+

WO2003009217A1 - Signature electronique de documents - Google Patents

Signature electronique de documents Download PDF

Info

Publication number
WO2003009217A1
WO2003009217A1 PCT/SG2001/000150 SG0100150W WO03009217A1 WO 2003009217 A1 WO2003009217 A1 WO 2003009217A1 SG 0100150 W SG0100150 W SG 0100150W WO 03009217 A1 WO03009217 A1 WO 03009217A1
Authority
WO
WIPO (PCT)
Prior art keywords
document
hand signature
signature
hand
digest
Prior art date
Application number
PCT/SG2001/000150
Other languages
English (en)
Inventor
Jian Kang Wu
Lei Zheng
Original Assignee
Trustcopy Pte Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Trustcopy Pte Ltd. filed Critical Trustcopy Pte Ltd.
Priority to PCT/SG2001/000150 priority Critical patent/WO2003009217A1/fr
Publication of WO2003009217A1 publication Critical patent/WO2003009217A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N1/32144Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title embedded in the image data, i.e. enclosed or integrated in the image, e.g. watermark, super-imposed logo or stamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N1/32144Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title embedded in the image data, i.e. enclosed or integrated in the image, e.g. watermark, super-imposed logo or stamp
    • H04N1/32149Methods relating to embedding, encoding, decoding, detection or retrieval operations
    • H04N1/32267Methods relating to embedding, encoding, decoding, detection or retrieval operations combined with processing of the image
    • H04N1/32283Hashing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/608Watermarking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3204Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to a user, sender, addressee, machine or electronic recording medium
    • H04N2201/3205Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to a user, sender, addressee, machine or electronic recording medium of identification information, e.g. name or ID code
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3233Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document of authentication information, e.g. digital signature, watermark
    • H04N2201/3236Details of authentication information generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3245Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document of image modifying data, e.g. handwritten addenda, highlights or augmented reality information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3269Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of machine readable codes or marks, e.g. bar codes or glyphs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/328Processing of the additional information
    • H04N2201/3281Encryption; Ciphering

