RU2365047C2 - Method of forming of electronic documents and device for its realisation - Google Patents

Abstract

FIELD: physics; computer technology.

SUBSTANCE: invention concerns area of electronic document circulation. The essence of the invention consists in a preliminary presentation of a biometric image of the person, wishing to generate an electronic digital signature, and subsequent neuron network transformation of the submitted biometric image in a confidential key of electronic digital signature. Electronic digital signature check is carried out on an open key and in case of an incorrect electronic digital signature code a biometric image of the signing person is submitted again. The method under item 2 consists that attributes of biometric safety, such as: number of attempts of a biometric image submission at forming of a electronic digital signature, number of wrong bits in error codes of a confidential key, current time of each attempt of electronic digital signature forming, description of a pattern of system of electronic digital signature forming at the moment of time to each attempt of electronic digital signature forming are brought in the created electronic document.

EFFECT: increase of safety level.

4 cl, 5 dwg

Description

The invention relates to techniques for conducting legally significant electronic document management and can be used in electronic transactions, electronic commerce, and remote mutual authentication of citizens in an open information environment, for example, on the Internet.

There is a known method of generating an electronic document [1], according to which the author of an electronic document generates a pair of keys for himself (public key and secret key), then the author registers his public key in the certification center and receives a certificate of his public key. The author carefully stores his secret key and uses it when forming his electronic digital signature for certain digital data (digital texts, digital graphics files, digital audio files, ...). In practice, the author usually stores his secret key in a container that opens with a personal PIN code or password. The container with the secret key is usually placed on various storage media (floppy disks, flash cards, magnetic cards, smart cards, ...).

The main disadvantage of this method is the need for thorough reliable storage of the secret key for generating an electronic digital signature (EDS), coupled with the use of rented cells of banks, safes, and protecting the offices where the safes are located. The resistance to attacks of the selection of personal PIN codes and passwords is much less than the resistance of the secret key itself, which does not allow us to consider storing keys in containers as a reliable way. Storing a secret key (container of a secret key) in a bank or office safe deprives the author of his signature on mobility. Compromise of the secret key due to its unreliable storage, for example, by copying the container and selecting a security PIN code (password) negates the authorization of documents through digital signature, since the attacker is able to generate electronic documents on behalf of the author of the signature.

To combat the possibility of compromising the authorization of an electronic digital signature under an electronic document by the method [2], it is proposed to remove the biometric data of the person signing the document and include them in the signed electronic document itself. Then the actual owner of the secret key has the opportunity to prove the fact of compromising his secret key, if “Alien” biometrics appeared in the signed document.

A device for implementing the method [2] is proposed to perform small-sized (wearable) with a protective housing in which are located: memory, processor, communication port with external devices, input sensor of a biometric image of a person. The device memory has two areas, one area is protected and inaccessible to external devices, the second memory area is public. The secret key for generating an electronic digital signature is located in the first area of the protected memory, the public key is located in the second area of the public, open memory.

The main disadvantage of the method [2] and devices implementing it is that only the author himself or persons who know his biometrics can determine a falsified document, and they can only do this organoleptically (not automatically, by the means of their senses). If a falsified electronic document does not catch the eye of the author of the EDS or people who know him personally, then it is automatically impossible to identify a falsified document. Even if the author’s biometric image is in the database, you cannot automatically compare it with the image in the electronic document (the biometric images are different and special technologies are needed to compare them). At the moment, there are no reliable biometric technologies for automatic comparison of arbitrarily taken biometric images of one person, for example, there is no reliable technology for automatic comparison of a digital photograph of a person in his passport and an arbitrary digital image taken by a device’s camera that implements paragraph 13 of the claims of the method [2].

The purpose of the proposed invention is to increase the level of automatic authorization of the procedure for generating an electronic document so that an attacker who illegally seized programs and an electronic digital signature generation device could not use them without being their legal owner. The technical effect of using the proposed method and device is to significantly reduce the likelihood of compromising the secret key for generating an electronic digital signature while reducing the requirements for storing software or hardware and software for generating an electronic digital signature.

In part 1 of the claims of the claimed invention, the goal is achieved in that before the formation of the electronic document, its author, using a special generator of public and private keys, receives these two keys. Further, the author registers the public key in the certification center, unambiguously associating it with his name and other personal data. The certification authority publishes the public key declared by the user and issues the user a certificate of his public key, according to which anyone can verify the authenticity of any electronic document signed by the author’s secret key. A guarantee of a high level of document authorization is the practical impossibility of calculating the author’s secret key from its public key, the author carefully stores his secret key. For example, one of the options for conveniently storing a secret key is to place it in a digital container that can be opened with a password or PIN. In this regard, the author places and stores his secret key in the container, for example, encrypts it with his password or PIN. In this case, the container is ciphertext with an indication in the header of the details of the software product used for encryption (as a rule, the container is significantly longer than the secret key).

