WO1998020644A1 - Object-based digital signatures - Google Patents

Object-based digital signatures Download PDF

Info

Publication number
WO1998020644A1
WO1998020644A1 PCT/US1997/017566 US9717566W WO9820644A1 WO 1998020644 A1 WO1998020644 A1 WO 1998020644A1 US 9717566 W US9717566 W US 9717566W WO 9820644 A1 WO9820644 A1 WO 9820644A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic signals
digital signature
electronically
stored
pluralities
Prior art date
Application number
PCT/US1997/017566
Other languages
French (fr)
Inventor
George W. Cox
David W. Aucsmith
Paul E. Onnen
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to EP97945363A priority Critical patent/EP0938792B1/en
Priority to AU46585/97A priority patent/AU4658597A/en
Priority to DE69728991T priority patent/DE69728991T2/en
Publication of WO1998020644A1 publication Critical patent/WO1998020644A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present invention relates to encryption and, more particularly, to digital signatures.
  • Encryption, digital signatures, and digital certificates are well-known. See, for example, APPLIED CRYPTOGRAPHY, written by Bruce Schneier, available from John Wiley and Sons, Inc. (1994), herein incorporated by reference.
  • the state of the art notion of a digital signature is as encrypted, electronic signals, physically stored with a collection of electronic signals in an electronic file.
  • the digital signature provides verification or validation with respect to the collection.
  • a method of using a digital signature comprises a step of: electronically referencing at least one plurality of electronic signals with a digital signature remotely stored from the plurality.
  • FIG. 1 is a schematic diagram illustrating an embodiment of an object-based digital signature in accordance with the present invention
  • FIG. 2 is a schematic diagram illustrating another embodiment of an object- based digital signature in accordance with the present invention.
  • FIG. 3 is a schematic diagram illustrating an embodiment of a computer network which employs an e ⁇ nbodimcnt(s) of an object-based digital signature(s) in accordance with the present invention
  • FIG. 4 is a schematic diagram illustrating the application of a digital signature to verify a transmitted message
  • FIG. 5 is a schematic diagram illustrating yet another embodiment(s) of an object-based digital signature(s) in accordance with the present invention.
  • FIG. 6 is a schematic diagram illustrating yet one more embodiment of an object-based digital signature in accordance with the present invention.
  • FIG. 7 is a schematic diagram illustrating still another embodiment(s) of an object-based digital signature(s) in accordance with the present invention. DETAILED DESCRIPTION OF THE INVENTION
  • a digital signature is as encrypted, electronic signals physically appended to or stored with a collection of electronic signals, such as in an electronic file resident on a particular platform.
  • a "document” refers to an electronic document in the form of a plurality of electronic signals that are stored or physically reside in substantially the same location, uch as in a file on a particular platform or computer system, for example.
  • Such a platform may include, for example, an execution unit, such as a microprocessor, coupled to one or more storage media, such as via a system bus.
  • signaling a "document” in this context refers to appending or associating a digital signature with the plurality of stored electronic signals so that the digital signature resides in substantially the same location as the "document", such as stored in the same file on the platform.
  • an electronic file comprises a related set of electronic signals stored together and electronically referenced by a name or identifier. Therefore, the digital signature is physically stored with the electronic signals to which it is associated, e.g., with the document that was signed.
  • the digital signature value is the result of encrypting the cryptographic hash value of the document being signed. See, for example, Schneier, Chapter 13, "More Public-Key Algorithms".
  • the digital signature value is encrypted using a private key having a corresponding public key that may be employed to reverse or undo the encryption. This approach has several disadvantages or drawbacks.
  • the World-Wide Web comprises a multimedia-enabled hypertext system used for navigating the Internet.
  • the WWW handles data which may be stored on a computing platform, and may be used with an Internet connection and a WWW browser.
  • the WWW is made up of hundreds of thousands of interconnected pages or documents which may be displayed on a monitor coupled to the computing platform, such as via a system bus. Each page may be coupled to other pages which may be held on any computing platform coupled to the Internet. Therefore, validating or verifying documents, such as the source of a document, in this environment may prove useful.
  • the WWW is based on the concept of hypertext which is very similar to ordinary text, except that for hypertext, coupling to other parts of the text or to other documents may be hidden behind words and phrases. Coupling to these hypertext are referred to as hypertext links and they allow the user to read the document in any order desired.
  • the WWW also utilizes hypermedia which allows links to couple to not only words but also with pictures, sounds and any other data files which may be stored on a computing platform.
  • hypermedia is a method for coupling data files together regardless of their format.
  • the hypermedia links held on a given WWW page describe the location of the document which a WWW browser should display by using a Uniform Resource Locator (URL).
  • URLs enable WWW browsers to go to any file held on any WWW server.
  • URL is a naming system, typically consisting of three parts, the transfer format (also known as the protocol type), the host name of the machine or platform which holds the file (may also be referred to as the WWW server name) and the path name to the file.
  • the transfer format for standard WWW pages is referred to as Hypertext Transfer Protocol (HTTP). Standard Internet naming conventions are utilized for the host name portion of the URL.
  • HTTP Hypertext Transfer Protocol
  • naming conventions are utilized to indicate the path name of the file.
  • a WWW browser may be used to send and receive data using HTTP as well as to access all of the popular Internet resources in a manner which may be reached through the WWW. More specifically, a WWW browser exists in the form of client software which may be run on a computer able to access different resources including USENET, FTP, Archie, etc. from one common user interface. Currently there are many different WWW browsers available. The most well known WWW browsers are Mosaic ® and its progeny, such as NETSCAPE NAVIGATOR ® .
  • the digital signature is the result of the signer's private key having encrypted the resultant value of a cryptographic hash being applied to the stored electronic signals or message, as illustrated in FIG. 4, for example.
  • Cryptographic hash's are well-known and described, for example, in the aforementioned Schneier text.
  • One example of a cryptographic hash is "Proposed Federal Information Processing Standard for Secure Hash Standard," published in the Federal Register, vol. 57, no. 21 , Jan. 3 1 , 1992, pp 3747-3749, herein incorporated by reference.
  • a cryptographic hash is applied to the message to be communicated. The result is 11'.
  • a private key is applied to the H' so that it is encrypted, producing H".
  • B receives the message M with the digital signature H" attached, B can apply the cryptographic hash to the message M to produce H' and apply the public key corresponding with A's private key to H". If these two resulting values match, this confirms that B has received a valid message from A.
  • the public key technique and the cryptographic hash technique used are specified in the digital signature string. However, the identification of the signer and the signer's public key may not be included in the signature string. Furthermore, there is no explicit reference to any additional information about the signer, such as authorization or the signer's digital certificate, included in either the digital signature string or the electronic document being signed. See, for example, Public-key Cryptography Standards
  • FIG. 1 is a schematic diagram illustrating one embodiment 100 of an object-based digital signature in accordance with the present invention. It will, of course, be appreciated that the invention is not limited in scope to the particular embodiment illustrated.
  • Embodiment 100 illustrated in FIG. 1 demonstrates a technique of using a digital signature, referred to in this context as an embodiment of an object-based digital signature, in which a set of associated stored electronic signals
  • the digital signature value is obtained by encrypting the cryptographic hash of signals 130.
  • electronic signals In this particular embodiment, electronic signals
  • an "object” refers to an associated collection of stored electronic signals, in which the collection physically resides in substantially the same location, such as in a file on a particular platform, for example, that may be referenced electronically and substantially unambiguously, such as, for example, stored signals 130.
  • referenced electronically refers to the ability to access the object over a network electronically.
  • more than one object to be verified may be electronically referenced in an embodiment in accordance with the present invention, as illustrated in FIG. 5, for example.
