BE1024384B9 - Distributed blockchain-based method for digitally signing a PDF-based document - Google Patents

Abstract

The present invention relates to a computer-implemented method for the signed registration of a Portable Document Format (PDF) document by a user, said method comprising the following steps: (a) receiving said PDF-based document from said user ; (b) calculating a hash associated with said PDF-based document with a cryptographic hash function; (c) the preparation of a document reference taking into account said hash; (d) registering said document reference in a blockchain; characterized in that said arranging in step (c) comprises encrypting said hash using a private key belonging to a key pair associated with said user to obtain a signed hash, said key pair consisting of said private key and a public key ; that said document reference includes said signed hash; and that said document reference comprises a user identity for retrieving said public key.

Description

(30) Priority data:

(73) Holder (s):

iText Group NV 9050, GENTBRUGGE Belgium (72) Inventor (s):

LOWAGIE Bruno 9050 GENTBRUGGE Belgium (54) Distributed blockchain-based method for digitally signing a PDF-based document

100 (57) The present invention is related to a computer-implemented method for signed registration of a Portable Document Format (PDF-based) document by a user, said method comprising the following steps: (a) receiving said PDF-based document document from said user;

(b) calculating a hash associated with said PDF-based document with a cryptographic hash function; (c) drawing up a document reference taking into account said hash; (d) registering said document reference in a blockchain; characterized in that said arrangement in step (c) comprises encrypting said hash using a private key belonging to a key pair belonging to said user to obtain a signed hash, said key pair consisting of said private key and a public key ; that said document reference comprises said signed hash; and that said document reference includes a user identity for retrieving said public key

T

(a) received PDF document from user _1Q1 1 f (b) calculate hash PDF document, _. 102 1 f

tc) drawing up document reference:

-> Private key encrypted hash -> User identity for public key retrieval <«

1 (d) record document reference in blockchain 104 Ei C ^egg f -sd}

Fig. 1

BELGIAN INVENTION PATENT

FPS Economy, K.M.O., Self-employed & Energy

Publication number: 1024384 Filing number: BE2016 / 5964

Intellectual Property Office

International Classification: H04L 9/06 H04L 9/32 G06F 21/31 Date of Grant: 05/02/2018

The Minister of Economy,

Having regard to the Paris Convention of 20 March 1883 for the Protection of Industrial Property;

Having regard to the Law of March 28, 1984 on inventive patents, Article 22, for patent applications filed before September 22, 2014;

Having regard to Title 1 Invention Patents of Book XI of the Economic Law Code, Article XI.24, for patent applications filed from September 22, 2014;

Having regard to the Royal Decree of 2 December 1986 on the filing, granting and maintenance of inventive patents, Article 28;

Having regard to the application for an invention patent received by the Intellectual Property Office on 22/12/2016.

Whereas for patent applications that fall within the scope of Title 1, Book XI, of the Code of Economic Law (hereinafter WER), in accordance with Article XI.19, § 4, second paragraph, of the WER, the granted patent will be limited. to the patent claims for which the novelty search report was prepared, when the patent application is the subject of a novelty search report indicating a lack of unity of invention as referred to in paragraph 1, and when the applicant does not limit his filing and does not file a divisional application in accordance with the search report.

Decision:

Article 1. - iText Group NV, Kerkstraat 108, 9050 GENTBRUGGE Belgium;

represented by

BRANTS Johan Philippe Emile, Pauline Van Pottelsberghelaan 24, 9051, GHENT;

a Belgian invention patent with a term of 20 years, subject to payment of the annual fees as referred to in Article XI.48, § 1 of the Code of Economic Law, for:

Distributed blockchain-based method for digitally signing a PDF-based document.

INVENTOR (S):

LOWAGIE Bruno, Kerkstraat 108, 9050, GENTBRUGGE;

PRIORITY:

BREAKDOWN:

Split from basic application: Filing date of the basic application:

Article 2. - This patent is granted without prior investigation into the patentability of the invention, without warranty of the Merit of the invention, nor of the accuracy of its description and at the risk of the applicant (s).

