 |
Claims  |
|
|
We claim:
1. In a data processing system that includes a processor, at least one data
terminal and at least one data communication port, a document
authentication system comprising:
means for interconnecting said at least one data terminal with said
processor;
means, responsive to a first user activating said at least one data
terminal to transmit a document origination signal from said at least one
data terminal via said interconnecting means to said processor, for
transmitting a document, identified by said document origination signal,
from said processor to a second user via said data communication port;
means, responsive to receipt of a document authentication signal
transmitted to said processor by said second user to acknowledge
acceptance of said document by said second user, for comparing said
received document authentication signal with said document to determine
whether said received document authentication signal contains document
acknowledgement data that matches corresponding data in said document,
including:
means for identifying differences between said document acknowledgement
data contained in said received document authentication signal and said
corresponding data in said document,
means for storing data indicative of a set of predetermined thresholds,
each threshold in said set of thresholds corresponding to a maximum
allowable variation in one of said corresponding data in said document,
means for indicating a match between said received document acknowledgement
data and said document when said identified differences do not exceed said
maximum allowable variation for each of said corresponding data; and
means responsive to said comparing means determining a match between said
received document authentication signal and said corresponding data in
said document for authenticating said document.
2. The system of claim 1 further comprising:
means, responsive to said second user transmitting said document
authentication signal, for validating the identity of said second user.
3. The system of said claim 2 wherein said validating means comprises
means for measuring an immutable physical characteristic of said second
user; and
means for comparing said measured immutable physical characteristic with
data stored in a memory representative of said immutable physical
characteristic of said second user as previously measured.
4. The system of claim 1 further comprising:
means, responsive to said first user activating said at least one data
terminal to transmit said document origination signal, for validating the
identity of said first user.
5. The system of said claim 4 wherein said validating means comprises:
means for measuring an immutable physical characteristic of said first
user; and
means for comparing said measured immutable physical characteristic with
data stored in a memory representative of said immutable physical
characteristic of said first user as previously measured.
6. The system of claim 1 further comprising:
means for appending a digital signature to said authenticated document to
detect any alteration of said authenticated document.
7. The system of claim 1 wherein said comparing means further comprises:
means, responsive to said indicating means failing to indicate a match, for
producing an alert to denote a failure of said document authentication
signal to match said document; and
means, responsive to said first user transmitting a document authentication
signal to said processor subsequent to said second user transmitting a
document authentication signal to said processor, for authenticating said
document inclusive of said identified differences contained in said second
user document authentication signal.
8. The system of claim 1 further comprising:
means responsive to at least one of said identified differences exceeding
said maximum allowable variation for one of said corresponding data for
revising said document; and
means for transmitting said revised document to said second user.
9. The system of claim 1 wherein said second user comprises a processor,
programmed to respond to said document transmitted by said transmitting
means.
10. In a data processing system that includes a processor, at least one
data terminal and at least one data communication port, a method of
document authentication comprising the steps of:
interconnecting said data terminal with said processor;
transmitting, in response to said first user activating said data terminal
to transmit a document origination signal from said data terminal to said
processor, a document, identified by said document origination signal, to
a second user via said data communication port;
comparing, in response to receipt of a document authentication signal
transmitted to said processor by said second user to acknowledge
acceptance of said document by said second user, said received document
authentication signal with said document to determine whether said
received document authentication signal contains document acknowledgement
data that matches corresponding data in said document, including:
identifying differences between said document acknowledgement data
contained in said received document authentication signal and said
corresponding data in said document,
storing data indicative of a set of predetermined thresholds, each
threshold in said set of thresholds corresponding to a maximum allowable
variation in one of said corresponding data in said document,
indicating a match between said received document acknowledgement data and
said document when said identified differences do not exceed said maximum
allowable variation for each of said corresponding data; and
authenticating, in response to said step of comparing determining a match
between said received document authentication signal and said
corresponding data in said document, said document.
11. The method of claim 10 further comprising the step of:
validating, in response to said second user transmitting said document
authentication signal, the identity of said second user.
