RU2543928C1 - Method for generation of electronic document and its copies - Google Patents

Abstract

FIELD: electricity.

SUBSTANCE: method for generation of electronic document and its copies consists in generating a pair of public and private keys, registering of public key at certification authority, forming the first electronic digital signature under data in electronic document by means of the private key, comparing of the first electronic digital signature featured by the fact that in electronic document the originator of this electronic documents generates own autograph, reproduces this autograph at PC display and captures it by the limiting frame; then autograph in the limiting frame is converted to a binary file with line thickness of one pixel and this binary file is united with the signed electronic file, data on size of the graphic binary file with autograph are also introduced to it, then generated data combination is signed by the second electronic digital signature.

EFFECT: enhanced protection of electronic documents.

3 cl, 1 dwg

Description

The invention relates to the field of telecommunications, more specifically to the field of electronic document management, which allows quickly and with high reliability to authorize each created (received or used) document. The invention also relates to the field of creation and authentication of conventional paper documents.

Currently, a widespread way to create electronic documents in the format of "PDF", which along with the text embedded graphic image of the signature (autograph) of the person who created this document. In particular, such tools for the production of electronic documents are produced by a number of companies, which include:

- US firm SignNow [1] produces the product of the same name;

- US firm HelloSign [2] produces the product of the same name;

- US company Smile [3] releases the product "PDFpenPro 6";

- Slovak company APIS [4] launches the product "Signosign / 2".

A positive feature of all the above technical solutions is that they are familiar to people. In particular, a document with a signature in the PDF format is easily converted into a paper copy by printing on a printer.

The main disadvantage of this method of generating electronic and paper documents is that it is built on full trust in the source of the document (the person who creates it). This method does not protect against forgery of electronic documents and their paper copies. The signature under it is easily removed from the original PDF document, and then this attribute of the document can be embedded in any fake document.

Another drawback of the method of embedding a picture of a genuine signature in an electronic document or its paper copy is that only a person who knows the features of the signature of the owner of the document can evaluate the authenticity of the handwritten signature (the authenticity of the electronic document and the feasibility of making paper copies).

They try to eliminate the last drawback by storing the automatic control of the biometric parameters of the handwritten autograph in the document. So, the Japanese company Cyber-SIGN [5] sells the products “Cyber-SIGN Acrobat” and “Cyber-SIGN MSWords”. Also, the American company CIC [6] sells the Sign-it product, and the Russian company STC KASIB launches the SignToLogin product [7]. These products control the quality of the signature in the figure in the electronic document by comparing its parameters with the reference ones. As a result, the user can judge the authenticity of an electronic document with an autograph drawing, based on the data of the software product. The user can evaluate the accuracy of the autograph of a person whom he does not know if he trusts the software product.

The main disadvantage of automatic biometric verification of a signature in an electronic document is that the probability of errors of the first and second kind of biometric verification is high and ranges from 5% to 15%. In addition, the verification result can be easily falsified; it is enough to replace the biometric template that is in the electronic document verification program. Another drawback of electronic documents and a posteriori verification of the static signature in the figure is that they are not suitable for authenticating paper copies of an electronic document with an unfamiliar signature.

The problem of translating electronic documents into parallel paper documents is relevant for a number of corporate technological applications. Electronic documents can be seen and checked only if there is a working electronic computer with a trusted computing environment and trusted means of displaying an electronic document. In the event that the power may be cut off (virus attacks and other force majeure circumstances are possible), they resort to printing an electronic document on paper, followed by the certification of this printout with an additional seal from the personnel department and an additional signature from the person who issued the seal.

Unfortunately, this method is also not reliable, since an attacker is able to scan a document on paper in color, introduce misinformation into it, and print it again. In connection with the relevance of this threat, a method is used that enhances the resistance of paper media to copying. A known method of protecting a document [8]. According to this method, a hologram can be pasted onto a paper copy, which is a serious protection against fakes.

The disadvantage of this method is that they cannot protect copies of electronic documents during their mass use. The use of a large number of holograms makes it difficult to take into account, in addition, removing a genuine hologram from a reliable document and re-attaching it to a fake document allows an attacker to bypass the protection. The more paper documents protected by the hologram will be used, the more difficult it is to implement an effective accounting policy that is in circulation of holograms.

Today, cryptography is the most effective way to protect the integrity and authorization of electronic documents. Several asymmetric cryptography schemes are known that protect the contents of an electronic document with an electronic digital signature [9, 10].

