Logging and Signing Document-Transfers on the WWW- A Trusted Third Party Gateway

We want to provide a service to make quoting of online documents “web contents ” easy and provable. For that reason we report in this paper the conception of a gateway that works as a Trusted Third Party (TTP) service which is based on a public key infrastructure (PKI). The developed service consists of the signing of any data-transmission that was done via the TTP-gateway. After the data-transfer a set of data can be requested from the used gateway that is signed with the TTP-gateways private key. This signed set of data contains for each request that was processed by the gateway at least three parts. Those are the request from the client, the reply from the (HTTP-) server and finally the signature of the (TTP-)server. Keeping this signed data the recipient at the client side can provide it to other parties suitetable for a latter verification of the data-transfer. The TTP-server generates automatically verifiable statements of the kind “this request resulted in that response”. Now anyone that trusts the chosen TTP-gateways statements will be able to verify the data-transfer by the use of the trusted third parties certified public key. Furthermore this paper describes a prototype implementation of such a service using HTTP. Finally a possible employment of the TTP-gateway is discussed