FR2854998A1 - Document authentication signature verification having digital document with signature embedded/hidden using scanner together with encrypted personal access code allowing authentication/verification - Google Patents

Abstract

The digital signature verification process has the signature embedded and hidden (4) in the document. Signature images (6) are attached to the document together with the digital version of the document (1). The signature is digitized with a scanner and personal access code embedded and encrypted. Authentication and verification of the signature can then be controlled.

Description

Patent application

  Graphic electronic signature Certification of documents

INTRODUCTION

  Technical Field of the Invention The object of this invention is to affix a graphic signature in its electronic form to authenticate dematerialized document exchanges. This process can be used for document certification, non-repudiation by the issuer as well as identification of the receiver. This invention uses the graphic signature of a person, converts it into its electronic form as a medium of information based on a mechanism of steganography, imprint or condensate and cryptography making it possible to guarantee the identification of the signatory, to render thus impossible the repudiation of the signed document and to verify the integrity of the document that is to say its non-alteration. The technique of graphic signature in electronic form is used as a medium for the transport of hidden information specific to the document (its condensate) and specific to the signatory (his personal information) and specific to the computer which 20 authenticate the signatory and which guarantee the non-repudiation of a document as well as its authenticity.

  STATE OF THE PRIOR ART Up to now most electronic signature methods 25 - Use the PKI system (Public Key Infrastructure) Public key infrastructure.

  - The signature is not visible - The signature is attached to the document and not in the document

SUMMARY

  Unlike these three aspects, the present invention - Does not use the PKI system but steganography - Makes the signature visible - This signature is in the document and not attached Steganography, used in this process, makes it possible to hide information in the image representing the graphic signature in its electronic form in such a way that the very existence of the information does not attract attention. The steganography process makes it impossible to extract information, which makes it equivalent to cryptology. By cons this process does not require a password or key to extract the information, which simplifies its use between two people because no key exchange is necessary beforehand or key management. Steganography is defined simply by a secret algorithm.

  The process which guarantees that an electronic file is authentic is its imprint. This imprint is a condensate - in English "hash" - ie a mathematical summary in the form of a matrix of figures. The calculation is made in such a way that if an item of information has been modified, its fingerprint is modified and no longer corresponds to the original fingerprint recorded when the document was created. The advantage of using this condensate is its very reduced size whatever the size of the document, which allows its integration by steganography in the graphic signature in its electronic form.

  FIG. 1 represents the signature A and verification B method. The method is based on the use of 2 tools: A signature tool, and an inlay of hidden information, used by the signatory identified by his access code.

  A verification and descaling tool used by the public recipient.

  A- The electronic signature process works as follows: 1) Creation and configuration of the tool A During the first use the signatory must digitize his graphic signature either by using a digitizer connected to an information system (scanner) , or by signing directly on a table to digitize. They are then asked to enter personal information, as well as a personal access code.

  some of this information. This access code will also be used to express the signatory's desire to use his graphic signature in its electronic form. All the information is thus steganographed in the signature, the whole being reinserted in the document itself.

  2) Affixing a signature: When the signatory wants to sign an electronic document, He will use for his writing a word processing tool, for example MSWordTm. After entering his document (1D) he will use an insertion tool (A) object of this process which will insert the digital graphic of his signature (2S) including the information described above. Then he will certify the document with his signature by entering (at the invitation) his user code 85. This certification process (3AS) adds information relating to the document itself to the signature; its name, the date of signature and its condensate. The document is saved and ready to be sent to its recipient (s).

  B- Verification of a signature by the recipient: go90 On receipt of the signed document, the recipient uses his word processing tool. He can read the document on the screen and also verify its authenticity as well as the signer's identity. Using the verification tool, the system will be able to extract certain information (10R) 95 steganographed in the signature such as the condensate produced during the certification by the signatory, and the information relating to the signatory. The condensate extracted will be compared with the condensate of the document displayed. If the two condensates are equal, the document is verified and validated, conforms to the original, otherwise it is invalid, i.e. a modification has been made after certification by the signatory (and before verification by the recipient).

Claims (4)

  1. digital method of signature and hidden inlay (4) to include in an invisible manner, in the image of the signatures attached to a document (6), coded parameters of the original document (1), characterized in that consists in: 1 digitizing 5 during the first use, by the signatory, his graphic signature using a scanner the signature remaining visually conform to the original signature. 2 enter personal information, as well as a personal access code, the information embedded in the signature being encrypted using the aforementioned signature method, this information being sufficient for later checking, thanks to a verification process , the authentication of the signatory and the integrity of the document since its signature.   2. Method according to claim 1 characterized in that the graphic signature also includes information on the act of signature (time stamp, serial number of the signed document, serial number specific to the computer used by the signatory, parameters characterizing the signatory). 20 3. Method according to claims 1 and 2 characterized in that it calculates a parameter (condensate) specific to the original document, that it encrypts and includes it invisibly in the signature for the subsequent verification of the integrity of the 25 document since its signature.   4. Method according to claims 1, 2 and 3 characterized in that it uses steganography to hide information in the signature without modifying the visual appearance thereof, this information being impossible to reconstruct without using the signature device of the signatory.