The difference from the analogue methods of the claimed method is that according to it, in accordance with paragraph 1 of the claims, it repeatedly scans the biometric image of the owner of the secret key. Then, according to a predetermined algorithm (some of these algorithms are GOST-compliant with ISO / IEC JTC1 SC37 standards, which are currently being harmonized for the Russian Federation by the efforts of GOST R TK355 PK7), biometric parameters are calculated using all examples of the biometric image of the owner of the secret key. Then, the user forms a network of artificial neurons, linking each of the calculated biometric parameters with many outputs of the neural network, and the number of outputs of the neural network is set equal to the length of the secret key or the length of the container for storing the secret key. The formation of a network of artificial neurons is carried out by setting the connections of individual neurons in each layer of the artificial neural network (the number of layers of the neural network and the type of neuron excitation functions are usually specified in advance by the manufacturer of the biometric protection software product). It is possible to use various algorithms for setting the neuron link table [3], including the random link selection algorithm. After the formation of a network of artificial neurons, its structure is stored in the form of a table of connections of each of the neurons with input biometric parameters or with the outputs of previous neurons.

After the formation of a network of artificial neurons, it is trained. The training is carried out in such a way as to fulfill the requirements of GOST R [4], each example of a biometric image of its own should give a secret key or a container with a secret key at the output of the neural network. Training is conducted by any of the known algorithms for training artificial neural networks, however, it is preferable to use fast algorithms for the layered training of artificial neural networks, described in detail in [3]. If you use the usual slow learning algorithms, then training two- and three-layer neural networks with hundreds of inputs and hundreds of outputs will take several days of computer time. Which of the training algorithms is used for the proposed method is immaterial.

The result of training a neural network is obtained in the form of a table of values of weighting coefficients for each neuron connection. Next, save the table of values of the connections of neurons. After that, the secret key or container with the secret key used earlier in the training is destroyed. In addition, they destroy examples of the biometric image of "on" on which the training of an artificial neural network was previously carried out.

The formation of an electronic digital signature under an electronic document is carried out by presenting a biometric image of the author-owner of the keys. Then, according to predefined algorithms, the biometric parameters of this image are calculated, fed to the inputs of a trained neural network, and a code is received at its outputs. If the output code of the neural network must match the secret key (this is the software configuration setting), then it is used to generate an electronic digital signature. If the output code of the neural network (according to the accepted installation of the software configuration) should correspond to the container with the secret key, then it is unpacked, additionally presenting the user PIN. Next, the formation of an electronic digital signature is carried out.

After the formation of the electronic digital signature, it is verified using the public key. If the check gives a positive result, then the formation of the electronic document is completed. If the check gives a negative result, then the formation of the electronic document is continued, re-presenting the biometric image of the person signing the electronic document. Repetition lead to a positive result, that is, the formation of a true electronic digital signature for a given electronic document.

When implementing the proposed method according to paragraph 1 of the claims, an attacker who has taken possession of the software for generating an electronic digital signature with already trained neural networks cannot use it. An attacker does not have the necessary biometrics and cannot obtain the secret key for generating an electronic digital signature. The actual owner of the secret key is able to safely store the description tables of the trained neural network on his computer, provided the integrity of the software is controlled. There is no need to store the secret key carrier in a bank safe. While monitoring the integrity of the software, an attacker cannot modify it, implement a key interception program, or introduce a malicious biometric protection destruction virus. The only way is to present your biometric image and, if it does not coincide with the image of the author, then falsification becomes almost impossible. In corporate systems for the formation of electronic document management, the proposed method eliminates the illegal substitution of one employee for another. An access password and an ordinary key carrier, such as a doctor, can entrust your key carrier to a nurse who has previously typed an electronic document in an electronic medical history. According to the proposed method, this abuse is excluded, the doctor can not entrust anyone with the formation of his electronic digital signature, since it is necessary to show his biometrics. The effect of enhancing authorization by managing the cryptographic converter of the digital signature has been achieved.

