Horst Herb wrote: > On Tue, 28 Feb 2006 22:25, Andrew McIntyre wrote: >> For medico-legal purposes signing all incoming documents with a >> location key would make them fairly secure against tampering and >> provide absolute integrity checking, this is something we can do. If >> you do that with scanned documents and follow the other storage >> requirements then its a legally valid document as per the HIC >> guidelines. > > Doubt it very much. > Firstly, signing an incoming document with your location key proves > absolutely > *nothing* - since you can set your own computer's date at will and sign > whatever you want whenever you want it. And whether you store your document > on DVDs on the moon or on a harddisk in your waiting room again changes - > zilch. > > The only possible way of proving document content and integrity as per a > certain date is per *external* certification - anything that gets stored by a > third party outside of your reach > > What I proposed several years ago (the gnotary system) was a peer to peer > based solution: in intervals every users determines himself, the system > generates hashes of files he wants to certify, and transfers these hashes to > other systems where he cannot access them. As "payment", he receives and > stores hashes from other systems. > > Advantages: > 1.) costs nothing (other than a tiny bit of bandwidth and some digital > storage > space > 2.) The further the hashes get replicated, the less likely anybody could ever > modify them all regardless of effort > 3.) reliability through redundancy - if your hashes get transferred to > hundreds of systems it is most unlikely all of them will have failed by the > time you need the proof > 4.) Full control of the owner of the data what gets certified when > 5.) No patient related information ever leaves the system - no privacy issues > > Alas, nobody here seemed to understand why they would want such thing and > participation was near zero (3 or 4 GPs participated for some time in Oz, but > it has taken off in Germany and Holland and is rather widely used there now)
Yes, digital notarisation has been widely used in research labs for over a decade. For US patent applications, if you can prove that that thought of an idea by a certain date (up to one year prior to the date on which you file a patent application), you can claim that date as the "priority date" for your application. Labs get their researchers to periodically scan the pages of their lab notebooks and then send a hash of those scans to a third-party notary to digitally datestamp and sign - which can then be used to prove that the researcher knew of the idea on that date and didn't just read about it somewhere else and retrospectively concoct a set of lab notes to make it look like s/he thought of it first. (This ability to claim a priority date up to a year before the application is lodged is peculiar to the US system). Tim C _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