Definitions

  • This invention relates to a method and system for the electronic signing of documents and refers particularly, though not exclusively, to such a method and system for protecting the integrity and originality of signed documents.
  • the method and system may use a hand signature as well as other "capturable" signatures such as, for example, digital certificate, voice, seal, fingerprint, face, iris, and so forth.
  • a hand signature as well as other "capturable” signatures such as, for example, digital certificate, voice, seal, fingerprint, face, iris, and so forth.
  • a smart card to store a seal image, and use it to sign documents.
  • the seal may be protected against forgeries by using an optical watermark.
  • Another example is to use the voice of the signatory to sign documents.
  • the voice may be recorded as a "signature” using digital recording techniques.
  • "hand signature" is to be taken as including all such capturable signatures.
  • the signing device can extend from an electronic pen to other sensing devices such as, for example, digital cameras, microphones, scanners, and so forth.
  • sensing devices such as, for example, digital cameras, microphones, scanners, and so forth.
  • a reference to a computer is to be taken as including computers such as, for example, a desktop computer, personal computer, laptop computer, and notebook computer.
  • reference to an optical watermark is to be taken as a reference to a watermark in accordance with our earlier international patent application PCT/SG00/00147 filed 15 th September 2000, the contents of which are hereby incorporated by reference.
  • a signature system should provide non-repudiation, and verifiable evidence, that a person has correctly signed the required document at a particular time. It is a difficult task to verify the identity of a person who has signed a document as attacks on the integrity of the signing process may happen at any time during the signing process: from forging the signature, to combining a correct signature with an irrelevant document.
  • a party with fraudulent intent may record the signal generated at the signing using sensors and then use the recorded signal to create a forged signature. Attackers may also obtain a sample of a real, hand-applied signature, and manually imitate it.
  • a fraudulent party may cut or copy signature data from a document and attach it to an irrelevant document.
  • a receiver can also forge a printed document by forging the signature of the correct party on that document.
  • US patent 5,517,579 describes a handwriting recognition apparatus including handwriting input apparatus employing at least two different sensing techniques to sense handwriting, and symbol identification apparatus receiving an output of the handwriting input apparatus for providing an output indication of symbols represented by the handwriting.
  • the additional sensors provide more information for the verification process, it cannot differentiate between signals resulting from real signatures and recorded signals of a signature. A fraudulent party could record the signals from the sensor and then replay the recorded signature to create a forged signature.
  • International patent application WO/0049583 relates to a method and device for personalizing and verifying identification and security documents, and to a security document that can be used therewith.
  • the identification or security document contains data specific to the individual in alphanumeric and/or graphical form, which is either printed on the document and/or stored in the document.
  • the data specific to the individual and/or correlated data is also present in/on the document in a second form that can be machine-read. This data, and the data specific to the individual, can be read from the document and checked for consistency, using an appropriate test control unit.
  • the specification does not disclose a mechanism to securely protect the integrity of the content of the document, nor does it disclose a method for user authentication.
  • International patent application WO/0031677 discloses a method for the authorization of documents that includes preparing a record for future reference by authorized personnel, including providing a sensitive document, collecting biometric data from an individual requesting authority to become an authorized person to access the document, forming a bar code including the biometric data from the individual, attaching the bar code to the document, and storing the document and attached bar code.
  • Access to the document is authorized by collecting current biometric data from a person requesting access, comparing the current biometric data to the bar code attached to the document, and confirming that the person requesting access and the authorized individual are identical.
  • a digital certificate is formed in a secure processor from a digitized representation of a unique biological feature of a registrant.
  • the digital representation is signed with the registrant's private encryption key in the secure processor, and transmitted to a certificate authority through a communication network.
  • the registrant's identity is verified at a remote, secure registration processor.
  • the certificate authority forms the certificate by encrypting the digital signature with the certificate authority's own encrypting key during the registration process.
  • the certificate is also held in a publicly available directory.
  • the document and the certificate are then transmitted to a receiving terminal. If the sending party denies sending the document, the biological feature can be extracted from the certificate and directly compared with the actual biological feature of the sending party during the validation process. This is an extension of the use of existing digital certificates with biometrics data, and does not deal with documents.
  • the present invention therefore provides a method for a person to sign a document by use of an electronic pen, including capturing a hand signature of the person, generating a verification ID, then attaching the hand signature and the verification ID and an optical watermark to the document to complete the document signing process.
  • the identity of the person is verified before generating the verification ID, the verification ID being the hand signature and/or a document digest and/or a time stamp and/or representative features of the document.
  • the hand signature may be embedded into the optical watermark
  • the document digest and/or a time stamp may be embedded into the optical watermark to form a link between the document and the hand signature.
  • the document digest may be critical information of the document.