Closest to the proposed technical solution is a method for generating and verifying the authenticity of an electronic digital signature [10], which certifies an electronic document, which consists in generating a secret key in the form of at least one bit string, and using the secret key, form the public key Y in in the form of more than one bit string, an electronic document is received, represented by the bit strings H ₁ , H ₂ , ..., H _z , where z≥1, depending on the received electronic document and the value of the secret key, form an electron digital signature Q in the form of a set of multi-bit binary numbers e, S ₁ , S ₂ , ..., S _u , where 1≤u≤8, depending on the public key, the received electronic document and electronic digital signature, the first A and second B verification bit strings, compare them, and if their parameters match, they conclude that the electronic digital signature is authentic.

The main disadvantage of ALL existing methods of cryptographic protection of electronic documents is that they are only functional in a trusted computing environment with a trusted means of displaying information. If the trusted computing environment does not work (power is turned off, a virus attack has passed, the integrity of executable software modules for verifying electronic digital signatures has been violated), you cannot verify the authenticity of the electronic document.

The objective of the invention is to expand the functionality of existing electronic document management systems by ensuring the creation of an unlimited number of paper copies of an electronic document, each of which has the legal significance of its electronic original, and each paper copy can be used by people in the usual document management of ordinary paper media of reliable information. According to the proposed method, a reliable connection is made between electronic document management and ordinary paperwork without additional costs for the services of notaries certifying copies of paper documents.

The problem is achieved in that in the method of generating an electronic document and its copies, which consists in creating a pair of public and private keys, registering the public key in a certification center, form the first electronic digital signature under the information of the electronic document using a private key, conduct comparing the digital signature according to the invention in an electronic document using the author of the electronic document form his autograph, reproducing this autograph on a computer screen and covering it with an antique frame, then the autograph in the bounding box is converted into a binary file with a line width of one pixel and this binary file is combined with a signed electronic document, data about the frame size of the graphic binary file with an autograph are also entered into the document, then the second electronic digital signature is created by signature. The objective is achieved in that the method forms copies of an electronic document on paper by printing on paper the public key of the author of the document and the data of the certification center where the public key is registered, the text of the document itself, a graphic file of the first electronic digital signature under the document, data about the size of the graphic file with the autograph of the author of the electronic document, data on the image of the autograph of the author of the electronic document, the second electronic digital signature of the document, at the same time covering the entire text document and graphic file autographed by the author of the electronic document.

The task is also achieved by the fact that in the method of generating an electronic document and its copies, consisting in the fact that each of several authors of an electronic document creates a pair of public and private keys, registers the public key in a certification center, forms the first electronic digital signature under the electronic information document using a private key, compares a digital signature, according to the invention in an electronic document using several authors of an electronic document form their autogra AFAs reproducing these autographs on a computer screen and enclosing them with a bounding box, then the autographs in the bounding box are converted into a binary file with a line width of one pixel and this binary file is combined with a signed electronic document, and the frame size of the graphic binary file is also entered into the document with each autograph, then each of the authors signs the created data combination with a second electronic digital signature.

Achievable technical result is that a binary image of the autograph of the author who generated it appears in an electronic document. That is, people who know the autograph of the author of the document can check the document according to the familiar autograph, even when the document is printed on paper. Moreover, the reliability of the content of the document, as in the prototype method, is high, since an electronic digital signature is stored under the text of the document (in full accordance with the traditional technology for generating an electronic digital signature). The legal significance of the contents of the document remains.

An important advantage of the proposed method in comparison with the prototype is that the user of an electronic document who knows the author’s signature can be sure that the author signed the document (there is no fact of compromising his private key). This confidence arises if the trusted software that forms the electronic digital signature verifies its integrity and inserts into the document not any images, but only autograph images personally reproduced by the author on the computer screen.

Thus, the implementation of the proposed method according to claim 1 of the claims allows the user of the electronic document to hope that the author who signed the document at the same time possessed both a private key and the ability to reproduce an autograph. The guarantee that the autograph is not substituted (the graphic file from another document is not substituted) is the second electronic digital signature placed under the autograph, which simultaneously covers the content of the document itself, and the first electronic digital signature under it, and the graphic binary autograph file included in the electronic document.

