WO2024059884A1 - Verification and identification process records using digital signatures - Google Patents

Verification and identification process records using digital signatures Download PDF

Info

Publication number
WO2024059884A1
WO2024059884A1 PCT/VN2023/000005 VN2023000005W WO2024059884A1 WO 2024059884 A1 WO2024059884 A1 WO 2024059884A1 VN 2023000005 W VN2023000005 W VN 2023000005W WO 2024059884 A1 WO2024059884 A1 WO 2024059884A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
digital
data
udata
records
Prior art date
Application number
PCT/VN2023/000005
Other languages
French (fr)
Inventor
Minh Huy Tran
Ngoc Tam NGUYEN
Original Assignee
Minh Huy Tran
Nguyen Ngoc Tam
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Minh Huy Tran, Nguyen Ngoc Tam filed Critical Minh Huy Tran
Publication of WO2024059884A1 publication Critical patent/WO2024059884A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Definitions

  • the present invention relates to an electronic device for authentication, identification, and a procedure for authentication, identification, and digitization of various types of records, documents and writings using this device.
  • a digital signature is a form of electronic signature created by the transformation of a data message using an asymmetric cryptography system, whereby the person who obtains the original data message and the signer's public key can correctly identify as follows: the above-mentioned transformation is created with the correct secret key corresponding to the public key in the same key pair; the content integrity of the data message since the implementation of the above-mentioned transformation.
  • a token is a device that has been encrypted with all the information and data of an individual, organization- or -business.
  • the digital signature will have the same value and replace the hand signature in transactions on the e-commerce environment.
  • Digital signatures are established based on RSA public encryption technology. Each business unit when provided and using digital signature will have a public key and a private key.
  • Private key an indispensable part of the key pair when creating digital signatures.
  • the secret key belongs to the asymmetric encryption system.
  • Public key the type of key that is indispensable in the key pair when checking digital signatures.
  • the public key is in a non-confidential encryption system, and is generated by the corresponding secret key in the key pair.
  • Signer the subscriber's subject will use the secret key provided to digitally sign a data message in his/her name.
  • Recipient an organization, business or an individual will receive a digitally signed data message through the use of the signer's digital certificates, check the digital signature on the received data message. And then continue to carry out related activities and transactions.
  • Digital signature the user inserts his/her secret key into the auto-generated software. Then, attach the digital signature to the data message to be signed.
  • USB Token is one of the first digital signatures on the market. This is also the most commonly used number. Until now, there are many individuals, organizations and businesses that choose to use USB Token to sign official documents, contracts, public administrative transactions, etc.
  • the USB Token carries a characteristic feature of a particularly secure hardware device. On the outside, the USB Token is designed to resemble a regular USB. You need to install digital signing software on your computer, then plug in the USB, sign in to the digital signature with your PIN. During the digital signing process, the USB Token will use the preinstalled algorithms to authenticate and digitally sign the user.
  • USB Token All information of organizations and businesses will be encrypted in USB Token.
  • Each unit when registering to use digital signatures will have key pairs including a private key and a public key.
  • Secret key includes the confidential information of the customer. This is the part of the key that generates the digital signature.
  • Public key the part of the key that contains the customer's public information.
  • USB Token has been used extremely popular because this type of digital signature has the following advantages: extremely high security, easy to use, good price, large storage capacity, fast update, information processing at high speed, data up to 32 bits.
  • USB Token still has some disadvantages: it is required to connect to a computer to be able to perform digital signature operations; if the computer fails, the USB Token cannot be used either; depends on a single token, cannot decentralize users.
  • HSM Hardware Security Module
  • HSMs are a security device with the function of managing and protecting key pairs, digital certificates for strong authentication applications and cryptography processing.
  • HSMs are usually produced as a PCI card plugged into a computer or a standalone device with a network connection.
  • HSM is one of the most outstanding digital signatures in the market today. Therefore, compared to previous types of digital signatures, HSM is upgraded with the most outstanding features: the hardware of digital signatures .
  • HSM digital signatures is used to perform operations to manage and protect electronic key pairs to improve the speed of data authentication and encryption; perform tasks at a high speed of up to 1200 tasks in a second; specialized for businesses that have to sign many numbers, the need to support automatic digital signatures and perform operations quickly; can use online HSM digital signatures through online accounts created by HSM itself; flexible decentralization of HSM digital signatures at anytime and anywhere; preserving the integrity of digital data, contracts and digital documents on the electronic environment.