In part 2 of the claims of the claimed invention, the goal is achieved by the fact that when working with programs to convert a biometric image of a user into his secret key or container of a secret key, additional attributes of biometric security are additionally generated, such as: the number of attempts to present the biometric image before the formation of the correct electronic signature under document, the number of mismatched bits of the secret key or container, the time of each of the attempts to generate a signature, describing ue system configuration at the time of formation of attempts digital signature. The following configuration descriptions are used: serial numbers of equipment and software, type and serial number of the secret key carrier (if the application is specified by the software configuration setting), the fact of using an abnormal bypass of biometric protection and logging in through a set of secret keys from the keyboard, the time of the previous retraining of biometric components systems, user name (login) under which the operating system was launched on the computer, time since the operating system was launched, current stat Stick prolonged presence terminations flow control signals from the keyboard and "mouse" type manipulator, a list of tasks running in parallel on a computer. All this data or part of this data is combined into a block of security attributes and entered in a special service field of an electronic document. Moreover, not the codes of the wrong secret keys of the previous failed attempts are entered into the document, but the codes of the number of mismatched bits from the previous incorrect keys and the key on which the next unsuccessful attempt to generate an electronic digital signature is made. After successful signing of the electronic document with the user's secret key, the document is stored in the electronic archive.

Since an employee who is abusing his official position can stop unsuccessful attempts to create an electronic document under a false name, you cannot completely trust the block of biometric security attributes in the document body. For this reason, in parallel with the formation of a block of information security attributes in a document, attributes are recorded in an independent audit of information security. If you refuse to further form the document (including during an emergency power outage and other malfunctions), the program for generating a block of biometric security attributes resets all information to an information security audit, which is accessible only to trusted persons responsible for security. In this case, all codes of previous unsuccessful attempts to obtain the secret key or its container are recorded. In case of termination of attempts to generate a valid electronic digital signature in the digital signature generation program, there is no valid secret key and it is impossible to find the number of failed bits of unsuccessful attempts. For this reason, all previously used unsuccessful keys are written to the audit explicitly.

The positive technical effect of the implementation of claim 2 of the claims is due to the fact that biometric traces of document formation are documented in the document itself and subsequently various conflicts and controversial situations that often arise in large corporate electronic document management systems can be eliminated. For example, if a document is signed on behalf of an employee at a time when the employee is not at work, if biometrics is disabled when signing, and the secret key is entered from the keyboard, if there have been several unsuccessful attempts to biometric authorization with a large number of errors in the digits of the secret key codes ( container), then most likely there was an attempt to falsify. It is necessary to suspend the movement of an electronic document and launch an internal investigation.

When jointly processing a single electronic document by several employees, they must form a joint document by covering a common agreed document with several electronic signatures of several employees. In case of disagreement with the content of the document, employees must edit it and exchange editions with each other. After several iterations, the internal electronic document will have one common text and several electronic digital signatures of different persons; they can verify the authenticity of these electronic digital signatures only within the corporation, since public corporate key certificates are valid only in the corporation's network. With a large number of employees it is expensive to register their public keys in external certification centers (at the time of filing this application for an invention, the cost of registering one key with the support of its certificate for 2 years is 3600 rubles). It is much more profitable to maintain hundreds of corporate public key certificates for employees within the corporation and have one public corporate key for generating legally valid electronic documents operating both inside the corporation and outside it, relying on a single public key certificate of an external certification authority.

In accordance with paragraph 3 of the claimed claims, after the approval of the document between the performers, any of the performers initiates the re-registration of the internal corporate document into a document legally significant for all with an electronic digital signature of the corporation. The document is reissued automatically, but before the reissuance, the corporate notary program checks the electronic signatures of all employees who have signed the document and checks the security attributes in the original electronic document. Security attributes are verified by comparing them with valid values that are recorded in advance. In addition, after checking the biometric security attributes recorded earlier in the document, the similar security attributes recorded in an independent biometric audit accompanying the reissued electronic document are checked. In case of coincidence of biometric safety attributes with statistics of the appearance of similar values of biometric safety attributes of each of the employees, the document is reissued. If the document is intended primarily for corporate use (orders for corporations that have external legal significance), then the names of the employees forming the document are stored in the text of the document itself. In the case of using a legally significant document only outside the corporation, only the head of the corporation or its authorized representatives under the charter of the substitute are left in the document (contract, certificate, obligation, guarantee letter).

A positive technical effect of the proposed method is that employees of the corporation are freed from remembering long access passwords and from the need to store their secret keys in safes. Secret keys of employees are valid only within the corporation; employees themselves do not see them at all and do not have access to them. Even if employees conspire and want to compromise their secret keys, they cannot do this. Only the employee himself can influence the movement of electronic documents; he cannot transfer his smart card with the key to another employee or an unauthorized person. This increases the security of corporate electronic document management. In addition, the employee can no longer refuse his electronic digital signature, referring to the possible compromise of his secret key. In addition, a large corporation can save its costs by having instead of hundreds of public keys registered in external certification authorities with only one common corporate public key and automatically re-issuing documents. Improving the information security of corporate electronic document management is associated with the fact that ensuring the preservation of one common corporate secret key is easier than storing hundreds of secret keys for each employee provided that they are used continuously.