  • the person's identity may be verified by a public key infrastructure after a security handshaking challenge-and-response session between a server and the electronic pen, and the electronic pen may store an identity number of the electronic pen, a private key of the electronic pen, a private key of the person, measured features of the person's hand signature, and/or a detachable learning module. If a plurality of persons are able to use the electronic pen, the electronic pen should be able to store registration information of each such person.
  • the server and electronic pen can store their respective private keys, and the hand signature and/or measured features of the hand signature of the person are stored in the server.
  • Security handshaking between the server and the electronic-pen based on public key pairs is a preferred step.
  • the hand signature and/or measured features of the hand signature of the person may be stored in the electronic-pen, and the processing and verification of the hand signature can also carried-out inside the electronic-pen.
  • the capturing and processing of the hand signature and/or measured features of the hand signature of the person may be carried out in a secure processor and the processing result sent to the electronic pen for verification.
  • the private key and the hand signature of the person can be stored in the electronic pen, the hand signature and/or the measured features of the hand signature of the person stored in the secure processor, and the hand signature and/or the measured features of the hand signature stored in the computer.
  • the hand signature and/or the measured features of the hand signature of the person may be stored in an encrypted form, preferably in a secure memory.
  • the secure memory may be an authentication card for the person.
  • the method may be applied to process approval.
  • the present invention provides a method for generating a validated hand signature to a document by signing the document using an electronic pen, creating a digest of the document, encrypting the hand signature within the electronic pen, generating a verification ID, incorporating the verification ID into the document, and integrating the digest into the document.
  • the verification ID may be generated from the captured hand signature, the document digest, a time stamp, and/or representative features of the document.
  • the hand signature may be embedded into an optical watermark, and at least one of the document digest, critical features of the document, a time stamp, and the document contents, are embedded into the optical watermark to form a link between the document and the hand signature.
  • the document can be authenticated by creating a digest of the signed document, generating a decrypt key using the document digest and using it to decrypt the verification ID, comparing the hand signature extracted from the verification ID and the hand signature as it appears on the signed document, comparing the digest generated from the document and the digest from the verification ID, comparing the hand signature on the document with that embedded in the optical watermark, and comparing that of the critical features/content of the document and/or the time stamp embedded in the optical watermark with its equivalent in the document.
  • the digest of the document may be obtained from the representative features of the document, and that which is embedded in the optical watermark can be decoded by a special key.
  • the hand signature and the digest of the document may be extracted from the printed document, and the document authenticity verified by comparing the hand signature on the document with the hand signature embedded in the optical watermark.
  • the critical features/content of the document and the time stamp embedded in the optical watermark can then be compared with their equivalents in the document.
  • the hand signature may include signature image and features of the hand signature, the features of the hand signature including pressure and speed.
  • Pre-registered hand signatures may be stored for future use in the electronic pen, the server, and the secure memory. Preferably, the pre-registered hand signatures are periodically updated, and any the hand signature may be combined with other biometric information of the person.
  • Encryption may be by public key pair and/or symmetry key.
  • Figure 1 is a representation of a typical document signing system according to the present invention
  • Figure 2 is a block-diagram of one form of an e-pen for use with the present invention
  • Figure 4 is an illustration of the verification ID
  • Figure 5 is an example of a signed document
  • the signed document of the present invention has the following structure:
  • hand signature data • verification ID, which may consist of the following items, and which may be encrypted: o hand signature and/or its critical features and/or its digest; o digest of the document content (either hash, features, or critical items); o time stamp; and • a watermark, including an optical watermark, with embedded hand signature and critical items of the document content.
  • verification ID which may consist of the following items, and which may be encrypted: o hand signature and/or its critical features and/or its digest; o digest of the document content (either hash, features, or critical items); o time stamp; and • a watermark, including an optical watermark, with embedded hand signature and critical items of the document content.
  • an e-pen 10 As shown in Figure 1, in one form of the present invention there is an e-pen 10, a secure processor 12, a secure storage 14, a computer 16, and a user 18. These are to: 1. capture the hand signature of the user 18 ;
  • the method and system may also include:
  • the e-pen can be as simple as a pointing device; and as complicated as an electronic pen to capture signatures, with a secure storage and a secure processor.
  • security handshaking and hand signature verification between the e-pen, the secure storage, the secure processor and the computer may have a number of protocols.
  • the secure processor is secure; the e-pen device is secure; and the private key of the e-pen user is stored in the e-pen.
  • the hand signature, or its features, may be stored in the server. Examples of suitable protocols are:
  • Protocol 1 In this protocol, there is no independent secure memory. Both the secure processor and e-pen can store their private key in their own secure memory, and each knows the public key of the other. The hand signature and/or features of the hand signature of the e-pen user are stored in the secure processor in a secure database, together with the e-pen user's name and/or other identifying data. The signing procedure commences with a security handshake between the secure processor and the e-pen, via a secure connection such as, for example, the Secure Socket Layer protocol.