  • the object to be verified may comprise a stored electronic file referred to by a hypertext link, such as is typically used over the Internet, for example, although the invention is not limited in scope in this respect.
  • a hypertext link such as is typically used over the Internet, for example, although the invention is not limited in scope in this respect.
  • This type of linking is illustrated in FIG. 1 by arrows 125.
  • the reference to an object being verified or validated may comprise an electronic pointer to the object being verified.
  • Such a pointer for example, may comprise a URL or other naming convention employed to identify an electronic file across a network.
  • the reference to object may electronically point to a set of electronic signals comprising yet another electronic pointer, as illustrated in FIG. 2 and described in more detail below.
  • the use of more than one electronic pointer is referred to as "indirect electronic referencing".
  • a reference to the party validating the document may comprise a stored set of electronic signals that may be used to validate or verify the party, such as a digital certificate that may be incorporated into stored signals 110.
  • the reference to the party validating the document may electronically reference stored electronic signals, such as digital certificate 120.
  • these stored electronic digital signals may include identifying information regarding the party and the party's public key.
  • public key 122 corresponds to the private key employed to produce the digital signature value by encrypting the cryptographic hash of signals 130.
  • the referenced electronic digital signals may also electronically reference, such as via a hypertext link, for example, a digital certificate of the party that includes such information.
  • additional information may be included in the digital certificate, such as signature authorization in accordance with
  • the digital signature value comprises a string of electronic signals that identifies the signature method and the cryptographic-method used and the value created as a result of encrypting the cryptographic hash value of the object electronically referenced to be validated or verified with the party's private key.
  • the invention is, of course, not limited in scope in this respect.
  • FIG. 2 is a schematic diagram illustrating another embodiment 200 of an object-based digital signature in accordance with the present invention. This embodiment is similar to the embodiment illustrated in FIG. 1 with some additional features.
  • a reference flag for the party validating the document and an object reference flag is included.
  • the reference flag for the party providing validation indicates whether the reference to the party is "by value" or "by reference”.
  • the flag may take any form, such as a binary signal, although the invention is not limited in scope in this respect.
  • additional levels of indirect referencing may be employed. Therefore, this flag indicates whether the reference to the party is a pointer to the party's digital certificate or whether the digital certificate is incorporated in stored electronic signals
  • the object reference flag indicates whether the reference to an object to be validated is signed "by value” or "by reference”. Therefore, in this particular embodiment, this flag indicates whether the digital signature value corresponds to the digital signature value obtained from encrypting the cryptographic hash of reference to object 230 in FIG. 2 or encrypting the cryptographic hash of stored signals 240 in FIG. 2. In this particular example, both 230 and 240 are encrypted to produce the digital signature value.
  • an embodiment of an object-based digital signature in accordance with the present invention provides a great deal of flexibility and a number of advantages over the current approach to employing digital signatures.
  • An embodiment of an object-based digital signature in accordance with the invention may allow digital signatures to approve or verify portions of documents, may address issues associated with the temporal ordering of digital signatures, and may allow information dispersed over a network of computing systems, such as the WWW, for example, to be verified or approved.
  • FIG. 5 illustrates yet another embodiment 500 of an object-based digital signature in accordance with the present invention.
  • This particular embodiment illustrates an object-based digital signature in accordance with the present invention used to validate a typical transaction.
  • document 520 comprises electronic signals that may represent a contract, for example, or some other type of legal document.
  • a and B shall approve or validate the document and then N shall approve or validate the document and A's and
  • electronic signals 510 are stored as a file.
  • A approves document 520 by employing a pointer to document 520 and a pointer to a digital certificate, illustrated as electronic signals 531, and providing digital signature value A, which comprises electronic signals representing the encryption of the cryptographic hash of document 520 using A's private key.
  • B approves document 520 in a similar manner by pointing to document 520, pointing to a digital certificate, and providing digital signature value B in the form of electronic signals.
  • N approves the document including A's approval and B's approval by pointing to the document and pointing to A's signature and B's signature.
  • digital signature value N provides the encrypted value of the cryptographic hash using N's private key applied first to document 520 and then applied to A's signature and finally
  • an object-based digital signature in accordance with the invention allows digital signatures to approve or validate portions of documents, allows information dispersed over a network of computing systems to be validated or approved, and also addresses issues associated with the temporal ordering of digital signatures. For example, in this embodiment, N approved A's signature and B's signature, thereby imposing a temporal order upon the approvals.
  • FIG. 6 illustrates yet another embodiment 600 of an object-based digital signature in accordance with the invention.
  • This embodiment has additional similarities and differences with respect to the previously described embodiments.
  • the object-based digital signature is employed to approve a
  • URL rather titan an electronic document.
  • information stored electronically and provided via this URL has been approved by the party whose digital certificate is referenced, in this particular embodiment. More specifically, the information pointed to by the URL is validated.
  • Use of this embodiment in accordance with the present invention provides a number of advantages. For example, up-to-date information may be provided with the validity of the information approved by the party whose digital certificate is referenced. For example, businesses or companies may do this for their
  • a particular network path may be approved or validated.
  • a platform coupled to a network and a directory path for that platform may be validated by this technique in accordance with the present invention.
  • FIG. 7 illustrates yet another embodiment 700 of an object-based digital signature in accordance with the invention.
  • the digital certificate such as digital certificates 720 and 740, are included in stored electronic signals 710 instead of being referenced electronically.
  • FIG. 7 illustrates public key 735 corresponding to the private key employed to produce digital signature value A.
  • FIG. 7 also illustrates public key 750 corresponding to the private key employed to produce digital signature value B.
  • an object-based digital signature in accordance with the invention is not limited to this particular embodiment.
  • FIG. 3 illustrates personal computers (PCs) 320, 330 and 340 coupled to the
  • a computing platform may include an electronic storage medium including machine-readable computer code resident thereon that is adapted so that during execution of the computer code electronic signals are produced that electronically reference at least one plurality of electronic signals with a digital signature stored remotely from the plurality.
  • the digital signature may comprise electronic signals representing the encrypted cryptographic hash value of the electronically referenced at least one plurality of electronic signals.
  • the PC's illustrated in FIG. 3 comprise such a platform, although the invention is not limited in scope in this respect.
  • the electronic storage medium in this particular embodiment is coupled to an execution unit, such as a microprocessor, via a system bus.
  • the machine-readable computer code resident on the PC's in FIG. 3 may be further adapted to include additional aspects of an object-based digital signature in accordance with the present invention discussed in connection with previously described embodiments.
  • such code would include the capability to reference other pluralities of electronic signals, perform indirect referencing, reference a digital certificate, and the capability to reference electronic signals stored in physically distributed storage media coupled at least in part via the Internet or LAN
  • an embodiment in accordance with the invention may be applied to a document comprised entirely of hypertext links.
  • the digital signature value may be obtained by encrypting all the files referenced by the document comprised of hypertext links in the order in the document comprised of hypertext links.