  • HSM digital signature the ability to authenticate digital information quickly and accurately; high legal nature; apply with many signatures in large transactions; use at all times, flexibility in all cases; high security; ensure the integrity of documents.
  • HSM digital signatures difficult to control all transaction flows when using; account dependency (OTP code, username - password, etc.); certain shelf life.
  • Smartcard The type of digital signature that is also being used quite commonly in businesses and individuals today is Smartcard. Smartcards are designed to look like a phone sim card provided by some carriers or service providers for research and development. The most striking feature of this type of digital signature is being integrated with a sim card on a mobile phone or any other electronic device. Even if the user's device is not connected to the Internet, it can still be digitally signed using Smartcard. Advantages of Smartcard digital signature: quite flexible in all cases, all devices; compact, convenient by Smartcard has been integrated with the phone sim; the cost of using Smartcard is quite low and reasonable.
  • Smartcard digital signature the security is not high; when using Smartcard, customers are required to use the sim card of the same carrier to integrate the digital signature provided by that carrier; in case the customer is abroad or outside the coverage area, the digital signature with Smartcard will not be possible.
  • Remote signature also referred to by other names such as online digital signatures, mobile digital signatures, etc.
  • the characteristic of this type of digital signature is that there is no need to use hardware devices and digital signatures can still be performed on any device and at any time.
  • the remote signature is additionally applied to the standards of identity, trust service and electronic authentication according to the European standard elDAS.
  • the user will entrust the management and authentication of the secret key to the selected digital signature provider.
  • each provider will have different security methods, ensuring the safety and integrity of the most optimal digital documents.
  • remote signature fast signing speed, many; ensure safety, legal; flexible use at all times; use does not depend on hardware devices.
  • QRCode application which is the method of using the application for 2-step verification.
  • One of the authentication steps is the QRCode generated from that application.
  • the invention is proposed to solve the above problems.
  • the present invention provides embodiment for the purposes as set forth below.
  • One purpose of the present invention is for application in the validation of types of documents, papers, which require validation, the identity of the records of an authorized entity may be an individual or organization.
  • Another aim of the invention is to apply a solution that helps to implement the digitization of records and documents, eliminate the elements of forgery of signatures on records, falsify records, identify the person responsible on such records by authentication method through the identification and authorization device when the records are signed.
  • Another purpose of the invention is to solve problems in the background of digitizing records, papers, and documents. Help relieve the pressure of archiving hard copy/paper records, applications in state administrative records management, office records, contracts, agreements, notarial records, testimonials, etc.
  • Another purpose of the invention is to apply in authentication, identification of records, papers, transactions on online and offline platforms safely and quickly without necessarily using a computer that can the application performs authentication right on the smartphone.
  • the present invention proposes a process of document authentication according to authority, a function that can replace the existing authentication token (digital signature) technology on the market, ensuring high security and safety in transactions, authentication real, need high identity.
  • the invention is considered as an additional security layer, integrated with the security and verification methods, which is a measure to support security and authentication in online transactions and authentication of Application software. In case hackers attack network, software data causes unnecessary losses due to security and authentication.
  • the present invention proposes a solution to help digitize records and documents, eliminate elements forging signatures on dossiers, forging records, identifying responsible people on dossiers. That document by the method of authentication through an identification device, decentralizing authority when the record is signed, storing changed information, editing the file before the time of finalizing the content of the document (doing directly at a recording system instead of sending emails to exchange information manually).
  • the solution solves the outstanding problems in the archiving of papers and records, verification of fake records or identification of the person responsible for signing the dossier, its papers and its legal responsibilities.
  • the system is not available yet, not meeting the needs of archiving and preserving office records. Application, checking system information for the form of digitalization is not high, not applicable in cases of using digital records (online system archives/management software) to perform duplication and authentication of documents.
  • an embodiment of the present invention proposes an authentic solution (which, in this description, may be referred to as the solution “TrueVerified” ⁇ . It is possible to do that while ensuring maximum forgery of documents and records and identifying the subject and object responsible for such records and documents based on the digital signature information of the device.
  • Digital signature in this invention, a digital signing device can be called under the name “ColdKey”) assigned identifiers for each matching object.
  • the information used for authentication is stored offline and encrypted by the RSA algorithm (Riyest - Shamir - Adleman). This helps keep credentials secure and can barely be hacked or copied by others unless the owner itself exposes the information.
