×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cornell Researchers Unveil a Virtual Notary

timothy posted about 10 months ago | from the seriously-my-karma-was-like-93 dept.

The Internet 72

First time accepted submitter el33thack3r writes "We've all wanted a trustworthy record of an online factoid, whether it's your official employment status, a tweet someone made or the hash of an open-source distribution to protect it from tampering. A group of Cornell researchers have just unveiled a service called Virtual Notary that can serve as a witness to online factoids. The service is useful for inventors who want to timestamp an invention disclosure, for people who are seeking an officially random number selected for a raffle or crypto protocol, for web services that want a record of a user's email address, and for many other use cases. The service is free and the researchers are seeking community input on other online factoids of interest. What would you like notarized online?" The concept is interesting, but some of the items they've chosen as examples seem well documented elsewhere, such as historical exchange rates and stock prices.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

72 comments

Bitcoin network can do this (0)

Anonymous Coward | about 10 months ago | (#44063663)

You can do this type of stuff using the bitcoin network or any peered information sharing network, no need for centralization.

Re:Bitcoin network can do this (0)

Anonymous Coward | about 10 months ago | (#44064163)

RTFA, that's exactly how this works.

Re:Bitcoin network can do this (2)

icebike (68054) | about 10 months ago | (#44064723)

Actually, no. Bitcoin is simply one of the methods used to record the notary log chain value into a long lived form. Bitcoin isn't central to this in any way.
The methodology is far less compute intensive than the mining methodology in bitcoin. If it weren't it couldn't keep up.

Virtual Notary publishes the hash of the log every time a certificate is issued. They also tweet this value. They could have as well used any other method that leaves a long standing record, even engraving it in metal and handing them out as souvenirs on an hourly basis.

Merely having any given hash validates all prior notary values up to the date it was published. The proof will be in every users hands, as well as community repositories.

Reminds me of the old UK Timestamper (2)

mlts (1038732) | about 10 months ago | (#44063709)

A long time ago, there was a site in the UK which would make a PGP signed timestamp of anything mailed to it (within reason). The site also published the hashes of everything stamped every week just to ensure nothing got tampered with. Of course, it means nothing legally, but as far as I remember, it never got compromised, so in theory, the timestamps it made could be considered usable.

This virtual notary appears to be as secure, with the hashes posted on Twitter.

Re:Reminds me of the old UK Timestamper (3, Informative)

heypete (60671) | about 10 months ago | (#44063829)

For those who are interested, the service you're referring to is likely http://www.itconsult.co.uk/stamper.htm [itconsult.co.uk].

Re:Reminds me of the old UK Timestamper (1)

icebike (68054) | about 10 months ago | (#44064771)

Interesting, but not the same as this service.

With that service each stamp stands alone. With this service each Notary log value validates itself and all preceding values.
If the Stamper service goes off line, its useless. With this service the existence of any later log value validates your log value even if Cornell goes titsup.

Re:Reminds me of the old UK Timestamper (2)

DERoss (1919496) | about 10 months ago | (#44064047)

That service is still operating. I used it over 10 years ago to establish priority for a business concept that I then presented to my employer.

All that is needed is a detached digital signature -- via an OpenPGP application, such as PGP or Gnu Privacy Guard (GPG) -- for the file in question. The signature file is E-mailed to the PGP Digital Timestamping Service as described at http://www.itconsult.co.uk/stamper.htm [itconsult.co.uk]. The service digitally signs the signature file, creating another detached signature that is E-mailed back to the user. Contained in that returned signature file is the date-time it was signed.

Test files can be sent to the PGP Digital Timestamping Service. The return is still a detached signature that is E-mailed back to the user. The date-time can then be checked to verify that the clock at the PGP Digital Timestamping Service is current.

In the meantime, your own detached digital signature file establishes proof that you possessed the signed file prior to the date-time in the PGP Digital Timestamping Service's detached digital signature file.