A device for implementing the methods described above according to paragraph 4 of the claims should be a miniature, portable person and be able to safely form a user electronic document with an electronic digital signature of the device owner, formed on the personal, secret key of the owner. To connect the forming device to a PC or workstation, its case has a USB port connector or an infrared port, or a radio interface for communication with external devices. The device also has a memory area accessible for viewing and inaccessible for viewing by external devices memory area. The document signed by the user is placed in an open, publicly accessible memory area, where it is placed by external software through the device’s communication port with external devices. The appearance in the public memory of an electronic document file in the “for signature” folder is a condition for the possible formation of a user’s electronic digital signature as an electronic document with subsequent placement of the signed document in the “signed documents” folder, also located in the public memory area.

Analysis of the state of the device, processing of biometric data, the formation of an electronic digital signature, the formation of attributes of biometric security is carried out by the processor of the device. To ensure security, the user biometric data processing program, the neural network conversion of biometrics into a secret key code (including the neural network connections tables and the parameters table of these connections), the digital signature cryptographic software are located in a protected memory area inaccessible to external devices. To enter a user’s biometric device, it has one or more converters of human biometric images into digital form.

A variant of the device with a microphone in the housing for entering a voice password into it, which will be converted into a secret key code during the operation of the device.

A variant of the device with a digital camera is possible, which is capable of photographing the hand and then, when the device is in operation, it will convert the features of this image (characteristic folds of the skin of the palm or the back) into a secret key code.

A variant of the device is possible that has both a microphone and a camera, made on the basis of today's smartphones.

A device variant is possible having a converter on the body of papillary lines of the skin of the fingertips of a user’s fingers in digital form.

A variant of the device using an optical transducer coordinates the position of the device, made on the basis of a series of microcircuits of technical vision for the "optical mouse". Such a converter illuminates the substrate under the device with infrared light, sees its irregularities or underlying pattern, clings to it and calculates the coordinates of the device’s position in space or the parameters of the device’s movement over the observed surface. Devices of this type were called "digital pen", they are able to memorize up to 100 pages of handwritten text written with a ball or gel tip on plain paper. On the basis of such devices, it is possible to implement a variant of the device proposed according to claim 4 of the device formula.

A possible embodiment of the device using a chip for digitizing the accelerations of the movement of the device in three coordinates. Chips of such converters are used today in digital cameras to correct hand shake when photographing. Placing such a microcircuit in the lower part of the “digital pen” makes it possible to obtain information on the dynamics of the handwritten password playback almost in the same way as in the previous version; the optical conversion of pen motion parameters over the illuminated surface solves the same problem.

A variant that combines a digital camera in the device, a 3D converter of accelerations of the device’s movement and a microphone is possible. Today, such a combination is already used in smartphones made in Japan. In such a combination, the device is capable of converting the user's voice into a third of the key, its image into the other third of the key, and the dynamics of his hand’s movement when the user reproduces in the air a certain sequence of characters. Today’s smartphone models use hand movements to enter the numbers to be dialed (the owner of such a smartphone draws a sequence of numbers in front of him of the number he needs in the air).

The work of all the above described device options is reduced to the implementation of the above methods according to claims 1, 2, 3 of the claims. Presentation of a biometric image of a person to one or another sensor of the device brings the device out of sleep mode. The device program processes the presented biometric image (for example, the dynamics of a handwritten password), calculating a predetermined number of biometric parameters. Then these parameters are fed to the inputs of the neural network, which converts them into an output code, this code is fed into the digital signature generation program under a signed electronic document. All data associated with the processing of biometrics, neural network processing, the formation of digital signature, are placed only in a protected area of memory. After that, the verification of the correctness of the formation of the digital signature by the public key of the user is carried out. If the EDS code is correct, the process is stopped and the signed electronic document is moved to the public memory area.

If the EDS code is incorrect, the person signing the document again presents his biometric image, again the device software tries to obtain the secret key for creating the EDS from the presented biometric image. The number of attempts to present biometric images is not limited, however, with each new attempt, additional biometric security attributes are recorded in the document (see paragraph 2 of the formula). A periodically generated audit of biometric security attributes is sent through the communication port to the system.

The technical advantage of using the proposed devices is that employees cannot delegate the process of signing an electronic document to each other. Collusion of employees is difficult, attempts to intentionally compromise the private secret key by the user are excluded. Even if the user wants to know his private key, he cannot do this, the software allows you to use the private key, but does not allow it to be watched. The storage requirements of the device for forming the digital signature are sharply reduced, the loss of such a device does not cause significant harm to the user, since no one can use it except him.