  • the e-pen After successful authentication of the e-pen and the secure processor based on public key pairs, the e-pen collects the hand signature data of the user, encrypts the data, and sends it to the secure processor for further processing and verification.
  • security handshaking protocols and encrypted data transmission refer to Chapter 9 "Security Handshaking Pitfalls", pp223 of "Network Security: Private Communication in a Public World” by C. Kaufman, R. Permian and M.
  • Protocol 4 the same as protocol 3, except that the hand signature and/or feature measures are stored in the secure processor, either in its encrypted form, or in the secure memory.
  • the system for electronically signing of document in this invention is as shown in Figures 2 and 3. It has a service program residing in the computer that communicates with outside parties. It may represent a user and communicate with a server.
  • the service program can be a client software program that can communicate online with, and be controlled by, the server.
  • the server coordinates all document processing, management, exchange, and approval amongst all other clients.
  • the service program may also work as a mail client, by receiving a document to be processed and signed from a client sending the signed document to another client, and servicing the verification requests whenever, and from whomsoever, they arrive.
  • the service program can play a global role in document processing, management and delivery, as well as providing the necessary infrastructure for security and authentication services. This includes, but is not limited to: registration of individual users and their e-pens; who is to sign documents; secure delivery of documents between users; maintaining the user and e- pen database; and so forth.
  • the encryption/decryption keys may be embedded inside the e-pen by the manufacturer or a trusted third party. In such an arrangement, the encryption/decryption key pair acts as the identity of the e-pen. The encryption key is securely maintained within the e-pen, while the decryption key may be publicly released.
  • Hand signature data can be hashed and encrypted using the selected private key.
  • the e-pen/secure memory/server returns the encrypted hash value of the hand signature data to the service program. Since the public keys of the pre-generated key pairs are released and are indexed in the same way as they are indexed inside the e-pen/secure memory/server, the correct public key for decrypting the verification ID can be easily found using the document digest, which is readily computed from the document content.
  • the e-pen may include one or more sensors, processors, and related peripherals, to capture a handwritten signature and transform it to digital data. Critical features are then extracted from the data, encrypted, and stored for verification at the time of user registration.
  • the e-pen may be manufactured and inspected by a trusted manufacturer to ensure that the program stored in the secure memory of the e-pen is tamper-proof, and to prevent run-time attacks on programs running in the processor of the e-pen.
  • An e-pen may have a hardware unit that includes a smart sensor, an internal clock, a secure memory, and a secure processor.
  • the service program in the computer communicates with the e-pen or the secure processor, and authenticates each other through a series of challenge and response processes.
  • security handshaking protocols and encrypted data transmission refer to Chapter 9 "Security Handshaking Pitfalls", p 223 in the book of "Network Security - private communication in a public world", by C. Kaufman, R. Perlman, and M. Speciner, PTR Prentice Hall, 1995.
  • the service program After successful authentication of the e-pen/secure processor and the service program, the service program sends the document digest to the e-pen/secure processor.
  • the e- pen/secure processor captures the hand signature, and processes it, if necessary.
  • the verification ID is then generated by assembling the document digest, the hand signature digest or critical features, and the time stamp, and encrypts them using e-pen' s private key.
  • the verification ID can be easily verified with the public key of the e-pen, which is publicly available.
  • the signature data may be obtained from a hand signature acquisition device.
  • the device encrypts the hash value of the digitalized signature at the time it is captured.
  • the key used for encrypting the signature data may be either preset by the manufacturer or user, or given by the key generation device and/or program.
  • the signature data may include information other than information related to the hand signature. For example, it may include other biometric data of the user, a time stamp, and the pressure applied to or by the pen during the signing process.
  • the signature data of a user includes pre-registered hand signature data of the user, stored in the secure memory, the e-pen, or the server.
  • the verification program can obtain the user's public key from a trusted third party (such as Certificate Authority), and decrypt the hand signature data using the public key of the user. Decrypted hand signature data can be used as a reference to verify the authenticity of the signature data appearing on the document. As a user's hand signature may change from time to time, the reference hand signature may need to be updated periodically.
  • the document digest may be generated in one or more of several methods. One is to generate a hash from the document file. Other method includes extracting important contents of the document.
  • a digest of a cheque may include the name of the payee, the amount of the cheque and its currency, the signing date, and any given withdrawal policy. For example, the "or bearer" can be crossed out; the cheque can also be crossed, and may be marked as being for the account of the payee only.
  • the digest may be represented in plain text form, or other encoded form.
  • the representative features may include important graphic features of the document image.
  • the representative features of a face image in a photograph can be the 5 Eigen value of that photograph, and the representative features of a text document may be given as the layout and the shape of its component.
  • the device or program for document printing may include functionalities that print the document with the signature and optical watermark in a controlled manner. Printing
  • the device or program for security management may include a database that stores:
  • the encryption and decryption system preferably uses a Public Key Infrastructure that provides security and privacy for the signing process.
  • To verify a hand signature applied to an electronic document may include:
  • the verification service may not be a trusted service.