Brussels, 05/02/2018,

With special authorization:

BE2016 / 5964

DISTRIBUTED BLOCKCHAIN-BASED METHOD FOR DIGITALLY SIGNING A PDF-BASED DOCUMENT

TECHNICAL DOMAIN

The invention relates to the technical domain of signing a PDF-based document.

STATE OF THE ART

A problem with the known methods of signing a PDF-based document is the need for a central authority to register the signature.

US 2016/0212146 describes Systems and methods that use a blockchain to record a file date and prevent manipulation, even for documents that are secret and also those stored in uncontrolled environments. These Systems and Practices do not require the trust of a timestamping authority or a document filing service. A trusted timestamping authority can be used, but even if this timestamping authority loses credibility or if a third party refuses to recognize the validity of a timestamp, an electronic document date can still be set.

A lack of a method according to US 2016/0212146 is the lack of a mechanism for retrieving the author of a document. In terms of document security, this means that the authenticity of a document cannot be determined. Related, US 2016/0212146 does not provide a provision for non-repudiation, which allows an author of a given document to deny involvement in the creation of the given document at its own discretion.

US 6,938,157 discloses a system that can process a digital representation (DF) of a document with a one-way cryptographic hash function (CHF) to a digital fingerprint (DFP) value associated with the DF. A document identification number (DID) is created, which is uniquely related to the DFP, and optional reference data (C) is associated with the DID and DFP. A DFC registration certificate that represents an optional electronic signature related to the document and that includes the DID and DFP is proclaimed and archived in a plurality of storage locations. The system can verify whether a

BE2016 / 5964 alleged document relates to the original by generating a digital fingerprint value for the alleged document, and comparing it with the DFP retrieved from several of the storage locations. Verification can confirm that the electronic signature is unchanged.

A problem with a method according to US 6,938,157 is the absence of a mechanism for irreversible signature recording. Furthermore, a concept according to US 6,938,157 is not adapted to the specific nature of PDF-based documents. US 6,938,157 also lacks provisions for authenticity and non-repudiation.

The present invention aims to solve at least some of the above-mentioned Problems.

There is a need for an improved way of signing a PDF-based document without the need for a central authority when signing and registering PDF-based documents.

SUMMARY OF THE INVENTION

In a first aspect, the invention relates to a computer-implemented method for signed registration of a Portable Document Format (PDF-based) document by a user, said method comprising the following steps:

(a) receiving said PDF-based document from said user;

(b) calculating a hash associated with said PDF-based document with a cryptographic hash function;

(c) drawing up a document reference taking into account said hash;

(d) registering said document reference in a blockchain;

characterized in that said arrangement in step (c) comprises encrypting said hash using a private key belonging to a key pair belonging to said user to obtain a signed hash, said key pair consisting of said private key and a public key ; that said document reference comprises said signed hash; and that said document reference includes a user identity for retrieving said public key.

BE2016 / 5964

A first advantage of such a method is the decentralized nature of both signing and registering the PDF-based document. The document reference can be considered as a form of decentralized electronic signature. This enables an integrally decentralized working method for capturing content, author and time associated with a PDF-based document. The present invention bases itself here on a blockchain, a technology of proven utility that allows irreversible, irrefutable and distributed capture of credentials, and it is inherent in the operation of the blockchain that this distributed capture is also provided with an unadjustable and irrefutable timestamp. This is in contrast to a prior art method, in which at least one of these aspects is either not treated or a centralized model is treated.

Specifically, this method makes it possible to integrally decentralize a method for capturing content, author and time associated with a PDF-based document, in the following manner.

- The content capture involves the application of a cryptographic hash function, to obtain a hash, in this context the original hash. For a recipient of the document, this makes it possible to determine the integrity of the document by recalculating a second hash of the received document and comparing it with the original hash available to him or her. In this way, the use of the hash supports the provision of a mechanism for checking integrity. In a preferred embodiment, the original hash is calculated for the entire document, including the document ID pair if any. In an alternative embodiment, the original hash is calculated for only part of the document. In yet an alternative embodiment, the document ID pair is captured only after the hash calculation, and the hash is calculated for the entire document excluding the document ID pair.

