ITRM20130364A1 - ELECTRONIC SIGNATURE SYSTEM OF AN ELECTRONIC DOCUMENT USING THE PAYMENT CARD - Google Patents

Description

TITLE: â € œSystem of electronic signature of an electronic document using a payment cardâ €

Field of invention

The present invention refers to an electronic signature system, in particular in the field of advanced electronic signature.

State of the art

Electronic signature processes have been known for some time. They were essentially designed to guarantee the authenticity of the signature affixed to an electronic document and the integrity of the signed electronic document.

The digital signature is a type of advanced electronic signature, of a qualified type, which involves the use of a pair of asymmetrical digital keys, of which a private key uniquely attributed to a subject, called the owner, and a corresponding public key to verify the authenticity of the signature.

The electronic signature is defined by the European Directive 1999/93 / EC: the "electronic signature" is defined as â € œthe set of data in electronic form, attached or connected by logical association to other electronic data and used as a method authenticationâ €.

In this context, the concept of "certificate" is defined, as â € œelectronic certificate that links the signature verification data to a person and confirms the identity of that personâ €.

Document WO03015370 shows a so-called â € œout-of-bandâ € solution, in which to improve the security of communication between the source of the document to be signed (user's computer) and the certification server, an additional channel is used, such as a telephone line, over which a â € œtokenâ € is sent containing a one-time password generated on the server side. The use of the password received via the telephone line, therefore, helps to uniquely identify the signatory. The context of this document, however, is that relating to the association of a private key to each signatory.

Alongside the electronic signature as defined above, a second type of electronic signature is envisaged, the so-called "advanced electronic signature". This is the electronic signature that satisfies the following requirements: a) be connected in a unique way to the signatory; b) be suitable for identifying the signatory; c) be created by means over which the signatory can retain his sole control; d) be linked to the data to which it refers so as to allow the identification of any subsequent modification of said data.

Digital signature is a more restrictive case than advanced electronic signature.

In this last context, it is not mandatory for the individual signer to have their own private key for signing a document.

This scenario is particularly suitable for those corporate situations in which it is necessary for documents to be signed electronically, by several employees, without each of them being equipped with a digital signature device.

However, it is complex to guarantee the identification of the signatory within a company where the signatories can potentially be hundreds.

This problem is also felt in the context of the digital signature itself, as the habit of managers possessing digital signature devices is known and recognized to leave the signature device in the hands of their collaborators, who could , fraudulently make use of it.

Summary of the invention

The purpose of the present invention is to provide an electronic signature system capable of solving the aforementioned problem, guaranteeing in a certain way the identity of the person authorizing the signature.

The object of the present invention is a method of electronic signature of an electronic document by a user, according to claim 1. A preferred implementation of the present method uses two distinct data connections.

Another preferred implementation of the present method uses two distinct data connections and a mobile phone service. In such circumstances, such an implementation can be defined as out-of-band.

According to a first aspect of the invention, a card ID or that can be traced back to the bank card univocally associated with the user involved in the signature procedure is directly imprinted in the signed document.

According to a preferred variant of the invention, a set of data, so-called blob, is securely inserted inside the document being signed, so as to make it impossible to extract and use any its portion in other documents. Said blob includes an ID relating to a bank card or to an authorization procedure for a transaction operated by means of a bank card, in which the bank card is associated with the user.

According to the present invention, this ID can be one or more of

- ID or PAN of the bank card,

- IBAN associated with the bank card,

- any unique transaction identifier generated during the use of the same bank card, at least in an authorization phase for a bank transaction.

This banking authorization must be performed pending the authentication relating to the digital signature itself.

The fact that, by means of this bank card, an authorization for a transaction is determined, this does not imply that a transaction must actually take place. What matters, if you want to insert a transaction ID in the signature blob, is that an authorization procedure is started, through which a unique transaction identification associated with this bank card is obtained.

