|Publication number||US20060288216 A1|
|Application number||US 10/548,137|
|Publication date||Dec 21, 2006|
|Filing date||Mar 3, 2004|
|Priority date||Mar 4, 2003|
|Also published as||CN1717896A, CN1717896B, EP1599965A1, EP1599965B1, US8271791, US20090327732, WO2004079986A1|
|Publication number||10548137, 548137, PCT/2004/626, PCT/IB/2004/000626, PCT/IB/2004/00626, PCT/IB/4/000626, PCT/IB/4/00626, PCT/IB2004/000626, PCT/IB2004/00626, PCT/IB2004000626, PCT/IB200400626, PCT/IB4/000626, PCT/IB4/00626, PCT/IB4000626, PCT/IB400626, US 2006/0288216 A1, US 2006/288216 A1, US 20060288216 A1, US 20060288216A1, US 2006288216 A1, US 2006288216A1, US-A1-20060288216, US-A1-2006288216, US2006/0288216A1, US2006/288216A1, US20060288216 A1, US20060288216A1, US2006288216 A1, US2006288216A1|
|Inventors||Peter Buhler, Klaus Kursawe, Roman Maeder, Michael Osborne|
|Original Assignee||Peter Buhler, Klaus Kursawe, Roman Maeder, Michael Osborne|
|Export Citation||BiBTeX, EndNote, RefMan|
|Referenced by (20), Classifications (10), Legal Events (1)|
|External Links: USPTO, USPTO Assignment, Espacenet|
The present invention is related to a method, computer device, and system for digitally signing an electronic document that is to be kept secure for a long time period. The invention also relates to a method for verifying an electronic document that has been digitally signed.
More and more documents are stored electronically. This often involves a digital time-stamping mechanism in order to bind the document or its content to a particular point in time. To minimize the risk that either the data or the time-stamp can be tampered with at a later date a cryptographic digital signature is used to protect both elements.
US Patent Application Publication US 2002/0120851 A1 refers to a device and method for data time-stamping. The device includes a trusted clock, a memory, a time-stamper and a digital signer. The device is adapted to store to the memory data that has been time-stamped by the time-stamper, with a time obtained from the trusted clock, and digitally signed with a digital signature by the digital signer.
However, at present the requirement that a user is legally liable for documents that he/she digitally signs and that the documents remain secure for a long period of time, for example at least 30 years, can not be fulfilled, because of the limited computational power of personal cryptographic tokens.
It should not be possible to create any signature without the users consent. This can be forced by an individual cryptographic hardware token which acts as a signing device (e.g. a smart card).
Current hardware tokens of this type are restricted in terms of computational power which means that digital signatures with very large key lengths cannot be computed within an acceptable time.
It is an object of the present invention to create and verify digital signatures that are secure for a very long time, taking into account future cryptographic developments which could render current cryptographic key-lengths insufficient.
In accordance with the present invention, there is provided a method for digitally signing an electronic document for long term security purposes comprising the steps of marking with a digital mark and signing with a first digital signature the electronic document. The marked and signed electronic document is then signed with a second digital signature that is less computationally intensive in its generation than the first digital signature. In most cases the second digital signature is based on a shorter cryptographic key then the first digital signature.
The electronic document and the first digital signature or part thereof can be provided to a client computer where under use of a cryptographic token the second digital signature which depends on the content of the electronic document and the first digital signature or the part thereof is generated. This allows a presenting or displaying of the electronic document to a user, who can review the electronic document and sign it with an individual cryptographic token, for example with a smart card, which belongs to the user and is also referred to as signing device.
The cryptographic token can be related to a user group which then shares one cryptographic token making the group or a department liable.
The digital mark can comprise a unique number that is a sequence number, a time-stamp, or a value derived thereof. The digital mark allows a unique number to be allocated which later on can be used for revocation purposes.
The signed electronic document can additionally be signed with a third digital signature or a further digital mark, i.e. after the user has signed. This would be performed where the first digital signature was created, e.g. at a time-stamping or signature server. The revocation process could be simplified because it would allow an easier key revocation, as it is sufficient to tell the signature server which keys are invalid.
The digital signatures may use asymmetrical as well as symmetric encryption. Public/secret- key cryptography can be applied advantageously by using first and second signature keys. The individual key for the second signature has a length that can be handled by the individual signing devices. However this might be insufficient to guarantee security for the long-term future. The first signature key on the other hand is of sufficient length such that by all reasonable predictions it can not be broken within the desired live-time of the key.
The first stage involves a trusted digital marking which may add time and date and certificate information to the document or a document hash value, and signing it with the first digital signature.
This first stage can be performed by a trusted server that uses a very strong key length, e.g. 3072-4096 bits, and may use several different signature schemes in parallel, e.g. RSA, ECC, to maintain security even if a particular scheme is compromised.