- Capturing an author of the document involves the application of Public Key Infrastructure (PKI). Because the author encrypts the said hash with his private key, a recipient of the encrypted hash can use the public key that is also available to verify that no one other than the author in question has encrypted the given hash, which is important in achieving authentication and non-repudiation.

- Recording a time and registering the link between document and author is done using the blockchain. A document becomes concrete 4

BE2016 / 5964 reference registered in the blockchain. The document reference includes at least the combination of the encrypted hash and the user identity. In this way, the document reference establishes a unique link between the document and the author. Since it is inherent in the operation of a blockchain that this document reference is also immediately provided with a timestamp, the time has also been set upon registration.

The linked use of the hash, key pair and blockchain addresses the need for an integrated mechanism for integrity, authenticity and nonrepudiation that is also decentralized.

There are provisions for authenticity. For example, if an opponent other than the author claims to be the author of the document in question, the user may refer to a registered document reference to demonstrate that he already owned this document at the time specified in the blockchain. In addition, if the opponent submits his own registered document reference for the same document, then the times stated in the blockchain must be compared to determine who first registered the document.

There are provisions for non-repudiation. If a user claims not to be the source of a given document, then this assertion can be at least partially rebutted if a document reference is present in the blockchain stating the user's user identity. In such a case, the document is confidently signed with the user's private key, which should not be known to anyone other than the user.

Integrity is also provided in this way, because a recipient of the document can verify that the hash and related document come from the author with certainty. For this reason, the hash can therefore serve as a full-fledged tool for verifying the integrity of the received document.

Note that it is not important whether the content of the document is confidential or publicly accessible, since no portions of the actual document are registered in the blockchain in the method.

A further advantage of the method of the present invention is that there is no need for a Timestamp Authority (TSA) to supervise the allocation of timestamps, which is typically the case with a prior art method. The use of such a TSA is therefore unnecessarily complex. There is also related to this

BE2016 / 5964 no need for a Certificate Authority (CA) that supervises authorship. The use of such a CA is also unnecessarily complex.

A further advantage is that it is avoided that the electronic signature is sent with the document. Such a common way of working has the important drawback that a user cannot check whether he is the only one who signs documents with his / her private key, so that the possible theft of a private key sometimes only comes to light very late. On the other hand, a method according to the present invention allows a user to perform a search for their own public key on the blockchain, thereby finding out whether documents have been registered that the user has no knowledge of. If the latter proves to be the case, the user can take immediate action, which greatly reduces the chance of further problems.

Another advantage of the current invention is that the blockchain realizes a user-friendly and transparent inventory of documents in this way. First of all, a simple search for documents from a particular user can immediately provide a complete list of references to anyone who has access to the blockchain. This may also allow to identify any duplicated document references, i.e. documents signed more than once. Furthermore, in an embodiment in which the unencrypted (or, equivalent, unsigned) hash is included in the document reference, it is also very easy to perform a search on this hash in order to find out whether the document is registered, and whether there are no Problems with it, such as in the case that there are multiple references in the blockchain with mutually different authors. The same benefit can also be achieved by using a unique documentID pair as explained in this document. Note that such a search is also possible in an embodiment with a document reference without document ID pair or unsigned hash, where (in addition to the user identity) only the signed hash is included in the document reference. In such a case, one can propose a system according to the present invention which pre-calculates the unsigned hash for the relevant document references using the public key, which can be retrieved via the user identity. For example, such a system would calculate the unencrypted hash for each new document as it becomes available from the encrypted hash.

Another advantage of the present invention is that document credentials are available together, so that anyone accessing the blockchain can see details about the type of hash function used and / or PKI encryption and / or technique for

BE2016 / 5964 signature. If a particular technique becomes known that it is no longer considered reliable, large groups of users may be informed immediately and, by extension, encouraged to renew the signing of their existing documents using a replacement, more secure Technic. It is also easy to check whether this innovation is actually happening. Such a large-scale problem identification is inconceivable in a case where electronic signatures are sent with the actual document.

In a second aspect, the invention relates to a system for the signed registration of a PDF-based document, said system comprising a plurality of interconnected devices, each of the devices comprising a processor, tangible non-volatile memory, instructions on said memory for the controlling said processor, a client application, the client application being configured for each device to perform a method according to the present invention, wherein the user identity for retrieving the public key is linked one-to-one to the client application.

