GB2449415A - Authorisation of signatures on documents - Google Patents

Authorisation of signatures on documents Download PDF

Info

Publication number
GB2449415A
GB2449415A GB0708839A GB0708839A GB2449415A GB 2449415 A GB2449415 A GB 2449415A GB 0708839 A GB0708839 A GB 0708839A GB 0708839 A GB0708839 A GB 0708839A GB 2449415 A GB2449415 A GB 2449415A
Authority
GB
United Kingdom
Prior art keywords
document
signature
authenticator
token
signatory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0708839A
Other versions
GB0708839D0 (en
Inventor
Marcus Maxwell Lawson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
First Ondemand Ltd
Original Assignee
First Ondemand Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by First Ondemand Ltd filed Critical First Ondemand Ltd
Priority to GB0708839A priority Critical patent/GB2449415A/en
Publication of GB0708839D0 publication Critical patent/GB0708839D0/en
Priority to PCT/GB2008/001588 priority patent/WO2008135768A2/en
Publication of GB2449415A publication Critical patent/GB2449415A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B42BOOKBINDING; ALBUMS; FILES; SPECIAL PRINTED MATTER
    • B42DBOOKS; BOOK COVERS; LOOSE LEAVES; PRINTED MATTER CHARACTERISED BY IDENTIFICATION OR SECURITY FEATURES; PRINTED MATTER OF SPECIAL FORMAT OR STYLE NOT OTHERWISE PROVIDED FOR; DEVICES FOR USE THEREWITH AND NOT OTHERWISE PROVIDED FOR; MOVABLE-STRIP WRITING OR READING APPARATUS
    • B42D15/00Printed matter of special format or style not otherwise provided for
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/08Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means
    • G06K19/10Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/042Payment circuits characterized in that the payment protocol involves at least one cheque
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • G07C9/00071
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/122Online card verification

Abstract

Secure signature tokens are provided by an authenticator such as a bank to a document generator such as a customer. The secure signature token is applied to a document such as a cheque. Authorised signatories supply biometric data to the authenticator which is stored at the authenticator. To obtain a secure signature token the signatory accesses the authenticator with a signature request by providing biometric data. This data is compared to the stored data and access is granted if it matches. A single secure signature token may be provided for each request, or a batch of tokens may be provided. Tokens may be provided only on supply of biometric data from two or more authorised signatories. Tokens may be applied to documents such as cheques encoded in a glyph. When the cheque is presented for payment the token is decoded from the glyph and compared with a stored version to authenticate the cheque.