Re:Reminds me of the old UK Timestamper (1)

mlts (1038732) | about 10 months ago | (#44064127)

It is good to have it still up as a resource. Multiple, independent timestamping services might be enough proof for something, although a judge and a jury will more likely look at a physical notary seal and a signature with more regard than even the best cryptography and secured atomic clock.

Re:Reminds me of the old UK Timestamper (1)

icebike (68054) | about 10 months ago | (#44064865)

Maybe, but notary seals are far easier to disappear (or fake), and validating one from 100 years ago is virtually impossible. It becomes a matter of blind faith.

This Virtual Notary has the ability to become just as legal as a physical seal, because every subsequent notary issued validates all prior ones.
It will have to be mathematically proven to work, but should that happen, and nobody can fake one over time, I could see this being used for a lot of digital document signing.

The problem I see with it is in this line from their FAQ:
 

You can prove that certain information was published on the web, even if it is deleted later. We'll make a copy of the said content for posterity.

Well, that "make a copy for posterity" is a bit ambitious. Should that get destroyed, you are left with nothing but a big long fuzzy number, that can be proven to be a valid number, but would no longer be attributable to any specific content.

Re:Reminds me of the old UK Timestamper (1)

Emin Gün Sirer (2958309) | about 10 months ago | (#44064249)

Cool service! Note that Virtual Notary also embeds the hashes in the Bitcoin public ledger. I kind of like this part of the implementation, partly because it's hacky and partly because it does something useful with Bitcoin.

"factoids of interest" (1)

Dystopian Rebel (714995) | about 10 months ago | (#44063741)

A factoid is not a fact.

http://en.wikipedia.org/wiki/Factoid [wikipedia.org]

The only "factoid of interest" is that Slashdot may have editors.

Re:"factoids of interest" (2)

Ibiwan (763664) | about 10 months ago | (#44063833)

Nice factoid about factoids. But, by your own link, the word has come to be used also to refer to "true but useless facts" -- like this one!
http://en.wikipedia.org/wiki/Factoid#Other_meanings [wikipedia.org]

Re:"factoids of interest" (1)

EvanED (569694) | about 10 months ago | (#44063917)

Why would you get a useless fact notarized?

No, here's is being used as "a small fact", which doesn't even meet the alternative definition you cite.

Re:"factoids of interest" (0)

Anonymous Coward | about 10 months ago | (#44065061)

Maybe he want's to store all these factoids so he can point out how stupid people are?
Then he can go "See I have proof that you an idiot".

Re:"factoids of interest" (1)

Hovden (1529715) | about 10 months ago | (#44067243)

Agreed. Factoid is not a fact but presents itself like one. -oid is a suffix meaning “resembling,” or “like,”. For example, humanoid is human like, but not actually human. There is a tiny blog dedicated to writing factoids: http://defactoid.net/ [defactoid.net] . You will find them believable, but absolutely untrue.

Help help! (0)

Anonymous Coward | about 10 months ago | (#44063761)

Notarize my post which preceeds all others in the thread. Please hurry.

old news? (0)

Anonymous Coward | about 10 months ago | (#44063811)

A bit like what https://www.trustedtimestamping.com/ is doing for years? (previously known as signedtimestamp.org)

Re:old news? (0)

Anonymous Coward | about 10 months ago | (#44064207)

That's a centralized service, so you have to trust that the time-stamping service isn't lying. The Cornell researchers here have done it using the Bitcoin network so they can't get away with lying.

Re:old news? (1)

icebike (68054) | about 10 months ago | (#44064959)

Bitcoin is not central to Cornell's system. It is just ONE method of making public the current value of the log entry.

Every holder of a Notary value also validates all prior notary values.
Don't get hung up on the bitcoin part. Its not really germane.

Hold up in court? (1)

s1d3track3D (1504503) | about 10 months ago | (#44063875)

Seems like a great idea but would this actually hold up in court?

