[FoRK] Does the web have a public timestamper?

Matt Jensen mattj at newsblip.com
Sun May 8 07:21:42 PDT 2005


> A Surety patent in the area appears to have been successfully
> challenged in 1999:
>
>   http://www.entrust.com/news/files/11_09_99_258.htm
>
> - Gordon


That challenge only defeated Surety's general claim to all forms of digital
timestamping. There are other claims in the patent which still stand. The
most
useful of these is the chaining of hashes from one document to the next.
Every
week, Surety publishes a cumulative hash in the New York Times.  Each new
document is signed by hashing the document, and sigining that hash combined
with the current, global, cumulative hash.  This ensures that nobody can
backdate a faked document.

I had long thought about implementing this technique in a user-friendly app,
where initial document hashing is done in client-side JavaScript. That would
protect customer data, yet not require a software download (as Surety does).
Applications include everything from dating the condition of something you
take
possession of (car, apartment, etc.), to dating blog entries to prove your
journalistic integrity (i.e., to prove you don't backdate).  With
user-friendly
software, you could offer timestamping for free and make your money with
AdSense
on your validation pages.

It's funny, because this was a back-burner project I was planning on working
on
this morning.  But this thread led me to check the patent situation more
closely, and it seems to this layman that Surety's remaining patent claims
are
too powerful.

-Matt Jensen
 http://mattjensen.com
 Seattle


> Russell Turpin wrote:
> > Long ago, I thought some site -- maybe a
> > certificate source like Thawte? -- should
> > provide a provable timestamping service
> > over the web. The basic idea is that when
> > an application wants to timestamp some
> > item, such as an entry in QuickBooks or
> > an executed PDF or whatever, it would
> > (1) generate a signature of the item,
> > using SHA1 or the favorite hash function
> > du jour, (2) then post a request to the
> > timestamp site with the signature,
> > (3) in the hope of receiving (a) a global
> > timestamp and (b) a validation signature
> > of the timestamp and item signature.
> >
> > The website also would maintain a
> > globally accessible log, by time, of what
> > validation signatures it had generated.
> > These provide independent proof if
> > ever needed that the item was indeed
> > timestamped -- and hence, existed --
> > when claimed.
> >
> > It seems to me that this would be useful
> > for a broad range of applications, from
> > bookkeepping to facility monitoring. I
> > can imagine all sorts of reasons for wanting
> > a verified timestamp, from the legal to
> > the mundane. Is anyone doing this?
> >
> >
> > _______________________________________________
> > FoRK mailing list
> > http://xent.com/mailman/listinfo/fork
> >
>
> _______________________________________________
> FoRK mailing list
> http://xent.com/mailman/listinfo/fork
>


_______________________________________________
FoRK mailing list
http://xent.com/mailman/listinfo/fork

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]





More information about the cypherpunks-legacy mailing list