The figure 1 shows a generalized block diagram of an example implementation of the proposed method according to claim 1, where:

1 is a block of a program for preprocessing a graphical ink image obtained by reproducing by the user his ink code “Penza” in the form of dynamics of pen oscillations in two coordinates X (t), Y (t) and pen pressure on the substrate Z (t);

2 - a program block that implements the calculation of biometric parameters in the form of 600 coefficients of a 3-dimensional Fourier transform of a set of 3-curves X (t), Y (t), Z (t);

3 - a four-layer network of artificial neurons defined by a table of connections between neurons and a table of weights of these connections;

4 - automatic machine for quick layer-by-layer training of an artificial neural network to convert examples of the Penza handwritten image into the code of a container for storing a key for generating an EDS (secret key);

5 - block program that implements the extraction of the key for the formation of the digital signature (secret key) from the container;

6 - input field of the PIN code, by which the secret key for generating the digital signature is extracted from its container;

7 - cryptographic converter EDS;

8 - an electronic document under which an electronic digital signature is placed;

9 - block program that implements the verification of the digital signature by the content of the electronic document and the public key.

The figure 2 shows a generalized block diagram of an example implementation of the proposed method according to claim 2, where:

10 - software shaper personal digital signature of the first employee;

11 - software shaper personal digital signature of the second employee;

…………………………………………………………………………………………

... ……………………………………………………………………………………………………

128 - software shaper of personal digital signature of one hundred and eighteenth employee;

129 - software shaper of a legally significant EDS of an enterprise (electronic notary of an enterprise);

130 - the certification center of the enterprise, responsible for generating a key pair for each employee and maintaining the integrity of the list of public keys of employees of the enterprise;

131 - software-based automatic collector for auditing biometric security attributes and security events;

132 - software automatic auditor of biometric behavior of employees;

133 - software depository of public and private key pairs of employees with an increased level of protection;

134 - an archive of all electronic documents that are at different stages of creation and signed by one or more digital signatures;

135 - the content of the electronic document at one of the stages of its processing.

Figure 3 shows the appearance of the "digital pen", currently produced by Nokia, which has the vision of an "optical mouse" and is able to memorize up to 100 pages of its own handwritten text. Based on this design, it is supposed to implement one of the variants of the proposed device according to claim 4.

The figure 4 shows the appearance of the crypto flash memory with a USB port and a fingerprint sensor (prototype). Based on this design, it is supposed to implement one of the variants of the proposed device according to claim 4.

The figure 5 shows the appearance of a smartphone with a digital camera. Based on this design, it is supposed to implement one of the variants of the proposed device according to claim 4. This option should use a combination of a voice password and an analysis of the geometry of the image of the skin folds in the user's palm and an analysis of the dynamics of the user's hand movement when it reproduces a certain sequence of characters in the air in front of it.

The implementation of the invention according to paragraph 1 of the formula can be implemented in accordance with the generalized block diagram of figure 1. This embodiment is based on the use of a biometric image of a person in the form of a handwritten password that is reproduced by the user on a graphic tablet. When playing back a handwritten password, the digitized curves X (t), Y (t), Z (t) corresponding to the pen tablet oscillations in two coordinates and its alternating pressure on the substrate are transmitted to the PC through the port of the graphic tablet. In figure 1, block-1 corresponds to the block of the preprocessing program digitized (curves X (t), Y (t), Z (t)). Block-1 determines the start and end times for playing back the handwritten password, thinning out the data, filters the data, and eliminates pen breaks from the tablet during the handwritten password playback.

The data from the output of block-1 goes to the program — a vector computer of the biometric parameters — block-2, which calculates 600 coefficients of the 3D Fourier transform by processing 3 curves X (t), Y (t), Z (t) together. Next, 600 output biometric parameters are fed to 600 inputs of an artificial neural network, which is emulated by block-3 software. The program block - 3 includes 4 tables of connections of neurons 1, 2, 3, 4 layers, in addition, 4 tables of weighting coefficients for each connection of a neural network. In addition, in program block 3 there are 4 different excitation functions for neurons of the 1st layer, 2nd layer, 3rd layer, 4th layer. Each layer of the neural network has 512 neurons, each neuron has 24 input connections. Tables of neuron connections in each layer are specified randomly during software development and do not change during neural network training. When training a neural network, only the tables of neural network connection coefficients change.

Neural network training is carried out automatically by block-4 programs. Learning is carried out using at least 12 examples of the user's handwritten password; in addition, for training, it is necessary to submit a 512-bit code corresponding to a 256-bit secret key container located in a longer security container (512-bit container length) in block 4. The program block - 4 conducts training of the neural network for 0.1, ..., 0.5 seconds according to the fast algorithm of layer-by-layer training of the neural network described in [3]. After training the neural network according to the algorithm [3], the basic requirements of GOST [4] are automatically met:

1) each of the 12 examples of the “Svoy” handwritten password gives the output of the neural network the 512-bit container code specified during training;

2) random “alien” handwritten images generate random output codes with a low correlation of any pair of neural network outputs and the equiprobable state “0” and “1” of each output of the neural network at the output of a properly trained neural network.