The advantage of such a system is that a more controllable environment can be created, which allows for quick action in various situations, such as the case of a compromised HSM.

In a third aspect, the invention relates to a use of the method according to the present invention in a system according to the present invention.

In a fourth aspect, the invention pertains to a computer program product for performing a computer-implemented method for signed registration of a PDF-based document according to the present invention, said computer program product comprising at least one readable medium on which computer readable program code portions are stored, which program code portions include instructions for performing said method.

Further preferred embodiments of the present invention are described in the detailed description and the claims.

DESCRIPTION OF THE FIGURES

Figure 1 illustrates an exemplary embodiment of a method according to the present invention.

BE2016 / 5964

DETAILED DESCRIPTION

The invention relates to a PDF-based document, being a digital file based on the Portable Document Format file format. The PDF-based document category includes all PDF documents, as well as all other files that contain portions of code related to the PDF standard. What follows is a non-exhaustive list of examples. A first example of a PDF-based document is a PDF document. A second example is a PDF portfolio, a container format that is suitable for containing multiple PDF documents and related data. A third example is an XFA (XML Forms Architecture) file, a markup language where a dynamic form is formatted in extensible Markup Language (XML), but the XML code is compressed and stored in a PDF file. Such an XFA file can be processed by PDF processors that support the XFA specification. A fourth example is a successor or variant of the current PDF file format, the purpose of which is similar to that of the current PDF file format.

In the context of this document, a user provides signing and registration, also known as the signed registration of this PDF-based document. The author of the document is the person or entity who wrote the document and / or to whom the document belongs. In this context, it is always assumed that the user and the author are in direct connection. It should be understood that this involves a multitude of embodiments of the present invention, and that the user may be, for example, a person who cooperates with the author and makes the registered signature on behalf of the author, but is not the owner of the document. It may also be the case, for example, that the author is not an individual but a company, for example, where the user is, for example, an individual employee of the company, who is also different from the person who wrote the document.

In this document, the term hash refers to a second bit string obtained by allowing a cryptographic hash function to act on a PDF based document, being a first bit string. The concepts of hash function and hashing algorithm are equivalent. To make sense, this hash function needs to convert the long first bit string into a (much) shorter second bit string. Furthermore, the chance that the hash already appears as hash of another PDF-based document must be very small, so that the hash can count as a workable form of unique fingerprint of the document. This fingerprint is usually referred to as the message digest. Also, it must be impossible to reconstruct from the obtained hash portions of the original document, i.e. the hash function must be one-way. In

BE2016 / 5964 is a preferred embodiment, therefore, the cryptographic hash function fulfills all these criteria, such as an algorithm belonging to the family of Secure-HashAlgorithms (SHA), such as, for example, SHA-256. It should be noted that the possibility of a non-unique hash cannot theoretically be excluded; when two documents correspond to the same hash after separate application of the same hash function, this is called a hash collision. In a preferred embodiment of the present invention, the invention includes features to take this possibility into account, for example, by using a complementary hash and / or using a document ID pair.

In this document, the terms public key and private key refer to aspects of Public Key Infrastructure (PKI). PKI is used to record the identity of a person or organization. PKI involves the use of a key pair comprising two keys:

- a private key that must be kept secret by the owner of the private key. Typically, this private key is stored on a Hardware Security Module (HSM) and / or smart card and / or USB token and / or similar device from which it cannot be traced;

- a public key that can be shared with the world, and includes information about the owner.

The private key can never be retrieved from the public key, but they are a pair in the sense that a message encrypted with one key can only be decrypted using the other key. In the context of this document, such a key pair is used to sign a hash. By signing the hash with the private key, it is possible for a recipient of the encrypted hash to retrieve the original hash, using the public key, which in a method according to the present invention can be retrieved based on the users, for example -identity. If this decryption is successful, then none other than the owner of the private key can have the hash encrypted. In this way, the recipient is sure of the origin of the encrypted hash.

In the context of this document, the terms document reference, document signature and file signature are interchangeable. The terms file and document are also interchangeable.

