How can a publisher store digital information so that any reader can reliably test its authenticity, even years later when no witness can vouch for its validity? What is the simplest security infrastructure sufficient to protect and later test evidence of authenticity? In ancient times, wax seals impressed with signet rings were affixed to documents as evidence of their authenticity. A digital counterpart is a message authentication code fixed firmly to each important document. If a digital object is sealed together with its own audit trail, each user can examine this evidence to decide whether to trust the content—no matter how distant this user is in time, space, and social affiliation from the document’s source. We suggest technical means for accomplishing this: encapsulation of the document content with metadata describing its origins, cryptographic sealing, webs of trust for public keys rooted in a forest of respected institutions, and a certain way of managing document identifiers. These means will satisfy emerging needs in civilian and military record management, including medical patient records, regulatory records for aircraft and pharmaceuticals, business records for financial audit, legislative and legal briefs, and scholarly works. This is true for any kind of document, independently of its purposes and of most data type and representation details, and provides each user with autonomy for most of what he does. Producers can prepare works for preservation without permission from or synchronization with any authority or service agent. Librarians can add metadata without communicating with document originators or repository managers. Consumers can test authenticity without Internet delays, apart from those for fetching cryptographic certificates. Our method accomplishes much of what is sought under labels such as “trusted digital repositories”, and does so more flexibly and economically than any method yet proposed. It requires at most easy extensions of available content management software, and is therefore compatible with what most digital repositories have installed and are using today.
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.