  • the solution also helps online and collective work and activities take place easily by storing information related to editing, commenting, etc., real people available for records directly on the record keeping system.
  • the authentication process is performed online or offline on a case-by-case basis so that the authentication application can view the authentication profile by offline and online methods in a flexible and easy manner.
  • the authentication application can view the authentication profile by offline and online methods in a flexible and easy manner.
  • other authentication methods such as tokens, which have to rely on computers to sign authentication, users can use smartphones to directly perform this authentication.
  • the authentication execution speed will be much faster because there is no need to wait for the authentication system to return the authentication code, and the user must enter the authentication code to send it back to the system for authentication as other methods.
  • Figure 1 Diagram of the system block implementing the process of document authentication and identification according to an embodiment of the invention
  • Figure 2 a diagram comparing an authentication process according to an existing state of the art and an embodiment of the present invention
  • Figure 3 a schematic diagram of an authentication process according to a specific embodiment of the present invention.
  • the solution is composed of an operating model combining a digital signing device according to the present invention, a digital signing device reading device according to the present invention, application software (mobile app, desktop app, website), a server software system responsible for information authentication.
  • application software mobile app, desktop app, website
  • server software system responsible for information authentication.
  • the digital signing device of the present invention must have a fixed code that is a unique identifier (Unique Identifier, UID) and a string of randomly variable data (Unique Data, UData).
  • UID unique identifier
  • UData Unique Data
  • Devices that read the digital signing device of the invention are devices that can read the data in the digital signing device of the present invention.
  • user terminals have built-in functionality to read data stored in the stated digital signing device.
  • the application software has a task of connecting to the reading device of the digital signing device according to the present invention to read and write data to the digital signing device according to the present invention, and communicates with the software on the server to authenticate the information data.
  • the server software is responsible for receiving information data from the application software for processing (decoding or not) and validating whether the data is valid. At the same time, when the authentication is successful, data 'is returned (encrypted or not) to the mobile application and through the reading device to update the data into the UData area of the digital signing device according to the invention.
  • Digital signing device of the present invention is a device or an item that stores two information UID and Udata, in a preferred embodiment of an RFID chip, or the like.
  • UID An immutable, duplicated code sequence of the digital signing device of the present invention.
  • UData store the non-overlapping and deformable data information of the Digital Signing Device according to the present invention.
  • Application software mobile application software on smartphone platforms (smartphone), or website, or desktop application software (desktop); or a smartphone designed or integrated with a communication method with a digital signing device according to the invention and an authentication system.
  • the application software will store a public key called Public Key to encrypt the data.
  • Authentication system is a server software system with built-in authentication function, on this system will store the private key corresponding to the public key on the application software.
  • Public Key is the public key in the RSA encryption algorithm, which can only be used for encryption but cannot be used for decryption.
  • Private Key is the private (secret) key in the RSA encryption algorithm, this key is used to decrypt the information string encrypted by the corresponding Public Key.
  • Database is where the data information of the system is stored.
  • Figure 2 shows two authentication methods, one that is completely online according to the technical condition and potentially compromised by hackers, the other according to the invention as analyzed below.
  • the authentication method is combined in parallel by two online and offline platforms.
  • the method of validation by the offline device is a required condition in the authentication process to ensure a successful transaction. Because of the principle that hackers entering the system can only attack the online security system, but cannot attack or interfere with the online security method through the authentication code of the digital signature device according to the invention offline unless the user reveals information himself or poorly preserves the digital signature device according to the invention.
  • the authentication is performed by a support system software, whose account is granted to the user.
  • a support system software whose account is granted to the user.
  • each user is given an identifier device called a digital signing device of the present invention.
  • UID is not duplicate
  • Udata is a data series that can change the information at each use, resulting in a series of data that is not duplicate and cannot be faked
  • authentication, identification, digitization of records, documents, and vouchers is more secure than ever.
  • This method is thoroughly applied in digitizing each record and attachment. Records are tracked and monitored on a page-by-page basis with detailed content, saved, and traceable to the process, content and person who edited the document. After closing the document, the dossier is approved by the competent person to digitally authenticate the document, triggering the legal effect of the digitally signed document.
  • Step 1 through the user terminal, at the interface of the application software, the user (user) logs in with the system account, then the terminal performs a digital signature device scan according to the present invention to verify the identity of the user.