Description

Authorisation of Signatures on Documents This invention relates to the
authentication and authorisation of signatures applied to documents. It is particularly concerned with signatures applied to cheques but is also applicable to signatures applied to other financial or fiduciary documents, including but not limited to monetary papers, visas and passports, which may be in physical or electronic form, where the signature is an indication of the validity of the document and may need to be authenticated.
The verification and authentication of information appearing on cheques is well documented in the art. For example, WO 01/41082 (Al Amn) discloses the use of a magnetic strip or chip which can store information about the cheque. On presentation of the cheque this stored information can be read to verify the cheque with the stored data. This approach increases security and lends itself to automation of the cheque clearing process.
A similar approach is taken in WO 97/24694 (Visa) in which a magnetic strip carries an encoded identifier of a travellers' cheque and an equivalent object is stored on a central database. When the cheque is cashed the magnetic strip is read and the unique identifying code is verified against that stored in the central database.
US-A-5,491,325 (Huang) discloses a system in which a bar code is applied to a cheque or other payment document and serves as an index to a corresponding data file which can be communicated to a drawee bank so that the bank has prior knowledge of information relating to the cheque.
This can be used to verify the authenticity of the cheque and the amount of the funds permitted. Once the cheque has been honoured, the corresponding data file is updated to show that the cheque is no longer live.
I
Various other approaches to cheque authentication are described in the art. For example, in US-A-6,61 1,596 (Unisys Corp) and GB-A-2,40,6690 (Neopost Industrie S.A). Many of these prior documents disclose encoding cheque related information which is stored in a glyph such as a bar code applied to the cheque and from which the information can be retrieved for verification and authentication.
One known cheque security mechanism for cheques is known as Positive Pay'. Positive Pay is used by many banks around the world and is an automated fraud detection tool offered by the credit management department of most banks. It exists in a number of forms, but in its simplest form matches account number, cheque number and amount of each cheque presented for payment against a list previously authonsed and issued by a company. If all three components of the cheque do not match exactly, the cheque is not authorised.
When a cheque is presented that does not have a match in the file, an exception is raised. Once an exception is raised the bank will follow a variety of actions depending on its rules and policies; for example the bank notifies the client, which may be by sending an image of the exception item. The client reviews the image and instructs the bank to pay or return the cheque as a result of its own scrutiny of the cheque.
Positive Pay is an effective way of combating fraud but is not foolproof.
Typically, Positive Pay systems identify high value cheques, which may then be checked further manually. This may involve comparing the signature on the cheque with specimen signatures. This is a process that is difficult to automate as any medium sized company will have a large number of people who can sign cheques on behalf of the company and so a large number of signatures must be compared. Indeed the resources including processing resources, required to compare signatures automatically typically exceed the resources required by the rest of the Positive Pay system. Usually, in the UK banking system, cheques clear
S
over a three-day period. The Positive Pay system generaHy works during the second of those three days, which gives limited time to check errors revealed by the checking system.
Thus, while Positive Pay systems can, in theory, handle signature checking, it is a time consuming and expensive process. As a result, Positive Pay systems tend not to check signatures so reducing the reliability of the authentication process.
Signature checking of cheques presents a number of difficulties, partly because an individual's signature is not identical every time, so that any signature authentication process is necessarily subjective and cannot produce an absolute guarantee that the signature is authentic. In addition, a signature created with a writing instrument or with a rubber stamp can easily be copied or forged. Modern duplication methods make signature replication easy. Thus, regardless of the type of authentication that is carried out based on the visual appearance of the signature there can be no guarantee that the signature is genuine. As a result, a conventional signature is only used as one of a number of methods of risk mitigation.
The present invention aims to address the problem of signature authorisation and authentication on documents. One aspect of the invention replaces a physical signature with an electronically generated signature, which is issued to an authorised user on request and following authentication of the user. In one embodiment of the invention, this electronic signature is issued as a secure signature token.
The invention is defined by the independent claims to which reference should be made.
The invention provides secure signature tokens, which are generated by an authenticator in response to a request from an authorised signatory.
The tokens are applied to the document to be signed and can be validated
S
by the authenticator to authenticate the document. Authorised signatories supply biometric data in advance to the authentication that is stored. A request for a signature is accompanied by biometric data such as a fingerprint, iris or facial scan which is compared with the stored data and a signature token is provided only if the data with the request matches the stored data.