12. The method of claim 11 wherein said step of validating includes:
measuring an immutable physical characteristic of said second user; and
comparing said measured characteristic with data stored in a memory
representative of said immutable physical characteristic of said second
user as previously measured.
13. The method of claim 10 further comprising the step of:
validating, in response to said first user activating said at least one
data terminal to transmit said document origination signal, the identity
of said first user.
14. The method of claim 13 wherein said step of validating includes:
measuring an immutable physical characteristic of said first user; and
comparing said measured characteristic with data stored in a memory
representative of said immutable physical characteristic of said first
user as previously measured.
15. The method of claim 10 further comprising the step of:
appending a digital signature to said authenticated document to detect any
alteration of said authenticated document.
16. The method of claim 10 further comprising the steps of:
producing, in response to said step of indicating failing to indicate a
match, an alert to denote a failure of said document authentication signal
to match said document; and
authenticating, in response to said first user transmitting a document
authentication signal to said processor subsequent to said second user
transmitting a document authentication signal to said processor, said
document inclusive of said identified differences contained in said second
user document authentication signal.
17. The method of claim 10 further comprising the step of:
revising said document, in response to at least one of said identified
differences exceeding said maximum allowable variation for one of said
corresponding data; and
transmitting said revised document to said second user.
18. The system of claim 10 wherein said second user comprises a processor,
programmed to respond to said document transmitted by said transmitting
means. |
|
 |
|
 |
Claims |
|
|
|
Description |
|
|
CROSS REFERENCE TO RELATED APPLICATIONS
This application is related to an application Ser. No. 07/471,570, titled
Document Authentication Apparatus, filed on Jan. 29, 1990, now U.S. Pat.
No. 4,981,370.
FIELD OF THE INVENTION
This invention relates to computer systems and, in particular, to apparatus
for providing a document authentication and authenticity capability for
the computer system, to produce an electronic document which satisfies the
legal requirements for contracting as applied to printed documents.
PROBLEM
It is a problem in the field of computer systems to produce an electronic
document that satisfies all the legal requirements associated with printed
documents. Despite the availability of high technology in the field of
electronic communication and record keeping, the business world almost
exclusively relies on the generation and exchange of paper to consummate
business transactions and to run day to day business operations. The
predicted paperless office has failed to become a complete realization due
to the difficulty in satisfying several significant legal issues with
respect to electronic contracting: the requirement of a writing, the need
for authenticating signatures that indicate the terms and conditions of an
agreement are truly acceptable to both parties, and the question of
document authenticity.
In a typical business transaction, two parties meet with the intent to
reach an agreement with respect to the sale of merchandise. The parties
exchange verbal understandings. At some point these verbal understandings
are put down on paper through the use of a word processor. A first draft
is generated. The draft is sent by the vendor to the buyer. The buyer
revises this draft copy and sends it back to the vendor. This process
generally takes several iterations between the parties before a final
written contract is approved and executed to consummate the deal. The
contracting parties may take advantage of a computerized word processor
that electronically retains the document on magnetic media (tape, disk) to
allow easy retrieval, modification, transmission and storage. Document
transmission between parties can be accomplished by teletype/facsimile and
overnight mail. Alternatively, the majority of large corporations operate
an electronic mailing system allowing them to relay documents to branch
offices free from the postal system's constraints. Additionally,
teleconferencing allows geographically separated people to conduct a group
conference without travel. In this way, compromises and solutions may be
agreed upon in real time.
Despite the availability of these technological advances, there remains a
paper proliferation. Paper copies still serve as the standard and accepted
way of contracting. Why the dependency on paper? Perception. The nature of
electronic expressions raise issues of security, tangibility, reliability,
authentication, longevity and validity. There is presently no electronic
system that provides all of the safeguards and satisfies all of the legal
requirements associated with paper documents. Therefore, electronic
contracting has not been a viable alternative to paper documents.
