The present invention relates to the long term archival of electronic documents, and more particular, to secure archival of electronic documents.
The use of electronic documents is more and more common nowadays. As a result, the ways of storing electronic documents have been changed. In the past, people usually created documents in handwritten form, typed the content into a computer, and printed the document into physical format again. The electronic copies of the documents are kept for reference purpose only. Nowadays, as more digital resources are available, storing documents in electronic format provides much more benefit then traditional format. Physical resources can be saved. One piece of paper can store several thousand words, while one floppy disk can store several million words. Moreover, with the advance of communication technology, documents in electronic format can be transmitted to another part of the world in only a few seconds, without any cost at all. To reduce the use of physical resources, some electronic documents only exist in the digital world and will never be transformed into physical format.
A digital signature scheme was suggested to authenticate electronic documents. Although the nature of digital signatures is similar to handwritten signatures, digital signatures have different properties from handwritten signatures. A digital signature require no physical medium, is harder to date and is more susceptible to tampering. One digital signature scheme is based on public key cryptography. To prevent signing keys being lost or compromised, fixed lifespans for digital signatures have to be set according to the strength for the public key cryptographic algorithm employed. Moreover, the public key infrastructure (PKI) is developed to support signer identification, certificate issuance and revocation mechanism. Some types of electronic documents, such as contracts and court statements, have very long life spans. This raises the need for digital signatures with long lifespans. However, digital signatures must have short lifespans to reduce the possible effect of a particular signing key being stolen or being compromised by attackers. A digital time-stamping scheme attempts to protect digital signatures, but it overlooks the fact that digital time-stamps also have to be protected. Thus, digital timestamps will be rendered invalid once the underlying signing algorithm expires. This invention proposes a digital aging scheme, a scheme which enables long term preservation of an electronic document and its authentication.
In accordance with the present invention, it is an object of the present invention to provide a long term archival method for the preservation of an electronic document.
Another object of the invention is to use two digital signatures together with digital time-stamping, where the signing keys of different strength are used to sign the document and the weakest key should have the strength of current grade of cryptographic standard.
Yet another object of the present invention is to provide an effective way to renew the digital signatures and time-stamps before the signing keys or the underlying cryptographic-algorithms expire.
Still another object of the invention is to provide a means to protect an electronic document with only one digital signature for a long term, wherein the protection would be broken the digital signature or the signing key is compromised if the present invention is not applied.
A still further object of the invention is to provide a means to protect an electronic document with one digital signature which uses a signing key of higher strength than current grade of cryptographic standard, wherein the protection would be broken if the digital signature or the signing key is compromised.
Still another object of the invention is to provide a means to verify the correctness of digital signature even after the digital signature or the signing key is compromised at that point of time.
These and other objects of the invention are achieved by the designed scheme, systems, methods and a special data structure. The designed scheme uses repeated affiliation of a special “aging” process. During this process, digital signature and related authentication information, called an aging token, will be created. In this process, the processing time and storage requirement is same as creating one digital signature scheme.
A special data structure, which links the document, digital signature and digital timestamp, is employed. An XML layout and definition is used to represent the data structure. A graphical layout is used to reflect the structure of the token created by the scheme. A software architecture is used to carry out the scheme. A software program is used to achieve the scheme.
An advantageous implementation of the present invention is for providing a simple and effective scheme to support long term preservation of electronic documents so that electronic documents are protected from unexpected expiry of cryptographic keys and cryptographic algorithms, wherein traditional digital signature scheme cannot provide such kind of protection.
Other features and advantages of the present invention will become apparent to one with skill in the art upon examination of the following drawings and detailed description. It is intended that all such additional features and advantages be included herein within the scope of the present invention, as defined in the appended claims. Furthermore, as will be appreciated by those of skill in the art, the described methods of the invention may be provided as apparatus or computer readable program means.
The following are the definitions in the art and their corresponding notation to aid in the understanding of the description.
