Previous Table of Contents Next


Certificate Repository

The certificate authority also provides the vehicle for the distribution of public keys. Thus the certificate authority would have to maintain the public key certificates in a directory server that can be accessed by authorized persons and computers.

Exhibit 3 shows how subscribers might use such a repository. Certificates could be retrieved on demand along with their current status. Additional information, such as E-mail addresses or fax numbers, could also be available on demand.

The repository would work as follows:

  The message originator creates a message, generates a digital signature, and sends the message.


Exhibit 2.  Client Authentication.


Exhibit 3.  Certificate Repository.

  The recipient sends a signed message requesting the originator’s public key from the certificate repository.
  The certificate repository verifies the requester’s signature and returns the public key to the recipient.

The certificate authority could also use the certificate repository to maintain a certificate revocation list (CRL), which provides notification of certificates that are revoked pursuant to a suspected compromise of the private key. This service could also require that the authority report such compromises via a compromised key list to special customers — possibly those enrolled in a subscribed service — and that such notifications be made available to all customers.

Finally, transactions involving certificates issued by other certificate authorities require that a cross-certification record be maintained and made publicly available in the certificate repository.

Electronic Postmark

A service providing an electronic date and time postmark establishes the existence of a message at a specific point in time. By digitally signing the postmark, the postmarking authority assures the communicating parties that the message was sent, was in transit, or received at the indicated time.


Exhibit 4.  Electronic Postmark.

This service is most useful when the recipient requires the originator to send a message by a specified deadline. The originator would request the postmark authority to postmark the message. The authority would receive a digest of the message, add a date and time token to it, digitally sign the package, and send it back to the originator, who would forward the complete package (i.e., signed digest, time stamp, and original message) to the recipient as shown in Exhibit 4.

Electronic postmarking functions as follows:

  The originator sends a request to the postmark authority to postmark a message or document (i.e., a digital digest of the message or document).
  The postmark authority adds date and time to the message received and affixes its digital signature to the entire package.
  The postmark authority sends the package back to the originator.
  The originator sends the original message or document plus the postmarked package to the recipient.
  The recipient verifies the postmark authority signature with the authority’s public key and reads the message or document.


Exhibit 5.  Return Receipt.

Return Receipts

This service reports one of three events: that a message has transited the network, that it has been received at the recipient’s mailbox, or that the recipient has actually decoded and opened the message at a specific date and time. In the latter instance, the transaction delivered to the recipient that has been encrypted might be set up only to be decrypted with a special one-time key, as shown in Exhibit 5. This one-time key could be provided by the postmark authority upon receipt of an acknowledgment from the recipient accompanied by the recipient’s digital signature.

Here is how return receipt might work:

  The originator sends a message digest to the return receipt and postmark authority (the authority) with a request for a postmark and return receipt.
  The authority receives the message digest, adds date and time, encrypts the result, attaches a message to the recipient to request the decryption key from the authority upon receipt of the message, and affixes its digital signature to the package.
  The authority returns the postmarked, receipted package to the originator, who sends it to the recipient.
  The recipient receives the message package and makes a signed request for the decryption key from the authority.


Exhibit 6.  Storage and Retrieval.

  The authority receives the recipient’s request, verifies the recipient’s digital signature, and sends the decryption key to the recipient, who then decrypts and reads the message.
  The authority simultaneously forwards the return receipt to the originator.

Storage and Retrieval Services

These services include transaction archiving where copies of transactions are held for specified periods of time, as illustrated in Exhibit 6. The service might also include information (i.e., documents, videos, or business transactions) that can be sealed, postmarked, and held in public storage to be retrieved via any authorized access. Likewise, encrypted information (i.e., documents, videos, or business transactions) can be sealed, postmarked, and further encrypted and held in sealed storage for indefinite periods of time. Each of these storage and retrieval capabilities must carry legal standing and the stamp of authenticity required for electronic correspondents.

Storage and retrieval works as follows:

  The originator sends a request to the archive to archive a document or message for a specified period of time and designates this information as publicly retrievable.
  The archive adds date and time to the message, verifies the identity of the originator, affixes a digital signature to the package, and archives the package.
  A customer requests the document from the archive.
  The archive retrieves the document, adds a date and time stamp to the package, affixes another digital signature to the new package, and sends it to the recipient.
  The recipient verifies the first and second archive signatures and reads the message.

USE OF THESE COMMERCIAL EXCHANGE SERVICES

Electronic Commerce Services (ECS) may be used in one of three ways:

  The originator sends a message to the authority with a request for service, the authority provides the service and returns the message to the originator, and the originator then forwards the message to the recipient.
  The originator sends a message to a value added network (VAN), which then forwards the message to the authority with a request for services. The authority provides the service and returns the message to the value added network, which then forwards the message to the recipient.
  The originator sends a message to the authority with a request for service and the address of the recipient. The authority then forwards the message directly to the recipient.

All these services could be provided by a single authority, by a hierarchy of authorities, or by a network of authorities, each specializing in one or more of these services.


Previous Table of Contents Next

Copyright © CRC Press LLC