It should be emphasized that the procedure for binarizing the signature image used in the proposed method (all gradations of brightness and noise outside the signature line are deleted) guarantee protection of the integrity control of the graphic file embedded in the electronic document. If attempts are made to attack a second digital signature by mixing in noise or other distortion of the graphic file while looking for collisions of the hash functions of the second digital signature, then these manipulations will be visible with the eye on the image of the graphic file. A user checking an electronic document for the similarity of an autograph in it to the signature of its author should control the absence of any additional graphic inclusions in the graphic file. The autograph should be similar to the original in the number of possible detachments and have a blank field in which it is reproduced. Then the probability of a substitution attack through the search for collisions of the calculated hash function during the formation of the second electronic digital signature is negligible. With a hash function length of 256 bits (in accordance with the Russian standard for hashing), the probability of collisions will be close to 2 ^-256 .

The technical result achieved is also that sufficient information is applied to the paper copy to verify the paper document organoleptically (looking at the graphic file) and cryptographically by checking two electronic digital signatures entered in the paper document. The first effect of the possibility of organoleptic verification is obvious, the examiner looks at the graphics of the autograph in the document and, if he is familiar with the signature, he recognizes the document as reliable.

For cryptographic verification of the validity of a paper document, the document itself must be scanned and recognized in it is the public key and the address of the certification center. It is also necessary to recognize the text of the document and restore the graphic signature file in the document to the dimensions specified in it. You should also recognize the code symbols of the second electronic digital signature. Next, use the public key of the electronic digital signature of the document to verify the first digital signature under the information part of the document. If the content of the document is not changed, then using the public key, the verifier receives the same sequence as in the first digital signature.

Further, for cryptographic authentication of the autograph image file, the verifier using the public key checks both the contents of the document and the contents of the restored image file. In this case, the verifier receives a code that matches the code of the second digital signature. If the codes of the first and second digital signatures coincide, the inspector can be sure that he is holding a reliable paper copy of the electronic document. If the verifier does not know the author’s public key code in advance, then he must contact the certification center where this key is registered and download his certificate from the website of this certification center.

Thus, any reviewer can verify the accuracy of the information contained in his paper copy. In this case, a two-level verification of the document is carried out. The verifier evaluates the similarity of the signature to a known one and additionally checks the cryptographic content of the document on paper. Obviously, cryptographic verification is more reliable than checking for the presence of a holographic sticker on a document. It is obvious that organoleptic verification of the authenticity of information according to the outlines of a familiar autograph is much more convenient than cryptographic verification of the contents of a document.

A technical positive result also consists in the fact that several people form the document, and its users are convinced of the reliability of the document, checking only the autographs of those people who know well. All the information necessary for verification is already available in the created documents.

If the person forming the collective document does not agree with its information content, the dissent makes adjustments to the information part, then the first one himself signs the document with his electronic digital signature, then he inserts his autograph in the document and re-signs this combination with his second electronic digital signature. Next, the initiator of the revision to the document sends it to other persons who are forming this document. In fact, the technology of collective formation of electronic documents is proposed, while a collective electronic document can be printed on plain paper and verified according to claim 2. The combination of claim 2 and claim 3 of the claims follows from their essence and is not subject to protection.

The figure shows an embodiment of the proposed method according to claim 1 and claim 2 of the claims when implementing an electronic document in "PDF" format and a reliable copy on paper, where: 1 - the complete information field of the entire reliable document; 2 - a field for placing the public key code of the author of the document in the form of a barcode or in the form of any other encoding; 3 - a field where information about the certification center is located, where the public key of the signatory is registered and where you can download the public key certificate; 4 - field of reliable content of the document in the form of text; 5 - the field where the first electronic digital signature is placed, covering the text file of the document in the field - 4; 6 - a field where the text about the size of the graphic file with the autograph of the author of the electronic document is placed; 7 - the field where the image of the autograph of the author of the electronic document is located; 8 - the second electronic digital signature on the document simultaneously covering the entire text document and graphic file autographed by the author of the electronic document.

It should be noted that when implementing the proposed method of generating reliable electronic documents and their reliable copies on paper, the mutual placement of the information fields of the document can be any. Where and which fields of the document are located is set by software that implements the proposed method. It is critical that the document contains relevant information and a framework that limits the information fields. A framework is necessary so that information from different fields is not mixed up when it is extracted from a PDF document or from a scanned electronic image of a reliable document on paper.

The need for two electronic digital signatures in the document (field 5 and field 8) is due to the different nature of the information they protect. The first electronic signature (field - 5) covers the text of the document in the form of ordinary letters in the language of the document. When scanning this document, scanning errors and incorrect recognition of several letters in the document or characters (period, comma, colon) are possible. If an error occurred during scanning, the first electronic digital signature will not match the data in the field - 5. That is, the content of the scanned paper document is distorted (not correct).