In this document, the term blockchain refers to a distributed database that maintains a continuously growing list of registrations in blocks, which are irrefutable

BE2016 / 5964 are recorded, kept and cannot be modified. In the context of this document, registrations are document references; in the known case of bitcoin, the registrations concern, for example, transactions. The database is stored and maintained at a variety of nodes, each of which separately participates in the calculations required when growing the list of registrations. Inherent in the design of the blockchain is that none of the nodes make adjustments to the existing list of registrations, and that each of the registrations has a time or timestamp associated with the recording. Strictly speaking, these modifications are possible, but only on the condition that a majority of the computing power represented in the nodes conspires, which becomes more unlikely as the blockchain is larger and has more users. Due to its advantageous properties, a blockchain can serve as a distributed ledger or distributed ledger.

Throughout this document, the term web-of-trust refers to a decentralized cryptographic model and related distributed system for reliably relating a public key to a user, and by extension, considering a user identity to be reliable. In an embodiment of a web of trust according to the present invention, a given user identity is reliable if a sufficient number of user identities already belonging to the web of trust consider the given user identity to be reliable. The said number can be considered sufficiently large if it exceeds a predetermined number.

One, de and the in this document refer to both the singular and the plural unless the context clearly assumes otherwise. For example, a blockchain means one or more than one blockchain.

An exemplary embodiment of a method according to the present invention is shown in Figure 1. It concerns a computer-implemented method 100 for the signed registration of a PDF-based document by a user, said method comprising the following steps:

(a) receiving 101 of said PDF-based document from said user;

(b) calculating 102 a hash associated with said PDF-based document with a cryptographic hash function;

(c) drawing up a document reference taking into account said hash;

BE2016 / 5964 (d) registering 104 said document reference in a blockchain;

characterized in that said arrangement in step (c) comprises encrypting said hash using a private key belonging to a key pair belonging to said user in order to obtain a signed hash, said key pair consisting of said private key and a public key; that said document reference comprises said signed hash; and that said document reference includes a user identity for retrieving said public key.

In a method of the present invention, the document reference includes a user identity for retrieving the public key associated with the user. In a preferred embodiment, the user identity includes the actual public key. In an alternative embodiment, the user identity only includes a key-related reference that allows a recipient to associate a user identity with the public key. For example, the user identity could include a user identification number, which is linked to one or more via a related aspect of the invention, for example with the aid of a web-of-trust and / or a second blockchain or the very same said blockchain. multiple public keys including said public key.

In a further preferred embodiment, said blockchain is publicly accessible. This has the additional advantage of increased transparency. It allows users to make publicly available the list of documents signed by the user within the secure context of the present invention. It provides a useful tool for recipients and consumers of documents to verify the integrity, authenticity and non-repudiation of a given document, without restrictions on access to the blockchain.

In a further preferred embodiment, the document reference comprises said hash as obtained in step (b), i.e. the unencrypted hash. This has the advantage that searches of a document can be done in a very simple manner, without having to know the author of the document and its public key.

In a further preferred embodiment, said registration takes place in step (d) provided that said user identity belongs to a plurality of user identities registered in a web-of-trust. This has the advantage that document references in the blockchain already meet a certain quality characteristic when recorded. This preferred embodiment preferably involves the use of a blockchain adapted for PDF-based signing

BE2016 / 5964 documenter !, rather than a blockchain that is already used for another purpose such as the bitcoin blockchain.

In a further preferred embodiment, said web-of-trust is at least partially registered in said blockchain. The advantage of such an implementation is that no separate model has to be used for the web-of-trust, which benefits simplicity. Moreover, the web-of-trust thus enjoys the known benefits of the blockchain, which allows irreversible, irrefutable and distributed capture of the user identity-related data, including timestamping.