Re:Hold up in court? (0)

Anonymous Coward | about 10 months ago | (#44064277)

From the FAQ: http://virtual-notary.org/t/faq/

Is Virtual-Notary.org a legally-recognized notary?
No. Virtual Notary is not recognized in any jurisdiction by the legal system as a notary public. The site is a technological proof of concept. It is no substitute for the use of a notary public in cases where the law mandates a legally-recognized notary public. That said, the certificates issued by Virtual Notary are cryptographically protected and strong. They can serve as trustworthy evidence in the same capacity as a statement from an independent third party.

Re:Hold up in court? (0)

Anonymous Coward | about 10 months ago | (#44065155)

It might have a certain appeal to musicians. A lot of folks are licensing music under the Creative Commons license in various forms, but unless they are also submitting formal written scores to the Library of Congress, they are somewhat dependent on the release of a hard copy CD to demonstrate a point in time at which a song was recorded by them and claim formal ownership; listing music as a download with the CC logo has always seemed a bit tenuous for copyright or legal defense of ownership, and given the general behavior of the RIAA and similar, I'd not put it past them to claim ownership of music that is clearly not under their umbrella.A service like this one can document a website showing a song recorded for download at a certain point in time, and maybe (maybe) serve as additional evidence of ownership if contested.

Re:Hold up in court? (1)

kermidge (2221646) | about 10 months ago | (#44068513)

Seems could be of some use for not just musicians but writers and photogs, possibly bloggers and reporters.

Re:Hold up in court? (1)

FreshnFurter (599451) | about 10 months ago | (#44068549)

Not only that. It is also important for scientists and inventors.
It allows to time stamp ideas. I just did one with one of my articles in draft form. Yes it is not ready to release to the public but the idea is solid. So having a version of this notarized would be interesting to see how this affects patenting, without going through the terrible long process of submitting and waiting. Also junior scientists working in a lab can timestamp their contributions.

Notaries (1)

VGPowerlord (621254) | about 10 months ago | (#44064015)

The point of a Notary Public is that it's a trusted person representing the government doing the notarizing.

Something this service isn't.

Re:Notaries (0)

Anonymous Coward | about 10 months ago | (#44064097)

It's not as much that they are a trusted person, but that they are a neutral third party.

Re:Notaries (1)

icebike (68054) | about 10 months ago | (#44065119)

It's not as much that they are a trusted person, but that they are a neutral third party.

This neutrality is often in question.
Virtually every Real Estate company in the US has a pet notary public on staff, as do many larger bank branches,
and they notarize all sorts of business documents to which their own employer is a party.

At best, these certify that the Notary's numbered seal on a document can be traced to someone who witnessed
the signing, and that person' should have a log. But that log can't always be found, and even when it can,
all the notary can testify to is that the seal matches the log, and it "looks like" their signature.

Re:Notaries (0)

Anonymous Coward | about 10 months ago | (#44065203)

You're trying to make it sound like you know a lot about the real-world notary business, but let's face reality --- you don't.

Re:Notaries (3, Insightful)

Emin Gün Sirer (2958309) | about 10 months ago | (#44064177)

The Internet has really changed the game here. What does a trusted person mean in a global context? More importantly, what exactly is the global entity that would declare a person to be trusted? If you've ever had to deal with international notarization, you'll know that the best that the current system can offer is a system of irregular local standards, glued together through Apostilles on dead trees. These are at best inefficient, though archaic would probably be a more accurate description.

Changing that landscape starts with providing alternatives to the public so that your Joe/Jane Lawmaker can see what is possible and change the laws to match the new technological capabilities.

Re:Notaries (0)

Anonymous Coward | about 10 months ago | (#44064245)

They eliminate the need for trust by sending a hash of the document through the Bitcoin network.

Re:Notaries (1)

icebike (68054) | about 10 months ago | (#44065141)

Bitcoin plays no central part of this, and does not add any trust to the hash.

Each hash validates every prior hash, and bitcoin adds nothing.

"Mail all of your most important documents here" (0)

Anonymous Coward | about 10 months ago | (#44064057)

This makes a convenient way for someone to snoop on everybody. As the documents are sent to one destination, with the identity of the sender. At least with a real notary, I have a person sitting in front of me who can't retain the document and (probably) doesn't release my visit to them.

