METHOD OF AUTHENTICATING OR "DIGITALLY SIGNING" DIGITAL
DATA OBJECTS
TECHNICAL FIELD OF THE INVENTION
The present invention relates in general to providing authentication of digital data,
such as document or other data files or objects. More particularly, the present invention
relates to methods of securely appending or otherwise incorporating a digital signature
or indicia of authenticity into a data object.
BACKGROUND OF THE INVENTION AND BACKGROUND ART
There have been several prior attempts to digitally "sign," "notarize," or otherwise
authenticate a digital data object such as a text document. Generally speaking, one
drawback to the storage of, for instance, digital document files, is that it can be difficult
to establish whether the version retrieved or transmitted is the identical document
originally stored or created. A "digital signature" or "notary" is a common nomenclature
for an attempt to provide indicia of authenticity of the digital data.
One such method is found in U.S. Patent Number 5,022,080, June 4, 1991, to
Durst et al., which discloses a method of digitally notarizing a document comprising the
steps of hashing the document, transmitting the digest (or result of the hash) to a trusted
third party, where the digest is combined with a time-stamp, and then encrypting the
combination to produce a "digitally notarized" document. All that is required to
authenticate the document is the key to the encryption technique. Thus, simply by
"breaking the code" the authenticity indicia or the underlying data object can be altered
or tampered with.
Other solutions complicate this basic scheme to render it more difficult to break
the code successfully. For instance, U.S. Patent Number 5,373,561, December 13, 1994
to Haber et al., periodically re-encrypts the signature data to take advantage of ever-
increasing computational power and advances in encryption, which also render the
authentic document more susceptible to alteration, decryption, or tampering as time
passes. However, if the user neglects to "update" the encryption, the advantage is lost.
A need exists, therefore, for a method of digitally authenticating a data object that
is not susceptible to future tampering, yet is sufficiently simple as to be implemented in
a practical and efficient manner.
DISCLOSURE OF THE INVENTION
It is a general object of the present invention to provide a method of providing a
data object that can ve verified or authenticated reliably, with minimal risk of tampering.
This and other objects of the present invention are achieved by associating or
combining a data object, such as a document file, with signature or authentication data,
such as a time-stamp or signature. Both the data object and the signature data are
encrypted. Finally, a distinct data object is generated or digested from the combination
of encrypted data object and signature data, the distinct data object has characteristics
determined by the data object and the signature data.
According to the preferred embodiment of the present invention, the generation
of the distinct data object is achieved using a hashing algorithm, such as SHA-1.
According to the preferred embodiment of the present invention, the signature or
authentication data is provided by a trusted third party. The data object transmitted to the
third party may be a digest or hash of the data object to preserve the confidentiality of the
data object.
According to the preferred embodiment of the present invention, the encryption
step is achieved by a symmetric encryption algorithm.
According to the preferred embodiment of the present invention, the authenticity
of the original data object is confirmed by reproducing the distinct data object by
identically encrypting a data object identical to the original, generating another distinct
data object, and comparing the second and first distinct data objects for identity.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a high-level flow chart depicting the steps of the method according to
the preferred embodiment of the present invention, and more particularly the steps of
proving a data object with authentication or signature data.
Figure 2 is a block diagram schematically depicting a portion of the method of
Figure 1 according to the preferred embodiment of the present invention.
Figure 3 is a high-level flow chart illustrating the steps of the method according
to the preferred embodiment of the present invention, and more particularly of the steps
of authenticating a data object provided with authentication data.
Figure 4 is a block diagram schematically depicting a portion of the method of
Figure 3 according to the preferred embodiment of the present invention.
MODE(S) FOR CARRYING OUT THE INVENTION
Referring now to the Figures, and specifically to Figure 1, a high-level flow-chart
depicts the basic steps of a portion of the method according to the present invention.
First, at block 11, a first data object or item is provided by a user or customer of the
method. The data object or item could be a document, drawing, image file, or any item
or segment of data that the user desires to provide with the ability to be authenticated or
verified in the future.
At block 13, the data object is combined or associated with signature or
authentication data. The signature or authentication may include the time of creation of
the data object, the name of the author of the object, predetermined characters indicating
the origin of the object, or virtually any other data the user desires to serve as evidence
of authenticity of the underlying data object. According to the preferred embodiment of
the present invention, the authentication data is a "time stamp" that comprises, for
instance, the time and date from the "Atomic Clock" maintained by the United States
Naval Observatory (e.g., 22: 13.02; 4 April 1998). The signature or authentication data
is appended, concatenated, or otherwise conventionally combined or associated with the
data object. As discussed in greater detail with reference to Figure 2, the time stamp or
other signature or authentication data is provided by a trusted third party, perhaps the
vendor of the method, who also keeps meticulous records of the method used to combine
or associate the data object with signature or authentication data.
Next, at block 15, the combination of the data object and signature or
authentication data is encrypted using conventional symmetric secret-key, asymmetric
public-key techniques or other combining techniques which use a key known only to the
trusted third party. The encryption technique could be as simple as appending or
concatenating a selected, random text or character string to the data object. For maximum
security, it is preferable that the trusted third-party employ secret-key techniques and
maintain a record of the encryption technique along with any secret-keys, for future use
in authentication of the data object. The preferred encryption method or algorithm is
RC5.