In a further preferred embodiment, step (b) comprises determining a document ID pair, said hash computing being done for a modified version of said PDF based document including said document ID pair and the PDF based document received in step (a), said document ID pair comprising a first document ID and a second document ID, said first document ID being determined taking into account a document ID pair of an earlier version of said PDF-based document if existing, and wherein said second document ID is determined at least such that both said document ID pair on the one hand and said hash on the other are each unique to the blockchain, and said document reference established in step (c) document ID pair. In a preferred embodiment said unique the following sub-steps have been realized, all belonging to step (b):

(bi) selecting a second document ID such that the document ID pair is unique from the blockchain;

(b.ii) calculating the hash associated with a modified version of said PDF-based document comprising the PDF-based document received in step (a) and the document ID pair resulting from sub-step (b.i);

(b.iii) determining whether the hash obtained in step (b.ii) is unique and if so, ending step (b), if not retaking from step (b.i).

Such an embodiment has important additional advantages. First of all, checking the uniqueness prevents the Problems of a possible hash collision. At least as important, however, is the ability for a user to create a 'family' of documents, where the first version of a document is associated with one or more more recent versions of the same document, in that they share the same first document ID. This has the advantage that the blockchain can be even more useful for a user or one

BE2016 / 5964 recipient when looking up details related to a document. In a preferred embodiment, the document ID pair may be selected to match existing notations for document ID pairs for aspects of notation such as length and allowed characters. In an alternative embodiment, the first document ID can then again be chosen equal to the hash associated with an earlier version of the document in question, whether or not in combination with parts of a user identity, and / or the second document- ID should be chosen equal to the new hash associated with the document in question. This offers advantages to traceability of documents. This preferred embodiment also preferably involves the use of a blockchain specifically adapted for signing PDF-based documents.

In a related alternative embodiment, step (b) does not include step (c) determining a document ID pair belonging to said document reference, said document ID pair having a first document ID and a second document ID wherein said first document ID is determined taking into account said hash and / or a hash of an earlier version of said PDF-based document if existing, and said second document ID is determined at least such that said document ID- pair is unique from the blockchain. This embodiment leads to advantages similar to the aforementioned where the document ID pair is determined in step (b), except that in this embodiment it is possible that the hash obtained is not unique from the blockchain, and thus a hash collision occurs. However, the document ID pair is always unique, which can prevent the hash collision issues by not considering the hash but the document ID pair as a unique attribute.

In a further preferred embodiment, said private key is stored on a hardware security module (HSM) and / or smart card and / or USB token and / or similar device. This reduces the risk of theft of the private key.

In a further preferred embodiment, a replacement of said key pair belonging to said user by a new key pair belonging to the same said user comprises a registration on said web-of-trust. This has the advantage that said web-of-trust can hold the documents of the same user together under the same user identity, with greater simplicity as a result.

In a further preferred embodiment, said blockchain overlaps at least partially with the technology of the bitcoin blockchain. This has the advantage that it is possible to build on an existing system. Due to the nature of the blockchain, in which data can be unlawfully modified as a majority of the

BE2016 / 5964 computing power represented in the nodes conspirates, it can be advantageous to use such a large blockchain as the bitcoin blockchain. After all, in a large blockchain it is very unlikely that a majority of the computing power will be taken over by an attacker.

In a further preferred embodiment, said cryptographic hash function belongs to the family of Secure-Hash-Algorithms (SHA), such as, for example, SHA-256. The advantage of this algorithm is that it has been tested and that efficient algorithms are available to perform hashing.

In a further preferred embodiment, said document reference comprises a complementary hash different from said hash obtained in step (b) and different from said signed hash. In a possible embodiment, said supplemental hash can be utilized to prevent any hash collision problems by using not only the hash obtained in step (b) but the combination of this hash with the complementary hash as a unique identifier.

In a preferred embodiment, said hash is unique from the blockchain. However, problems with the uniqueness of said hash, such as with a hash collision, can easily be avoided. One possibility is to use said document ID pair. Another possibility is to include in the document reference, in addition to the result of the hash function, a further attribute of the registration as a form of supplementary hash. In a preferred embodiment, such a complementary hash includes a timestamp related to the current or previous registration, preferably the first registration of the file in the blockchain. In a further preferred embodiment, the complementary hash includes data related to any other feature of the current or previous record, such as a user identity. It should also be noted that even an embodiment is possible in which the identification string consists only of the hash of the document and in which no checks are made of the hash's uniqueness. After all, when using a sufficiently advanced hash function such as SHA-256, the chance of hash collision is negligibly small. If such a collision should occur exceptionally, this hash collision is easily detectable by looking up the blockchain.