Therefore, the authorization procedure for a transaction can be known in itself. In addition, one of the following data can optionally be entered: time of the transaction, a transaction ID, ID of the bank terminal, ID of the merchant, ID of the acquirer that is the ID of the company that manages the authorizations of the Bank cards, any amount, even symbolic, of the transaction.

In the context of this description, a banking transaction means any transaction performed with a bank card, such as, for example, debit, top-up and / or authorization and / or pre-authorization and / or reversal.

According to a variant of the present invention, the banking transaction is not used to allow a money transfer, but the transaction itself becomes an integral part of the authentication process, but above all of the electronic signature process, since the authorization techniques for bank transactions are safe for themselves.

According to a further preferred variant of the invention, in order to further increase the security level regarding the identification of the signing user, it can optionally be provided that the signing user establishes a telephone call via the mobile telephone network, which provides , the recovery of an additional code among the following:

- the mobile phone number associated with the user,

- the IMSI associated with this telephone number,

- the MSISDN.

Other codes attributable to the establishment of a mobile telephone connection can be used in this context and for the purposes described.

In addition, the IMEI of the user's mobile device can also be stamped in the electronic document to be signed.

All of the foregoing acronyms are well known.

According to a preferred variant of the invention, this blob, containing said user ID, is encrypted by means of an encryption algorithm using a random key. The same random key is encrypted using the public key of an asymmetric pair. Both the encrypted blob and the public key encrypted key are included in the electronic file being signed. A first object is thus obtained. Then, a footprint (hash) is calculated from the file obtained in the previous step with a predefined algorithm and a footprint (hash) of the blob is calculated with the same predefined algorithm. The two fingerprints obtained are or are not concatenated and encrypted by means of the aforementioned encryption algorithm using the aforementioned random key. A second item is obtained. The first and second objects are linked together, for example chained together, or encapsulated in a further object. Having the imprint of the document to be signed including the encrypted blob and the encrypted blob imprint separately, allows you to ensure that a specific blob has been linked to a specific document, avoiding the possibility of extrapolating an encrypted blob from an original document to fraudulently introduce it into another document.

According to the present invention, the signature is authorized at least when a bank transaction is authorized with the card associated with the user in order to verify the identity of the user. Thus, at least one of the aforementioned IDs is included in the signature blob.

The banking authorization process may in itself require the user to enter a relative PIN, as is known per se, therefore, during a document signature, the insertion of one or more PIN,

It may also be required to enter a one-time password, for example received, through a data connection or through a telephone connection on the mobile network and used by the user, correspondingly, through the mobile network or the data connection.

In the following detailed description, an example of a technological system / infrastructure will be illustrated, beyond the user's mobile device, for the implementation of the present invention.

Advantageously, no specific application installed on the user's mobile phone is required, therefore even an obsolete GSM phone can be used to perform part of the method described above.

The present invention finds particular application both in the field of qualified electronic signature and digital signature, in order to further raise the level of security.

The object of the present invention is also a network infrastructure, according to claim 10, which allows to carry out the method described above.

The dependent claims describe preferred embodiments of the invention, forming an integral part of the present description.

Brief description of the Figures

Further characteristics and advantages of the invention will become more evident in the light of the detailed description of preferred, but not exclusive, embodiments of an electronic signature system, illustrated by way of non-limiting example, with the aid of the accompanying tables. drawing in which: Fig. 1 represents a flowchart representative of a preferred variant of the electronic signature method according to the present invention,

Fig. 2 shows a time diagram of data exchange between physical entities involved in the electronic signature process according to the method of Fig. 1; Fig. 3 shows a time diagram comprising further optional steps of the process described in Fig. 2.

The same reference numbers and letters in the figures identify the same elements or components.

Detailed description of a preferred embodiment of the invention According to the present invention, inside the document to be signed there is a so-called blob containing, in addition to the personal data of the person signing the document, also a unique identifiable ID to a bank card or to a bank transaction attributable to a bank card associated with the signing user through which the authentication procedure of the subject is performed.