Correction of a small number of errors in the content of the document is carried out in the usual way. The first way is to correct the document for the reader (gross grammar errors are eliminated by involving any of the existing text editors). The second more reliable way is to completely enumerate possible 1, 2, 3, 4, 7 errors in the text. With a small number of errors of recognized characters of the letters of the text, the search operation from 1 to 7 possible errors is quite technically feasible and takes several minutes of computer time. If it was not possible to correct the errors in a short period of time, then the document should be re-scanned and symbols recognized in its fields again.

After confirming the reliability of the content of the document, an autograph is checked under it. For this purpose, the autograph line (s) is restored so that the line thickness is fixed and is one pixel. After that, the second electronic digital signature (field - 8) is checked, covering the text of the authentic document, the first electronic digital signature (field - 5) and the graphic binary autograph file. If the second electronic digital signature is incorrect, then the position of the autograph lines is adjusted by shifting them one or two pixels up, down, right, left. In addition, they carry out permutation of 1, 2, 3, 4, ... 16 pixel lines in the places of jumps in the signature lines by one bit. In fact, small deformations of the signature line are performed until the EDS of the graphic file and the document with the EDS in the field - 8 coincide. If, for a short time of permutations, the desired value of the second electronic digital signature cannot be reached, then the signature of a reliable document is considered invalid. When correcting possible errors in a binary graphic file, it is permissible to use classical codes with error detection and correction. In this case, an additional field with the syndromes of errors of the used classical code should be introduced into the document.

In general, the proposed method has new useful qualities; when it is implemented, it is possible to ensure reliable communication of reliable electronic documents in PDF format and two electronic digital signatures with reliable copies of these documents on paper. Copies of electronic documents on paper do not lose the main property of electronic documents - high reliability, quickly verified by cryptographic procedures. According to the proposed method, the gap between the high reliability of electronic documents and the relatively low reliability of ordinary copies of paper documents is bridged.

Information sources

1. SignNow company website [Electronic resource] - Access mode: http://www.signnow.com

2. HelloSign company website [Electronic resource] - Access mode: http: ///www.hellosign.com

3. Smile website [Electronic resource] - Access mode: http://smilesoftware.com

4. Website of the company APIS [Electronic resource] - Access mode: http://www.biometria.sk

5. Website of the company Cyber-SIGN [Electronic resource] - Access mode: http://www.cybersign.com

6. Website of the company CIC [Electronic resource] - Access mode: http://www.cic.com

7. The site of the company STC "KASIB" [Electronic resource] - Access mode: http://signtologin.com

8. Patent No. 2461882 RU, G07D 7/00, published September 20, 2012

9. Patent No. 2409903 RU, H04L 9/14, published 02/10/2009

10. Patent No. 2401513 RU, H04L 9/32, published on 10/10/2010

Claims (3)

1. The method of generating an electronic document and its copies, which consists in creating a pair of public and private keys, registering the public key in a certification center, form the first electronic digital signature under the information of the electronic document using a private key, compare the first electronic digital signature characterized in that in the electronic document with the help of the author of the electronic document form his autograph, reproducing this autograph on the computer screen and covering it with a bounding box, yes Next, the autograph in the bounding box is converted into a binary file with a line width of one pixel and this binary file is combined with a signed electronic document, the frame size of the graphic binary file with an autograph is also entered into the document, then the created data combination is signed with a second electronic digital signature. 2. The method according to claim 1, characterized in that they generate copies of the electronic document on paper by printing on paper the public key of the author of the document and the data of the certification center where the public key is registered, the text of the document itself, a graphic file of the first electronic digital signature on the document , data on the size of the graphic file autographed by the author of the electronic document, data on the image of the autograph of the author of the electronic document, a second electronic digital signature on the document, simultaneously but covering the entire text document and graphic file autographed by the author of the electronic document. 3. The method of generating an electronic document and its copies, which consists in creating a pair of public and private keys, registering the public key in a certification center, form the first electronic digital signature under the information of the electronic document using a private key, compare the first electronic digital signature , characterized in that several authors of an electronic document create several pairs of public and private keys, register several public keys in a certification center, form several the first electronic digital signatures under the electronic document information using several private keys, a comparison of digital signatures is carried out, with the help of several authors of the electronic document their autographs are generated, reproducing these autographs on a computer screen and covering them with a bounding box, then autographs in a bounding box are converted into a binary with a line width of one pixel and this binary file is combined with a signed electronic document, data on the size of the graphic frame are also entered into the document th binary file with every autograph, then each of the authors created a combination of data signs the second digital signature.