Abstract

Briefly, in accordance with one embodiment of the invention, a method of using a digital signature (110) comprises electronically referencing at least one plurality of electronic signals (125) with a digital signature remotely stored from the plurality.

Description

OBJECT-BASED DIGITAL SIGNATURES
BACKGROUND OF THE INVENTION
1 . Field of the Invention:
The present invention relates to encryption and, more particularly, to digital signatures.
2. Background Information:
Encryption, digital signatures, and digital certificates are well-known. See, for example, APPLIED CRYPTOGRAPHY, written by Bruce Schneier, available from John Wiley and Sons, Inc. (1994), herein incorporated by reference. The state of the art notion of a digital signature is as encrypted, electronic signals, physically stored with a collection of electronic signals in an electronic file. The digital signature provides verification or validation with respect to the collection. A need, however, exists for a method of using a digital signature that provides greater flexibility than current approaches.
SUMMARY OF THE INVENTION
Briefly, in accordance with one embodiment of the invention, a method of using a digital signature comprises a step of: electronically referencing at least one plurality of electronic signals with a digital signature remotely stored from the plurality. BRIEF DESCRIPTION OF THE DRAWINGS
The subject matter regarded as the invention is particularly pointed out and distinctly claimed in the concluding portion of the specification. The invention, however, both as to organization, and method of operation, together with objects, features, and advantages thereof, may best be understood by reference to the following detailed description, when read with the accompanying drawings in which:
FIG. 1 is a schematic diagram illustrating an embodiment of an object-based digital signature in accordance with the present invention;
FIG. 2 is a schematic diagram illustrating another embodiment of an object- based digital signature in accordance with the present invention;
FIG. 3 is a schematic diagram illustrating an embodiment of a computer network which employs an eιnbodimcnt(s) of an object-based digital signature(s) in accordance with the present invention;
FIG. 4 is a schematic diagram illustrating the application of a digital signature to verify a transmitted message;
FIG. 5 is a schematic diagram illustrating yet another embodiment(s) of an object-based digital signature(s) in accordance with the present invention;
FIG. 6 is a schematic diagram illustrating yet one more embodiment of an object-based digital signature in accordance with the present invention;
FIG. 7 is a schematic diagram illustrating still another embodiment(s) of an object-based digital signature(s) in accordance with the present invention. DETAILED DESCRIPTION OF THE INVENTION
In the following detailed description numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures, components, and circuits have not been described in detail so as not to obscure the present invention.
Some portions of the detailed description which follow are presented in terms of algorithms and symbolic representations of operations on data bits or binary digital signals stored within a computing system memory, such as a computer memory. These algorithmic descriptions and representations are the means used by those skilled in the daia processing arts to convey the substance of their work to others skilled in the art. An algorithm is here, and generally, considered to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers or the like. It should be understood, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification, discussions utilizing terms such as "processing" or "computing" or "calculating" or "determining" or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulate and transform data represented as physical (electronic) quantities within the computing system's registers and/or memories into other data similarly represented as physical quantities within the computing system's memories, registers or other such information storage, transmission or display devices.
As previously indicated, encryption, digital signatures, and digital certificates are well-known. Likewise, the state of the art notion of a digital signature is as encrypted, electronic signals physically appended to or stored with a collection of electronic signals, such as in an electronic file resident on a particular platform. In this context, a "document" refers to an electronic document in the form of a plurality of electronic signals that are stored or physically reside in substantially the same location, uch as in a file on a particular platform or computer system, for example. Such a platform may include, for example, an execution unit, such as a microprocessor, coupled to one or more storage media, such as via a system bus. Likewise, "signing" a "document" in this context refers to appending or associating a digital signature with the plurality of stored electronic signals so that the digital signature resides in substantially the same location as the "document", such as stored in the same file on the platform. As is well-known, an electronic file comprises a related set of electronic signals stored together and electronically referenced by a name or identifier. Therefore, the digital signature is physically stored with the electronic signals to which it is associated, e.g., with the document that was signed. Likewise, as is well- known, the digital signature value is the result of encrypting the cryptographic hash value of the document being signed. See, for example, Schneier, Chapter 13, "More Public-Key Algorithms". Typically, the digital signature value is encrypted using a private key having a corresponding public key that may be employed to reverse or undo the encryption. This approach has several disadvantages or drawbacks.
One problem is that this approach does not provide a technique to attest to or validate only a portion of the "document" or a portion of the plurality of electronic signals. If an electronic document is to be "signed" by a digital signature, than it is done to the electronic document as a whole, including, typically, any previous digital signatures used to validate the document, for example. Thus, where two individuals successively "sign" a "document," for example, the second signer validates both the document and the first signer's signature. Likewise, known techniques for using a digital signature do not allow for a document to be electronically distributed, in hypertext fashion, as an example, so that portions of the document reside in physically distributed storage media. However, if such an approach were available, it may prove useful in networking applications, such as over a local area network (LAN) or over the Internet, such as illustrated in FIG. 3, for example. Although, of course, the invention is not limited in scope in this respect.
The ability to validate a "document" may prove especially important as use of the Internet and the World-Wide Web continues to increase. The World-Wide Web (WWW) comprises a multimedia-enabled hypertext system used for navigating the Internet. The WWW handles data which may be stored on a computing platform, and may be used with an Internet connection and a WWW browser. The WWW is made up of hundreds of thousands of interconnected pages or documents which may be displayed on a monitor coupled to the computing platform, such as via a system bus. Each page may be coupled to other pages which may be held on any computing platform coupled to the Internet. Therefore, validating or verifying documents, such as the source of a document, in this environment may prove useful.
The WWW is based on the concept of hypertext which is very similar to ordinary text, except that for hypertext, coupling to other parts of the text or to other documents may be hidden behind words and phrases. Coupling to these hypertext are referred to as hypertext links and they allow the user to read the document in any order desired. The WWW also utilizes hypermedia which allows links to couple to not only words but also with pictures, sounds and any other data files which may be stored on a computing platform.