  • the content in the optical watermark may be extracted by using an optical decoder, or by using a computer-aided decode program. This may be performed manually or automatically.
  • the verification service then creates a document digest and its hash, and decrypts the verification ID in the document.
  • the decryption key may be obtained publicly if the verification ID is encrypted using the private key of the e-pen or the secure processor, or the user, during the signing process.
  • the decryption key may also be generated according to the digest/features.
  • the hash value of the document digest is used to form the session index number of the encryption/decryption key pairs in the signing process.
  • the decryption key may be obtained from the pre-registered key pairs table by reference to the session index number.
  • the originality of the document content may be verified by the verification process by comparing the decrypted document digest with the digest data generated from the received document.
  • the authenticity of the signature may be verified by comparing the decrypted signature data with the signature data appearing on the received document.
  • the verification program can also check the validity of the time stamp, and other supporting information, that may be embedded in the encrypted hand signature data.
  • the method for verifying a signature as applied to a printed or hard copy document may include:
  • the receiver may receive the document in printed form.
  • a digital imaging apparatus may be applied to transform the hard copy of the document to electronic form.
  • the document digest and signature data may be extracted from the optical watermark either manually or automatically.
  • an optical decoder may be used, allowing the receiver to read the contents of the optical watermark and manually inputting it into the processor.
  • the integrity of the hand signature data applied to the document may be verified by comparing the hand signature data decoded from the optical watermark with the hand signature appearing on the document.
  • the receiver may also authenticate the originality of the received document by verifying the document digest embedded in the optical watermark.
  • This scheme is very similar to the verification protocol for an electronic document except for a number of points of difference.
  • a digital imaging apparatus may be used to transform the hard copy document to electronic form.
  • the verification process extracts the digest, or representative features, from the digitalized document in a way that is relatively immune to errors during the printout and scan-in processing. This can be done either manually or automatically.
  • the document digest is the important document content in plain text form, it can be regenerated in the verification process by manual input, or by a computer aided recognition algorithm, such as, for example, Optical Character Recognition.
  • a feature can be selected to represent the document, which feature is immune to variation or error during the print- and-scan processes.
  • a secure user authentication device such as, for example, a smart card may be attached to the processor to allow offline verification. It may also provide other personal information. These signatures can be integrated into the verification ID, if necessary, and the verification program can extract them and compare them with the hand signature appearing on the signed document.
  • the secure memory may be a user authentication card, if desired. Generally, it is hard to implement complex operations within a user authentication card. Therefore, the secure processor is preferably employed to communicate with the user authentication card.
  • the user authentication card may have an internal clock, a secure memory, and an internal secure processor.
  • the service program requests authentication of a document, it communicates with the secure processor and they authenticate each other through a series of challenges and responses.
  • the document is sent to the secure processor.
  • the secure processor launches a series of secure services to generate a document digest and session key pairs. The session key pairs may be generated from the combination of document digest and the public key in the user authentication card.
  • the secure processor then obtains the hand signature data, and its hash, from the e-pen, as encrypted by a previously set session key.
  • a secure service then decrypts the signature data, combines it with a time stamp and pre-registered signature in explicit form, and encrypts it again with a privately generated session key, or the private key of the user or the authentication card.
  • the encrypted signature may be used to form the verification ID.
  • a trusted service can then create an optical watermark embedded with content that includes the document digest and the hand signature.
  • the captured hand signature may be verified by the signing device. After successful hand signature verification the hand signature, together with a digital signature, can be attached to a document to complete the document signing process.
  • Verification methods such as, for example, dynamic programming and neural networks can be used to match the input vector against the stored templates.
  • An aspect of the present invention is to obtain the private key of the e-pen owner, to store it in the e-pen, and to capture and process the hand signature for the feature measures to be stored in the e-pen, or other secure storage.
  • the method for the capture and processing of the hand signature is preferably the same as in the verification phase.
  • the present invention relates to the signing and verifying process of an authenticated document that may have been transmitted over a network. This will reduce costly and slow physical delivery of the authenticated paper document. However, the authenticated document may also be transmitted through traditional means.
  • the hand signature will have higher user confidence than in the past.
  • the present invention may offer a convenient method for offline verification.
  • a traditional paper-to-paper signature such as, for example, an electronic cheque.
  • Banks may have smart cards used by its customers as an "electronic cheque book".
  • the smart card stores pre-registered session IDs in such the same way as paper chequebooks are used. Customers may complete its content, sign it, and send it to a recipient. After the signing process, the pre-registered cheque ID will be destroyed.
  • the present invention extends to all features disclosed both individually and in all possible permutations and combinations.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Multimedia (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Editing Of Facsimile Originals (AREA)
  • Collating Specific Patterns (AREA)