In an alternative embodiment, there is provided both a (default) hash and a complementary hash, wherein the hash is linked to a (default) hash function, and the supplemental hash is linked to a complementary hash function

BE2016 / 5964 different from said (default) hash function. Both hash functions are executed on the file, thus leading to two different hashes, which are included in the identification string. The advantage of such a method is that it guarantees security if one of the two hash functions is compromised. For example, if the (default) hash function has been compromised since a signature, it may be possible to make changes to the document without changing the corresponding (default) hash. This is problematic because there may be disagreement as to which of the two documents has been signed in the past, the original document or the modified document. By providing a complementary hash function, this problem is prevented. As long as that supplemental hash function is not compromised, it will supply a different supplemental hash with the modified document as with the original document. In this way, the adjustment in the document can still be detected and the disagreement resolved.

In a further preferred embodiment of a system according to the present invention, at least one of said plurality of devices comprises a hardware security module and / or smart card and / or USB token and / or similar device. This has the advantage that the risk of theft of the private key is limited.

In a further preferred embodiment of a system according to the present invention, the compromise of a user identity linked to a client application leads to the removal of said compromised user identity from said plurality of user identities registered in said web-of-trust. This leads to a greater clarity of said web-of-trust.

In addition, the present invention is described by way of a non-limiting example, which aims to illustrate the invention in a particular embodiment.

EXAMPLE: decentralized working method and decentralized system

This example assumes a system according to the present invention. This system includes several of said devices, here called SYSTEM entities, which are interconnected via a network such as the Internet. Each SYSTEM entity includes a CLIENT clause and an HSM. The CLIENT component corresponds to said client application and may, for example, be built into a document management system present on the SYSTEM entity and / or a web browser present on the SYSTEM entity. The user identity, here called IDENTITY specification, is used to identify the person or company who owns the CLIENT component, the HSM and the

BE2016 / 5964

SYSTEM entity. The said web-of-trust includes every IDENTITY specification. A new IDENTITY specification will only be trusted if it logs into the web-of-trust and is approved by a sufficient number of other IDENTITY specifications available on the web-of-trust, as companies know and trust each other. The web-of-trust is used, for example, if an HSM needs to be replaced or if the key pair on the HSM has expired, or because the encryption algorithm used in conjunction with the key pair needs to be updated.

Each CLIENT component maintains a copy of the BLOCKCHAIN database consisting of blocks, corresponding to said blockchain. Each block in the BLOCKCHAIN database includes a list of said document ID pairs, said signed hashes of the PDF based documents, and user information contained in the user identity. The BLOCKCHAIN database itself is public, and does not provide access to the content of documents. For the possible distribution of documents, the decision lies entirely with the SYSTEM entity. The signed hash is hereby called SIGNATURE, and is registered in the BLOCKCHAIN database in combination with the document ID pair and IDENTITY specification. Here, the combination of SIGNATURE, document ID pair and IDENTITY specification corresponds to said document reference.

Thanks to this particular combination of aspects in this embodiment, the presence of the combination of Document ID pair, SIGNATURE and IDENTITY specification is a unique and irrevocable proof of the existence of said document at the time of registration. In a preferred embodiment, the corresponding system includes features that prohibit registrations from happening in the BLOCKCHAIN database with an IDENTITY specification known to be compromised.

It is believed that the present invention is not limited to the embodiments described above and that some modifications or changes to the examples described can be added without revaluing the added conclusions. For example, the present invention has been described with reference to a separate blockchain intended for signed registration of PDF-based documents, but it is clear that the invention can be applied with a blockchain that also has a different use, such as, for example, the bitcoin blockchain. The file format is also referred to as PDF, but it may actually be a different file format. For example, it may be a word processing or text rendering format, but it may also be an image (either pixel-based or vector-based), a media file such as a sound clip, or

BE2016 / 5964 a film fragment, a JSON file (JavaScript Object Notation), or a specialized file format such as a computer aided design (CAD) file.

