Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-09-08
2001-07-17
Peeso, Thomas R. (Department: 2767)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S182000, C713S194000, C713S152000, C713S152000, C380S243000, C380S255000
Reexamination Certificate
active
06263438
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to methods and apparatuses for document timestamping. More particularly, the invention relates to secure and authenticable timestamping of documents in such a way that the timestamp can be verified by a party who was not necessarily present during the timestamping.
2. Background
In many instances where timestamped documents are to be communicated to a temporally or spatially distant recipient, one would like to be able to verify the authenticity and integrity of the timestamp. For example, consider the problem of proving document creation in the course of business transactions. Both the author and the recipient would like to be able to timestamp the document in a manner that demonstrates to others that it was stamped: 1) by the timestamping device (i.e., knowing which device generated the timestamp), and 2) at the indicated time (i.e., that the timestamp has not been modified during or subsequent to timestamping). The first requirement relates to timestamping device authenticability, while the second requirement relates to time integrity. Either or both of these requirements may exist anytime documents are created by one party (or at one location) not under the direct control of the recipient. Common examples include timestamps at the top of fax pages, timestamps at the bottoms of printouts, and postage marks as evidence of mailing. Besides documents, other examples include timeclocks for hourly employees, or for parking garage patrons, for recording the date/time of entry onto the premises.
As indicated by the above examples, many timestamping applications are associated primarily with physical (e.g., paper-based) applications rather than electronic (e.g., digital) applications. This is especially true for document generation where, despite the almost universal use of computer word processing, the majority of documents are still used and stored on paper because of its advantages over electronic media. Such advantages include: 1) ease of document creation (e.g., taking handwritten notes), 2) ease of document retrieval (e.g., without computers or other specialized document readers and no worries about evolving diskette or word processing file formats), 3) long-term stability of paper (e.g., degradation of magnetic media), 4) low cost, and 5) portability. Therefore, a timestamping device for everyday usage should be particularly suitable for use with paper-based documents.
Traditionally, timestamping devices have relied on mechanical inaccessibility, fixed location, and public display to suggest the accuracy of timestamps produced thereby. Many contemporary electronic timestamping devices provide even less assurance than mechanical devices because their timestamping mechanisms are user-accessible, user-resettable, and hidden from public view. Examples include camera date recorders to timestamp pictures, answering machine/voicemail date/time recorders, and computer clocks to timestamp file creation and output such: timestamps on document trailers.
Whether mechanical or electronic, each of the above-mentioned examples is prone to resetting of the clock prior to timestamping, or modification of the timestamp after timestamping. For example, the ability to reset the internal date/time is built into almost all personal computer operating systems. Furthermore, the purely electronic devices are especially prone to tampering because of the ease with which a purely electronic document to be timestamped can be accessed and manipulated. Such ease of manipulation has led to the creation of devices which cryptographically certify the authenticity and integrity of electronic documents. Examples of such devices may be seen in several US patents (U.S. Pat. Nos. 5,189,700; 5,157,726; 5,136,647; 5,136,646; 5,022,080; 5,001,752; and 4,786,940) disclosing devices that input digital data, crytographically certify the digital data, and output a digital message. In addition, certain of these devices optionally add time from a secure internal clock to the digital message.
The aforementioned devices are directed at applications whose primary goal is digital data certification, and any associated timestamping is an adjunct to that goal. In contrast, in many document timestamping applications, the primary goal is time certification rather than data certification. Although the data certification devices can be used for timestamping, such usage would be relatively complicated, expensive, and ill-suited for paper-based timestamping applications because the document data must be digitized. For example, the use of data certification devices with paper documents would require the addition of a document scanner to generate a digital representation of the document for input to the device, leading to increased device cost and complexity.
Furthermore, because data representing the document would be included in the cryptographic message, one wishing to verify the message (e.g., by recomputing the timestamp) would also have to create a digital representation of the message—a costly and possibly infeasible operation for those with limited capabilities. It is often inefficient to timestamp a paper document such that verification of the timestamp requires the timestamp recipient to re-digitize the paper document.
Therefore, there exists a need for a simple, inexpensive, easy-to-use device that generates an accurate and unalterable timestamp, for application to physical media such as paper documents, that can be easily verified by the document recipient.
SUMMARY OF THE INVENTION
An object of the present invention is to provide methods and devices for generating a timestamp whose authenticity and integrity can be verified by a recipient of the timestamp. As used herein, the term “timestamp” shall refer to the output generated by a “timestamping device” and could include clear text and/or ciphertext portions.
In connection with the foregoing, in one embodiment of the invention, a timestamping device encloses a battery-powered clock, a cryptographic processor, and a memory within a tamper-resistant environment. The cryptographic processor performs a cryptographic operation on a representation of time to produce a cryptographically assured timestamp. As used throughout this document, the term “timestamp” shall be understood to include date, time, day-of-week and any other measurement produced by a chronographic device. In many cases, such measures are effectively synonymous; for example, many computer clocks record time as the number of seconds elapsed since Jan. 1, 1900, which is easily converted to date and day-of-week formats.
The degree of cryptographic processing depends on the degree of security that is desired. For example, where the primary concern is time integrity, a simple one-way algorithm, e.g. a hash, message authenticity code (MAC), or cyclic redundancy check (CRC), applied to the time, might be adequate. Where the timestamping device is used to timestamp a sequence of messages, a chain of hashes—where each timestamp also includes representations of one or more previous messages—provides an additional degree of message authenticity. In other cases, the timestamping device might sign the time with a device-specific private key, to provide authenticity in addition to integrity. Even greater assurance can be provided by adding unique device IDs, witness IDs, challenge-response protocols, digital certificates, combinations of symmetric and asymmetric (public key) encryption, and many other cryptographic techniques, in patterns appropriate to the particular application at hand.
In another embodiment of the invention, the timestamping device need not generate its own time internally. Rather, the timestamping device may include a receiver to obtain time from a Global Positioning Satellite (GPS), radio signals from the US Naval Observatory atomic clock, or any other reliable external source. External time signals are especially advantageous for deterring hacking of an internal clock. The receiver could either replace or supp
Jorasch James A.
Schneier Bruce
Walker Jay S.
Alderucci Dean
Peeso Thomas R.
Talwalkar Nandu A.
Walker Digital, LLC
LandOfFree
Method and apparatus for secure document timestamping does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for secure document timestamping, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for secure document timestamping will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2435263