The secure signature token may be encoded in a glyph and appiled to the document by any convenient manner including printing or laser etching. It may be applied directly or on a substrate such as a label or hologram, which can be securely fixed to the document. A label or hologram may additionally include other tamper-evident features.
A secondary mark or token embodying anticopying technology may be used in conjunction with the secure signature token.
In one embodiment of the invention, the document is a cheque and the secure signature token is accompanied by positive pay data or other document specific data. This data may be encoded within the same glyph as the secure signature token or applied separately to the document, for example encoded within a separate glyph.
The secure signature token may be combined with a physical signature wherein, on authentication of the token, the physical signature is compared with a stored record of the physical signature of the signatory to whom the token relates. This is advantageous as comparison with only a single signature is required rather than all authorised signatories for a company. This makes comparison of physical signatures economically viable.
Security may be increased by the use of a PIN mechanism with the secure signature token. The token may have a Personal Identification Number or similar functioning representation assigned to it which can perform different roles in or as part of the authentication process.
Security may also be increased by cryptographically signing the token with a private key enabling the token only to be read by parties to whom the corresponding public key has been distributed.
Embodiments of the invention will now be described, by way of example only, and with reference to the accompanying drawings in which: Figure 1 is a schematic illustration of a system embodying the invention; and Figure 2 is a flow chart illustrating steps in generation and application of an electronic signature.
The embodiment of the invention to be described replaces a conventional physical signature with an electronic signature that is provided to a trusted party by an authenticator on authentication of that party to the authenticator. The electronically generated signature may be provided as a secure signature token which may then be applied to a document encoded within a glyph or in some other manner. The token may be secured using a private key methodology and the corresponding public key distributed to authorised recipients. The public key can be used to identify the holder of the private key establishing a direct relationship of the party that created the Secure Signature Token. Public/private key encryption is, of course, well known in the art.
In the following description, the document to which the signature, electronic or physical, is applied is a cheque (or check). However, the invention is not limited to cheques and is applicable to the authentication of a signature applied to any document and particularly any monetary paper or identification document.
The system is illustrated broadly in Figure 1. A bank 10 has a number of corporate customers 20a to 20n. The bank hosts a signature generation and provision service that is provided to its trusted customers. Rather than the signature being generated, physically or electronically, by the customer, who is the party issuing the cheque, signatures are generated electronically by the bank and distributed to authorised persons of the customer securely once the authorised person has authenticated themselves to the bank. Thus, the bank is both the generator of the signatures and the authenticator at the cheque clearing process. The signatures so generated are also stored at the bank, which is the authenticator, for comparison with signature tokens retrieved from cheques presented for clearing. The electronic signature token may replace a physical signature on the document or may be placed on the document in addition to the physical signature. In the latter case, authentication of the physical signature is much quicker as the authenticator knows the identity of the signor from the signature token.
Thus a signature recognition system need only to compare the physical signature against a single stored signature unlike the presently available systems which require a physical signature to be stored against all authorised signatories for a party.
This approach enables the provision of authenticable single use signatures for printed or electronic documents.
As the signatures are provided by the same party as clears the cheque, the problems of signature verification discussed above are greatly alleviated.
In the embodiment illustrated, the holder of the authentication service is the corporate customer of the bank. Data that can be authenticated is sent from a customer server 30a to 30n to a database and server 40 held at the bank. This database may hold not only signature information but other data relating to transactions such as positive pay information in the case of cheques, as will be discussed.
It will be appreciated that security is of great importance in any authentication system and, at both the customers and the bank, the servers and other hardware, and the applications they run, are maintained in a secure environment in an access controlled location. AU communications between customer and bank servers is via a suitable secure web service or a virtual private network. In a preferred embodiment suitable human resources (HR) and ID management policies and systems ensure only approved and trusted personnel become registered authorised users and signatories of the SST system. Policies and system administration tools are put into place to allow for changes of status for all individuals using the system.
