Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1999-07-30
2002-06-18
Swann, Tod (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S159000, C713S172000, C713S178000, C713S152000, C713S152000, C380S259000, C705S065000, C705S073000, C705S075000, C705S076000
Reexamination Certificate
active
06408388
ABSTRACT:
BACKGROUND AND SUMMARY OF THE INVENTION
Since the advent of digital signatures, the potential exists for more transactions to be accomplished electronically. Using digital signatures, it is possible to undeniably determine that the party performing the signature operation is properly authorized to do so.
Digital signatures having a “historic” value, such as those associated with an electronic contract are becoming increasingly common. In such an electronic contract, it may be important to be able to prove when a particular digital signature was performed (e.g., before or after the time of a possible public key revocation). With many electronic documents, such as contracts, journals, etc., signatures of historical significance become part of archived records. Without being able to confirm exactly when such signature was performed, revocation of a public key as of a particular point in time may cast doubt on any future verification of signatures which may have been performed months or years ago.
Accordingly, it is useful to know with certainty the date and time of a digital signature, particularly in the context of electronically maintained diaries, inventor's scientific logs, journals, electronic bids, contracts or the like. It is also useful to convincingly demonstrate to a third party the signature time and signature ownership.
One way to solve this problem is to “notarize” all signatures having possible historic importance such as, for example, by using the applicant's time/date notary facility such as is described in U.S. Pat. Nos. 5,001,752 and 5,163,643, which patents are incorporated herein by reference. These patents describe an effective manner for performing such notarization using a secure device embodying a trusted clock to countersign important digital signatures by signing them in conjunction with the notarization time taken from the device's trusted time source.
To effectively use known digital notaries requires that someone recognize in advance that the signature will have historic importance and remember to apply a time notarization to the digital signature. The user also must route the signed material (or some hash thereof) through the time notary device. Thus, the user must have access to the trusted time notary facility some time soon after the creation of the digital signature.
Practically speaking the digital notary device may not be available at the time the digital signature is constructed. The signer may fail to remember to have his or her signature notarized in a timely fashion. This is particularly likely to occur when digital signatures are made with portable devices such as a lap-top computer, where the user is often away from his or her normal place of business. With some material, it may not be clear at the time of signing, that a notarized time stamp is important.
The present invention advantageously combines digital time notarization into a digital signature operation to ensure that a time stamp is always automatically present. The user does not need to be involved in any additional decision making as to whether time stamping is necessary. By eliminating the need for a separate time stamp notarization device, the user saves time, money and effort.
The present invention is embodied in a token device, e.g., such as a Smart Card, Smart Disk, or a MCIA device so that it is more readily available than a separate time stamp notarization device and easier to use with portable devices such as laptop computers. The method and apparatus described herein advantageously allow an automatic trusted time stamp to be incorporated into user's digital signature operation so that no additional user steps are necessary. The applicant's smart card/token type media can be used to simultaneously perform a time stamp notarization as part of a digital signature at a user's home in association with the user's personal computer (PC) or away from home in conjunction with a portable device such as a lap-top computer. By simultaneously obtaining a time stamp notarization as part of the digital signature, any verifier not only may prove that the signature was performed by the user, but also may prove when the signature took place.
The present invention contemplates various alternative embodiments or modes of implementation via which the trusted time stamp is incorporated into, or associated with, the user's signature. Digital certificates usually accompany digital signatures to attest to the identity and the attributes of the entity associated with a private/public key. In accordance with an embodiment of the present invention, the factory certifies the public key associated with the personal date
otary device of the present invention. The same key may also be certified as belonging to the owner/operator of the token device. Alternatively, the device may contain a second key for the user which is separately certified with the user's identity. Implementations are also contemplated where the certificates are maintained externally to the device (e.g., in storage associated with a computer driving the notary device) or internally so that they can be emitted, if desired, as part of the signing operation.
The present invention advantageously permits every digital signature to be time stamped in a trusted way so the user no longer must decide whether the material is important enough to time stamp. Since every signature generated by a notary device in accordance with the present invention can be accurately placed in time, it become relatively simple to automatically determine the validity of a user, even if the user's smart card is lost or stolen or even if the authority of the user is eventually revoked. At any future time, it can readily be determined when a digital signature with a trusted time stamp was performed.
REFERENCES:
patent: 4290130 (1981-09-01), Lowdenslager et al.
patent: 4456386 (1984-06-01), Dellea
patent: 4799258 (1989-01-01), Davies
patent: 4837822 (1989-06-01), Crosley et al.
patent: 4974193 (1990-11-01), Beutelspacher et al.
patent: 5001752 (1991-03-01), Fischer
patent: 5022080 (1991-06-01), Durst et al.
patent: 5136643 (1992-08-01), Fischer
patent: 5136646 (1992-08-01), Haber et al.
patent: 5136647 (1992-08-01), Haber et al.
patent: 5189700 (1993-02-01), Blandford
patent: 5887065 (1999-03-01), Audebert
Akl, “Digital Signatures: A Tutorial Survey”,Computer, vol. 16, No. 2, pp. 15-24, Feb. 1983.
Davies et al.,Security for Computer Networks, pp. 275-277 and 287, 1984.
Denning,Cryptography and Data Security, p. 165, 1982.
Simmons, “Introduction”,Secure Communications and Asymmetric Cryptosystems, pp. 1-8, (Gustavus J. Simmons, ed., 1982).
Williams, “Computationally “Hard” Problems as a Source for Cryptosystems”,Secure Communications and Asymmetric Cryptosystems, pp. 11-39, (Gustavus J. Simmons, ed., 1982).
Diffie, “Conventional Versus Public Key Cryptosystems”,Secure Communications and Asymmetric Cryptosystems, pp. 41-72, (Gustavus J. Simmons, ed., 1982).
Merkle, “Protocols for Public Key Cryptosystems”,Secure Communications and Asymmetric Cryptosystems, pp. 73-104, (Gustavus J. Simmons, ed., 1982).
Popek et al., “Encryption and Secure Computer Networks”,Computing Serveys, vol. 11, No. 4, Dec. 1979, pp. 331-356.
Denning et al., “Timestamps in Key Distribution Protocols”,Communications of the ACM, Aug., vol. 24, No. 8, 1981, pp. 533-536.
Merkle, “Protocols for Public Key Cryptosystems”,IEEE Computer Society, Proceedings of the 1980 Symposium on Security and Privacy, Apr. 14-16, 1980, Oakland, CA., pp. 122-134.
Denning, “Protecting Public Keys and Signature Keys”,Computer, vol. 16, No. 2, Feb. 1983, pp. 27-35.
Rihaczek et al., “TeleTrust: Smart Card Access to Servers”,Smart Card 2000: The Future of IC Cards, pp. 139-146, (David Chaum and Ingrid Schaumüller-Bichl, eds.) (1987).
Caelli, “Privacy and Security in Office Automation Systems”,The Australian Computer Journal, vol. 17, No. 3, Aug. 1985, pp. 126-130.
Diffie et al., New Directions in Cryptography,IEEE Transactions on Information Theory, vol. IT22, No. 6, pp.
Callahan Paul E.
Nixon & Vanderhye P.C.
Swann Tod
LandOfFree
Personal date/time notary device does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Personal date/time notary device, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Personal date/time notary device will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2919028