It is worth noting that the same paper receipts printed by a POS payment device (from the term Point-of-Sale) carry a lot of information including at least one transaction ID. The banking authentication and authorization system stores this transaction ID as well as the identification of the bank card and the details of the holder for many years. Therefore, the insertion of the card ID, but even better, of the identification of an authorization / transaction carried out with a bank card, in the signature data allows to identify the signing user in an almost univocal way.

With reference to Figure 1, a preferred variant of the electronic signature of a document, according to the present invention, comprises the following steps:

A. insertion, in a file to be signed, generally in PDF format, of an authentication entry / field, which, according to some regulations, includes a so-called `` signature dictionary '': (optionally) this step can be carried out on a copy - previously made - of the document to be signed;

B. first encryption of a blob comprising authentication data of the signing subject, preferably by means of the AES algorithm and using a randomly generated key;

C. second encryption of the key used for the first encryption by means of an algorithm preferably RSA using a public key assigned to the signing subject;

D. first concatenation of the encrypted blob and the encrypted key and insertion in said entry / authentication field; This first chain represents the signature of the document;

E. first calculation of a first fingerprint (hash), preferably by means of the SHA-256 algorithm of the entire document, including the aforementioned authentication entry previously entered;

F. second calculation of a second imprint (hash), preferably by means of the SHA-256 algorithm, of the unencrypted blob;

G. second concatenation of said first and second fingerprint and third encryption of the concatenation by means of said randomly generated key, and preferably by means of the same algorithm as in step 2 (AES).

Optionally, step H, the result of said third encryption is encapsulated in an object, preferably of type CAdES (ETSI TS 101733).

Said blob includes an ID of the bank card or that can be traced back to a transaction, albeit in terms of authorization, carried out with a bank card uniquely associated with the user involved in the signature procedure.

The above steps can be performed by a single computer or synergistically by a local computer and a remote server.

For example, according to a preferred variant of the invention, the steps from A to H are performed by a remote server. According to another variant, the remote server only performs steps G and optionally H, while the local computer performs the rest. As an example, the method can be summarized as follows:

1) the signing user is required to execute a transaction using a credit / debit / prepaid card;

2) preferably, a device known in itself acquires a biometric information of the user: this device can be a so-called bank POS and this biometric information can be a biometric signature, a fingerprint, a voice recording or a scan of the User iris, etc ..;

3) the user, at the same time, inserts his / her bank card into the device, for example the POS itself to carry out a debit or pre-authorization / authorization transaction, which may require the insertion of a specific authorization PIN;

4) acquisition of at least one ID, even of the bank card or attributable to the card or attributable to the transaction authorized / arranged with the same bank card and

5) insertion of the ID in the signature blob, to sign an electronic document (for example PDF) to be digitally signed.

It is evident that the signing user (user) uses a first data connection to a first remote signature server, a second data connection to a second banking server for authentication / authorization of a banking transaction. A further data connection allows the transfer of said ID from said second server to said signature server (or first server) through the PC / local entity used by the user to request the signature of an electronic document, so that the server can insert it in the aforementioned signature blob.

Said blob can optionally include the unique telephone ID of the user. According to the present invention, this ID can be one or more of

- the mobile phone number associated with the user,

- the IMSI associated with this telephone number,

- MSISDN,

- the IMEI of the mobile device.

The blob, preferably, comprising at least one of the following further data: time of the call, a session identifier, a single-use password.

The term â € œblobâ € is also well known in the ambit of the present invention and derives from the acronym of the expression â € œbinary large objectâ €.

The signature method described here guarantees, in an extended context, in which a single pair of asymmetric keys is shared by several users, to guarantee the identity of the signing subject, that is, of the user.

The method also allows a further increase in the level of security in digital signature paradigms, in which each user is associated with a qualified certificate.