The database 40 is a master database which also records all SST generation and authentication lifecycle events such as the identification of the authenticator, the time of authentication and the results of authentication.
The configuration shown in Figure 1 permits authentication only by the bank, as the party issuing the single use secure signature token (SST). In an alternative embodiment, other trusted parties may be able to authenticate signatures as part of the process through which the document passes. Thus, authentication may take place between the two principal parties. Each party may be assigned different permissions to activate a particular action or further event such as a change in status of the cheque, for example authorisation for the cheque to be paid.
As well as corporate customers, the service may be provided more broadly enabling users to log in and request generation of a secure signature token (SST) for use on a document, subject to satisfying the issuing authority, such as the bank, of their identification.
As mentioned, the SST is generated as a single use signature by the bank and communicated via the secure server to the user, upon successful authentication of the user to the bank. Once received, the SST may be applied to the cheque or other document. One way of applying the 881 is to encode it into a glyph which is then applied to the cheque. An example of a suitable glyph is a 20 barcode such as a data matrix. The glyph may be printed on the document or applied to a secondary substrate such as a label with a non-removable or tamper evident seal. Alternatively, the glyph maybe applied by one of a number of known marking processes such as, but not limited to, laser etching. The use of glyphs to carry data relating to the document to which they are applied is well known in the art.
It will be appreciated that the glyph is applied at a location remote from the generation of the SST it encodes. It is therefore important to ensure that the glyph is applied to the correct document and not fraudulently copied and placed on another document. Thus, a secure direct link between the creation of the document and the sealing of that document with the SST is necessary.
The link between the SST and the document may, in the case of cheque generation and clearance, may be achieved through the Positive Pay process described above. It will be appreciated that the SST may be appended to Positive Pay data such as amount, account number and cheque number, that is sent to the bank and against which the bank authenticates the cheque. It will be noted that the Positive Pay system operates by matching the details received with details already sent by the cheque issuer. The inclusion of the SST ensures that the cheque signatory can be validated simply within the simple Positive Pay systems described above without the need for complex signature comparison presently required. If a physical signature is compared in addition to the SST, the processing required is greatly reduced, as only a single signature needs to be compared rather than all authorised signatories for the payor.
Thus, embodiments of the invention create an electronicafly generated signature which is provided by the authenticator and which replaces, or is in addition to a physical signature. This signature may be used on its own or with additional authentication data such as Positive Pay data.
The use of an electronically generated signature is not to be confused with the process of digital signature or digital certification, although both of these may be used in embodiments of the invention. The electronic signature represented by the SST is an identifier of a party or parties who is/are authorised to execute a document, for example to sign a cheque.
Figure 2 is a flow chart that illustrates the process further. At step 100, the corporate customer sets up an SST authentication service account with their bank. At step 102, the account is allocated authorised signatories.
These are people within the customer organisation who are authorised to sign cheques on behalf of the customer. The customer initially nominates the signatories and sets up which accounts, permissions and authonsations apply.
At step 104, the authorised signatories supply biometric credentials to the central server 40 at the bank. This enables the authorised signatories to be securely logged onto the system. The nature of the biometric credentials may vary from system to system. In one embodiment at least one fingerprint is used, via a fingerprint scanner. In another embodiment, iris scanning is used, utilising an iris scanner. Other options such as facial recognition are possible. Two or more types of biometric identification may be used for additional security.
At step 106, the customer raises a cheque through its accounts department and places it in a queue for printing. This may be a single cheque or a batch of cheques. At step 108, Positive Pay payment data and account data for the new cheque are held. At step 110, the authorised signatory or signatories, depending on the value of the cheque and the
I
company policy or legal requirements, log onto the SST server 40 and identify themselves using the biometric data supplied at step 104.
The authorised signatory may now apply signature permissions by a number of routes depending on the manner in which the system is set up.
S In each scenario, the server 40 generates an electronic signature which is provided to the authorised signatory and encoded as an SST, for example, in a glyph, and applied to the cheque by printing or otherwise.
In one embodiment, a single authentication by the signatory will generate a single unique SST. Thus, the signatory would have to authenticate themselves for each cheque to be signed. This approach may be aftractive for high value cheques.
