Two researchers from Morris Township, New Jersey-based Bell Communications Research, Scott Stornetta and Stuart Haber, have devised a way to fix a tamper-proof time-stamp seal to any electronic document. The process will be welcomed by those responsible for electronic record keeping as well as helping those involved in sorting out controversies ranging from the authenticity […]
Two researchers from Morris Township, New Jersey-based Bell Communications Research, Scott Stornetta and Stuart Haber, have devised a way to fix a tamper-proof time-stamp seal to any electronic document. The process will be welcomed by those responsible for electronic record keeping as well as helping those involved in sorting out controversies ranging from the authenticity of business records to the false retouching of digital photographs. It could also make it possible for a quick settlement of patent disputes. Bell Communications has applied for a patent on Stornetta’s and Haber’s method of verifying the time and origin of electronic data, which is described as a digital time-stamping service prototype. A subscriber to such an electronic notary service could submit electronically any type of document for time-stamping from anywhere in the world. The time stamping service would return a digital receipt that could be used to prove a document was created on, or before, a certain date and that it hadn’t been tampered with at any time afterwards. Under the proposed Bell system, even changing one character of the original would break the time-stamping seal. One problem that the researchers had to address was how to get a patent application stamped without the time stamping agency having privileged access to the patent information. Consequently, instead of transmitting an entire document, the Bell approach would enable a company making a patent application to send the time-stamping service only a small representation of the original. The sample would be generated by one-way hashing – a mathematical process that creates a unique digital fingerprint representative of the entire body of data. Hashing generates a random string of numbers unique to the data as it exists at a given moment. Thereafter, a change of even one character in the original would result in an entirely new set of numbers that would not match the original digital fingerprint. The one-way hash function also makes it impossible to construct a full document from its hash value. A second challenge, added Stornetta, was how to make it impossible for anyone, including the time-stamping service, to cheat. In Haber’s and Stornetta’s experimental system, a data originator would send the hash value of a document to a time-stamping service. The service would then validate the time of arrival and put its own unalterable identifier, or digital signature, into the hash value, much the way a public notary would stamp a paper document. To prevent any possiblity of back- or forward-dating, the Bell system would link each time-stamped receipt to the one before it by including a portion of the previous client’s time stamp and hash number. This chaining together of data would make it impossible to cheat by inserting any document at a later date. The researchers have also proposed an alternate, or rand-om witness, solution to prevent anyone from altering the time stamp. Using a cryptographic tool known as a pseudo-random generator, the time stamping service would create a list of witnesses whose computers would automatically receive and time-stamp a hash value, and add their own digital signature to the service receipt. Neither clients nor the service could influence the selection of witnesses because, like the hash value, the randomly-generated list would be determined by the original data. Stornetta and Haber have also built in electronic safeguards that would enable clients to insure that the service receipt itself is not counterfeit. For they are developing prototype software for their digital time stamp method, which the consortium intends to make available ultimately for licensing. The software will reside both in a client’s personal computer and in the time stamping service computer. Bell Communications plans to beta-test the time stamping system internally early next year.