SOLUTION
The above described problems are solved and a technical advance achieved in
the field by the present document authentication and authenticity
apparatus. This apparatus produces a final authenticated document using
computerized techniques, which document satisfies the legal document
authentication and authenticity requirements traditionally associated with
printed documents. In addition, this apparatus eliminates many of the
problems spawned by execution of paper contracts and the use of the postal
service, such as the "battle of the forms" and the "mailbox rule".
The document authentication apparatus offers a number of hardware/software
architectural options to provide document authentication and authenticity
capability. Document authentication requires that the person to be charged
apply an authenticating mark on the document indicating intent to
authenticate the document. This requirement is analogous to a signature on
a printed document and is implemented in the document authentication
apparatus electronically through the use of both hardware and software.
The document authentication process is activated as part of a program which
verifies the identicalness of the document at the transmitting and
receiving station through a high speed comparison, locks in the document
such that no modification can occur and then awaits authentication
handshakes from the two end points. Once the identities of the signatories
of the document are verified, the document authentication apparatus
prompts the parties to authenticate the document by appending an
electronic signature thereto. The actual "signing" or authenticating of
the electronic document can be implemented as an additional password step
utilizing personnel identity validation apparatus. Therefore, two levels
of password protection can be used such that there exists a separate
"document authenticating password". Obviously, the more sophisticated the
system, the more assured the court will be that the document
authentication is valid.
The authentication of the document by the contracting parties consummates
the execution of the document. The document authentication apparatus
responds to the authentication operation by providing sufficient
safeguards to insure that the contents of the file have not been modified
or altered following the consummation of the contract without the
alteration being detectable. This is typically accomplished by the
generation of a "digital signature" that "fingerprints" the document such
that not even a single bit of the document can be altered without this
change being reflected in the digital signature. The authenticated
document with the digital signature appended thereto can then be
electronically archived on electronic media as a permanent document.
In this manner, no paper document version of this electronic contract need
be produced. All the traditional elements of a paper contract are present
in electronic form in the computer system. Each of these elements satisfy
the traditional legal requirements for paper contracts, thereby
implementing an electronic contract.
Additional capabilities are obtained since this is a knowledge based
computer system and can automate much of the document creation and
authentication process. In particular, the creation of a multi party
document, such as a contract, entails a significant amount of interaction
among the contracting parties. Much of the interaction and energies of the
parties are devoted to reviewing proposed variations in the terminology
contained in the document and in reviewing the document to note all
changes therein. In addition, the authentication process requires the
physical exchange of the entire document among the parties so that each
party can seriatim apply their signature to the document and finally
receive an original signed by all the parties. The logistics of such a
process can be complicated and are usually time consuming. The knowledge
based system of the present invention can automatically compare two
versions of the document to highlight any counterproposals therein.
Furthermore, the system can review its internal rule set to determine
whether these modifications are acceptable, in that the changes fall
within acceptable predetermined limits. Once acceptance has been noted,
the system can then automatically authenticate the document independent of
human intervention. This is especially efficient in the arena of
Electronic Document Interchange (EDI), where standard form messages are
exchanged between the parties to order and invoice goods. These messages
do not presently constitute a contract since there is no authentication of
an agreed upon document. However, the present apparatus automatically
authenticates the document in the EDI environment by using the original
EDI order as the document and requesting that the essential data elements
of the order, with optional additional recipient identification data, be
echoed back to the transmitting party to signify acceptance of the offer
as embodied in the EDI order. The identicalness of the echoed terms and
conditions to those originally transmitted is determined by the system of
the present invention and, if a match occurs, the apparatus authenticates
the document to create a binding contract between the parties.
BRIEF DESCRIPTION OF THE DRAWING
FIG. 1 illustrates, in block diagram form, the structure of a
multi-processor environment in which the document authentication apparatus
is installed on one or more of the processors;
FIG. 2 illustrates, in block diagram form, the structure of a typical
document authentication apparatus;
FIGS. 3 to 5 illustrate, in flow diagram form, the operational steps of a
document authentication process;
FIG. 6 illustrates, in flow diagram form, the specifics of the EDI
contracting process.