In addition, if a copy of the electronically (or digitally) signed document is appropriately saved in a storage server, for example, of a third party, it is possible at any time to uniquely and certainly trace the identity of the person who signed the document. through a shared certificate, for example, at an enterprise level.

In order to authorize the signature of the document, shown through the above steps A - H, it is required that the signing subject at least initiates a bank transaction using a bank card associated with him.

To increase the level of security, the user may be required to enter a signature PIN (possibly different from the PIN used in the authorization of the banking transaction), to be sent to said first server via the aforementioned first data connection.

To further raise the level of security, an out-of-band channel can be used, which is different from previous data connections.

The user may be required to interact with their own mobile phone to enter the signature PIN. The user can be expected to receive a one-time password through the first data connection and enter it through their mobile phone or vice versa.

Furthermore, the technological infrastructure, which can be schematized with the aforementioned first remote server, can also provide for the verification that the telephone number used by the user has been previously associated with him.

Alternatively, the signing party can be requested to dial a specific USSD number.

To increase security, the system can terminate the telephone session initiated by the signing subject and call back the same, in order to increase the security of the data exchange.

As a further possibility, the local application through which the electronic signature of a document is requested can allow you to specify that the user is abroad or that in any case he prefers to be called. In this case, the system, i.e. the remote server, will initiate a telephone call to the user's mobile device, possibly subordinating the success of the signature procedure to a verification of the absence of call forwarding activated on the numbering. mobile phone associated with the signing party.

When the user is abroad, in fact, the caller's telephone number and / or his IMSI and / the MSISDN, etc .. may not be available for the remote server, therefore, it is advantageous that both the server to initiate the call.

According to a further preferred variant of the invention, rather than a telephone call between a mobile device and a remote server, a telephone connection can be implemented by means of a composition of USSD codes, for example a telephone sequence of the type * 123 * 13 #.

According to the present invention, therefore, at least three hardware and four software entities are required to implement the signature procedure, as explained below:

- a first local application of electronic signature, generally a software that runs on a PC or tablet or suitable device of the signing subject, through which the electronic signature of a document can be requested through a telematic network,

- a second local application equipped with a bank card reader and possibly a biometric information; this application can run on the same PC or tablet as the previous point or on another device known in itself. Furthermore, the first local application is able to automatically acquire from the second local application, called ID attributable to the bank card;

- a first remote electronic signature application, associated with the first server or electronic signature entity, to which an interface to the aforementioned telematic network is associated to said first application and optionally a fixed or mobile telephone interface,

- a second remote application associated with the second local application, known per se, to authorize a bank transaction by means of said bank card and capable of generating a transaction or authorization ID referable to that specific bank card;

- optionally a GSM / UTMS mobile phone, etc., associated with the signing subject (user).

With the help of figure 2, an example of a signature process carried out synergistically through a telematic network and a banking telematic network is illustrated in detail.

to. (user side) generation of a file to be electronically signed,

b. (user side) sending of the file to be signed - via first telematic connection - to the signature entity, ie to the signature server (also known as the first remote server), c. (server side 1) initialization of an authentication session, optional creation of a one-time password,

d. (server side 1) sending a request for the user to authenticate on the banking circuit of the bank card associated with him,

And. (user side) video display of said request e

f. (user side) request for authorization to carry out a banking transaction using the bank card - via a second telematic connection - for example through a POS connected to the PC running the first and second local applications, or a autonomous payment comprising means of interfacing with said PC so that the PC can acquire said ID attributable to the bank card;

g. (server side 2) sending the approval for the execution of said bank transaction to the user, in particular to the POS available to the user, together with an identification of the bank card and / or the authentication procedure and / or the bank transaction,

h. (user side) sending said ID attributable to the bank card to said signature server through said first data connection;

the. (server side 1) electronic signature of said document to be signed according to steps A - H described above e

j. (server side 1) sending - via telematic network - of the signed electronic document.