After training the neural network, the tables of the weighting coefficients of the neural network connections of all 4 layers of neurons are stored in block-3. After training, the container code used in the training and 12 examples of the handwritten image of “Own” are erased from memory.

When forming an electronic digital signature, the user enters his handwritten password through a graphics tablet. Block-1 processes the received data and transmits the information to block-2, which calculates 600 biometric parameters of the entered handwritten image. Further, these 600 parameters are sent to block-3, which emulates a trained neural network and receives at its output a code for some container with a length of 512 bits. This code is input to block 5 of the program for unpacking the container and extracting a 256-bit secret key from it. To unpack the container, the user enters his PIN code, consisting of 4 characters, having a length of 32 bits (4 characters of the PIN code are encoded in 8 bits). The operation of entering a PIN code in 4 fields corresponds to block-6 of figure 1. Data from the output of block-6 is fed to the input of block-5, which unpacks the container and extracts the secret key from it. Next, the secret key of the formation of the digital signature is fed to block-7 program for the formation of electronic digital signatures. The block-7 program downloads the contents of an electronic document (block-8) and forms an electronic digital signature under it.

After the electronic digital signature is generated by block-7, it is verified by block-9. Block-9 program downloads a signed electronic document, downloads the author’s public key of this document, and verifies that the digital signature is correct. If the electronic digital signature is correct, the operation is terminated. If the electronic digital signature is incorrect, then the user is forced to re-enter his handwritten password word, by which the procedure for the safe formation of the electronic digital signature is restarted.

The positive technical effect of using the proposed method according to claim 1 of the formula is due to the fact that no one except a legal user can create an digital signature for him. The user does not need to store the container with his secret key in a safe or bank cell. The key container and the key itself are not stored in the program; to ensure a high level of information security, it is enough to provide centralized or local control of software integrity in the corporation network. The EDS biometric authorization program can be stored on the employee’s working PC.

The implementation of the invention according to paragraphs 1, 2, 3 of the formula can be implemented in accordance with the generalized block diagram of figure 2. The generalized block diagram corresponds to the software implementation of a corporate electronic document management system with biometric authorization of managing personal cryptographic agents of digital signatures of employees. Software implementation is put on a network of workstations or personal computers of employees. Each employee’s workplace (blocks 10, 11, ..., 128), authorized to conduct electronic document management, has a graphic tablet, personal computer and a program for creating a personal digital signature of the employee. Each of the 118 programs for creating a personal digital signature of an employee is organized in accordance with the block diagram shown in figure 1.

When a new employee appears in the corporate system with the authority to conduct corporate electronic document management, the corporate certification authority (block program 130) creates a key pair for it (public and private keys), and also adds a new public key to the certificate for the corporate list of public keys for employees, and also generates a personal employee public key certificate. Next, the secret key of the new employee is placed in his container and transferred to him for biometric authorization of his personal program for creating an electronic digital signature. The training of one of the 118 programs for creating the digital signature is described earlier in the description of the flowchart of figure 1. In addition, a pair (public and secret) of keys of the new employee is placed in the key keys of employees (block -133). Access to the depository of keys for employees is strictly limited and is carried out by three proxies, each of which has one third key of access to the depository.

Each employee of the corporation, having the appropriate right, forms his electronic documents and signs other people's electronic documents agreed with him. Each act of forming an electronic signature of an employee checks his biometrics and at the same time collects the attributes of biometric security, which are entered into each electronic document generated by the employee. Biometric security attributes are placed after the content of the document, but before the digital signature under the document. After the formation of each electronic signature, the generated electronic document is placed in the archive of electronic documents (block 134).

Corporate public key certificates for employees are only valid within the corporate network. If necessary, create an electronic document for external use, a certified program for the formation of a legally significant electronic signature (corporate electronic notary) block 129 is used. The public key of the corporate electronic notary is registered in an external certification center, which makes the electronic documents signed by it (certificates, agreements, reports, letters, protocols, ...) legally significant for external users.