DETAILED DESCRIPTION
The present document authentication apparatus produces a final
authenticated document using computerized techniques, which document
satisfies the legal document authentication and authenticity requirements
traditionally associated with printed documents. In addition, this
apparatus eliminates many of the problems spawned by execution of paper
contracts and the use of the postal service, such as the "battle of the
forms" and the "mailbox rule".
The document authentication apparatus offers a number of hardware/software
architectural options to provide document authentication and authenticity
capability. Document authentication requires that the person to be charged
apply an authenticating mark on the document indicating intent to
authenticate the document. This requirement is analogous to a signature on
a printed document and is implemented in the document authentication
apparatus electronically through the use of both hardware and software.
The actual "signing" or authenticating of the electronic document can be
implemented as an additional password step utilizing personnel identity
validation apparatus. Therefore, two levels of password protection can be
used such that there exists a separate "document authenticating password."
A program which immediately checks the identicalness of the document at the
transmitting and receiving station through a high speed comparison, locks
in the document such that no modification can occur and then awaits
authentication handshake from the two end points. Such authentication is
real-time and can be both hardware and software executable, i.e., password
and physical confirmation. Obviously, the more sophisticated the system,
the more assured the court will be that the document authentication is
valid, and that the contents of the file have not been modified or altered
following the consummation of the contract without the alteration being
detectable.
Additional capabilities are obtained since this is a knowledge based
computer system and can automate much of the document creation and
authentication process. In particular, the creation of a multi party
document, such as a contract, entails a significant amount of interaction
among the contracting parties. Much of the interaction and energies of the
parties are devoted to reviewing proposed variations in the terminology
contained in the document and in reviewing the document to note all
changes therein. In addition, the authentication process requires the
physical exchange of the entire document among the parties so that each
party can seriatim apply their signature to the document and finally
receive an original signed by all the parties. The logistics of such a
process can be complicated and are usually time consuming. The knowledge
based system of the present invention can automatically compare two
versions of the document to highlight any counterproposals contained
therein. Furthermore, the system can review its internal rule set to
determine whether these modifications are acceptable, in that they fall
within predetermined acceptable limits. Once acceptance has been noted,
the system can then automatically authenticate the document, independent
of human intervention. This is especially efficient in the arena of
Electronic Document Interchange (EDI), where standard form messages are
exchanged between the parties to order and invoice goods. These messages
do not presently constitute a contract since there is no authentication of
an agreed upon document. However, the present apparatus automatically
authenticates the document in the EDI environment by using the original
EDI order as the document and requesting that the essential data elements
of the order, with optional additional recipient identification data, be
echoed back to the transmitting party to signify acceptance of the offer
as embodied in the EDI order. The identicalness of the echoed terms and
conditions to those originally transmitted is determined by the system of
the present invention and, if a match occurs, the apparatus authenticates
the document to create a binding contract between the parties.
Requirement of a Writing
The legal requirements for a contract have their origins in the traditional
paper methods of business transactions. One of these key legal
requirements is the Statute of Frauds. Under the Statute of Frauds, if the
contract takes longer than one year to perform or involves a monetary sum
greater than $500, it must be in writing. The writing must specify all the
terms and conditions of the contract. Mutual assent to these terms and
conditions must be demonstrated by an authenticating mark, typically the
signature of both parties. The rationale behind the Statute of Frauds is
to provide a writing which will afford a basis for believing that the oral
evidence offered rests on a real transaction and to ensure the valid
existence of a contract. Thus, a writing is required to provide evidence
of a valid agreement between the parties.
The writing requirement of the Statute of Frauds can be satisfied by
handwritten or typewritten versions of a document or by telegram. A
telegram is generated as electrical signals transmitted over electrical
conductors or microwave transmissions. A transmission which generates a
telegram is clearly an intangible method of exchanging information to
produce a human readable document--a printout. A computer transmission is
another intangible method of exchanging information to produce a human
readable document. Both the telegram and computer methods of contracting
should satisfy the Statute of Frauds in that both transmissions can be
reduced to a human readable document.