In another embodiment, the signatory may be required to keep their finger on a fingerprint scanner, or their eye aligned to an iris scanner or retina scanner, for a set of SSTs to be generated for a batch of cheques. Where two or more signatories are required, they maybe required to submit fingerprint I iris / retina scan details simultaneously, or consecutively at the choice of the system operator.
Other alternative embodiments include the generation of a batch of SSTs as a result of a single authentication and a requirement that the fingerprint I iris to be authorised must be in contact with the system for every cheque.
Other variants are possible within the scope of the invention.
In one embodiment, each SST generated is unique, but this is not necessarily the case as SSTs could be generated on a batch basis.
Although this is not as inherently secure, it may offer effective security when used in conjunction with other security techniques such as Positive Pay and cheque sealing techniques.
In order to provide for biometric authentication, the customers may be provided with portable scanning devices so that the owner of the device
I
can apply their signature to cheques one by one. These devices may be wirelessly linked to the customer's secure servers.
To authenticate a cheque when it is presented for payment, as well as verifying any Positive Pay data, the bank scans the glyph to retrieve the SST and compares the SST against its records. Only if it agrees, is the cheque authenticated. It will be appreciated that the data string in the glyph can only be interpreted by the master authenticating system and it is not possible to transfer a glyph from one cheque to another successfully without knowledge of the signatory to the cheque or to which cheque it refers.
Thus, the SST functions as a digital fingerprint for every signature. The SST may be read at various points, for example at handheld and desktop products at the bank teller where the cheque is first presented or in a branch back office. Moreover, the cheque may be read by the customer at any stage of the process, for example prior to dispatch as a double check or at a later stage when they view the signature. A secure audit trail may be generated and recorded as part of monitoring the lifecycle of the SST from creation to eventual redemption.
The SST may replace, or be in addition to the original physical signature.
Where the physical signature is retained, automated comparison of the signature with a stored record is much easier than in prior art systems. As a large organisation will have many authonsed signatories, the prior art systems require that the signature is compared against all of the signatures, as it has no way of knowing which is the correct one.
Embodiments of the invention enable this comparison to be streamlined such that, on decoding the SST, the comparator knows the alleged identity of the signatory and only has to compare the physical signature against the stored record for that signatory. This saves a lot of time and makes automated signature checking economically feasible.
I
An additional level of security may be incorporated into the SST by using a PIN mechanism into the body of the SST. The PIN may be included in the SST or the SST may include a flag indicating that a PIN is required as part of the authorisation and authentication process. A PIN may be required when a cheque is of particularly high value or to be exchanged for cash.
In the case of a cheque a PIN may be used to restrict or lock access to various stages of the cheque authentication or clearing process. A single high value transaction for example may have a PIN associated at with it so that the transaction cannot progress further without the PIN being entered onto the system by the individual or entity that holds the appropriate PIN.
Further security may be provided by signing the SST with a private key which is unique to a payor. A party receiving a signed cheque may verify, by means of a public key supplied to them, that the SST had been produced by the correct party.
The embodiments described provide an SST from which a non-repudiable gtyph-based signature can be generated and authenticated as part of a secure business flow. The SST signature is a non-repudiable token which may be incorporated into or with other cheque data, such as Positive Pay data, to provide a cheque token which can carry all the cheque's data.
In one embodiment of the invention, a corporate cheque may include a secure cheque token which includes Positive Pay data, written or printed transaction and other relevant account data, a first signature as a printed SST glyph, and a second signature as a printed SST glyph. The two 881 glyphs could be combined into a single glyph holding both SSTs or all the signatories' SSTs where more than two are required.
Where two or more signatories are required, those signatories may authenticate themselves sequentially, in which case an individual SST may be produced for each signatory. However, the signatories may be required to authenticate themselves at the same time; that is, authentication cannot take place unless both, or all, are logged onto the system at the same time. In that case it may be desirable to generate a single SST containing data relating to all the signatories.
The level of biometric authentication required may vary from system to system and from use to user. In one embodiment, a biometric scanner such as a fingerprint scanner may be built into a portable computer such as a laptop. This enables authentication and authorisation to take place anywhere and may be particularly suited to the personal, rather that corporate customer.
Various modifications to the embodiments described are possible and will occur to those skilled in the art without departing from the scope of the invention, which is defined by the following claims.