Re:"Mail all of your most important documents here (1)

mlts (1038732) | about 10 months ago | (#44064191)

Easy fix: Timestamp a list of document hashes of both the file and the file's size. For example, MD5 hash, SHA1, SHA2, and SHA3. One has might be forgable, but it will be extremely difficult for someone to make a new document of the same exact size, but have all the hashes match.

Using this method, the timestamper has zero knowledge of what is in the document, not even how big it is. All they can tell is if a subsequent document was the same as a previous one that went through their system.

Re:"Mail all of your most important documents here (0)

Anonymous Coward | about 10 months ago | (#44064663)

So connect through Tor, and have them time-stamp an encrypted copy of the file.

Do they even know what notarizing is? (1, Insightful)

frovingslosh (582462) | about 10 months ago | (#44064167)

Pure nonsense. And I actually looked at the link this time, not just the /. summary. From the website: You select a factoid that you would like notarized. We check that factoid, create a record of it that you can refer to later, and issue you a cryptographically-signed certificate that attests to that factoid.

That has nothing to do with notarizing. Notarizing is about witnessing and confirming that you (the signer of a document) are who you say you are. It has nothing to do with the the accuracy of the document itself. I could write a deed selling you the Brooklyn Bridge and a notary could perfectly legally notarize it, all they would be doing is affirming that I was the person who signed it. Notarizing something has absolutely nothing to do with confirming that the information contained in the notarized document is accurate. This "service" seems to want to confirm facts, but I don't see anywhere that it manages to confirm who it was that electronically signed something. So it is not notarizing at all.

Re:Do they even know what notarizing is? (1)

icebike (68054) | about 10 months ago | (#44065247)

It documents the fact that there was something recorded (they make a perpetual copy of some digital thing) on a date and time specific.
It doesn't really matter to them what it was, or who you are. It merely proves the existence of the digital item on a date in the past

A notary can't notarize a digital version of anything. It only works for paper documents.

When someone steals you software 5 years from now, and you have a Cornell Notarization number for that digital file dated today, you have a third party saying they made a digital copy of that digital file on a specific date and time. If it predates your claim-jumper, you had proof that they did not invent it. That is all it claims to do.
It doesn't claim to prove you own it, or where it came from.

Simply that it's existence on the web at some point in time was verified and issued a certificate of existence that can't be back dated or faked.

They are re-using the word "notary", but doing so in a way that could never be mistaken for a Notary Public, because such people can not notarize digital items.

Re:Do they even know what notarizing is? (0)

Anonymous Coward | about 10 months ago | (#44065429)

Depending on the state in the U.S., you can notarize digital items. With a proper timestamp token, a digital signature on a document is quite useful as well.

from http://www.asnnotary.org/?form=enotary

State E-Notarization Laws, Rules or Programs:

Arizona (statutes) Colorado (rules) Florida (statutes)
Kansas (program) Minnesota (statutes) North Carolina (statutes, rules)
Pennsylvania (program) Utah (rules)

Re:Do they even know what notarizing is? (1)

Chelloveck (14643) | about 10 months ago | (#44065439)

They don't check the accuracy of the factoid. They're just attaching a timestamp and their digital signature to whatever factoid you give them. You can later use this to prove that the factoid was a particular byte string at a particular time. (Though I'm not sure the level of "proof" this is, unless they're willing to appear in court and testify that the timestamp is accurate.)

The language on their website is very misleading.

Re:Do they even know what notarizing is? (1)

karthikg (322896) | about 10 months ago | (#44067933)

Right... notary is about authentication .. user is the person who claims himself to be [done using a picture id, say].
It would be really useful to have this process done online so that it can avoid a trip to a notary public office (and pay the $10 or so fee).
The problem is not easy to solve.. but a central agency (a e-notary service) could potentially use a remote system like webcam or voice to verify you. It needs to be robust that someone can't easily impersonate. [likely use a live-person on the other end and may be use your biometrics like iris-scan to confirm it's you]

I see still for some financial transactions.. while 99% of work can be finished online (read: without leaving your home), a last bit still needs a notary.. if this task can be done online, it will be nice as you can instantly finish up some financial transactions (e.g you do an asset transfer to another person online with your finanical institute)

Ummm... (1)

fuzzyfuzzyfungus (1223518) | about 10 months ago | (#44064195)

Am I missing something that makes this idea different from RFC3161 [ietf.org]?