Abstract

L'invention concerne un procédé permettant à une personne de signer un document (présentement défini) au moyen d'un stylo électronique (présentement défini), caractérisé en ce qu'il comprend les étapes ci-après : saisie d'une signature manuscrite (présentement définie) d'une personne ; vérification de l'identité de la personne ; générer une vérification ID ; annexer ensuite au document la signature manuscrite, la vérification ID et un filigrane optique, de manière à parachever le procédé de signature du document. L'invention concerne également un procédé permettant de générer une signature manuscrite validée (présentement définie) pour un document, caractérisé en ce qu'il comprend les étapes ci-après : signature du document au moyen d'un stylo électronique (présentement défini) ; création d'un sommaire du document ; cryptage de la signature manuscrite dans le stylo électronique ; générer une vérification ID ; incorporer la vérification ID dans le document ; et intégration du sommaire dans le document.
PCT/SG2001/000150 2001-07-16 2001-07-16 Signature electronique de documents WO2003009217A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SG2001/000150 WO2003009217A1 (fr) 2001-07-16 2001-07-16 Signature electronique de documents

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG2001/000150 WO2003009217A1 (fr) 2001-07-16 2001-07-16 Signature electronique de documents

Publications (1)

Publication Number Publication Date
WO2003009217A1 true WO2003009217A1 (fr) 2003-01-30

Family

ID=20428969

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2001/000150 WO2003009217A1 (fr) 2001-07-16 2001-07-16 Signature electronique de documents

Country Status (1)

