Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
2000-08-28
2003-03-18
Darrow, Justin T. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S170000, C713S175000, C713S176000, C713S185000, C713S186000
Reexamination Certificate
active
06535978
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to the field of authentication of electronic documents, and more particularly to a non-reputable digital signature that allows authentication of the identity of the sender of a message by comparison with the sender's unique biological indicia.
BACKGROUND
Electronic commerce is rapidly becoming a ubiquitous means of conducting business. The growing popularity of the Internet and World Wide Web has opened new avenues for the conduct of business. Execution of complicated business transactions electronically present a number legal and financial problems.
Security of electronic transactions is an area of concern because messages transmitted across public networks can be intercepted. A number of encryption methods have been developed which allow a message to be read only by the designated receiver. Using so-called public key encryption, party A sending a message to party B first encrypts the message using B's public key. B's public key can be freely distributed to anyone B wishes to communicate with. Only B's private key can decrypt the message. B keeps his private key secret and uses it to decode the message. If the message is intercepted it cannot be decoded without B's private key.
The identity of a party transmitting a message executing an electronic transaction is also of concern, particularly where one of the parties is obliged to perform in the future or is subject to some future liability. In such transactions it is necessary that the parties not be able to repudiate the agreement. Also, the identity of the parties must be clearly established so that each can be assured that the other party is in fact the person it represents to be, and is able to perform. Further, the identity of the parties may need to be established with a high degree of certainty to support a legal claim, should one of the parties later attempt to avoid or repudiate the transaction.
Digital signatures have been developed to provide a means for identifying a party transmitting an electronic message. One method for creating digital signatures is to generate public and private key pairs for each of a group of parties that may wish to exchange digitally signed documents. Each of the parties stores its public decrypting keys in a registry along with identifying information, such as the key owner's name and e-mail address. The key owners each keep their private encrypting keys secret.
To create a digital signature a party encrypts a message with his private encrypting key that includes the same identifying information that is stored in the registry. The party receiving the encrypted message goes to the registry and retrieves the sending party's public decrypting key and identifying information. The receiving party decrypts the message using the decrypting key from the registry and extracts the identifying information. If the identifying information found in the message matches the information stored in the registry then the receiving party concludes that the message is genuine. Further, there is some assurance that the sending party will not deny that he sent the message since only the sending party's private encrypting key can create a message that the sending party's public decrypting key can decode. A discussion of known digital signature techniques may be found, for example, in Meyer, Carl H. and Matyas, Stephen M.,
Cryptography,
chapter 9, pp. 386-427, John Wiley & Sons, 1982.
Known digital signature techniques suffer from certain problems. A third party may intercept a signed message and use the signed message to spoof another party. By retransmitting the signed message, the interceptor may be able to convince a recipient that he is the true sender. This is the so-called “man-in-the-middle” attack.
In addition, known digital signatures are subject to repudiation. A party may no longer wish to be bound by a disadvantageous agreement or may be subject to criminal or civil liability if he made the agreement. That party may simply deny sending a particular message. The party may claim that he did not intend to execute a transaction with a particular party but was instead the victim of a man-in-the-middle attack.
With known digital signature techniques, the only information connecting the sender with the message is the database entry in the registry containing his public decrypting key and the identifying information. Thus, the sender may repudiate a transaction by claiming that his public decrypting key was registered without his authority.
SUMMARY OF THE INVENTION
The present invention is directed to methods and apparatus for forming a digital certificate that provides positive user authentication and non-repudiation. It is an object of the present invention to provide a digital certificate for authenticating electronically transmitted documents which incorporates a unique characteristic of the sender, such as biological indicia that can only have come from the sender himself.
Another object of the present invention is to provide a digital certificate that allows positive identification of the sender which cannot be repudiated.
Yet another object of the present invention is to provide for encrypting an electronic message using a digital certificate based on biological indicia.
Yet another object of the present invention is to provide a method for positively identifying the sender of an electronic message signed with a biologically-based digital certificate.
Broadly, the present invention is directed to methods and apparatus for creating a digital certificate for use in electronic commerce which is based on biological indicia of the person providing the digital certificate such that the digital certificate provides positive identification of the sender and minimizes the ability of the sender to repudiate the authenticity of the certificate and any transaction embodied in an electronic document appended to the certificate.
According to a first aspect of the present invention there is provided a user terminal, a certificate authority, and a remote registration terminal. A person, hereinafter called a registrant, wishing to obtain a digital certificate enters a data corresponding to a biological or physical characteristic of himself, for example, his chromosomal DNA, into a terminal. Preferably, the data is entered in digital form, but could be entered by optical imaging (e.g. a photograph or a scanned fingerprint, iris, or retina) which is then processed into digital form. The digital representation of the registrant's biological indicia is encrypted using the registrant's private key and sent to the certificate authority along with the registrant's public key. The certificate authority decrypts the digital representation and stores it. The registrant then visits a remote registration terminal in person with the digital representation and other identifying documents. The operator of the remote registration terminal verifies the identity of the registrant from the identifying documents and transmits the digitized representation to the certificate authority. The certificate authority compares the decrypted digital representation with the representation sent from the remote registration terminal. If a match is found, the certificate authority forms a certificate by signing the digital signature using the certificate authority's encrypting key. The certificate is stored in a database and is sent to the registrant. Preferably, the database is public with no restriction as to who may access the stored certificate data. Alternatively, access to the database may be restricted to, for example, employees of a particular corporation or government department, database subscribers, or members of a stock exchange.
According to another aspect of the present invention, the registrant transmits a digital message including the certificate described above. The digital message is then encrypted with the registrant's private encrypting key. The party receiving the encrypted message decrypts the me
Maxwell, III John C.
Padgett Robert D.
Commercial Electronics, LLP
Darrow Justin T.
Orrick Herrington & Sutcliffe
LandOfFree
Digital signature providing non-repudiation based on... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Digital signature providing non-repudiation based on..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Digital signature providing non-repudiation based on... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3038589