Ever since the invention of cryptography capable of 'signature', 'virtual notary' has merely been a matter of finding somebody you'd actually trust to be a notary, and then having them sign stuff. If you give them a clock, you can even have 'trusted' timestamps!

The bigger trick, and something that would actually be worth writing home about, is doing this without trusting somebody who almost certainly doesn't deserve it.

Re:Ummm... (1)

Emin Gün Sirer (2958309) | about 10 months ago | (#44064525)

There are quite a few ways in which RFC3161 falls short of what someone might want:
  • 1. This particular online notary differs from previous online notaries in that it can issue statements based on its own view of factoids on the Internet. So it can issue statements like "from the VN's vantage point, the DNS A record for domain X is Y." In contrast, a timestamp service only issues statements of the form "at time X, client Y said Z."
  • 2. VN is a concrete implementation whereas RFC3161 is only a protocol specification.
  • 3. VN uses the widely accepted X.509 format while RFC3161 introduces its own custom format.
  • 4. VN implementation is backed by the Bitcoin public ledger and Twitter to protect against rollback attacks.

Re:Ummm... (1)

icebike (68054) | about 10 months ago | (#44065305)

Your point 4 is wrong.

Bitcoin and twitter are not central to the prevention of rollbacks. The mere existence of any single key validates all prior keys, therefore
once created a new keyvalue prevents roll back of ALL prior values.

Twitter and Bitcoin are merely good public records. They lend no strength to the methodology.
You could hack their twitter account and post a bogus key, but said bogus key would be immediately falsifiable based on the key itself.

Re:Ummm... (0)

Anonymous Coward | about 10 months ago | (#44065537)

Twitter and Bitcoin are merely good public records. They lend no strength to the methodology.

I would say yes and no. At least by my understanding, having good public records does lend strength (at least in practice), but the particular choice of Twitter and Bitcoin does not add strength beyond a different choice.

Re:Ummm... (0)

Anonymous Coward | about 10 months ago | (#44066325)

You're arguing against one of the creators of the service...

History repeating (1)

skaag (206358) | about 10 months ago | (#44064285)

Yah well, I created something exactly like this back in 2004 called robonotary.com but the lack of interest was very palpable and I was no longer motivated to pursue it.
(still own the domain).

Re:History repeating (0)

Anonymous Coward | about 10 months ago | (#44064731)

something exactly like this back in 2004

There was no Twitter or Bitcoin in 2004.

Re:History repeating (0)

Anonymous Coward | about 10 months ago | (#44066423)

something exactly like this back in 2004

There was no Twitter or Bitcoin in 2004.

Domain Name.......... twitter.com
Creation Date........ 2000-01-22

I'd use blind signatures (0)

Anonymous Coward | about 10 months ago | (#44064725)

It appears you need to send them the actual document to get it signed. It seems like a blind signature might be better here (Since this is just a time stamp service, not a notary, they don't need to look at the content). https://en.wikipedia.org/wiki/Blind_signature

The real issue with something like this is, as far as I can tell, I can just have them sign anything. Every month I can get proof I'm working for 8000 companies? This is really only useful as proof that you knew something that's resistant to guessing lots of times (Like some specific description of an event, a long private key, etc).

Using bitcoin as they did is a clever fix that prevents them from issuing false timestaps (stamping with past dates). I missed that idea when I considered making such a service. Maybe its a patentable idea (I hope not, but I suspect it is. I assume its been done before though, but when has that really mattered...)

Anyway, better than I would have done, and its a free [slightly] useful service. Neat.

Re:I'd use blind signatures (3, Interesting)

EvanED (569694) | about 10 months ago | (#44064985)

This is really only useful as proof that you knew something that's resistant to guessing lots of times (Like some specific description of an event, a long private key, etc).