Public key cryptographic primitive: With a key pair <K, K−1>, where K is the public key and K−1 is the private key, and a message m, encryption of message by a public key cryptographic primitive is denoted by {m}K, and it can only be decrypted by K−1.
One way hash function: a hash function is a computationally efficient function mapping binary strings of arbitrary length to a binary string of fixed length. A collision resistant hash function is a hash function h that for a given message m, is computational infeasible with the current technology to find another message m′ such that h(m)=h(m′).
Signing function: With public key cryptography, signing with a particular signing key is similar to encrypt a message with the signing key as the private encryption key. For a signing key=K, signature=σ (m, K). Relevant information such as the original message, algorithm identifier, and the signer certificates should also be stored along with the signature.
Timestamping function: In this invention, we do not assume any underlying structure used by a particular timestamping authority (TSA). Therefore, a time-stamp is denoted with a similar notation as a signed object in our scheme. For a signature key=KTSA, timestamp T (m, KTSA). As mentioned, timestamp is a signed object. Apart from the digest of the original message, the timestamp contains the TSA generated nonce, TSA certified time and date, TSA generated serial number and TSA provided data.
The present invention now will be described in more detail with reference to the accompanying drawings, in which preferred embodiments of the invention are shown. The present invention may be embodied in many different forms and should not be constructed as limited to the embodiment set forth herein. These embodiments are provided so that this document will be thorough and complete, to those skilled in the art. In the drawings, like numerals designate corresponding parts throughout the several views.
The present invention proposed a new scheme, called “digital aging” scheme. The scheme guarantees that valid evidence for integrity and authentication of a particular electronic document is always presented.
The input for the signature function 2 σi is the message I and the signing key 4 of the digital archive system (DAR). The output of the function 2 is the signature 6 of the message 1 signed with the key 4. The message 1 and the signature 4 become the input 8 of the function 3, together with the signing key 5 of the timestamping authority (TSA). Timestamp 7 of the input is the output of the function 3. Together with the message, signature, the integrity protection function is defined as
νi(m)={m, signature timestamp}
Again, the subscript i is the time period identifier, where the system believes that the function is secure and will not be compromised before the time moment ti+1.
Although signing keys should be input to the signing function and time-stamping function, this is assumed to be done by the digital archive system (DAR) and the timestamping authority (TSA). User clients should not have any access to the keys.
νi 17 is the integrity protection function 10 described in
xi will be retrieved from the archive at time moment ti. Message, certificates, signatures and timestamps in xi will be verified. If the digital aging token is valid, then the new document token xi+1 will be created by αi with the aging token xi. Since xi consist of two layer of signature and timestamp, and in which at least one layer is verified as valid in the current time, we can discard the outer layer or the invalid layer of the aging token xi and form the modified layer x′i. Then,
xi+1=α(x′i)
The algorithm listing of the digital aging layering algorithm is illustrated in
After normal digital aging 28 is carried out, the next time for the next normal digital aging process has to be scheduled for the token xi+1. The time scheduled for next digital aging is set to the time moment before the most recent expiry date among the certificates stored in that document token xi+1. This is done by the schedule update process 32.
Before reaching the schedule time, DAR and TSA may constantly update their signing keys. As times goes by, an algorithm which was secure in the past may not be secure anymore. One example is that longer modulus of RSA public key encryption system would bring to the system a more secure signing function. Therefore, DAR and TSA may also periodically update their cryptographic algorithms such as the signing function and the timestamping function. These events are detected by the normal key update process 31. When normal key update process detects these events, the process will request the system to set a closer schedule for updating the document token with the new cryptographic algorithms or cryptographic keys.
In normal digital aging process 28, the system has assumed νi 17 is secure before ti+1 However, if the underlying cryptographic primitive or cryptographic keys used by νi is broken at some time moment t where t lies in the time interval (t; ti+1), then the system will be aware of it. This is done by the exceptional key update process 27. The system will perform the exceptional digital aging process 29. ti+1 will then be set to t. Although signature and time-stamp produced by νi at ti can not be verified, the signature and time-stamp produced by νi+1 is still secure and can be verified. Still, we use the digital aging function to perform digital aging, where xi+1=αi (x′i), and x′i contains only the valid layer of xi.