  • Step 2 The user attaches the document file to the agreement, which needs to be checked and signed by an authorized person.
  • Step 3 User (s) check records, send editing documents or attach editing contents to the system. Correction information, comments, etc. are recorded by the system and are an integral part of the dossier when the contents are closed and approved, validated and signed by the competent person.
  • Step 4 The profile after being authenticated will be sealed, not allowing direct editing.
  • In the related data stream will be stored the documents related to the main record with the form of attachment, editing the same.
  • Step 5 determine the value of digitized records. Records are stored on the system as an encrypted, unmodified PDF file that can be viewed directly on the system or downloaded and allowed to be printed. However, depending on the conditions and legal requirements for authentication of the record, the case where the profile is printed directly by the user will not guarantee the legality of the authenticity of the profile.
  • the notary is responsible for checking, collating and verifying the contents and forms of documents for photocopies from system records with specific profile information in the system.
  • Notarial records should be chipped to monitor and digitize the records of notaries and attestations.
  • Step 1 Reading the unique identifier (Unique Identifier, UID) information and the non-duplicate unique string (Unique Data, UData) data on the digital signing device according to the present invention by the user terminal and displaying it through the application software, to identify the user (the person holding the authentication role).
  • UID Unique Identifier
  • UData Unique Data
  • Step 2 Encrypting the UID information, UData and other data using the RSA algorithm into an encrypted sequence by the user terminal using the application software containing the public key.
  • Step 3 Send the encryption string with the public key to the authentication system through the application software by the user terminal.
  • Step 4 Decrypt the encrypted string into UID, UData and other data by the server in the authentication system using the private key corresponding to the public key attached in the above step.
  • Step 5 check the validity of UID, UData by the server in the authentication system; If the result is valid, the authentication system will create a new UData (unique and not duplicate) and send it back to the application software.
  • Step 6 Update the new UData for the digital signature device according to the invention by the user terminal through the application software.
  • the digital signature device solution of the present invention provides the user with almost absolute security.
  • the systems and techniques described herein may be implemented in a computer system that includes a back end component (e.g., a data server) or that includes a firmware component (e.g., an application server) or that includes a user interface component (e.g., a client having a graphical user interface or a Web browser through which a user may interact with an implementation of the systems and techniques described herein), or any combination of such back end, firmware, front end components.
  • the components of the system may be interconnected by any form or means of digital data communication (e.g., communication network). Examples of communication networks include local area networks (LANs), wide area networks (WANs), and the Internet.
  • a computer system can include clients and servers. Clients and servers are often far apart and often interacting through communication networks. Client- server relationships arise because computer programs run on corresponding computers and have client-server relationships with each other.

Abstract

The present invention relates to a process for authenticating and identifying records and documents by means of a digital signature device with improved security and ease of use. In particular, the digital signing device according to the invention must have a fixed code that is a unique identifier (Unique Identifier, UID) and a string of randomly variable data (Unique Data, UData). This device can be read by mobile terminals such as smartphones without the need for a USB interface. Process according to the invention. The authentication process is performed by a support system software, whose account is granted to the user. In addition to identification by user account and password, each user is given an identifier device called a digital signing device of the present invention. With the descriptive information of the digital signing device according to the present invention such as a non-duplicate, immutable UID and Udata which is a data string that can change information at each use, resulting in a series of data that are not duplicated and can not be faked; the authentication, identification, digitization of records, documents, and vouchers are kept with maximum security.

Description

VERIFICATION AND IDENTIFICATION PROCESS
RECORDS USING DIGITAL SIGNATURES
Field of the invention
The present invention relates to an electronic device for authentication, identification, and a procedure for authentication, identification, and digitization of various types of records, documents and writings using this device.
Background of the invention
Entering the digital technology era, the application of science and technology to life, production and business activities are an inevitable trend. Typically, the use of digital signatures must be mentioned, because digital signatures are considered smart technology solutions and useful in electronic transactions.
A digital signature is a form of electronic signature created by the transformation of a data message using an asymmetric cryptography system, whereby the person who obtains the original data message and the signer's public key can correctly identify as follows: the above-mentioned transformation is created with the correct secret key corresponding to the public key in the same key pair; the content integrity of the data message since the implementation of the above-mentioned transformation.