The user then verifies the document, which now includes the signed digital mark, and signs it again using his/her individual signing device with the second digital signature digital which is less computationally intensive in its generation than the first digital signature. The document is then contemplated as a validly signed electronic document. An advantage of this is the long term security, while still allowing every individual user to have his/her private key that never leaves the individual signing device. This allows that users be liable for their signatures, while giving assurance that the key-length on the final signature is sufficient to last for a long time. Thus, the scheme allows a long-term personal liability on digital signatures.
It is also possible to revoke a key if one individual signing device gets lost. Because every signature comes with a reliable digital mark, signatures signed after the revocation time of one individual signing device are simply declared invalid.
If—due to technical developments—the key length of the individual singing keys become into danger of being insufficient, all individual signing keys are revoked and replaced by longer keys. To increase security, the digital marking key may be destroyed, such that it is impossible to issue any digital mark compatible with the old keys.
A computer device, e.g. a laptop computer, with an electronic smart card reader for reading a smart card can be used to generate the second digital signature. Also possible is to use a personal digital assistant (PDA) which at the same time can be the cryptographic token. The cryptographic token is contemplated as an individual signing device or part thereof which is a small device in the possession of the user that issues the second digital signature.
In another aspect of the invention there is provided a system for digitally signing an electronic document for long term security purposes. The system comprises a document repository for storing and providing the electronic document, a digital signature computing device connected to the document repository for deriving from a digital mark and the electronic document a first digital signature, and a cryptographic device for generating a second digital signature that is less computationally intensive in its generation than the first digital signature.
The digital signature computing device could comprise a tamperproof clock, which can be used to create the digital mark and therewith the first digital signature. In addition, the digital signature computing device could comprise an internal clock for verifying a predefined time-interval between the issuance of the first digital signature and the second digital signature to be issued. For example, the individual digital signature computing device only issues the second digital signature on the electronic document that was digitally marked and signed within the last, for example, ten minutes. This makes it harder to stage long term attacks that try to gather the components of a valid digital signature over a certain time period.
The digitally signed electronic document can be verified under use of a first public key corresponding to the first digital signature and a second public key corresponding to the second digital signature. The use of public-key cryptography allows an easy verification process.
In yet another aspect of the invention there is provided a method for verifying an electronic document that has been digitally signed by a first digital signature under use of a digital mark and thereon with a second digital signature. The method comprises the step of verifying the validity of the digitally signed electronic document by using a first public key corresponding to the first digital signature and a second public key corresponding to the second digital signature that is less computationally intensive in its generation than the first digital signature.
Preferred embodiments of the invention are described in detail below, by way of example only, with reference to the following schematic drawings.
The drawings are provided for illustrative purpose only and do not necessarily represent practical examples of the present invention to scale.
In the following, the various exemplary embodiments of the invention are described.
For the understanding of the process flow, the steps are labeled at the connections with numbers in a circle which correspond to the numbers 1-8 mentioned hereafter. As indicated with 1, the electronic document to be signed is retrieved from the document repository 10 and presented to the signature server 12 where a system signature is created and attached. This is described in more detail with reference to
The system signature is created at the signature server 12 usually located at a central site. For the creation of the system signature two algorithms with public/private double-key based on a key size of, for example, 4096 bits, can be used. A respective private key can be stored in a hyper-secure cryptographic coprocessor card which generates a reference time-stamp. A corresponding public key can be stored in the signature server 12 which can also be used as public keys server located at the central site.
The user signature is calculated and generated under use of a cryptographic token that here is the smart card 18. For that, an algorithm with public/private double-key based on a key size of, for example, 2048 bits can be used. The double-key is generated once by the user or a user group. A users private key is only stored in the electronic card, the smart card 18. It is not on transit on any network and it cannot be copied. A corresponding user public key can be stored in a public keys server located at the central site whereto it is transmitted by order.
In a further embodiment, the user asks for displaying one electronic document he/she wants to sign. Consequently, a request is sent to the application server or directly to the document repository 10 in order to obtain the data in question which has to be presented to the user for his/her signature. The set of data, that is the requested electronic document and the user's identity are sent to the signature server 12 in order to be signed. At this step, the system signature is added to the electronic document. The electronic document and system signature are then forwarded and presented to the user. The data can then be checked by the user.
In another embodiment, the user signs by placing his/her finger on a fingerprint reader which can be on the card reader 16.
The same reference numbers are used to denote the same or like parts.
The long term security of the scheme relies on the security of the first digital signature 28. Performance is a minor issue here, as the system signature DTS is usually generated by a stationary server with sufficient resources. Therefore, the key length used here will be rather large, e.g., 4096 bit RSA, and possibly several different schemes basing on different cryptographic assumptions are used in parallel in case there is a total break of cryptographic algorithm, e.g., RSA and DSA.
