3.3.9 What about non-repudiatability of receipt?

If you and I are representatives of companies conducting business with each other, then we would both have PKC pairs that identify us. You would have my public key and I would have yours. We might agree that, once you receive a digitally signed message from me, you send me a receipt. The receipt would be my digital signature from the message I sent to you, with your digital signature attached to it. Using your public key, I would verify your digital signature. Using my private key I would verify my digital signature that you had sent back to me.

How can I tell when a message was originated?

I can attach a ``digital time-stamp'' to my message. First, I would have my computer calculate my digital signature and attach it to the original message. Next, I would have it calculate a message digest of the message plus the signature. Next, I would send the message digest (presumably over the Internet) to an external, trusted digital time-stamping service (DTS). (Bellcore has created a subsidiary to provide such a service.) The DTS would return a digital time-stamp consisting of:

• the message digest that I sent
• the date and time it was received by the DTS, and
• the digital signature of the DTS encrypted with the DTS's private key.

The ``message'' that the DTS signs would be the combination of my message digest (the digital fingerprint of my original message) and the time-stamp. When my computer received the time-stamp from DTS it would attach it to my message, add my digital signature and send you the whole thing.

When you received my message, your computer would verify the time-stamp using the public key of the DTS, and it would verify my signature using my public key.