The computer media on which an electronic contract is stored as data also
provides a permanent record to which a court can turn in the event of a
dispute. The lifetime of computer media and the state of the art in
storing this media not only ensures the existence of a representation of
the parties' understanding, but endures beyond the lifetime of paper.
Should the contents of an electronic contract be brought into question,
the data comprising the terms and conditions of the electronic contract is
immediately retrievable and transformable to a human readable document.
Requirement of an Authenticating Signature
Another requirement issue which becomes evident under the Statute of Frauds
in regard to the use of electronic contracts is the signature requirement
by the person to be charged. The Uniform Commercial Code (UCC) defines
"signed" to include "any symbol executed or adopted by a party with
present intention to authenticate a writing." The term "authentication" is
included to "make it clear that a complete handwritten signature is not
required." A signature appended to a contract must establish an
"evidentiary connection to the signatory." As discussed subsequently, the
state of the art does not preclude the ability to authenticate in the
context of electronic contracting. Additionally, the present laws may be
interpreted to encompass state of the art authenticating methods.
American Jurisprudence on the Statute of Frauds states that:
the signature must be made or adopted with the declared or apparent intent
of authenticating the writing relied upon as a memorandum, and not by way
of mere recital or identification. Especially if the signature is affixed
by means other than the hand of the signer, . . . it is essential that the
act be done with intent to authenticate the instrument.
Document Authenticity
In the above analysis, every issue presented rests upon the credibility of
the computer data that represents the contract. The viability of such a
contract requires strict adherence to an ordered data file security
procedure. These document authenticity safeguards must ensure that the
document has not been altered since unauthorized modifications to computer
media expressions are not easily detectable. Therefore, to satisfy the
document authenticity requirement of identical terms and conditions, the
generally accepted criteria of a locked file cabinet, valid signature,
file security and acceptable mode of "sending" the contract must be met.
The computer and its peripheral equipment must ensure the presence of the
above-identified four factors.
The equivalent to the paper requirements must be first, the locked file
cabinet demonstrated in the computer environment of files stored on the
computer disk. Second, the equivalent of traditional "signing" must be
demonstrated. Third, a clear demonstration that no unauthorized
modifications were made to the computer expressions. Finally, electrical
representations must follow the same transmission security requirements
ascribed to traditional contracts transmitted by mail. The following
description indicates some of the elements provided in the present
document authentication system to satisfy each of these requirements.
Document Access
The first step in ensuring proper document authenticity, as a minimum
requirement, simple physical restrictive access to the computer should be
implemented. In other words, by simply locking the doors to the computer
system and its associated terminals, a modest security procedure is in
place. Computer access can be achieved via telephone lines by any average
computer hacker. Therefore, a variety of hardware and software methods
exist to ensure that the locked file cabinet equivalent exists. For
example, a callback modem can provide additional security from intruders.
This device responds to a person calling the computer by requesting that
the person identify themselves. The computer then disconnects from the
call and telephones the identified caller at a predesignated telephone
number stored in the computer memory and associated with the identified
caller. This type of security arrangement, although more sophisticated
than a locked room, is still subject to circumvention. Therefore, the
state of the art offers still more sophisticated methods of preventing
access, and, in particular, access to the computer files.
Passwords are typically used to validate the identity of the user. The
software operating the computer prompts the user to enter a password that
is 5 theoretically known only to the user before access to
the computer's files is granted. Therefore, access is password protected
such that only a single user may gain entry. The accuracy of user identity
validation can be improved by the addition of various peripheral devices
that measure some immutable physical characteristic of the user. These
devices include fingerprint scanners, voiceprint identifiers, retina
scanners, etc. Each of these devices can be preprogrammed to respond to
only the authorized user and operate with a high level of confidence.
Clearly, sophisticated hardware and software methods exist to secure
access to computer files, i.e., the locked cabinet analogy.