The second digital signature 38 is issued by a small cryptographic token being the smart card 18, in possession of the user. Therefore, the computing power may be limited. This imposes a restriction on the key length and thus also on the long-term security of the users signature. Furthermore, it is possible that the cryptographic token, i.e. the smart card 18, is lost or stolen. The token can thus not be used to ensure long-term security. Over the lifetime of the system, it can be replaced or retired at any time without endangering the security if signatures issued before or afterwards.
To verify the signature 28, 38, the user first verifies the second digital signature 38 by applying a second public key. The user also should verify whether or not the second public key 47 is valid for the time or sequence number contained in the digital mark 23. As the second private Key 37 may be revoked, the document signed with it after revocation is not valid.
If the second digital signature 38 is valid, the user verifies if the first digital signature 28 is correct by using a first public key 46, the key that corresponds to the first private key 26 used by the signature server 12. If both signatures DTS, DUS are correct and the second public key 47 is valid for the time in question, the whole signature is considered correct.
In detail, from the document 20, the digital mark 23, and the first digital signature 28 a first verification hash 41 is derived resulting in a first verification hash value 43. Furthermore, under use of the second public key 47, the second digital signature 38, and a cryptographic decryption algorithm a second verification hash value 45 is derived. The first and second verification hash values 43, 45 can then be compared easily.
From the document 20 and the digital mark 23 a second verification hash 40 is derived resulting in a third verification hash value 42. Further, under use of the first public key 46, the first digital signature 28, and a cryptographic decryption algorithm a fourth verification hash value 44 is derived. The third and fourth verification hash values 42, 44 can then be compared easily. If the hash values 43, 45 and 42, 44 match respectively, the signatures are valid.
Any disclosed embodiment may be combined with one or several of the other embodiments shown and/or described. This is also possible for one or more features of the embodiments.
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US7434058 *||Jun 7, 2004||Oct 7, 2008||Reconnex Corporation||Generating signatures over a document|
|US7657104||Nov 21, 2005||Feb 2, 2010||Mcafee, Inc.||Identifying image type in a capture system|
|US7689614||May 22, 2006||Mar 30, 2010||Mcafee, Inc.||Query generation for a capture system|
|US7730011||Oct 19, 2005||Jun 1, 2010||Mcafee, Inc.||Attributes of captured objects in a capture system|
|US7774604||Nov 22, 2004||Aug 10, 2010||Mcafee, Inc.||Verifying captured objects before presentation|
|US7814327||Mar 30, 2004||Oct 12, 2010||Mcafee, Inc.||Document registration|
|US7818326||Aug 31, 2005||Oct 19, 2010||Mcafee, Inc.||System and method for word indexing in a capture system and querying thereof|
|US7899828||Mar 30, 2004||Mar 1, 2011||Mcafee, Inc.||Tag data structure for maintaining relational data over captured objects|
|US7907608||Aug 12, 2005||Mar 15, 2011||Mcafee, Inc.||High speed packet capture|
|US7930540||Nov 22, 2004||Apr 19, 2011||Mcafee, Inc.||Cryptographic policy enforcement|
|US7949849||Jun 27, 2005||May 24, 2011||Mcafee, Inc.||File system for a capture system|
|US7958227||Jun 7, 2011||Mcafee, Inc.||Attributes of captured objects in a capture system|
|US8473442||Feb 25, 2009||Jun 25, 2013||Mcafee, Inc.||System and method for intelligent state management|
|US8479006||Jun 20, 2008||Jul 2, 2013||Microsoft Corporation||Digitally signing documents using identity context information|
|US8656039||Jun 8, 2004||Feb 18, 2014||Mcafee, Inc.||Rule parser|
|US8719578 *||Jun 26, 2009||May 6, 2014||Fujitsu Limited||Document verifying apparatus, document verifying method, and computer product|
|US9092471||Feb 14, 2014||Jul 28, 2015||Mcafee, Inc.||Rule parser|
|US9094338||Mar 21, 2014||Jul 28, 2015||Mcafee, Inc.||Attributes of captured objects in a capture system|
|US20050273614 *||Jun 7, 2004||Dec 8, 2005||Ahuja Ratinder P S||Generating signatures over a document|
|US20090265558 *||Oct 22, 2009||Fujitsu Limited||Document verifying apparatus, document verifying method, and computer product|
|U.S. Classification||713/176, 713/181, 713/177|
|International Classification||H04L9/00, H04L9/32|
|Cooperative Classification||H04L9/3234, H04L9/3247, H04L2209/60, H04L9/3297|
|Jun 30, 2006||AS||Assignment|
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BUHLER, PETER;KURSAWE, KLAUS;MAEDER, ROMAN;AND OTHERS;REEL/FRAME:017880/0734;SIGNING DATES FROM 20051208 TO 20060626