More specifically, hypermedia is a method for coupling data files together regardless of their format. The hypermedia links held on a given WWW page describe the location of the document which a WWW browser should display by using a Uniform Resource Locator (URL). URLs enable WWW browsers to go to any file held on any WWW server. URL is a naming system, typically consisting of three parts, the transfer format (also known as the protocol type), the host name of the machine or platform which holds the file (may also be referred to as the WWW server name) and the path name to the file. The transfer format for standard WWW pages is referred to as Hypertext Transfer Protocol (HTTP). Standard Internet naming conventions are utilized for the host name portion of the URL. UNIX® directory
naming conventions are utilized to indicate the path name of the file.
A WWW browser may be used to send and receive data using HTTP as well as to access all of the popular Internet resources in a manner which may be reached through the WWW. More specifically, a WWW browser exists in the form of client software which may be run on a computer able to access different resources including USENET, FTP, Archie, etc. from one common user interface. Currently there are many different WWW browsers available. The most well known WWW browsers are Mosaic® and its progeny, such as NETSCAPE NAVIGATOR®.
Thus, coupling via the Internet, documents or portions of documents may be accessed or provided by an electronic computing device, such as a personal computer (PC). Unfortunately, current approaches to the use of digital signatures do not address validating portions of documents residing on physically distributed storage media.
Another problem associated with the current use of digital signatures is identification of the party or entity that originally signed the document. The digital signature is the result of the signer's private key having encrypted the resultant value of a cryptographic hash being applied to the stored electronic signals or message, as illustrated in FIG. 4, for example. Cryptographic hash's are well-known and described, for example, in the aforementioned Schneier text. One example of a cryptographic hash, without limitation, is "Proposed Federal Information Processing Standard for Secure Hash Standard," published in the Federal Register, vol. 57, no. 21 , Jan. 3 1 , 1992, pp 3747-3749, herein incorporated by reference. As illustrated in FIG. 4, a cryptographic hash is applied to the message to be communicated. The result is 11'. Then, a private key is applied to the H' so that it is encrypted, producing H". When B receives the message M with the digital signature H" attached, B can apply the cryptographic hash to the message M to produce H' and apply the public key corresponding with A's private key to H". If these two resulting values match, this confirms that B has received a valid message from A. Typically, the public key technique and the cryptographic hash technique used are specified in the digital signature string. However, the identification of the signer and the signer's public key may not be included in the signature string. Furthermore, there is no explicit reference to any additional information about the signer, such as authorization or the signer's digital certificate, included in either the digital signature string or the electronic document being signed. See, for example, Public-key Cryptography Standards
(PKCS) #7, Cryptographic Message Syntax Standard, Version 1.5, available from
RSA Laboratories, November, 1993, herein incorporated by reference.
An embodiment of an object-based digital signature in accordance with the present invention, such as the embodiment illustrated in FIG. 1, addresses these problems. FIG. 1 is a schematic diagram illustrating one embodiment 100 of an object-based digital signature in accordance with the present invention. It will, of course, be appreciated that the invention is not limited in scope to the particular embodiment illustrated. Embodiment 100 illustrated in FIG. 1 demonstrates a technique of using a digital signature, referred to in this context as an embodiment of an object-based digital signature, in which a set of associated stored electronic signals
1 10, ( 1 ) identify a remotely stored object being verified or validated, such as signals
130 representing a stored electronic document, (2) identify a remotely stored object that identifies the party validating the document, such as signals 120 representing a digital certificate, and (3) includes the resultant digital signature value, stored as electronic signals obtained based, at least in part, on remotely stored signals 130.
That is, in this embodiment, the digital signature value is obtained by encrypting the cryptographic hash of signals 130. In this particular embodiment, electronic signals
1 10 reside in substantially the same physical location, such as stored in an electronic file. In this context, an "object" refers to an associated collection of stored electronic signals, in which the collection physically resides in substantially the same location, such as in a file on a particular platform, for example, that may be referenced electronically and substantially unambiguously, such as, for example, stored signals 130. In this context "referenced electronically" refers to the ability to access the object over a network electronically. Likewise, in alternative embodiments, more than one object to be verified may be electronically referenced in an embodiment in accordance with the present invention, as illustrated in FIG. 5, for example. In one embodiment, the object to be verified may comprise a stored electronic file referred to by a hypertext link, such as is typically used over the Internet, for example, although the invention is not limited in scope in this respect. This type of linking is illustrated in FIG. 1 by arrows 125. Thus, in this embodiment, the reference to an object being verified or validated may comprise an electronic pointer to the object being verified. Such a pointer, for example, may comprise a URL or other naming convention employed to identify an electronic file across a network. It is, likewise, noted that, in an alternative embodiment, the reference to object may electronically point to a set of electronic signals comprising yet another electronic pointer, as illustrated in FIG. 2 and described in more detail below. In this context, the use of more than one electronic pointer is referred to as "indirect electronic referencing".
Likewise, a reference to the party validating the document may comprise a stored set of electronic signals that may be used to validate or verify the party, such as a digital certificate that may be incorporated into stored signals 110. This approach is illustrated in FIG. 7, for example. Alternatively, as illustrated in FIG. 1, the reference to the party validating the document may electronically reference stored electronic signals, such as digital certificate 120. In this particular embodiment, these stored electronic digital signals may include identifying information regarding the party and the party's public key. This, as illustrated, public key 122 corresponds to the private key employed to produce the digital signature value by encrypting the cryptographic hash of signals 130. Alternatively, the referenced electronic digital signals may also electronically reference, such as via a hypertext link, for example, a digital certificate of the party that includes such information. Likewise, additional information may be included in the digital certificate, such as signature authorization in accordance with
CCITT Recommendation X.509, "Security Architecture for Open Systems
Interconnection for CCITT Applications," International Telephone and Telegraph,
International Telecommunications Union, Geneva, 1991, herein incorporated by reference, for example.
In this particular embodiment, the digital signature value comprises a string of electronic signals that identifies the signature method and the cryptographic-method used and the value created as a result of encrypting the cryptographic hash value of the object electronically referenced to be validated or verified with the party's private key. The invention is, of course, not limited in scope in this respect.
