Electrical computers and digital processing systems: support – System access control based on user identification by... – Using record or token
Reexamination Certificate
1999-07-21
2003-04-22
Darrow, Justin (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
Using record or token
C713S176000, C713S185000
Reexamination Certificate
active
06553494
ABSTRACT:
BACKGROUND
Paper documents with a penned signature are given much consideration as proof that an individual created, viewed, approved, or agreed to the material contained in the document. Specifically, the act of signing a document binds an individual to the document in some manner. For example, parties signify their agreement to the terms of a contract when the contract is signed. Often, a Notary Public is present in order to guarantee the identity of the individual(s) signing the document. The Notary Public attests to the identity of the signers by applying an unalterable seal to the document. It is desirable to implement a similar process for electronic documents; that is, to perform some processing on an electronic document that binds an individual to a particular document in such a manner that the individual can be identified, the document can be verified, and that it is provable at any later point in time that the individual and document were coupled.
An electronic document may be defined as any arbitrary sequence of digital data which is fixed at some time. In this context, the document could be the results of a word processor (e.g. the text of a legal contract,) a spreadsheet, a database file, a digital image taken by a digital camera, or even source or object computer codes. This could even be a short lived electronic document such as a transaction to/from a web page.
Current digital signature techniques that are used to bind an individual to an electronic document rely on a key or keys presumably known only to the signer or possessed only by the signer (e.g. keys stored on a smart card) of the document. Unfortunately, this approach is not as secure as it may appear, since if the knowledge or possession of the key can be obtained by another individual, either with or without the consent or knowledge of the original individual, then doubt may exist as to the true identity of the signer. So a fundamental problem with acceptance of digital signatures is the fact that someone could compromise their integrity by repudiating their “signature.” For example, a person could sign a document, and then claim that their secret key had been compromised, and thus introduce doubt as to the actual signer of the document. Thus there is a need for a more secure method of performing digital signing. The incorporation of a highly robust biometric solves this problem, since the signing of the document is not performed with something that the individual knows or has, but rather something that the individual “is.” Additionally it would be significantly difficult to almost impossible for someone to duplicate the biometric portion of the signature. Robust biometric techniques such as iris identification, coupled with cryptographic techniques such as digital signatures may be employed to provide a secure solution. Such a system is described herein.
Algorithms such as hash functions have long been used as a means of authenticating that a given electronic document has not been altered. The output of a hash function operating on a block of data, such as an electronic document, is a smaller block of data that is characteristic of the input data such that given the same input data, reapplication of the same hash function will compute the same output. Thus the hash reduces the dimensionality of the original document to one that is smaller but is a function of all the data in the original document. This data block can be thought of as the “digital fingerprint” of the input data. Any change in the input elements will result in a change of the output data block. A checksum is a example of a simple hash function. A good or robust hash algorithm will produce hash values that are very different even if very small changes to the document's contents are made. Robust hash algorithms have the additional property that, given a hash value, it is extraordinarily difficult to create a document or alter an existing one that produces the same hash value as the known one. Thus, an attacker could not feasibly generate a fraudulent document with the same hash value as the original document he or she is trying to replace. In this sense, a checksum is not considered to be a good hash function, whereas algorithms such as MD5, or SHA are considered to be examples of “good” functions An explanation of MD5, SHA, and other hash functions may be found in “Applied Cryptography” by Bruce Schneier.
As an example, in an electronic mail scenario, a sender would compute the hash value of the document he or she wishes to send, and send that hash value along with the document. The recipient could determine that the document had not been altered by computing the hash value of the document with the same algorithm, and then would compare the output of this hash computation with the hash value sent with the document. If the values are the same, it is extremely unlikely that the document has been altered.
A hash algorithm may also use a token as part of its input. This token could be combined with the document data in an operation such as concatenation. The token may provide a time stamp or other unique identifier to the hash. For example, with this approach, anyone wishing to sign a document might request a unique token from a central token server. The server would return a unique token while recording the token, time, and date and perhaps other information for use when the document must be authenticated.
By combining unique tokens with identical documents, different hash values for the same document can be obtained and individual transactions involving the document can be identified. The token must be provided at the time the document is to be authenticated, since the correct hash value now depends on both the document and the token. The token may be supplied by a service similar to a certification authority.
Additional security may be implemented by including a secret key in the process, for example, by encrypting the hash algorithm output with a cryptographic key. A hash which has been encrypted with a key, is commonly known as a “digital signature”. The notable difference between a hash function and a digital signature is the inclusion of a “secret” in the latter; a hash algorithm may be well known (and even the token may be known). Therefore anyone can compute a value for a given document, but with the addition of this “secret”, only parties with knowledge of the key can perform signing and authentication. In general the encryption described can be either symmetric or asymmetric. For the context of this patent, in symmetric encryption, the same key is used for encryption of the data and for decryption of the data, while in asymmetric encryption a private key is used to encrypt the data but a public key is used for decryption. Knowledge of the public key only allows decryption; it cannot be used to encrypt and it cannot be decoded to determine the secret private key.
A digital signature may be generated by encrypting the output of a hash algorithm whose inputs are the original data, and a token, as described above. The encryption is performed with a secret key, usually called a “private key”. Therefore, the “binding” of an individual to the document is based on the assumption that the “private key” is secret, and known only to the originating party and no one else. Verification of the binding can be accomplished by the recipient using the originator's public key to decrypt the hash value sent with the document in order to compare it to the hash value computed by the recipient. A match proves that the document was not altered and that the sender was the holder of the private key. The public key is distributed as necessary by the originator as it can only be used to authenticate, but not to sign. Therefore, any recipient may safely have possession of the public key. However, as noted previously, if the private key is compromised, any person with knowledge of the private key can “sign” documents as if they were the same person as the true owner of the private key.
Up to this point, no biometrics have been included and the secu
Darrow Justin
Sensar, Inc.
Woodcock & Washburn LLP
LandOfFree
Method and apparatus for applying and verifying a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for applying and verifying a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for applying and verifying a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3097271