Previous | Table of Contents | Next |
The certificate authority also provides the vehicle for the distribution of public keys. Thus the certificate authority would have to maintain the public key certificates in a directory server that can be accessed by authorized persons and computers.
Exhibit 3 shows how subscribers might use such a repository. Certificates could be retrieved on demand along with their current status. Additional information, such as E-mail addresses or fax numbers, could also be available on demand.
The repository would work as follows:
Exhibit 2. Client Authentication.
Exhibit 3. Certificate Repository.
The certificate authority could also use the certificate repository to maintain a certificate revocation list (CRL), which provides notification of certificates that are revoked pursuant to a suspected compromise of the private key. This service could also require that the authority report such compromises via a compromised key list to special customers possibly those enrolled in a subscribed service and that such notifications be made available to all customers.
Finally, transactions involving certificates issued by other certificate authorities require that a cross-certification record be maintained and made publicly available in the certificate repository.
A service providing an electronic date and time postmark establishes the existence of a message at a specific point in time. By digitally signing the postmark, the postmarking authority assures the communicating parties that the message was sent, was in transit, or received at the indicated time.
Exhibit 4. Electronic Postmark.
This service is most useful when the recipient requires the originator to send a message by a specified deadline. The originator would request the postmark authority to postmark the message. The authority would receive a digest of the message, add a date and time token to it, digitally sign the package, and send it back to the originator, who would forward the complete package (i.e., signed digest, time stamp, and original message) to the recipient as shown in Exhibit 4.
Electronic postmarking functions as follows:
Exhibit 5. Return Receipt.
This service reports one of three events: that a message has transited the network, that it has been received at the recipients mailbox, or that the recipient has actually decoded and opened the message at a specific date and time. In the latter instance, the transaction delivered to the recipient that has been encrypted might be set up only to be decrypted with a special one-time key, as shown in Exhibit 5. This one-time key could be provided by the postmark authority upon receipt of an acknowledgment from the recipient accompanied by the recipients digital signature.
Here is how return receipt might work:
Exhibit 6. Storage and Retrieval.
These services include transaction archiving where copies of transactions are held for specified periods of time, as illustrated in Exhibit 6. The service might also include information (i.e., documents, videos, or business transactions) that can be sealed, postmarked, and held in public storage to be retrieved via any authorized access. Likewise, encrypted information (i.e., documents, videos, or business transactions) can be sealed, postmarked, and further encrypted and held in sealed storage for indefinite periods of time. Each of these storage and retrieval capabilities must carry legal standing and the stamp of authenticity required for electronic correspondents.
Storage and retrieval works as follows:
Electronic Commerce Services (ECS) may be used in one of three ways:
All these services could be provided by a single authority, by a hierarchy of authorities, or by a network of authorities, each specializing in one or more of these services.
Previous | Table of Contents | Next |