages such as e-mail, facsimile machine, imaging, electronic data interchange or electronic fund transfer, there no longer exists a signature or seal to authenticate the identity of the transferor. The traditional legally accepted methods of verifying the identity of a document's originator, such as physical presence or appearance, an ink signature, personal witness or Notary Public acknowledgment, are not possible.
The continued evolution of computer and telecommunications technology has regretfully been accompanied by the invention of more sophisticated ways to intercept and alter information electronically transmitted, including the widespread phenomenon of remote intrusion of computer systems through telecommunication links.
Some approaches to providing secure electronic commerce technology by applying cryptography give the user a verification mechanism for the authenticity or privacy of the transmission that is controlled by the user and does not include the element of non-repudiation. In some cases the use of encryption for privacy could aid in the detection of document alterations, advancing the goal of integrity. This is not generally the case, however, and additional mechanisms may be required for providing integrity. At present, no distributed electronic document authentication system exists that can provide authentication, as with written or printed instruments, in a manner that cannot be repudiated. No commercial system provides electronic document verification based on a digital signature that cannot be repudiated, although some attempts have been described. See, e.g., D. Chaum, “Achieving Electronic Privacy”,
Scientific American
, vol. 247, no. 8, pp. 96-101 (August 1992); C. R. Merrill, “Cryptography for Commerce—Beyond Clipper”,
The Data Law Report
, vol. 2, no. 2, pp. 1, 4-11 (September 1994). Since DES, no governmental organization or other standards-setting body has been willing or able to set standards (i.e., as to cryptographic strength, process, etc.) acceptable for general commercial use. The techniques described in this application are synergistic and of sufficient assurance to be on par with the security needed to support a typical business transaction.
Applicant's document authentication system (DAS) provides the needed security and protection of electronic transmissions, such as electronic documents. Most important to commercial and financial institutions, Applicant's DAS assumes the risk and responsibility of a document's authenticity. Applicant's DAS utilizes an asymmetric cryptosystem, known as a public-key system, to help ensure that the party originating a document is electronically identifiable as such when a DAS digital signature is applied.
Various aspects of public-key cryptographic (PKC) systems are described in the literature, including R. L. Rivest et al., “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,”
Communications of the ACM
vol. 21, pp. 120-126 (February 1978); M. E. Hellman, “The Mathematics of Public-Key Cryptography”,
Scientific American
, vol. 234, no. 8, pp. 146-152, 154-157 (August 1979); and W. Diffie, “The First Ten Years of Public-Key Cryptography”,
Proceedings of the IEEE
, vol. 76, pp. 560-577 (May 1988). Popular PKC systems make use of the fact that finding large prime numbers is computationally easy but factoring the products of two large prime numbers is computationally difficult. A PKC system is an asymmetric encryption system, meaning that it employs two keys, one for encryption and one for decryption. Asymmetric systems adhere to the principle that knowledge of one key (the public key) does not permit derivation of the second key (the private key). Thus, PKC permits the user's public key to be posted (e.g., in a directory or on a bulletin board), without compromising his/her private key. This public key concept simplifies the key distribution process. Example PKC algorithms are the digital signature algorithm and secure hash algorithm (DSA/SHA) and RSA/MD5.
Besides the PKC method, another encryption method is the symmetric algorithm. An example of this is the Data Encryption Standard (DES), which is described in
Data Encryption Standard
, Federal Information Processing Standards Publication 46 (1977) (“FIPS PUB 46”, republished as FIPS PUB 46-1 (1988)) and
DES Modes of Operation
, FIPS PUB 81 (1980) that are available from the U.S. Department of Commerce. In general, a symmetric cryptographic system is a set of instructions, implemented in either hardware, software or both that can convert plaintext (the unencrypted information) to ciphertext, or vice versa, in a variety of ways, using a specific key that is known to the users but is kept secret from others.
For either a symmetric or PKC system, the security of a message is dependent to a great extent on the length of the key, as described in C. E. Shannon, “Communication Theory of Secrecy Systems”,
Bell Sys. Tech. J. vol.
28, pp. 656-715 (October 1949).
SUMMARY
These and other objects and advantages are provided by the DAS which comprises the means to identify the originator of the electronic document, to provide irrevocable proof of the integrity of an electronic document and the means to prevent the originator of the document from denying the document's originator, i.e., non-repudiation.
In one aspect of Applicants' invention, a method of executing a transaction by transferring authenticated information objects having respective verifiable evidence trails includes the step of retrieving, by a first party from a trusted repository, an authenticated information object. The authenticated information object includes a first digital signature of the first party, a first certificate relating at least an identity and a cryptographic key to the first party, date and time stamps and a certificate applied by the trusted repository, and a digital signature of the trusted repository. The first digital signature and first certificate have been validated by the trusted repository. The certificate relates at least an identity and a cryptographic key to the trusted repository, and the authenticated information object has been stored under the control of the trusted repository.
The method further includes the steps of attaching instructions to the retrieved authenticated object; transmitting the retrieved authenticated object and the attached instructions to a second party; receiving, by the second party, the transmitted retrieved authenticated object and attached instructions; presenting, by the second party to the trusted
Bisbee Stephen F.
Moskowitz Jack J.
Trotter Douglas H.
White Michael W.
Burns Doane , Swecker, Mathis LLP
eOriginal Inc.
Meislahn Douglas
Swann Todd
LandOfFree
System and method for electronic transmission storage and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for electronic transmission storage and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for electronic transmission storage and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2491623