Country Link
WO (1) WO2003009217A1 (fr)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004068824A2 (fr) * 2003-01-17 2004-08-12 The Mitre Corporation Signature vocale a lien de correspondance fort
EP2037383A1 (fr) * 2007-09-13 2009-03-18 Alténor Holding Procédé de validation électronique d'une transaction en réseau
EP2048867A1 (fr) * 2007-10-10 2009-04-15 Deutsche Thomson OHG Procédé et système de génération et de vérification d'un joint numérique sur un document analogue
GB2511813A (en) * 2013-03-14 2014-09-17 Adaptive Neural Biometrics Ltd A method, apparatus and system of encoding content and an image
US9053309B2 (en) 2013-03-14 2015-06-09 Applied Neural Technologies Limited Behaviometric signature authentication system and method
WO2015173001A1 (fr) * 2014-05-12 2015-11-19 Koninklijke Philips N.V. Vérification d'images capturées à l'aide d'une estampille temporelle décodée à partir d'un éclairage provenant d'une source de lumière modulée
WO2016083917A1 (fr) * 2014-11-25 2016-06-02 Trusted Information Consulting Sp. Z O.O. Dispositif d'écriture électronique, système et procédé pour sécuriser un document sous forme numérique à l'aide d'une signature manuscrite
US9563926B2 (en) 2013-03-14 2017-02-07 Applied Materials Technologies Limited System and method of encoding content and an image
CN112464181A (zh) * 2020-12-10 2021-03-09 国机工业互联网研究院(河南)有限公司 一种电子签章打印纸质文件防伪的方法及系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5689567A (en) * 1993-12-27 1997-11-18 Nec Corporation Electronic signature method and apparatus
US5956409A (en) * 1996-04-29 1999-09-21 Quintet, Inc. Secure application of seals
FR2778483A1 (fr) * 1998-05-07 1999-11-12 Jacques Keller Dispositif d'authentification et d'integrite d'un document par protection cryptologique
JP2000155524A (ja) * 1998-11-19 2000-06-06 Mitsubishi Electric Corp 電子検印システム
WO2000036605A1 (fr) * 1998-12-11 2000-06-22 Kent Ridge Digital Labs Procede et dispositif pour generer des donnees numeriques comportant en filigrane des donnees d'authentification
JP2000324329A (ja) * 1999-05-13 2000-11-24 Nippon Telegr & Teleph Corp <Ntt> コンテンツid付与システム

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5689567A (en) * 1993-12-27 1997-11-18 Nec Corporation Electronic signature method and apparatus
US5956409A (en) * 1996-04-29 1999-09-21 Quintet, Inc. Secure application of seals
FR2778483A1 (fr) * 1998-05-07 1999-11-12 Jacques Keller Dispositif d'authentification et d'integrite d'un document par protection cryptologique
JP2000155524A (ja) * 1998-11-19 2000-06-06 Mitsubishi Electric Corp 電子検印システム
WO2000036605A1 (fr) * 1998-12-11 2000-06-22 Kent Ridge Digital Labs Procede et dispositif pour generer des donnees numeriques comportant en filigrane des donnees d'authentification
JP2000324329A (ja) * 1999-05-13 2000-11-24 Nippon Telegr & Teleph Corp <Ntt> コンテンツid付与システム

