http://www.securinginnovation.com/sam-baxter.html is the Chief Technology Officer and a Vice President of IP.com, Inc. Previously he was the Executive Vice President of JRS Clinical Technologies, Inc., a highly successful pre-Internet startup created to provide Clinical Information Systems solutions to hospitals and health-care organizations. With over 25 years of experience in the software industry, he is a senior-level executive and technician specializing in information-centric systems. He is an inventor with one issued patent and several more pending. en-us Copyright 2008 Thu, 11 Oct 2007 04:15:04 -0500 Tue, 19 Aug 2008 10:11:32 -0500 http://www.movabletype.org/?v=3.34 http://blogs.law.harvard.edu/tech/rss
Additionally, the publishing of fingerprints through IP.com’s Prior Art Database provides unbiased third-party corroboration as well as defensible date-stamping.

IP.com legal safeguarding allows you to transparently protect your files so that you can concentrate on your business with complete confidence in the reliability and defensibility of your electronic records.

Securing your file

1. The Legal Safeguarding Agent (LSA) software runs at a user selected, predetermined
interval looking for new files to safeguard.

OR

The Legal Safeguarding Agent (LSA) software is invoked from within your own
software application using our developers API kit. The agent can be configured
to include (or ignore) only the files matching your specifications (outlined in the
next section).

2. Fingerprints are generated for newly discovered files by the LSA local software application.

3. The LSA application contacts the servers at IP.com and transmits the fingerprint information.

4. The remote IP.com server creates a new document called a BCR (Bulk Certification Record) which contains all of the transmitted fingerprints for the current session.

5. The server generates a fingerprint for the contents of the BCR to further ensure integrity. The BCR and fingerprint are saved to the IP.com Prior Art Database.

6. The server responds to the LSA application running on your network with the BCR number. The software can store the information in a file, or in a local database.

7. Publishing – once all the of the above steps are complete the certification record for the BCR is published into the IP.com Prior Art Database as well as a hard copy in The IP.com Journal. This is a critical step in ensuring the public integrity of your records.

Authenticating a file

1. A new fingerprint is generated for a file using the LSA software

2. The generated fingerprint can be searched within the IP.com Prior Art Database. The search will return any matching documents – the date of the earliest document in the search result will indicate the earliest date that a file matching that signature was recorded.

OR

The BCR from the original safeguarding session can be searched within the Prior Art Database. That document will contain all the fingerprints from that session.vThe newly generated fingerprint can be compared to the list of fingerprints stored during that session.

How is the integrity of the BCR documents ensured?

The BCR documents, which contain the individual fingerprints of files processed over the course of a given day, are published in an aggregated document to the IP.com Prior Art Database. Each document published to the IP.com Prior Art Database receives two notarizations, one from IP.com in the form of an IPCOM sequential number and date, and the second from Surety. It also appears in The IP.com Journal – the monthly printed publication containing the previous month's Prior Art Database submissions. The IP.com Journal is indexed by a number of libraries worldwide, including the Library of Congress.]]>
The Legal Safeguarding Agent can be implemented in one of two ways, depending on the needs within your organization and your existing processes. Both methods of using the software require that the computer running the software have access to the internet to transmit and verify file signatures.

Stand-alone agent
 
The stand-alone agent is a software application that can be deployed on your network to look for files and automatically perform the safeguarding process on what it finds. The agent can be configured to look for files matching specific criteria so as to only work on the files you wish to be safeguarded while ignoring all others. For example, the object can be programmed to look for (any combination of):

Filename pattern matching

This is used to match files whose filename matches a pre-set pattern. ‘Wildcard’ characters allow for broad matches.

File location matching

You can set the agent to look for files that reside in specific directories on your network.

Match archive bit

Files stored on standard Windows® file systems can be marked with an ‘archive’ attribute. This can be accomplished by right-clicking a file and choosing ‘properties’. The file attributes can be modified to mark individual files as ‘Ready to be archived’. This method allows you to mark arbitrary files from within a large collection of files without needing special naming or sorting conventions.

Since last run

The agent has the ability to selectively include only the new files since its last run. This can improve throughput by not re-processing files that have already been safeguarded.

Change to Read Only

The agent has the ability to selectively mark files as “read only” after generating the fingerprint. This can help minimize the chance that a user could inadvertently change a safeguarded document, helping ensure it will be there in its original condition should it be needed in the future.