Whenever a digital aging token xi is updated, the token is first verified. This is denoted by the verification process 26. To verify a token, the signature and timestamp inside the token are verified first. If they are valid at the current time moment, we can assume the content related to the signature and time stamp are valid from time period ti to ti+1. Therefore we can further verify the token xi+1 inside the token xi recursively. The process does not stop until one of the tokens cannot be verified or the token is proved to be valid from to to ti+1. The verification algorithm is listed in
Whenever a client requests retrieving the document from the system, the whole document token xi will be retrieved to the client by the retrieval process. The client may then employ the verification algorithm listed in
The verification algorithm in
First, the present invention protects the document from failure of a system using one layer of signature and timestamp. A system with only one layer of signature and timestamp relies heavily on the assumption that an attack on the cryptographic primitive used is not feasible. This assumption may be valid for short term archival, but may not be valid in long term archival as the technology advances. In the present invention, when such assumption is no longer valid, the other layer of signature and timestamp could provide additional protection when one layer of the signature and timestamp is compromised.
Second, the system with only one layer of signature and timestamp will suffer from a single point of failure as the security relies on the fact that the signing key is not compromised and not expired. In the present invention, such failure is eliminated as the security relies on two layers of signature and timestamp, and a renewal of digital aging token can be carried out to produce additional layers when the signing key of one layer is compromised.
Thirdly, the present invention supports the updating of cryptographic primitives while the integrity of the protected document can still be proved by the renewal technique of digital aging. This is essential for long term archival as technology updates should be required for long term protection.
It will be apparent to a person skilled in the art that the digital aging module of the present invention may be embodied as a method, apparatus, or computer program. The digital aging module 98 may be embodied in the form of hardware, or software, or a combination of software and hardware. Moreover, the digital aging module 98 may take the form of computer program on a computer system storage device or medium having the computer program embodied thereof. The computer system storage device or medium, for use or in connection to the computer system, may include an electronic, magnetic, optical, or other means that can store or contain a computer program for use by the computer system or method.
The processor 91 may contain one or more computational processing units or computational devices. The memory 92 may be volatile, non-volatile, or a combination of both. The memory 92 and the storage device 93 are both computer readable medium, which includes, but is not limited to, RAM, ROM, EBPROM, flash memory, or other memory technology, CDROMs, DVDs, or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage, or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the processor 91. The memory or the storage device may store the application programs 97 or its portion for the execution of the application program. A portion of the memory 92 or the storage device 93 may be utilized by the processor 91, the operating system 96, the application programs 97 for executing the digital aging module 98. When the application programs 97 or the digital aging module 98 is in a stage other than the execution stage, the program or the module may reside in the memory or the storage device.
The application programs 97 may be any suitable computer programs, which can be executed by the processor 91 through the operating system 96, to carry out the digital aging process including normal aging 28 and exceptional aging 29. The application programs 91 may includes, for example, the digital aging program, the document archival program, and document retrieval program, in order to carry out the digital aging process.
The digital aging module 98 is a component of the application programs 97 or may be one of the application programs 97 itself. The digital aging module 98 may be invoked automatically when the application is invoked or can be invoked by a user. The user may invoke the program via the communication link 94, or via an input device such as keyboard connected to the system.
According to the present invention, the digital aging module 98 carries out the digital aging process as described in
In one embodiment, the system consists of four modules and a data warehouse 35. The registration module 38 is responsible for the registration process mentioned in
The token generation module 42 performs the logic in the normal aging module 28 and exceptional aging process 29 in
While the invention has been described with reference to a preferred embodiment, it is to be understood that various different modifications are possible and are contemplated as being within the spirit and scope of the invention, as set forth in the appended claims.
Number | Date | Country | Kind |
---|---|---|---|
1062121 | Mar 2004 | HK | national |