Protecting Data with a Digital Notary
Years ago we were promised a world without paper. It sounded like a good idea at the time -- plus we could get rid of those ugly and cumbersome filing cabinets. But the purveyors of a paperless world did not consider the importance and necessity of "official" documentation. After all, where do you put the notary’s signature on an electronic document?
Surety Technologies Inc. (www.surety.com) may have come up with a solution. The company has a patented software system that stamps a document with a digital fingerprint, or what Jim Clements, director of North American sales at Surety, calls a hashmark.
"Think of it as a series of steps you could take with any amount of data. It could be a photograph or a text document," Clements explains. "Once you take that data and send it through a hashing algorithm -- actually two, one is 128 bit and the other 160 bit -- you come up with a 288 bit fingerprint." The identifier is then sent to Surety where two things happen. First, the fingerprint is timestamped and sent back to the customer's computer for safekeeping. Then Surety files it with about 600,000 other fingerprints the company gets in a week. "We then take that and string them all together and send them through the same hashing algorithm, and then we get another fingerprint." This final fingerprint, or hashmark, is then published in the New York Times every week. Surety never holds the actual data, just the fingerprint that was produced from it.
If a company has to go to court over something such as a trademark argument, it will have the document itself, the unique identifier it received and the notary record that is deciphered from the algorithm to prove its case. "We've had people come to court," Clements says. "In every case our technology has been challenged. The crypto people have said this is unbeatable." The hashing system is specifically designed so that if one character in a document is changed, so too will the hashmark and a company will know that document has been tampered with.
Surety used to base its software on the Unix platform, but Clements says the company switched to Windows NT Server for more scalability. He also says the security is foolproof because it uses two different hashing algorithms: If someday in the future one of the algorithms was compromised, it wouldn't be devastating because the second one would be intact.
Surety customers include a diverse mix of industries, ranging from pharmaceutical companies, communications firms, to online trading. The research and development team at Buckman Laboratories Int’l Inc. (www.buckman.com) uses the Surety Digital Notary Service to hashmark its electronic laboratory notebook. Before, the lab used paper notebooks for their records, which in turn were used to register for patents. "When you move to electronic, the question is what's going to happen and of course the untested electronic record could be a problem," says Wally Puckett, vice president of research and development at Buckman. "The Surety system allows us to have a third-party, objective record so that it's there and verified by that third party."
"The beautiful thing is we don't see anything happen. It's totally invisible to the scientist," Puckett adds. "The only person in our lab that gets notification is our IS specialist to make sure the [transaction has] taken place, and that happens once a week."
Surety is not alone in the field. A competitive product to Surety's Digital Notary Service is the e-TimeStamp from DigiStamp Ltd. Co. (www.digistamp.com). Plus, Surety's Clements confirmed there are about 10 to 15 startups that are beginning to do the same thing. Whether or not those companies infringe on Surety's patents is something the company is investigating.