Claims (42)

1. A method for authenticating a signature on a document comprising: providing biometric data from an authorised signatory to an authenticator; generating a document to be signed by an authorised signatory; requesting a signature for the document by an authorised signatory from the authenticator, including providing biometric data to the authenticator; providing from the authenticator to the authonsed signatory a secure signature token relating to the document; and applying the secure signature token to the document.
2. A method according to claim 1, wherein the biometric data includes a fingerprint scan.
3. A method according to claim I or 2, wherein the biometric data includes an iris scan or a facial pattern.
4. A method according to any of claims I to 3, wherein the biometric data provided by the authorised signatory is stored at the authenticator.
5. A method according to any of claims I to 4, wherein the secure signature token is printed on the document.
6. A method according to any of claims 1 to 4, wherein the secure signature token is applied to a label or substrate securely fastened to the document.
7. A method according to claim 6, wherein the label or substrate is applied to the document after application of the signature token to the label or substrate.
8. A method according to any preceding claim, wherein the secure signature token is encoded in a glyph applied to the document.
9. A method according to any preceding claim, wherein the authenticator provides a single secure signature token for each signature request by an authorised signatory.
10. A method according to any of claims I to 8, wherein the authenticator provides a batch of secure signature tokens in response to a single signature request by an authonsed signatory.
11. A method according to any preceding claim comprising requesting a signature for the said document by a further authorised signatory by providing biometric data to access the authenticator; and receiving the secure signature token only when the authorised signatory and the further authorised signatory are granted access to the authenticator.
12. A method according to claim 11, wherein the authenticator provides a secure signature token for each authorised signature.
13. A method according to claim 11, wherein the authenticator provides a single secure signature token for all the authorised signatories.
14. A method according to claim 13, wherein each of the authorised signatories are authenticated to the system at the same time.
15. A method according to any preceding claim, wherein on receipt of a signature request, the authenticator compares biometric data accompanying the request with biometric data stored for the signatory making the request at the authenticator and provides a secure signature token only when the biometric data provided with the request matches the stored biometric data.
16. A method according to any preceding claim, comprising authenticating the document by comparing the secure signature token on the document with a record of the secure signature token held by the authenticator and authenticating the document if there is a match.
17. A method according to any preceding claim, wherein the document is a cheque and the request for a signature includes Positive Pay data relating to the cheque, wherein the Positive Pay data Is stored with the secure signature token at the authenticator.
18. A method according to claim 17, wherein the Positive Pay data is encoded on the cheque with the secure signature token.
19. A method according to any preceding claim, wherein the secure signature token is signed with a private key, and a public key corresponding to the private key is distributed to trusted parties to enable then to validate or identify the party that generated the token.
20. A method according to any preceding claim, wherein the secure signature token is signed with a private key, and a public key corresponding to the private key is distributed to trusted parties to enable then to validate or identify the party that generated the token.
21. A method according to claim 16, wherein the document carries a physical signature in addition to the secure signature token, comprising, after authenticating the secure signature token to reveal the identity of the signatory, comparing the physical signature with a stored record of the signature of that signatory and authenticating the document if there is a match.
22. A method according to any preceding claim, wherein the secure signature token includes a PIN mechanism.