BE2016 / 5964

Claims (16)

CONCLUSIONS 1. Computer-implemented method for signed registration of a Portable Document Format (PDF-based) document by a user, said method comprising the following steps: (a) receiving said PDF-based document from said user; (b) calculating a hash associated with said PDF-based document with a cryptographic hash function; (c) drawing up a document reference taking into account said hash; (d) registering said document reference in a blockchain; characterized in that said arrangement in step (c) comprises encrypting said hash using a private key belonging to a key pair belonging to said user to obtain a signed hash, said key pair consisting of said private key and a public key ; that said document reference comprises said signed hash; said document reference comprises a user identity for retrieving said public key; wherein step (b) comprises determining a document ID pair, said hash computing being performed for a modified version of said PDF based document comprising said document ID pair and the PDF based document received in step ( a), said document ID pair comprising a first document ID and a second document ID, said first document ID being determined taking into account a document ID pair of an earlier version of said PDF-based document if existing, wherein said second document ID is determined at least such that both said document ID pair on the one hand and said hash on the other are each unique with respect to the blockchain, said document reference established in step (c) said document ID pair includes; and wherein said step (b) comprises the following sub-steps (b.i) - (biii): (bi) selecting a second document ID such that the document ID pair is unique from the blockchain; BE2016 / 5964 (b.ii) calculating the hash associated with a modified version of said PDF-based document comprising the PDF-based document received in step (a) and the document ID pair resulting from sub-step (b.i); (b.iii) determining whether the hash obtained in step (b.ii) is unique and if so, ending step (b), if not retaking from step (b.i). The method according to previous claim 1, characterized in that said blockchain is publicly accessible. The method according to previous claims 1 and 2, characterized in that said document reference comprises said non-encrypted hash as obtained in step (b). The method according to any of the preceding claims 1 to 3, characterized in that said registering in step (d) is done on condition that said user identity belongs to a plurality of user identities registered in a web-of-trust. The method according to preceding claim 4, characterized in that said web-of-trust is at least partially registered in said blockchain. The method according to any of the preceding claims 1 to 5, characterized in that step (c) comprises determining a document ID pair belonging to said document reference, said document ID pair comprising a first document ID and a second document ID, said first document ID being determined taking into account said hash and / or a hash of an earlier version of said PDF-based document if existing, and said second document ID being determined at least as said document ID pair is unique from the blockchain. The method according to any of the preceding claims 1 to 6, characterized in that said private key is stored on a hardware security module (HSM) and / or smart card and / or USB token. The method according to any of the preceding claims 4 to 7, characterized in that a replacement of said key pair belonging to said user by a new key pair belonging to said same user comprises a registration on said web-of-trust. BE2016 / 5964 The method according to any of the preceding claims 1 to 8, characterized in that said blockchain overlaps at least partially with the technology of the bitcoin blockchain. The method according to any of the preceding claims 1 to 9, characterized in that said cryptographic hash function belongs to the family of Secure-Hash-Algorithms (SHA). The method according to any of the preceding claims 1 to 10, characterized in that said document reference comprises a complementary hash different from said hash as obtained in step (b) and different from said signed hash. A system for signed registration of a PDF-based document by a plurality of users, said system comprising a plurality of interconnected devices, each of the devices comprising a processor, tangible non-volatile memory, instructions on said memory for the controlling said processor, a client application, wherein for each device the client application is configured to perform a method according to claims 1 to 11 above, wherein a user identity for retrieving a public key for at least one of the users are linked one-to-one to the client application on the device belonging to said user. The system according to claim 12, characterized in that at least one of said plurality of devices comprises a hardware security module and / or smart card and / or USB token. The system according to any of the preceding claims 12 and 13, characterized in that a document reference is registered in a blockchain provided that said user identity belongs to a plurality of user identities registered in a web or -trust; and that being compromised of the user identity associated with the client application leads to the removal of said compromised user identity from said plurality of user identities registered in said web of trust. Use of the method according to claims 1 to 11 in the system according to claims 12 to 14. BE2016 / 5964 A computer program product for performing a computer-implemented method for signing a PDF-based document signed according to any of the preceding claims 1 to 11, said computer program product comprising at least one readable medium 5 on which computer-readable program code portions are stored, which program code portions comprise instructions for carrying out said method. BE2016 / 5964 100