When re-issuing or re-issuing an electronic document, an electronic notary (block-129) checks the correctness of all electronic signatures in the document. In addition, the electronic notary addresses the block program 132 of the automatic verification of the attributes of biometric security in a re-documented (re-documented) document. Block-132 is in constant communication with block-130 of the automatic security event attribute audit collector. In normal mode, the automatic auditor, block 132, accumulates statistics on the appearance of the values of certain security attributes specific to each particular employee. When re-issuing or re-issuing a document, the -132 automatic auditor compares the biometric security attributes in the document with previously collected statistics of their values. If the values of the security attributes contained in the document are close to the typical for a particular employee, then the document is automatically renewed or reissued. Block 135 of figure 2 corresponds to the procedure for completing the document, when the original electronic document without any correction is covered by an additional electronic digital signature of a corporate electronic notary. In case of re-issuance of an employee's EDS document, its biometric security attributes are removed from the document, only the name of the contractor is left and the document adjusted in this way is once covered by the EDS of a corporate electronic notary (block 129).

In the case when the automatic auditor (block-132) is suspicious of the personal biometric security attributes in the re-issued (re-executed) electronic document, block-129 starts the manual control mode when the re-issued (re-executed) document is analyzed by a person, if necessary, an investigation is carried out by the checking person situation. An application is being requested for data in the archive of an independent audit of security events (the presence of incomplete operations of generating an electronic digital signature of a reissued document is checked) or the verifier contacts the author of the document and finds out the details of its formation. It is assumed that emergency situations will be rare in practice and there will be no frequent involvement of people in their analysis and investigation.

A positive technical effect of the application of the corporate electronic document management system described above is to increase the level of information security. No one except the user can use his personal shaper of electronic digital signature, employees can not illegally transfer powers to each other. Employees cannot intentionally compromise their private secret key, as they do not see it and do not have direct access to it. The economic efficiency of the system is associated with the ability to abandon safes for storing personal secret keys of employees. It became possible to use only one certified (and therefore expensive) and a set of 118 non-certified (inexpensive) personal digital signature electronic shapers. Now you can use an internal corporate certification authority (there is no need to pay external certification authorities for registration of hundreds of public keys of employees).

One of the variants of the device that implements paragraph 4 of the claims is shown in figure 4 in the form of a so-called "digital pen". Modern “digital pens” have a housing, a processor, a memory, a radio interface port for communication with external devices, an optical transducer for positioning the pen above the surface on which the pen reproduces its mark. As an optical sensor, an ADNS-3060 type chip (Optical Mouse Sensor) is used, which requires infrared illumination of the paper with a special “digital pen” LED. The design of the “digital pen” involves illuminating the paper under the pen and observing the pattern converter chip under the pen or the reflection heterogeneity of the underlying surface. When the pen moves while writing letters, signs, lines, the digitized information about the speed and direction of the pen’s movement appears on the outputs of the microcircuit (a complete analogue of the optical mouse implemented on the same ADNS-3060 microcircuit). This digitized information is processed by the pen processor and if the pen writes the password word “Penza”, the processor calculates 400 biometric parameters of the two-dimensional image X (t), Y (t). Modern digital pens do not take into account the pressure on the paper.

To implement the proposed device, a standard “digital pen” should include a neural network training program, a neural network emulator program, a biometric data preprocessing program, a biometric parameter calculation program, a digital signature generation program, a public key digital signature verification program, and a program to protect part of the memory from reading by external devices. The device operates in accordance with the previously described methods.

The second version of the device that implements paragraph 4 of the claims is shown in figure 4 in the form of a so-called flash media with a fingerprint sensor. An example of such a device is described in the Eurasian patent [5]. Such devices have a housing, a processor, a USB port for communication with a PC, two memory areas (open and protected), a fingerprint reader. To implement the claimed device, it is necessary to replace the software in the original device and use it in accordance with the previously described methods.

The third version of the device that implements paragraph 4 of the claims is shown in figure 5 in the form of a modern smartphone having a microphone for organizing digital voice telephone communications, a digital integrated camera for transmitting images, an acceleration sensor for correcting hand shake when photographing. To implement the proposed method on the basis of the smartphone (Fig. 5), it is necessary to replace the software in it, and for the safe combination of three different technologies for biometric identification of a person, the secret key must be divided into three parts, and to obtain each part of the key, you must use your own biometric technology. In addition to its basic functions, the new smartphone software must convert a voice passphrase into one third of the secret key or its container. The second third of the key should be obtained by analyzing the photographed hand of the user’s hand through identifying in this image the individual geometric parameters of the hand and the relative position of the folds of the skin of the hand formed by squeezing, unclenching the palm of the hand or its back. The third part of the key can be obtained by processing the digitized 3D accelerations of the smartphone received by the user when they write out the numbers of the PIN code in the air in front of them. At the same time, a chip of the type MMA7262Q (Micromachined Accelerometer), which digitizes the acceleration of the smartphone’s movement in three planes X (t), Y (t), Z (t), should be used in the smartphone to correct hand shake. The processing of three-dimensional data is described earlier when considering the method implemented by the flowchart of figure 1. The main difference between the third version of the device with combined biometrics is that the key code or the code of the container with the key is not received immediately, but in parts. Next, the secret key of the formation of the EDS is collected from three parts and the EDS is formed.