Document Authentication
The state of the art also offers hardware/software architectural options to
provide document authentication capability. Document authentication
requires that the person to be charged apply an authenticating mark on the
document indicating intent to authenticate the document. This analogy to
the signature is also electronically viable through the use of hardware
and software. The actual "signing" or authenticating of the electronic
document should be implemented as an additional step utilizing the above
described technology. Therefore, two levels of password protection can be
used such that there exists a separate "document authenticating password."
A program which immediately checks the identicalness of the document at the
transmitting and receiving station through a high speed comparison, locks
in the document such that no modification can occur and then awaits
authentication handshake from the two end points. Such authentication is
real-time and can be both hardware and software executable, i.e., password
and physical confirmation. Obviously, the more sophisticated the system,
the more assured the court will be that the document authentication is
valid, and that the contents of the file have not been modified or altered
following the consummation of the contract without the alteration being
detectable.
Document Authenticity
One method of ensuring document authenticity is the use of a "digital
signature." Computer software which employs a complex mathematical formula
produces a series of 0 and 1 bits that are appended to the file to
uniquely identify the contents of the file. This is accomplished by the
use of a "hashing routine" that uses each character in the file in a
complicated mathematical computation to obtain, for example, a 128
character digital signature. Thus, the digital signature is dependent on
the contents of the file and if even a single bit of the file is changed,
the digital signature does not match. If a single character of the file is
changed, then approximately 50% of the characters in the digital signature
will change. The probability of two documents having the same digital
signature using this procedure is less than one in 1,000 trillion. This
adequately ensures that the contents of the original contract cannot be
altered without the modification being detectable.
File Transmission
Alterations of the contract during transmission is particularly a concern
with respect to written and electronic contracts. The written document can
easily pass through human hands that can expertly alter the contents of
the paper expression. Detecting a switch in paper documents is nearly
impossible. Electronic document transmission is clearly superior to paper
documents in that sophisticated technology not only allows for secure
transmissions, but offers technology to detect any tampering. If security
is not a factor and the document is sent via common carrier
telecommunication facilities, the transmission is sent concurrently with
many other transmissions. Anyone can access these transmissions, but
finding a specific transmission and associating it with a particular
sender is difficult considering the number of communication channels
supported by one common carrier facility. Physical "wiretapping" requires
access to a user's facilities, and thus, is equally prohibitive if
adequate on site security measures are employed.
An additional level of security is obtained by the use of encryption, where
the entire document is translated into coded form using a secret cipher
key. This protects the document from being read by third parties, but does
not protect sender and receiver from fraud committed by each other, since
both have knowledge of the cipher key. More complex encryption systems
that use a third party trustee are available, but are costly to implement.
Therefore, technology exists which serve to secure transmissions and
permit authentication of agreed upon terms and conditions. The National
Bureau of Standards has adopted an encryption algorithm known as the Data
Encryption Standard (DES). This encryption key uses 64 bits and therefore
does not require much processing time or assume much storage space.
Additionally, the associated software is relatively inexpensive. A more
secure and complex system that minimizes the possibility of fraud by the
contracting parties is the RSA Public Key Cryptosystem. This system uses
two encryption keys. A "private key" is used by the document sender to
scramble the data while a "public key", known to the document recipient,
is used to decode the received document. Since the registered public key
will unscramble only data that was scrambled with the private key, the
parties can identify each other. This system is analogous to handwritten
signatures in that the electronic signature can be verified but not easily
forged. This system can be used in lieu of the above described DES system
where the trustworthiness of the other party is in doubt.
System Architecture
The document authentication apparatus is typically installed as part of a
computer system, either a personal computer or a minicomputer. The
apparatus illustrated in FIG. 1 represents the interconnection of a
plurality of processors, each of which is associated with one of the
parties to a contract negotiation, and one or more of which processors are
equipped with the document authentication apparatus. These parties can be
geographically separated, such as in different parts of the country, or
can be within the same building.