Optionally, before, during or after said step i, an electronically signed document can be archived. For example on a separate storage server.

If the out-of-band verification is also provided, the method comprises the steps shown in figure 3, to be carried out before, during or after steps d to h.

For convenience they are referred to as h1 - h8, but this only means that they are made before step i in figure 2.

h1. (server1 side) sending of a telephone number or reference telephone service - via telematic network 1 - and optionally of said one-time password, h2. (user side) video display of said telephone number or USSD reference telephone service and optionally of said one-time password, h3. (user side) sending a call to said authentication telephone number or service request to said authentication service - via mobile telephone network -,

h4. (server1 side) optionally request to enter said one-time password by mobile phone - via mobile phone network -,

h5. (user side) optionally typing of said one-time password via mobile telephone network -,

h6. (server side1) optionally request to enter a PIN code associated with the customer - via mobile telephone network -,

h7. (user side) optionally entering said PIN code - via mobile telephone network -,

h8. (server side1) verifying the association of said mobile telephone ID to said user and optionally of said PIN and / or said one-time password.

According to a preferred variant of the technological infrastructure previously indicated as â € œserver side 1â € it can be understood as a set of distinct computers.

For example, the interface operations with the mobile telephone network can be managed by a special authentication server connected, through a secure data connection, with the server responsible for electronically signing the electronic document to be signed, hereinafter â € œSigning applianceâ € .

For example, step c can be entirely performed by the authentication server upon explicit request of the signing Appliance server. Therefore, in step c the exchanges of requests and information between the signature server Appliance and the authentication server can be considered implicit.

Advantageously, the system described here is particularly secure because it requires authentication to be performed through a banking telematic network, that is, implicitly secure, in which at least one identification code attributable to the user's bank card is generated / acquired and inserted in the blob, and optionally through an â € œout of bandâ € connection, that is through the associated mobile telephone network, through which an identification code attributable to the user's mobile user is acquired and inserted in the signature blob of the document subject to electronic signature .

Optionally also the biometric information itself can be encoded and inserted in the signature blob.

A further increase in security can be obtained by providing that the telephone number to call, associated with the remote server, may be different in relation to the signature section.

Furthermore, the system can request the insertion of both the PIN held by the user and the disposable password sent via the Internet. Therefore the number of verification data is high increasing the security level.

According to a preferred variant of the invention, in step h3, after sending a call from the user through his mobile device, the call can be automatically interrupted by the authentication server, which immediately afterwards calls back the mobile number of the user in order to obtain, from this, the one-time password and the PIN as described in the following steps h4 - h8.

The present invention can be advantageously carried out by means of a computer program which comprises coding means for carrying out one or more steps of the method, when this program is executed on a computer. Therefore, it is intended that the protection scope extends to said computer program and further to computer readable means comprising a recorded message, said computer readable means comprising program coding means for carrying out one or more steps of the method, when said program is run on a computer.

Implementation variations to the described non-limiting example are possible, without however departing from the scope of protection of the present invention, including all the equivalent embodiments for a person skilled in the art.

From the above description the person skilled in the art is able to realize the object of the invention without introducing further construction details. The elements and characteristics illustrated in the various preferred embodiments can be combined with each other without however departing from the scope of the present application.