23. A system for authenticating a signature on a document comprising: an authenticator having a store for storing biometric data provided from an authorised signatory; means for generating a document to be signed by an authorised signatory; means for requesting a signature for the generated document by an authorised signatory from the authenticator, and including means for providing biometric data to the authenticator to identify the authorised signatory to the authenticator; means for providing from the authenticator to the authorised signatory a secure signature token relating to the document; and means for applying the secure signature token to the document.
24. A system according to claim 23, wherein the means for providing biometric data comprises at least one of a fingerprint scanner, an ins scanner and a facial recognition device.
25. A system according to claim 23 or 24, wherein the applying means comprises a printer for printing the secure signature token on the document.
26. A system according to claim 23 or 24, wherein the applying means comprises means for applying the secure signature token to a label or substrate.
27. A system according to claim 26, wherein the applying means comprises means for securely fastening the substrate to the document.
S
28. A system according to any of claims 23 to 27, wherein the secure signature token is encoded in a glyph applied to the document.
29. A system according to any of claims 23 to 28, wherein the authenticator provides a single secure signature token for each signature request by an authorised signatory.
30. A system according to any of claims 23 to 28, wherein the authenticator provides a batch of secure signature tokens in response to a single signature request by an authonsed signatory.
31. A system according to any of claims 23 to 30, wherein the means for requesting a signature comprises means for requesting a signature for the said document by a further authorised signatory by providing biometric data from the further signatory to access the authenticator; and wherein the providing means provides the secure signature token only when the authorised signatory and the further authorised signatory are granted access to the authenticator.
32. A system according to claim 31, wherein the authenticator provides a secure signature token for each authorised signature.
33. A system according to claim 32, wherein the authenticator provides a single secure signature token for all the authonsed signatories.
34. A system according to claim 33, wherein each of the authorised signatories are authenticated to the system at the same time.
35. A system according to any of claims 23 to 34, wherein the authenticator comprises a comparator which, on receipt of a signature request, compares biometric data accompanying the request with biometric data stored for the signatory making the request at the authenticator and provides a secure signature token only when the biometric data provided with the request matches the stored biometric data.
36. A system according to any of claims 23 to 35 comprising means for authenticating the document by comparing the secure signature token on the document with a record of the secure signature token held by the authenticator and authenticating the document if there is a match.
37. A system according to any of claims 23 to 36, wherein the document is a cheque and the request for a signature includes Positive Pay data relating to the cheque, wherein the Positive Pay data is stored with the secure signature token at the authenticator.
38. A system according to claim 37, wherein the Positive Pay data is encoded on the cheque with the secure signature token.
39. A system according to any of claims 23 to 38, comprising means for signing the secure signature token with a private key, and wherein a public key corresponding to the private key is distributed to trusted parties to enable then to validate or identify the party that generated the token.
40. A system according to any of claims 23 to 39, comprising means for signing the secure signature token with a private key, and wherein a public key corresponding to the private key is distributed to trusted parties to enable then to access the secure signature token.
41. A system according to daim 36, wherein the document carries a physical signature in addition to the secure signature token, comprising, means for comparing the physical signature with a stored record of the signature of a signatory after authenticating the secure signature token to reveal the identity of the signatory and for authenticating the document if there is a match.
S
42. A system according to any of claims 23 to 41, wherein the secure signature token includes a PIN mechanism.
GB0708839A 2007-05-08 2007-05-08 Authorisation of signatures on documents Withdrawn GB2449415A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0708839A GB2449415A (en) 2007-05-08 2007-05-08 Authorisation of signatures on documents
PCT/GB2008/001588 WO2008135768A2 (en) 2007-05-08 2008-05-08 Authorisation of signatures on documents