A typical system installation 102 can be processor 124, equipped with disk
memory 125, personnel identification apparatus 141 and one or more
terminals 121. The party at terminal 121 is also equipped with a telephone
122 for voice communication with the other parties to the contract
negotiation. A communication interface 123-0 is provided to interconnect
terminal 121 and telephone 122 via voice/data interface 123-0 and leads
127-0. In addition, switching system 120 interconnects via trunk circuits
126-0 to 126-n to the common carrier communication facilities, represented
in FIG. 1 as packet switching network 100. The switching system 120 can be
a telephone switching system that establishes voice communication
connections from telephone station set 122 and data communication
connections from terminal 121 and processor 124 to packet switching system
100. In many existing telephone switching systems, the voice and data
communication connections are established independent of each other via
distinct communication paths. In addition, processor 124 is equipped with
document authentication software 144 that is described in detail below.
The document authentication software 144 provides control of the
documentation authentication process and provides all the elements
necessary to satisfy the legal requirements of a contract.
Another alternative typical system installation 103 can be processor 134,
equipped with disk memory 135 and personnel identification apparatus 142.
Processor 134 is also equipped with document authentication software 143
that is described in detail below. The document authentication software
143 provides control of the documentation authentication process and
provides all the elements necessary to satisfy the legal requirements of a
contract. In addition, one or more personal computers 131 provide
distributed processing capability. The user at personal computer 131 is
also equipped with a telephone 132 for voice communication with the other
parties to the contract negotiation. A voice/data communication interface
133-0 is provided to interconnect personal computer 131 and telephone 132
with switching system 130. In addition, switching system 130 is connected
via trunk circuits 136-0 to 136-n with the common carrier communication
facilities, represented in FIG. 1 as packet switching network 100. The
switching system 130 can be a telephone switching system that establishes
voice communication connections from telephone station set 132 and data
communication connections from processor 134 and personal computer 131 to
packet switching system 100. In state of the art telephone switching
systems, the voice and data communication connections are established as a
single combined communication connection. The present such combined
communication connections are referred to as Integrated Services Digital
Network (ISDN) connections. The ISDN communication methodology provides a
combined voice/data communication path that integrates telephone station
set 132 with personal computer 131 to enable the user to have the full
spectrum of communication capability with the other parties via a single
interface and communication connection.
The final computer system 101 illustrated as a block in Figure and
parallels the structure of system installation 102 or 103 and is
illustrated for the purpose of discussing three party contracts and/or the
use of a third-party trustee as is described in further detail below.
Documentation Authentication Software
The document authentication software, such as 143, is illustrated in
further detail in FIG. 2. This software includes document authentication
control element 201 which serves as the basic program control block.
Various subroutines (202-207) are connected to document authentication
control 201 to provide the specialized features and hardware control
elements. File lock element 202 controls access to the document or file
such that only the contracting parties can access the document. Access to
the document is rigorously controlled to prevent tampering with the
document contents during editing and execution. Communication control
element 203 manages all communication among the processors to limit the
possibility of unauthorized users from accessing the document.
Encryption/decryption element 204 provides the capability to encode and
decode the document for transmission over the packet switching network 100
to prevent interception of the document contents during the transfer of
the document among the parties. The personnel identification sensor
scanner element 205 provides control over the parties identification
verification process. Digital signature generator element 206 produces a
digital signature that is appended to the final signed document to prevent
the contents of the document from being altered without detection. The
digital signature thereby supplies document content validation for
archival purposes. The file archive element 207 relocates the executed
document to a secure data storage media location for long term archival
purposes. This element also manages the file lock and access control
software that prevents unauthorized or inadvertent file access.
Document Authentication Process
In order to more fully understand the operation of the document
authentication apparatus, the process of authenticating a document is
described in flow diagram form in FIGS. 3 to 5, with reference to the
hardware and software elements of FIGS. 1 and 2. In this process it is
assumed for the purpose of discussion, that a user at system installation
102 and a user at system installation 103 are the two parties to a
contract for the purchase of goods. These two parties are not colocated
and for description purposes are assumed to be located in Seattle, Wash.
and Omaha, Nebr., respectively. The two parties are linked by the common
carrier facilities 100 available to the public, such that both voice and
data communications are concurrently carried via these common carrier
facilities 100 between the two parties. For simplicity of description, it
is assumed that the document or contract of interest to the two parties
resides on processor 134 although copies of this document can also be
stored on personal computer 131 and processor 124.