FIG. 2 is a schematic diagram illustrating another embodiment 200 of an object-based digital signature in accordance with the present invention. This embodiment is similar to the embodiment illustrated in FIG. 1 with some additional features. As illustrated, in this particular embodiment, a reference flag for the party validating the document and an object reference flag is included. The reference flag for the party providing validation indicates whether the reference to the party is "by value" or "by reference". The flag may take any form, such as a binary signal, although the invention is not limited in scope in this respect. In alternative embodiments, additional levels of indirect referencing may be employed. Therefore, this flag indicates whether the reference to the party is a pointer to the party's digital certificate or whether the digital certificate is incorporated in stored electronic signals
210 for this embodiment of an object-based digital signature. Likewise, the object reference flag indicates whether the reference to an object to be validated is signed "by value" or "by reference". Therefore, in this particular embodiment, this flag indicates whether the digital signature value corresponds to the digital signature value obtained from encrypting the cryptographic hash of reference to object 230 in FIG. 2 or encrypting the cryptographic hash of stored signals 240 in FIG. 2. In this particular example, both 230 and 240 are encrypted to produce the digital signature value.
As the previous descriptions illustrate, an embodiment of an object-based digital signature in accordance with the present invention provides a great deal of flexibility and a number of advantages over the current approach to employing digital signatures. An embodiment of an object-based digital signature in accordance with the invention may allow digital signatures to approve or verify portions of documents, may address issues associated with the temporal ordering of digital signatures, and may allow information dispersed over a network of computing systems, such as the WWW, for example, to be verified or approved.
FIG. 5 illustrates yet another embodiment 500 of an object-based digital signature in accordance with the present invention. This particular embodiment illustrates an object-based digital signature in accordance with the present invention used to validate a typical transaction. In this particular embodiment, document 520 comprises electronic signals that may represent a contract, for example, or some other type of legal document. In this particular embodiment A and B shall approve or validate the document and then N shall approve or validate the document and A's and
B's approval. In this particular embodiment, electronic signals 510 are stored as a file. Likewise, A approves document 520 by employing a pointer to document 520 and a pointer to a digital certificate, illustrated as electronic signals 531, and providing digital signature value A, which comprises electronic signals representing the encryption of the cryptographic hash of document 520 using A's private key. B approves document 520 in a similar manner by pointing to document 520, pointing to a digital certificate, and providing digital signature value B in the form of electronic signals. Likewise, N approves the document including A's approval and B's approval by pointing to the document and pointing to A's signature and B's signature.
These stored electronic signals, such as 520, 521 , 522, 531 , 532, and 533, are stored in physically distributed media in this particular embodiment. Likewise, digital signature value N provides the encrypted value of the cryptographic hash using N's private key applied first to document 520 and then applied to A's signature and finally
B's signature in this particular example. Likewise, electronic signals 510 also point to electronic signals 533 representing N's digital certificate. Thus, in this particular embodiment, an object-based digital signature in accordance with the invention allows digital signatures to approve or validate portions of documents, allows information dispersed over a network of computing systems to be validated or approved, and also addresses issues associated with the temporal ordering of digital signatures. For example, in this embodiment, N approved A's signature and B's signature, thereby imposing a temporal order upon the approvals.
FIG. 6 illustrates yet another embodiment 600 of an object-based digital signature in accordance with the invention. This embodiment has additional similarities and differences with respect to the previously described embodiments. In this particular embodiment, the object-based digital signature is employed to approve a
URL rather titan an electronic document. Thus, information stored electronically and provided via this URL has been approved by the party whose digital certificate is referenced, in this particular embodiment. More specifically, the information pointed to by the URL is validated. Use of this embodiment in accordance with the present invention provides a number of advantages. For example, up-to-date information may be provided with the validity of the information approved by the party whose digital certificate is referenced. For example, businesses or companies may do this for their
WWW website accessible via the Internet. Likewise, software may be provided and a party may download it with knowledge that the risk of viruses is significantly reduced or removed due to the authentication provided by the party validating the URL.
Likewise, by a similar technique, a particular network path may be approved or validated. For example, a platform coupled to a network and a directory path for that platform may be validated by this technique in accordance with the present invention.
FIG. 7 illustrates yet another embodiment 700 of an object-based digital signature in accordance with the invention. As illustrated, in this particular embodiment, the digital certificate, such as digital certificates 720 and 740, are included in stored electronic signals 710 instead of being referenced electronically.
Likewise, FIG. 7 illustrates public key 735 corresponding to the private key employed to produce digital signature value A. FIG. 7 also illustrates public key 750 corresponding to the private key employed to produce digital signature value B. Of course, as previously indicated, an object-based digital signature in accordance with the invention is not limited to this particular embodiment. FIG. 3 illustrates personal computers (PCs) 320, 330 and 340 coupled to the
Internet 310. Likewise, Local Area Network (LAN) 360 and server 350 are coupled to the Internet and PCs 355 and 365 are coupled to LAN 360. It will now be appreciated that a computing platform may include an electronic storage medium including machine-readable computer code resident thereon that is adapted so that during execution of the computer code electronic signals are produced that electronically reference at least one plurality of electronic signals with a digital signature stored remotely from the plurality. In such an embodiment, the digital signature may comprise electronic signals representing the encrypted cryptographic hash value of the electronically referenced at least one plurality of electronic signals.
For example, in this particular embodiment, the PC's illustrated in FIG. 3 comprise such a platform, although the invention is not limited in scope in this respect. The electronic storage medium in this particular embodiment is coupled to an execution unit, such as a microprocessor, via a system bus. Likewise, the machine-readable computer code resident on the PC's in FIG. 3, may be further adapted to include additional aspects of an object-based digital signature in accordance with the present invention discussed in connection with previously described embodiments. For example, in this particular embodiment, such code would include the capability to reference other pluralities of electronic signals, perform indirect referencing, reference a digital certificate, and the capability to reference electronic signals stored in physically distributed storage media coupled at least in part via the Internet or LAN
360, to name a few examples.
While certain features of the invention have been illustrated as described herein, many modifications, substitutions, changes and equivalents will now occur to those skilled in the art. For example, an embodiment in accordance with the invention may be applied to a document comprised entirely of hypertext links. In such an embodiment, the digital signature value may be obtained by encrypting all the files referenced by the document comprised of hypertext links in the order in the document comprised of hypertext links. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention.