Or in a simpler way, a token is a device that has been encrypted with all the information and data of an individual, organization- or -business. The digital signature will have the same value and replace the hand signature in transactions on the e-commerce environment.
Structure of the digital signature
Digital signatures are established based on RSA public encryption technology. Each business unit when provided and using digital signature will have a public key and a private key.
Private key: an indispensable part of the key pair when creating digital signatures. The secret key belongs to the asymmetric encryption system.
Public key: the type of key that is indispensable in the key pair when checking digital signatures. The public key is in a non-confidential encryption system, and is generated by the corresponding secret key in the key pair. Signer: the subscriber's subject will use the secret key provided to digitally sign a data message in his/her name.
Recipient: an organization, business or an individual will receive a digitally signed data message through the use of the signer's digital certificates, check the digital signature on the received data message. And then continue to carry out related activities and transactions.
Digital signature: the user inserts his/her secret key into the auto-generated software. Then, attach the digital signature to the data message to be signed.
The most commonly used types of digital signatures today
USB Token Digital Signature
The USB Token is one of the first digital signatures on the market. This is also the most commonly used number. Until now, there are many individuals, organizations and businesses that choose to use USB Token to sign official documents, contracts, public administrative transactions, etc.
The USB Token carries a characteristic feature of a particularly secure hardware device. On the outside, the USB Token is designed to resemble a regular USB. You need to install digital signing software on your computer, then plug in the USB, sign in to the digital signature with your PIN. During the digital signing process, the USB Token will use the preinstalled algorithms to authenticate and digitally sign the user.
All information of organizations and businesses will be encrypted in USB Token. Each unit when registering to use digital signatures will have key pairs including a private key and a public key.
Secret key: includes the confidential information of the customer. This is the part of the key that generates the digital signature.
Public key: the part of the key that contains the customer's public information.
USB Token has been used extremely popular because this type of digital signature has the following advantages: extremely high security, easy to use, good price, large storage capacity, fast update, information processing at high speed, data up to 32 bits.
However, USB Token still has some disadvantages: it is required to connect to a computer to be able to perform digital signature operations; if the computer fails, the USB Token cannot be used either; depends on a single token, cannot decentralize users.
HSM Digital Signature
HSM (short for English: Hardware Security Module) is a security device with the function of managing and protecting key pairs, digital certificates for strong authentication applications and cryptography processing. HSMs are usually produced as a PCI card plugged into a computer or a standalone device with a network connection. In order to meet all the usage needs of customers in work applications and improve working performance, HSM is one of the most outstanding digital signatures in the market today. Therefore, compared to previous types of digital signatures, HSM is upgraded with the most outstanding features: the hardware of digital signatures . is used to perform operations to manage and protect electronic key pairs to improve the speed of data authentication and encryption; perform tasks at a high speed of up to 1200 tasks in a second; specialized for businesses that have to sign many numbers, the need to support automatic digital signatures and perform operations quickly; can use online HSM digital signatures through online accounts created by HSM itself; flexible decentralization of HSM digital signatures at anytime and anywhere; preserving the integrity of digital data, contracts and digital documents on the electronic environment.
Advantages of HSM digital signature: the ability to authenticate digital information quickly and accurately; high legal nature; apply with many signatures in large transactions; use at all times, flexibility in all cases; high security; ensure the integrity of documents.
Disadvantages of HSM digital signatures: difficult to control all transaction flows when using; account dependency (OTP code, username - password, etc.); certain shelf life.
Smartcard Digital Signature
The type of digital signature that is also being used quite commonly in businesses and individuals today is Smartcard. Smartcards are designed to look like a phone sim card provided by some carriers or service providers for research and development. The most striking feature of this type of digital signature is being integrated with a sim card on a mobile phone or any other electronic device. Even if the user's device is not connected to the Internet, it can still be digitally signed using Smartcard. Advantages of Smartcard digital signature: quite flexible in all cases, all devices; compact, convenient by Smartcard has been integrated with the phone sim; the cost of using Smartcard is quite low and reasonable.
Disadvantages of Smartcard digital signature: the security is not high; when using Smartcard, customers are required to use the sim card of the same carrier to integrate the digital signature provided by that carrier; in case the customer is abroad or outside the coverage area, the digital signature with Smartcard will not be possible.