A positive technical effect from the use of the proposed devices is the release of the user from his binding to a specific corporate workstation. Having the proposed mobile device, the employee carries it with him and is able to safely generate electronic documents by connecting to any PC in the corporation and outside it.

Literature

1. Romanets Yu.V., Timofeev P.A., Shalygin V.F. Information security in computer systems and networks. M .: Radio and communications - 1999

2. Patent No.RU 2287223 C2, IPC H04L 9/32, Method for signing documents by electronic analogue-digital signature and device for its implementation, Application No. 2003125689/09, published November 10, 2006 Bull. No. 31, author Gertner D.A., patent holder of LLC Kreif (RU), address 167000, Syktyvkar, ul. Gorky, house 9, apt. 20.

3. Volchikhin V.I., Ivanov A.I., Funtikov V.A. Fast learning algorithms for neural network mechanisms of biometric-cryptographic information protection. Monograph. Penza - 2005. Publisher of Penza State University, 273 p.

4. GOST R 52633-2006 “Protection of information. Information security technique. Requirements for highly reliable biometric authentication. ”

5. Eurasian patent No. EA 4262 B1 “Device and method for authentication based on biometric data”, IPC ⁷ G06K 9/00, patent publication date 02/26/04, priority 06/28/2001 SG PTC / SG 01/00134, applicant TRACK 2000 INTERNATIONAL LTD (SG), inventors Poo Teng Pin, Lim Lai Chuan (SG), patent attorney Medvedev V.N., Pavlovsky A.N. (RU).

Abbreviations used in the description:

EDS - electronic digital signature;

PC - personal electronic computer;

PIN - personal identification number.

Claims (4)

1. A method of generating electronic documents, which consists in using a pair of secret and public keys to generate and verify an electronic digital signature, as well as scan a biometric image of a person signing an electronic document, the secret key is used in explicit form or placed in a container opened by a personal PIN -user code, characterized in that the owner of the secret key several times presents examples of his biometric image and finds biometric parameters examples of its biometric image, then forms a network of artificial neurons that connects each of the biometric parameters with a set of outputs of the neural network, and the number of outputs of the neural network is set equal to the length of the secret key or the length of the key storage container, then the neural network is trained to convert examples of its biometric image into the code of the secret key or its container, further information about the secret key or about its container is destroyed, examples of the biometric image on which the network is used are also destroyed studied essential neurons, then only the description table of the connections of the trained neural network and the table of the coefficients of these connections are stored, when forming an electronic digital signature, a person presents his biometric image, then the corresponding biometric parameters of this biometric image are determined and fed to the inputs of the trained neural network, the output code of the neural network used to generate an electronic digital signature, then, using the public key, check the electronic digital signature covering the electronic a throne document, if the electronic digital signature is incorrect, the procedure is repeated, again presenting the biometric image of the signer. 2. The method according to claim 1, characterized in that additional security attributes are added to the electronic document such as: the number of attempts to present a biometric image when generating an electronic digital signature, the number of incorrect bits in erroneous codes, the current time of each attempt to generate an electronic digital signatures, a description of the configuration of the electronic digital signature generation system at the time of each attempt to generate an electronic digital signature under the generated electronic document, while The above security attributes are duplicated in independent biometric security audit records, regardless of whether the user managed to correctly generate an electronic document or not, and in case of unsuccessful attempts to generate an electronic digital signature, independent codes that occur at the outputs of a trained neural network are recorded in an independent biometric security audit upon unsuccessful attempts to form an electronic digital signature. 3. The method according to claim 2, characterized in that they use the additional automatic generation of an electronic digital signature, covering the content of the electronic document after checking the previous electronic signatures and security attributes in the original electronic document by comparing them with valid values, as well as after checking the biometric security attributes previously recorded in an independent biometric audit that accompanies a renewable electronic document. 4. The device for implementing the method according to claim 1, consisting of a housing in which a communication port with external devices, a processor, protected memory, inaccessible to external devices, a memory accessible to external devices, a digital image converter in the form of a sound converter, and / or an image reader of lines of the skin of a finger, and / or a digital camera, and / or an optical transducer of coordinates of the position of the device in space, and / or an optical transducer of motion parameters of the device in space nstve, and / or acceleration transducer movement in space, characterized in that a table describing relations and communication parameters trained neural network, as well as all data related to the formation and use of artificial neural network, located in the protected memory area.

Images