Claims (14)

CLAIMS 1. Method of electronic signature of an electronic document by a user, the electronic document comprising an authentication field capable of containing a set of signature data (blob), the method comprising a user authentication step at a electronic signature entity, designed to sign said document, through an authorization procedure for the use of a bank card (debit card, credit card, prepaid card) associated with the user, and a step to enter a unique identifier (ID) traceable to said bank card in said set of signature data. 2. Method according to claim 1, wherein said unique identifier is the unique ID or PAN of the bank card and / or an IBAN code associated with the bank card and / or a unique transaction identifier generated during a use of the same card banking, at least in an authorization phase for the execution of a banking transaction, during the signature authentication procedure itself. 3. Method according to one of the preceding claims, further comprising an authentication step of said user through a mobile telephone user associated with the user, and a step of inserting a further unique identifier (ID) associated with said mobile telephone user in said set of signature data insert. The method according to claim 3, wherein said further unique identifier (ID) may comprise at least one of - the mobile phone number associated with the user, - the IMSI associated with said mobile telephone user, - the MSISDN associated with said mobile telephone user. 5. Method according to one of the preceding claims 3 or 4, further comprising a step of inserting in said set of signature data also one of - the IMEI of the user's mobile device, - authentication time, - an authentication session identifier, - a one-time password. Method according to any one of the preceding claims, comprising in succession the following steps: - insertion, in a file to be signed, of an authentication entry / field; - first encryption of said set of signature data comprising authentication data of the signing subject, preferably by means of a random key; - second encryption of the random key used for the first encryption using a public key assigned to the signing subject; - inserting said set of encrypted signature data and said encrypted key in said authentication entry / field; - first calculation of a first imprint (hash) of the entire document, including the aforementioned entry / authentication field previously entered; - second calculation of a second fingerprint (hash), of said set of unencrypted signature data, - optional concatenation of said first and second fingerprint and third encryption of the concatenation by means of said random key. 7. Method according to claim 6, wherein at least one of said encryption operations is operated by means of an AES algorithm. 8. Method according to one of claims 6 or 7, wherein at least one of said fingerprints (hashes) are obtained by means of the SHA-256 algorithm of the entire document. Method according to any one of the preceding claims, in which said authentication step provides: - a request by the user for the signature of an electronic document to said electronic signature entity, forwarded through a first telematic network, - the signing user is asked to execute a transaction using a credit / debit / prepaid card by means of a special device (POS); - optional acquisition of a user's biometric information called a special device (POS), - insertion of the bank card in said special device to carry out a bank transaction; - acquisition of said unique ID attributable to the bank card or attributable to the transaction authorized / arranged through the same bank card and - insertion of said unique ID in said set of signature data. Method according to claim 9, wherein, when a biometric information is acquired by the signing subject during the authorization / authentication procedure for a banking transaction, said biometric information is integrated in said set of signature data. Method according to one of the preceding claims comprising in succession the following steps: to. (user side) generation of a file to be electronically signed, b. (user side) sending of the file to be signed - via first telematic connection - to the signature entity, that is to the signature server (also known as the first remote server), c. (server side 1) initialization of an authentication session, optional creation of a one-time password, d. (server side 1) sending a request for the user to authenticate on the banking circuit of the associated bank card, And. (user side) video display of said request e f. (user side) request for authorization to carry out a bank transaction using the bank card - via a second electronic connection -; g. (server side 2) sending the approval to execute said bank transaction together with an ID attributable to the bank card, h. (user side) sending said ID attributable to the bank card to said signature server through said first data connection; the. (server side 1) electronic signature of said document to be signed according to the above steps A - H e j. (server side 1) sending - through said first telematic network - of the signed electronic document. 12. Technological infrastructure for carrying out all the steps of claim 11, comprising at least a first local unit and a first and a second remote unit comprising mutually compatible data connection means, in which - the local unit comprises dedicated means (POS) for reading said bank card and distinct data connection means towards said remote units and processing means configured to perform the aforementioned steps a., b., e., f., h . ; - said first remote unit comprises processing means configured to carry out the aforementioned steps c., d., i., j; - said second remote unit comprises processing means configured to perform the remaining steps. 13. Computer program comprising program coding means adapted to carry out all the steps of any one of claims 1 to 11, when said program is run on a computer. 14. Computer readable means comprising a recorded program, said computer readable means comprising program coding means adapted to perform all the steps of any one of claims 1 to 11, when said program is run on a computer.