Claims

What is claimed is:
1. A method of using a digital signature comprising the step of: electronically referencing at least one plurality of electronic signals with a digital signature remotely stored from the plurality.
2. The method of claim 1, wherein the digital signature comprises electronic signals representing the encrypted cryptographic hash value of the elecu'onically referenced at least one plurality of electronic signals. . The method of claim 1 , wherein the digital signature comprises a first plurality of stored electronic signals, the first plurality being stored together with a second plurality of electronic signals; the second plurality of electronic signals comprising electronic signals representing a digital certificate.
4. The method of claim 3, wherein the digital certificate includes stored electrical signals representing at least a public key corresponding to the private key employed to produce said digital signature.
5. The method of claim 2, wherein the step of electronically referencing at least one plurality of electronic signals with a digital signature remotely stored from the plurality comprises also electronically referencing other pluralities of stored electronic signals with a digital signature remotely stored from the other pluralities.
6. The method of claim 5, wherein the pluralities are stored in physically distributed storage media.
7. The method of claim 6, wherein the physically distributed storage media are coupled at least in part via the Internet.
8. The method of claim 6, wherein the physically distributed storage media are coupled at least in part via a Local Area Network (LAN).
9. The method of claim 1 , wherein the step of electronically referencing at least one plurality of stored electronic signals comprises electronically referencing the at least one plurality by electronically pointing to an electronic pointer that points to the at least one plurality.
10. The method of claim 2, and further comprising the step of electronically relerencing a separate plurality of electronic signals, the separate plurality comprising a digital certificate.
1 1 . The method of claim 10, wherein the digital certificate includes stored electronic signals representing at least a public key corresponding to the private key employed to produce said digital signature.
1 2. The method of claim 1 , wherein the at least one plurality is electronically referenced indirectly.
1 . A platfomi comprising: an electronic storage medium including machine- readable computer code resident therein; said machine-readable computer code being adapted, during execution, to produce electronic signals that electronically reference at least one plurality of electronic signals with a digital signature remotely stored from the plurality, wherein the digital signature comprises electronic signals representing the encrypted cryptographic hash value of the electronically referenced at least one plurality of electronic signals.
14. The platfomi of claim 13, wherein the machine-readable computer code is further adapted, during execution, to produce electronic signals that reference other pluralities of electronic signals.
15. The platform of claim 14, wherein the pluralities are stored in physically distributed storage media.
16. The platform of claim 14, wherein one of the other pluralities of electronic signals comprises a digital certificate.
17. The platform of claim 13, wherein the at least one plurality of electronic signals is referenced indirectly.
18. The platfomi of claim 14, wherein one of the other pluralities of electronic signals is referenced indirectly.
1 . A network comprising: a plurality of coupled computing platforms, each of said computing platfoπns including an electronic storage medium; at least one platform including electronic signals that electronically reference with a digital signature at least one plurality of electronic signals remotely stored from the digital signature, the digital signature comprising electronic signals representing the cryptographic hash value of the electronically referenced at least one plurality of electronic signals.
20. The network of claim 19, wherein the electronic signals that electronically reference with a digital signature the at least one plurality of electronic signals remotely stored from the digital signature also electronically reference other pluralities of electronic signals.
2 1 . The network of claim 20, wherein the pluralities are stored in physically distributed storage media.
22. The network of claim 20, wherein one of the other pluralities comprises a digital certificate.
23. The network of claim 19, wherein the at least one plurality of electronic signals is referenced indirectly.
24. The network of claim 20, wherein one of the other pluralities of electronic signals is referenced indirectly.
25. A method of using a digital signature comprising the steps of: electronically referencing more than one plurality of electronic signals with a digital signature remotely stored from the more than one pluralities; and electronically referencing remotely from the digital signature a plurality of electronic signals comprising a digital certificate, the digital certificate comprising electronic signals representing the public key corresponding to the private key used to produce the digital signature.
PCT/US1997/017566 1996-11-01 1997-09-29 Object-based digital signatures WO1998020644A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP97945363A EP0938792B1 (en) 1996-11-01 1997-09-29 Object-based digital signatures
AU46585/97A AU4658597A (en) 1996-11-01 1997-09-29 Object-based digital signatures
DE69728991T DE69728991T2 (en) 1996-11-01 1997-09-29 OBJECT-ORIENTED DIGITAL SIGNATURES

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/742,981 US6253323B1 (en) 1996-11-01 1996-11-01 Object-based digital signatures
US08/742,981 1996-11-01

Publications (1)

Publication Number Publication Date
WO1998020644A1 true WO1998020644A1 (en) 1998-05-14

Family

ID=24987032

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1997/017566 WO1998020644A1 (en) 1996-11-01 1997-09-29 Object-based digital signatures

Country Status (5)

Country Link
US (1) US6253323B1 (en)
EP (1) EP0938792B1 (en)
AU (1) AU4658597A (en)
DE (1) DE69728991T2 (en)
WO (1) WO1998020644A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6611817B1 (en) 1999-06-17 2003-08-26 International Business Machines Corporation Automated technique for code generation of datastream mappings
US6898707B1 (en) 1999-11-30 2005-05-24 Accela, Inc. Integrating a digital signature service into a database
US6959382B1 (en) 1999-08-16 2005-10-25 Accela, Inc. Digital signature service