That's still really useful, you know. For example, suppose you take a photo of some damage when you move into an apartment or something, and want a third party to be able to attest that you took it when you moved in instead of moved out.

As they explain in the FAQ, they can't really attest to the truth of something for obvious reasons, but that doesn't mean that they're only slightly useful.

It Needs an Interface Improvement (0)

Anonymous Coward | about 10 months ago | (#44065041)

I am unable to reliably and completely provide my name to the "Name" field, and thus am unable to obtain from this service, a proper notarization for my promissory note. I fear people may look upon me and say to each other that I shave stray kittens for a living.

How does it works? (1)

manu0601 (2221348) | about 10 months ago | (#44066813)

It seems to always use an online source. For instance, real estate certification is done using data from Zillow [wikipedia.org], an online service I did not know before reading that news.

It means it is not real estate certification, but certification of what Zillow says on real estate

How about Virtual Witness for live-aloners? (1)

ivi (126837) | about 10 months ago | (#44067143)

Elderly folks & maybe younger singles who want to live -safely- in their own homes longer, even after a spouse passes on, need protection from scammers who visit & try to defraud them out of money, etc.

If they record people who telemarket, show-up on their door steps to sell and/or just won't take no for an answer, in such a way that they recording are uploaded to Virtual Witness or (today) Virtual Notary for a time-stamp, etc., ie, whatever might be needed to make it usable in court, could have it easier to win their law suits, damage claims, or just convince judges (in criminal matters), that what they say happened is what actually happened.

A family of Virtual Witness devices (like black boxes for the home) would monitor / records & securely upload any recordings of concerning incidents (eg, on touch of a button -or- if owner did not press an "All OK" button after answering door, phone, etc.)

Disabled folks (recently, intellectually disabled) may have issues being heard... slow delivery of words or questions of abilities to recall accurately what happened to them.

Virtual Witness may be the way to let many of these people enjoy increased security in their homes, knowing that - if needed - a verified recording would be available to police, courts, their lawyer, etc. when verification is needed of a claim or complaint.

high concept but useless (1)

JimtownKelly (634785) | about 10 months ago | (#44067331)

Most of my needs for notarized docs are overseas, where chops, ribbons, big stickers, and all sorts of other bureacratic crap are necessary for validation. I hope these guys are able to get the credibility they need for this project to succeed, but am initially skeptical in light of all the big governments everywhere.

Rerereinvented... (0)

Anonymous Coward | about 10 months ago | (#44067503)

Sounds like a reinvention of the service first invented by Haber and Stornetta at Bellcore many years ago, and operating
as surety.com

This is about the stupidest thing for inventors (1)

tlambert (566799) | about 10 months ago | (#44068147)

This is about the stupidest thing for inventors.

In most countries other than the U.S., where you have a year from first public disclosure to file for a patent, disclosure automatically nullifies your ability to file for patents.

Re:This is about the stupidest thing for inventors (1)

FreshnFurter (599451) | about 10 months ago | (#44077359)

You are mistaken it is not disclosure. You just have proof that the document you produced, which only you can see, was certified to be generated on that day. It can be used if there is a dispute on prior knowledge. Let's say that you a Non disclosure agreement with someone and the topic is whatever you wanted to patent so they tell you what you wanted to patent. Then you have proof that you thought of this prior to the NDA. This could be important.

I thought a "factoid" ... (1)

dbIII (701233) | about 10 months ago | (#44068373)

I thought a "factoid" was supposed to be something that looked like a fact but wasn't, but was a more polite way of saying "a lie that's been pulled out of the void at moments notice but sounds plausable".

Bitcoin based proof of existence (0)

Anonymous Coward | about 10 months ago | (#44068591)

Here it is. It puts the hash of your data in the bitcoin chain, which gets timestampted and backed in a decentralized and distributed way. https://www.proofofexistence.com/ [proofofexistence.com] You just need to spend .005 bitcoins to a inexistant address.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...