Finally, at block 17, the encrypted data object is digested or hashed using a hash
routine to generate a distinct data object. A hash routine generates a data string that is
characteristic of the underlying data object that is subjected to the hash routine. The
preferred hashing algorithm is SHA-1. There are several hashing routines or algorithms,
such as SHA-1, that are suitable for use in the method according to the present invention.
All of these hashing routines or algorithms share the following characteristics:
• the underlying data object cannot be reproduced from the hashed data
string (it is a one-way or irreversible process);
• the routine produces a data string of fixed length; and
• the routine will not yield the same data string for two different data objects.
Hashing is sometimes referred to as a method of encryption, but this is inaccurate: the
very essence of encryption is that it can be decrypted or the process reversed. Hashing,
by its very nature, is not reversible. According to the preferred embodiment of the
present invention, the hashing or digesting step may comprise application of a single
hashing algorithm or routine to the encrypted data object and signature data.
Alternatively, the hashing step may comprise multiple applications of the same or
different hashing algorithms.
The result of the hashing step is a distinct data object that has characteristics of
both the underlying data object and the signature or authentication data. The distinct data
object may be appended to or separate from the underlying data object. The distinct data
object and the signature or authentication data is transmitted, along with the original data
object to a recipient party to permit the recipient party to later confirm the authenticity
of the original data object and/or the combination of the data object and the signature or
authentication data.
Figure 2 is a block diagram depicting elements and relationships between entities
performing the steps of the method according to the present invention. According to the
preferred embodiment of the present invention, the encryption and hashing steps are
performed on the user's computer 19 which may be a personal computer, a client/server
workstation, terminal for a mainframe or minicomputer or the like. The signature or
authentication data is provided by a trusted third party 21, who also provides the
encryption and hashing algorithms and keeps a record of the encryption or combining
techniques and any secret keys for use in future authentication. Alternatively, the
encryption and hashing algorithms are resident on and maintained by user's system 19.
According to one embodiment of the invention, the original data object is hashed
and then sent to the trusted third party 21 to preserve the confidentiality of the original
data object. In this embodiment, the trusted third party performs the encryption and
hashing or digesting steps and returns the resulting distinct data object and authentication
data to user 19 to associate with or combine with the original data object.
Communication between user 19 and trusted third party 21 is accomplished in a
number of ways: through modem line, Tl line, frame relay link, or cable modem, or http
protocol (each with appropriate security). Trusted third party 21 maintains records of any
encryption keys, the encryption technique and hashing algorithm(s) for future use by the
party that later performs authentication of the document.
Figure 3 is a high-level flow chart depicting the steps of the authentication portion
of the method according to the present invention. To authenticate the data object, an
original copy, block 31, of the data object, identical to the first, is combined with
signature or authentication data, at block 33. The original copy of the data object and
signature or authentication data can be provided by the originator, or can be kept by the
trusted third party along with the encryption and/or hashing algorithms. After the copy
of the original data object is combined with the authentication or signature data, the
combinations is encrypted in an identical fashion to the original, at block 35. At block
37, the resulting encrypted data object is then hashed or digested identically to the first,
and the resulting distinct data object compared with the original data object (the result of
block 17 in Figure 1) and the two are compared for identity. If the two are identical, the
underlying data object (or the copy) is thus verified or authenticated. If not identical, the
data object or copy is not authenticated and cannot be trusted (i.e., the copy or document
purporting to be original has been altered and is not identical to the first or the
authentication data has been altered).
Figure 4 is a block diagram depicting elements and relationships between entities
perforating the steps of the authentication portion of the method according to the present
invention. According to the preferred embodiment of the present invention, the
authentication steps are performed by a trusted party, perhaps the vendor of the method
as the recipient party 25 using information provided by the trusted third party, the
originator or user, or a combination of the two. The distinct data objects are input to a
comparator or a computer algorithm operable to compare data for identity. The output
of the comparator verifies the authenticity (or lack thereof).
According to the preferred embodiment of the present invention, the method is
performed using software resident on the document or data object originator's computer.
The encryption and digesting occurs on the trusted third party's computer with the input
and results being communicated to and from the trusted third party as described above.
The recipient of the "authenticated" data object can request verification through the
trusted third party, depending upon which of the parties maintains the requisite
encryption technique, hashing algorithm, combination method, and any encryption keys.
The method according to the present invention provides an improved method of
digitally signing or otherwise authenticating digital data objects. Because the hashing or
digesting step is one-way or irreversible, the encrypted portion of the "signature" is not
susceptible to unauthorized decryption, even by marked advances in computational
power. Because of this advantage, the trusted third party or vendor must keep scrupulous
records of the encryption or combining techniques, hashing methods and encryption keys
employed in providing the signature or authentication data.
The invention has been described with reference to preferred embodiments thereof.
It is thus not limited, but is susceptible to variation and modification without departing
from the scope and spirit of the invention, which is defined by the claims, which follow.