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004068824A2 (fr) * 2003-01-17 2004-08-12 The Mitre Corporation Signature vocale a lien de correspondance fort
WO2004068824A3 (fr) * 2003-01-17 2005-03-10 Mitre Corp Signature vocale a lien de correspondance fort
US7606768B2 (en) 2003-01-17 2009-10-20 The Mitre Corporation Voice signature with strong binding
EP2037383A1 (fr) * 2007-09-13 2009-03-18 Alténor Holding Procédé de validation électronique d'une transaction en réseau
WO2009071756A2 (fr) * 2007-09-13 2009-06-11 Altenor Holding Procede de validation electronique d'une transaction en reseau
WO2009071756A3 (fr) * 2007-09-13 2009-08-20 Altenor Holding Procede de validation electronique d'une transaction en reseau
EP2048867A1 (fr) * 2007-10-10 2009-04-15 Deutsche Thomson OHG Procédé et système de génération et de vérification d'un joint numérique sur un document analogue
US9053309B2 (en) 2013-03-14 2015-06-09 Applied Neural Technologies Limited Behaviometric signature authentication system and method
GB2511813A (en) * 2013-03-14 2014-09-17 Adaptive Neural Biometrics Ltd A method, apparatus and system of encoding content and an image
GB2511813B (en) * 2013-03-14 2015-10-28 Applied Neural Technologies Ltd A method, apparatus and system of encoding content and an image
US9563926B2 (en) 2013-03-14 2017-02-07 Applied Materials Technologies Limited System and method of encoding content and an image
US9741085B2 (en) 2013-03-14 2017-08-22 Artificial Intelligence Research Group Limited System and method of encoding content and an image
WO2015173001A1 (fr) * 2014-05-12 2015-11-19 Koninklijke Philips N.V. Vérification d'images capturées à l'aide d'une estampille temporelle décodée à partir d'un éclairage provenant d'une source de lumière modulée
EP3143759A1 (fr) * 2014-05-12 2017-03-22 Philips Lighting Holding B.V. Vérification d'images capturées à l'aide d'une estampille temporelle décodée à partir d'un éclairage provenant d'une source de lumière modulée
JP2017526195A (ja) * 2014-05-12 2017-09-07 フィリップス ライティング ホールディング ビー ヴィ 変調光源からの照光から復号されたタイムスタンプを使用する、捕捉された画像の検証
US10074030B2 (en) 2014-05-12 2018-09-11 Philips Lighting Holding B.V. Verification of images captured using a timestamp decoded from illumination from a modulated light source
WO2016083917A1 (fr) * 2014-11-25 2016-06-02 Trusted Information Consulting Sp. Z O.O. Dispositif d'écriture électronique, système et procédé pour sécuriser un document sous forme numérique à l'aide d'une signature manuscrite
CN112464181A (zh) * 2020-12-10 2021-03-09 国机工业互联网研究院(河南)有限公司 一种电子签章打印纸质文件防伪的方法及系统
CN112464181B (zh) * 2020-12-10 2023-04-07 国机工业互联网研究院(河南)有限公司 一种电子签章打印纸质文件防伪的方法及系统

Similar Documents

Publication Publication Date Title
US20030012374A1 (en) Electronic signing of documents
US4993068A (en) Unforgeable personal identification system
EP2648163B1 (fr) Identification biométrique personnalisée et système de non-répudiation
CN103679436B (zh) 一种基于生物信息识别的电子合同保全系统和方法
US7024562B1 (en) Method for carrying out secure digital signature and a system therefor
US6081610A (en) System and method for verifying signatures on documents
US6167518A (en) Digital signature providing non-repudiation based on biological indicia
US8285991B2 (en) Electronically signing a document
EP1175749B1 (fr) Authentification biometrique haute securite au moyen de paires cle publique/cle privee de cryptage
US7490240B2 (en) Electronically signing a document
US20020056043A1 (en) Method and apparatus for securely transmitting and authenticating biometric data over a network
EP3417392B1 (fr) Procédé, système, dispositif, et produit-programme informatique, destinés à l&#39;autorisation à distance d&#39;un utilisateur de services numériques
US20030089764A1 (en) Creating counterfeit-resistant self-authenticating documents using cryptographic and biometric techniques
US20030115475A1 (en) Biometrically enhanced digital certificates and system and method for making and using
US20080019573A1 (en) User Authentication Method Based On The Utilization Of Biometric Identification Techniques And Related Architecture
WO2003007527A2 (fr) Certificats numeriques biometriquement ameliores, systeme et procede de fabrication et d&#39;utilisation
US11444784B2 (en) System and method for generation and verification of a subject&#39;s identity based on the subject&#39;s association with an organization
EP1280098A1 (fr) Signature électronique de documents
WO2003009217A1 (fr) Signature electronique de documents
JP2000215280A (ja) 本人認証システム
CA2335532A1 (fr) Appareil et procede d&#39;authentification de bout en bout utilisant des donnees biometriques
RU2647642C1 (ru) Способ заверения документа необратимой шифрованной цифровой подписью
CN1220932C (zh) 由签署人使用传感设备签署硬拷贝文件或电子文件的方法
AU5443901A (en) Electronic signing of documents
JP2003060879A (ja) 文書の電子署名

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载