Families Citing this family (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8079086B1 (en) 1997-11-06 2011-12-13 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US7058822B2 (en) 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US9219755B2 (en) 1996-11-08 2015-12-22 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US6704906B1 (en) * 1999-03-27 2004-03-09 Movaris, Inc. Self-directed routable electronic form system and method
US7000179B2 (en) * 1999-03-27 2006-02-14 Movaris, Inc. Method and apparatus for programmatic learned routing in an electronic form system
AU6107600A (en) * 1999-07-14 2001-01-30 Recourse Technologies, Inc. System and method for computer security
US7117532B1 (en) * 1999-07-14 2006-10-03 Symantec Corporation System and method for generating fictitious content for a computer
US6981155B1 (en) * 1999-07-14 2005-12-27 Symantec Corporation System and method for computer security
US6393025B1 (en) * 1999-08-09 2002-05-21 Lucent Technologies Inc. Time-sensitive packet processor for an ATM switch
US7203962B1 (en) * 1999-08-30 2007-04-10 Symantec Corporation System and method for using timestamps to detect attacks
US20020026584A1 (en) * 2000-06-05 2002-02-28 Janez Skubic Method for signing documents using a PC and a personal terminal device
US7215771B1 (en) 2000-06-30 2007-05-08 Western Digital Ventures, Inc. Secure disk drive comprising a secure drive key and a drive ID for implementing secure communication over a public network
US7155616B1 (en) 2000-07-31 2006-12-26 Western Digital Ventures, Inc. Computer network comprising network authentication facilities implemented in a disk drive
US7003674B1 (en) 2000-07-31 2006-02-21 Western Digital Ventures, Inc. Disk drive employing a disk with a pristine area for storing encrypted data accessible only by trusted devices or clients to facilitate secure network communications
US7366896B1 (en) * 2000-08-29 2008-04-29 Microsoft Corporation Systems and methods for limiting access to potentially dangerous code
US7032114B1 (en) * 2000-08-30 2006-04-18 Symantec Corporation System and method for using signatures to detect computer intrusions
US7210037B2 (en) * 2000-12-15 2007-04-24 Oracle International Corp. Method and apparatus for delegating digital signatures to a signature server
US8539334B2 (en) 2000-12-27 2013-09-17 Tractmanager, Inc. Document management system having automatic notifications
US10114821B2 (en) * 2000-12-27 2018-10-30 Tractmanager, Inc. Method and system to access to electronic business documents
US6957384B2 (en) 2000-12-27 2005-10-18 Tractmanager, Llc Document management system
US20110029584A1 (en) * 2001-02-08 2011-02-03 The Boeing Company Apparatus, method and computer program product for transferring an electronic file
US20020144110A1 (en) * 2001-03-28 2002-10-03 Ramanathan Ramanathan Method and apparatus for constructing digital certificates
US20020144120A1 (en) * 2001-03-28 2002-10-03 Ramanathan Ramanathan Method and apparatus for constructing digital certificates
US7487354B2 (en) * 2001-05-18 2009-02-03 Microsoft Corporation Methods and systems for using digital signatures in uniform resource locators
US7137004B2 (en) * 2001-11-16 2006-11-14 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US6938014B1 (en) * 2002-01-16 2005-08-30 Sterling Commerce, Inc. Non-repudiable translation of electronic documents
WO2003060637A2 (en) * 2001-12-21 2003-07-24 Aristotle International, Inc. Identification verification system and method
US7698230B1 (en) * 2002-02-15 2010-04-13 ContractPal, Inc. Transaction architecture utilizing transaction policy statements
US7295677B2 (en) * 2002-03-01 2007-11-13 Hewlett-Packard Development Company, L.P. Systems and methods for adding watermarks using network-based imaging techniques
EP1343286A1 (en) * 2002-03-04 2003-09-10 BRITISH TELECOMMUNICATIONS public limited company Lightweight authentication of information
US7103835B1 (en) 2002-03-12 2006-09-05 Movaris, Inc. Process builder for a routable electronic document system and method for using the same
US20040006701A1 (en) * 2002-04-13 2004-01-08 Advanced Decisions Inc. Method and apparatus for authentication of recorded audio
US20030217280A1 (en) * 2002-05-17 2003-11-20 Keaton Thomas S. Software watermarking for anti-tamper protection
US7370206B1 (en) * 2003-09-04 2008-05-06 Adobe Systems Incorporated Self-signing electronic documents
US7451321B2 (en) * 2003-10-07 2008-11-11 Joseph Ernest Dryer Electronic signature management method
US8312509B2 (en) * 2006-09-21 2012-11-13 Intel Corporation High integrity firmware
US8621222B1 (en) 2008-05-30 2013-12-31 Adobe Systems Incorporated Archiving electronic content having digital signatures
US8464249B1 (en) 2009-09-17 2013-06-11 Adobe Systems Incorporated Software installation package with digital signatures
US9397835B1 (en) 2014-05-21 2016-07-19 Amazon Technologies, Inc. Web of trust management in a distributed system
US9866392B1 (en) * 2014-09-15 2018-01-09 Amazon Technologies, Inc. Distributed system web of trust provisioning
US10469477B2 (en) 2015-03-31 2019-11-05 Amazon Technologies, Inc. Key export techniques
WO2017117357A1 (en) * 2015-12-30 2017-07-06 Xiaolin Zhang System and method for data security
US11888759B2 (en) 2021-06-23 2024-01-30 Bank Of America Corporation System for executing digital resource transfer using trusted computing

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5005200A (en) * 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5136643A (en) * 1989-10-13 1992-08-04 Fischer Addison M Public/key date-time notary facility
US5136646A (en) * 1991-03-08 1992-08-04 Bell Communications Research, Inc. Digital document time-stamping with catenate certificate
US5367573A (en) * 1993-07-02 1994-11-22 Digital Equipment Corporation Signature data object
US5390247A (en) * 1992-04-06 1995-02-14 Fischer; Addison M. Method and apparatus for creating, supporting, and using travelling programs