The agent is easily configured using a configuration file which contains information on the criteria for files to include, as well as how to store the results. Results can be stored in a file, or within a local ODBC compliant database.

Application plug-in

In addition to running as a stand-alone agent, the LSA software is made available as a set of libraries that can be included within your own application. The objects are made available to those programming in the Windows® environment and can be included easily from within VB and Visual Studio environments.
]]> http://www.securinginnovation.com/2007/10/articles/legal-safeguarding-agent/legal-safeguarding-agent-process-overview/ http://www.securinginnovation.com/2007/10/articles/legal-safeguarding-agent/legal-safeguarding-agent-process-overview/ Legal Safeguarding Agent Thu, 11 Oct 2007 04:15:04 -0500 sbaxter@ip.com (Sam Baxter)
Fingerprints are generated using a hash algorithm that produces signatures of a certain complexity (bit depth) which correlates to the number of possible combinations that can be represented by the fingerprint - the higher the complexity, the lower the possibility that a duplicate fingerprint could occur for different files. Two of the common fingerprint functions, MD5 and SHA-1 use 128-bit and 160-bit lengths respectively. This means that MD5 can have over 340,000,000,000,000,000,000,000,000,000,000,000,000 different values without repeating. SHA-1 can hold over 4 billion times as many as MD5. The Legal Safeguarding Agent produces 288-bit fingerprints - by combining a MD5 and SHA-1 fingerprint; yielding 2^288 (or 4.97x10^86) possible combinations. This yields a staggering number of possible combinations; imagine the number 497 followed by 84 zeroes. Using this method, if you were to generate 100 trillion fingerprints every second, it would take 1.57x10^65 years to exhaust the possible supply of fingerprints. (157,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years)

Like their real-world counterparts, electronic fingerprints cannot be used to re-generate the file or person which produced them. Both the MD5 and SHA-1 hash algorithms are considered to be “one way” algorithms, meaning that the mathematical functions to produce the fingerprint work for creating the fingerprint, but cannot be done “in reverse” to re-create the original. This is important, as it means that fingerprints can be transmitted, stored, and viewed by the public without compromising any of your sensitive data.

How are fingerprints used to authenticate files?

Since the fingerprinting function works on each individual bit of the original electronic file, even the slightest change produces a new fingerprint. It is because of this, that fingerprints can be used as a tool of file integrity; by comparing a known fingerprint value for a file to a newly generated fingerprint for that file it is easy to see if the file has remained unchanged. The important component to this process is in having a trusted registry of fingerprint information.

IP.com offers legal safeguarding in all of its products, and specifically created the IP.com Legal Safeguarding Agent to provide this function on a single document basis, or in an integrated way to existing document management solutions. The safeguarding agent ensures the integrity of the document at multiple levels, including the last and important step of publishing the certification record (fingerprint/date-stamp) into the public domain.

The next blog post in this series provides an overview of the IP.com legal safeguarding process and how the IP.com Legal Safeguarding Agent works.]]> http://www.securinginnovation.com/2007/10/articles/legal-safeguarding-agent/fingerprints-the-key-to-legal-safeguarding/ http://www.securinginnovation.com/2007/10/articles/legal-safeguarding-agent/fingerprints-the-key-to-legal-safeguarding/ Legal Safeguarding Agent Wed, 10 Oct 2007 04:12:55 -0500 sbaxter@ip.com (Sam Baxter)
Electronic records have many advantages over paper. Unfortunately, these same advantages also expose records to tampering and fraud as we’ve seen witnessed in recent news stories. The lack of ability to prove the integrity of electronic records (who created what and when) complicates efforts in the event of a legal challenge. That is why IP.com created the legal safeguarding process.

Using electronic files doesn’t mean that you have to lose all assurances of the integrity of your work. Electronic documents can be made more secure than their paper-based counterparts through the use of legal safeguarding. Legal safeguarding is the process of fingerprinting and date-stamping electronic records so that the content and date of the document can be proven with accuracy at any future date.]]> http://www.securinginnovation.com/2007/10/articles/legal-safeguarding-agent/managing-risk-with-legal-safeguarding-agent/ http://www.securinginnovation.com/2007/10/articles/legal-safeguarding-agent/managing-risk-with-legal-safeguarding-agent/ Legal Safeguarding Agent Tue, 09 Oct 2007 04:08:41 -0500 sbaxter@ip.com (Sam Baxter)