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0708839A GB2449415A (en) 2007-05-08 2007-05-08 Authorisation of signatures on documents

Publications (2)

Publication Number Publication Date
GB0708839D0 GB0708839D0 (en) 2007-06-13
GB2449415A true GB2449415A (en) 2008-11-26

Family

ID=38198894

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0708839A Withdrawn GB2449415A (en) 2007-05-08 2007-05-08 Authorisation of signatures on documents

Country Status (2)

Country Link
GB (1) GB2449415A (en)
WO (1) WO2008135768A2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150528A (en) * 2018-11-07 2019-01-04 杭州海兴电力科技股份有限公司 A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0626660A2 (en) * 1993-05-24 1994-11-30 Pitney Bowes Inc. Document authentication system utilizing a transparent label
US5491325A (en) * 1992-08-25 1996-02-13 Huang; Dorge O. Method and system for payment and payment verification
WO2001008352A1 (en) * 1999-07-21 2001-02-01 Iridian Technologies, Inc. Method and apparatus for implementing a biometric-based digital signature of document
WO2002103496A2 (en) * 2001-06-18 2002-12-27 Daon Holdings Limited An electronic data vault providing biometrically protected electronic signatures
WO2004049268A1 (en) * 2002-11-28 2004-06-10 Hueck Folien Ges.M.B.H Security elements with combined machine-recognizable characteristics
WO2004081545A1 (en) * 2003-03-12 2004-09-23 The University Court Of The University Of Glasgow Security label which is optically read by terahertz radiation
GB2406690A (en) * 2003-10-02 2005-04-06 Neopost Ind Sa Item authentication system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7231068B2 (en) * 1998-06-19 2007-06-12 Solidus Networks, Inc. Electronic transaction verification system
US20040143553A1 (en) * 2000-12-01 2004-07-22 Torget John W. System and method for remotely generating instruments
MXPA04007849A (en) * 2002-02-15 2006-05-25 Servicios Especializados Y Tec Check anti-fraud security system.
US20040138991A1 (en) * 2003-01-09 2004-07-15 Yuh-Shen Song Anti-fraud document transaction system
US20090293112A1 (en) * 2004-12-03 2009-11-26 Stephen James Moore On-line generation and authentication of items

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5491325A (en) * 1992-08-25 1996-02-13 Huang; Dorge O. Method and system for payment and payment verification
EP0626660A2 (en) * 1993-05-24 1994-11-30 Pitney Bowes Inc. Document authentication system utilizing a transparent label
WO2001008352A1 (en) * 1999-07-21 2001-02-01 Iridian Technologies, Inc. Method and apparatus for implementing a biometric-based digital signature of document
WO2002103496A2 (en) * 2001-06-18 2002-12-27 Daon Holdings Limited An electronic data vault providing biometrically protected electronic signatures
WO2004049268A1 (en) * 2002-11-28 2004-06-10 Hueck Folien Ges.M.B.H Security elements with combined machine-recognizable characteristics
WO2004081545A1 (en) * 2003-03-12 2004-09-23 The University Court Of The University Of Glasgow Security label which is optically read by terahertz radiation
GB2406690A (en) * 2003-10-02 2005-04-06 Neopost Ind Sa Item authentication system

Also Published As

Publication number Publication date
WO2008135768A3 (en) 2008-12-31
WO2008135768A2 (en) 2008-11-13
GB0708839D0 (en) 2007-06-13

Similar Documents

Publication Publication Date Title
US11908030B2 (en) Secure transaction system
US20200134619A1 (en) System and Method for Financial Transaction Validation
US7742996B1 (en) Computer program, system and method for on-line issuing and verifying a representation of economic value interchangeable for money having identification data and password protection over a computer network
JP4323098B2 (en) A signature system that verifies the validity of user signature information
US6170744B1 (en) Self-authenticating negotiable documents
US8566249B2 (en) Methods and systems for authentication and authorization
US6581042B2 (en) Tokenless biometric electronic check transactions
US20080224823A1 (en) Identification Systems
US7980463B2 (en) Cashiers check verification system
US20090261158A1 (en) Authentication of cheques and the like
US20060136332A1 (en) System and method for electronic check verification over a network
GB2581315A (en) Secure data communication
US20040138991A1 (en) Anti-fraud document transaction system
US20080255990A1 (en) On-Line Generation and Verification of Personalised Money
US7353398B2 (en) Article, method, system and apparatus for decentralized creation, distribution, verification and transfer of valuable documents
US6954740B2 (en) Action verification system using central verification authority
US20170352039A1 (en) Counterfeit Prevention and Detection of University and Academic Institutions Documents Using Unique Codes
WO2017105297A2 (en) System and apparatus for security documents and bank cheque transaction system and methods
US7318050B1 (en) Biometric certifying authorities
WO1999017255A1 (en) Method and apparatus for authenticating ic card
US20060186191A1 (en) Methods and apparatus for providing a security value for a payment device
GB2449415A (en) Authorisation of signatures on documents
US11756147B1 (en) Systems and methods for verifying the authenticity of documents
JP6829980B2 (en) Accounting server and detailed data acquisition method
KR20240003151A (en) System for notarizating documents using unique identification imformation and blockchain network

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)