Family Cites Families (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4200770A (en) 1977-09-06 1980-04-29 Stanford University Cryptographic apparatus and method
US4218582A (en) 1977-10-06 1980-08-19 The Board Of Trustees Of The Leland Stanford Junior University Public key cryptographic apparatus and method
US4405829A (en) 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
US4424414A (en) 1978-05-01 1984-01-03 Board Of Trustees Of The Leland Stanford Junior University Exponentiation cryptographic apparatus and method
US4402046A (en) 1978-12-21 1983-08-30 Intel Corporation Interprocessor communication system
US4325120A (en) 1978-12-21 1982-04-13 Intel Corporation Data processing system
US4387427A (en) 1978-12-21 1983-06-07 Intel Corporation Hardware scheduler/dispatcher for data processing system
US4315310A (en) 1979-09-28 1982-02-09 Intel Corporation Input/output data processing system
US4829425A (en) 1986-10-21 1989-05-09 Intel Corporation Memory-based interagent communication mechanism
US4803622A (en) 1987-05-07 1989-02-07 Intel Corporation Programmable I/O sequencer for use in an I/O processor
EP0383985A1 (en) 1989-02-24 1990-08-29 Claus Peter Prof. Dr. Schnorr Method for subscriber identification and for generation and verification of electronic signatures in a data exchange system
US5224163A (en) * 1990-09-28 1993-06-29 Digital Equipment Corporation Method for delegating authorization from one entity to another through the use of session encryption keys
DE4234165C1 (en) * 1992-10-09 1994-03-03 Detecon Gmbh Procedure to enable the subsequent review of data already transmitted
US5535276A (en) * 1994-11-09 1996-07-09 Bell Atlantic Network Services, Inc. Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography
US5634043A (en) 1994-08-25 1997-05-27 Intel Corporation Microprocessor point-to-point communication
US5663896A (en) 1994-09-22 1997-09-02 Intel Corporation Broadcast key distribution apparatus and method using Chinese Remainder
US5621798A (en) 1995-04-18 1997-04-15 Intel Corporation Method and apparatus for cooperative messaging
US5896533A (en) 1995-07-06 1999-04-20 Intel Corporation Accessing internets world-wide web through object linking and embedding technology
US5757915A (en) 1995-08-25 1998-05-26 Intel Corporation Parameterized hash functions for access control
US5701464A (en) 1995-09-15 1997-12-23 Intel Corporation Parameterized bloom filters
US6134551A (en) 1995-09-15 2000-10-17 Intel Corporation Method of caching digital certificate revocation lists
US5663553A (en) 1995-09-27 1997-09-02 Intel Corporation Mass storage device adapter for smart cards
US5712914A (en) 1995-09-29 1998-01-27 Intel Corporation Digital certificates containing multimedia data extensions
US5754658A (en) 1996-04-19 1998-05-19 Intel Corporation Adaptive encryption to avoid processor oversaturation
US5892899A (en) 1996-06-13 1999-04-06 Intel Corporation Tamper resistant methods and apparatus
US6178509B1 (en) 1996-06-13 2001-01-23 Intel Corporation Tamper resistant methods and apparatus
US6205550B1 (en) 1996-06-13 2001-03-20 Intel Corporation Tamper resistant methods and apparatus
US5915018A (en) 1996-11-05 1999-06-22 Intel Corporation Key management system for DVD copyright management
US6021491A (en) * 1996-11-27 2000-02-01 Sun Microsystems, Inc. Digital signatures for data streams and data archives
US5933502A (en) 1996-12-20 1999-08-03 Intel Corporation Method and apparatus for enhancing the integrity of visual authentication
US5991403A (en) 1996-12-23 1999-11-23 Intel Corporation Recoverable cryptographic transformation on YUV data suitable for compressions
US5949877A (en) 1997-01-30 1999-09-07 Intel Corporation Content protection for transmission systems
US6041122A (en) 1998-02-27 2000-03-21 Intel Corporation Method and apparatus for hiding crytographic keys utilizing autocorrelation timing encoding and computation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5005200A (en) * 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5136643A (en) * 1989-10-13 1992-08-04 Fischer Addison M Public/key date-time notary facility
US5136646A (en) * 1991-03-08 1992-08-04 Bell Communications Research, Inc. Digital document time-stamping with catenate certificate
US5390247A (en) * 1992-04-06 1995-02-14 Fischer; Addison M. Method and apparatus for creating, supporting, and using travelling programs
US5367573A (en) * 1993-07-02 1994-11-22 Digital Equipment Corporation Signature data object

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP0938792A4 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6611817B1 (en) 1999-06-17 2003-08-26 International Business Machines Corporation Automated technique for code generation of datastream mappings
US6959382B1 (en) 1999-08-16 2005-10-25 Accela, Inc. Digital signature service
US6898707B1 (en) 1999-11-30 2005-05-24 Accela, Inc. Integrating a digital signature service into a database

Also Published As

Publication number Publication date
DE69728991D1 (en) 2004-06-09
EP0938792B1 (en) 2004-05-06
US6253323B1 (en) 2001-06-26
DE69728991T2 (en) 2005-04-14
EP0938792A4 (en) 2001-08-29
EP0938792A1 (en) 1999-09-01
AU4658597A (en) 1998-05-29

Similar Documents

Publication Publication Date Title
US6253323B1 (en) Object-based digital signatures
US5892904A (en) Code certification for network transmission
KR100268095B1 (en) Data communications system
US6367012B1 (en) Embedding certifications in executable files for network transmission
CN109598663B (en) Method and device for providing and acquiring safety identity information
JP4681554B2 (en) How to use reliable hardware-based identity credentials in runtime package signing for secure mobile communications and expensive transaction execution
US7644280B2 (en) Method and system for linking certificates to signed files
EP1175038B1 (en) Technique for obtaining a sign-on certificate from a foreign PKI system using an existing strong authentication PKI system
US6430688B1 (en) Architecture for web-based on-line-off-line digital certificate authority
US7631191B2 (en) System and method for authenticating a web page
EP1307863B1 (en) Digital receipt for a transaction
US7356690B2 (en) Method and system for managing a distributed trust path locator for public key certificates relating to the trust path of an X.509 attribute certificate
US20020002680A1 (en) Method and apparatus for verifying the integrity of digital objects using signed manifests
US20050228999A1 (en) Audit records for digitally signed documents
US20020124172A1 (en) Method and apparatus for signing and validating web pages
US20040268120A1 (en) System and method for public key infrastructure based software licensing
EP1617588A1 (en) Device authentication system
KR19980042805A (en) Methods, devices and products to verify that the data in the data file is genuine
JP2001518269A (en) Electronic encryption packing
AU2004240278A1 (en) Method and apparatus for creating and validating an encrypted digital receipt for third-party electronic commerce transactions
WO2003003329A1 (en) Data originality validating method and system
CN112311779B (en) Data access control method and device applied to block chain system
CN113610526A (en) Data trust method and device, electronic equipment and storage medium
US20040133783A1 (en) Method for non repudiation using cryptographic signatures in small devices
JP4091438B2 (en) Cryptographic signatures on small devices

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CU CZ CZ DE DE DK DK EE EE ES FI FI GB GE GH HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG UZ VN YU ZW AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH KE LS MW SD SZ UG ZW AT BE CH DE DK ES FI FR

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
CFP Corrected version of a pamphlet front page

Free format text: REVISED ABSTRACT RECEIVED BY THE INTERNATIONAL BUREAU AFTER COMPLETION OF THE TECHNICAL PREPARATIONS FOR INTERNATIONAL PUBLICATIONS

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1997945363

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1997945363

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: CA

WWG Wipo information: grant in national office

Ref document number: 1997945363

Country of ref document: EP