Document Editing
The document editing process typically begins with a user (first party)
logging on to processor 134 and accessing a file. This is accomplished at
step 301 by first party at personal computer 131, for example, unlocking
the personal computer 131 with a key as is found on the IBM personal
computers. First party then establishes a data communication connection
via voice/data interface 133-0, switching system 130, voice/data interface
133-9 to processor 134. Once connected to processor 134, first party logs
into the processor 134 at step 301 by providing a user identification
password in response to a prompt from processor 134. This password should
be known only to first party and uniquely identifies first party to
processor 134, thereby preventing unauthorized parties or other users from
accessing first party's files resident on processor 134. At step 302,
first party requests access to a file named "contract" for the purpose of
editing this file. If this file is stored in cache memory of processor
134, it is immediately transmitted to and displayed on the screen of
personal computer 131. If the file is archived in disk memory 135 at step
303, processor 134 requests file "contract" from disk memory 135 that
serves processor 134. In response to such a request, disk memory 135
transfers file "contract" to processor 134 which transmits file "contract"
via switching system 130 to personal computer 131, where the file is
displayed for first party to edit.
If first party elects to unilaterally edit the file "contract", this is
accomplished in well known fashion at step 304. The edited file can be
saved at step 305 and editing terminated. Alternatively, at this juncture,
or even at step 304, first party can request the addition of the other
contracting party (second party) who is a user on processor 124. This is
accomplished by first party requesting access to the document
authentication software 143 resident on computer 134 at step 306. Document
authentication software 143 interfaces with first party via document
authentication control 201 which provides a user friendly interface to
enable a user to step through the document authentication process.
File Lock
Document authentication control 201 at step 307 produces a user
prompt/query or a menu to enable first party to signify the requested
action. For example, first party at step 308 designates file "contract" as
the document of interest. Document authentication control 201 activates
subroutine file lock 202 which loads file "contract" into the document
authentication software 143 and prevents uncontrolled access or
modification of this file. At this stage, the file can be edited by
preauthorized users (the contracting parties): first and second parties.
Communication Control
Once the file "contract" is loaded, first party, in response to a query
from document authentication control 201, requests that a communication
connection be established to second party. Document authentication control
201 activates communication control 203 to establish voice and data
communication connections to second party. This is accomplished by
communication control 203 at step 309 either querying first party or
accessing a predetermined list of contracting parties to obtain the
identification of the contracting parties for the file "contract". At step
310, communication control 203 establishes data communication connection
via communication interface 133-9, switching system 130, communication
interface 136-0, packet switching system 100, communication interface
126-0, switching system 120, communication interface 123-0 to processor
124 and terminal 121. Concurrently, switching system 130 may establish a
voice communication connection from telephone station set 132, voice/data
communication interface 133-0, switching system 130, communication
interface 136-0, packet switching system 100, communication interface
126-0, switching system 120, voice/data communication interface 127-0 to
telephone station set 122. The second party at terminal 121 can access
file "contract" as if it were resident on processor 120 and can
simultaneously discuss the contents of file "contract" via telephone
station set 122. Thus, both first party and second party concurrently view
the same document on their respective terminals 131, 121 and can exchange
verbal communication via their respective telephone station sets 132, 122.
In this fashion, the contract can be edited in real time and a more timely
resolution of differences reached.
Alternatively, second party at terminal 121 can be connected on a data
communication connection via voice/data communication interface 123-0,
switching system 120, data communication interface 123-9, processor 124,
data communication interface 123-9, switching system 120, communication
interface 126-0 to packet switching system 100. The exact details of the
voice and data communication connections are a function of the
implementation details of the switching systems and the computer equipment
used.
Additional parties can be added seriatim to this voic | | |