Remote signature
Remote signature, also referred to by other names such as online digital signatures, mobile digital signatures, etc., are developed based on the technology of cloud computing. The characteristic of this type of digital signature is that there is no need to use hardware devices and digital signatures can still be performed on any device and at any time. Not only that, the remote signature is additionally applied to the standards of identity, trust service and electronic authentication according to the European standard elDAS. The user will entrust the management and authentication of the secret key to the selected digital signature provider. In order to authenticate the identity of the signatory, each provider will have different security methods, ensuring the safety and integrity of the most optimal digital documents.
Advantages of remote signature: fast signing speed, many; ensure safety, legal; flexible use at all times; use does not depend on hardware devices.
Disadvantages of remote signatures: there are some risks of having digital data stolen.
In addition to the digital signature authentication as described above, it is possible to authenticate using the QRCode application: which is the method of using the application for 2-step verification. One of the authentication steps is the QRCode generated from that application. By setting up a validation app to send notifications to mobile devices, or by sending users a verification code as a secure verification method.
Summary of the invention
Technical problem to be solved
Application of the solution for identity verification in document approval processes requires confidentiality and information security and identity identification and authorization. At the same time, the application process in authentication, approval, identification needs to be done online or offline through system management software.
The invention is proposed to solve the above problems. In particular, the present invention provides embodiment for the purposes as set forth below.
One purpose of the present invention is for application in the validation of types of documents, papers, which require validation, the identity of the records of an authorized entity may be an individual or organization.
Another aim of the invention is to apply a solution that helps to implement the digitization of records and documents, eliminate the elements of forgery of signatures on records, falsify records, identify the person responsible on such records by authentication method through the identification and authorization device when the records are signed.
Another purpose of the invention is to solve problems in the background of digitizing records, papers, and documents. Help relieve the pressure of archiving hard copy/paper records, applications in state administrative records management, office records, contracts, agreements, notarial records, testimonials, etc.
Another purpose of the invention is to apply in authentication, identification of records, papers, transactions on online and offline platforms safely and quickly without necessarily using a computer that can the application performs authentication right on the smartphone.
The present invention proposes a process of document authentication according to authority, a function that can replace the existing authentication token (digital signature) technology on the market, ensuring high security and safety in transactions, authentication real, need high identity.
The invention is considered as an additional security layer, integrated with the security and verification methods, which is a measure to support security and authentication in online transactions and authentication of Application software. In case hackers attack network, software data causes unnecessary losses due to security and authentication.
According to one embodiment, the present invention proposes a solution to help digitize records and documents, eliminate elements forging signatures on dossiers, forging records, identifying responsible people on dossiers. That document by the method of authentication through an identification device, decentralizing authority when the record is signed, storing changed information, editing the file before the time of finalizing the content of the document (doing directly at a recording system instead of sending emails to exchange information manually). In addition, with the digitization of documents, the solution solves the outstanding problems in the archiving of papers and records, verification of fake records or identification of the person responsible for signing the dossier, its papers and its legal responsibilities. With methods to implement the digitization of records, the system is not available yet, not meeting the needs of archiving and preserving office records. Application, checking system information for the form of digitalization is not high, not applicable in cases of using digital records (online system archives/management software) to perform duplication and authentication of documents.
Thus, an embodiment of the present invention proposes an authentic solution (which, in this description, may be referred to as the solution “TrueVerified”}. It is possible to do that while ensuring maximum forgery of documents and records and identifying the subject and object responsible for such records and documents based on the digital signature information of the device. Digital signature (in this invention, a digital signing device can be called under the name “ColdKey”) assigned identifiers for each matching object.
According to a preferred embodiment, with the authentication method, digitally signed by the “ColdKey” digital device, the information used for authentication is stored offline and encrypted by the RSA algorithm (Riyest - Shamir - Adleman). This helps keep credentials secure and can barely be hacked or copied by others unless the owner itself exposes the information.
In addition to anti-counterfeiting, the solution also helps online and collective work and activities take place easily by storing information related to editing, commenting, etc., real people available for records directly on the record keeping system.
According to an embodiment of the present invention, the authentication process, is performed online or offline on a case-by-case basis so that the authentication application can view the authentication profile by offline and online methods in a flexible and easy manner. Instead of other authentication methods such as tokens, which have to rely on computers to sign authentication, users can use smartphones to directly perform this authentication.
According to an embodiment of the present invention, the authentication execution speed will be much faster because there is no need to wait for the authentication system to return the authentication code, and the user must enter the authentication code to send it back to the system for authentication as other methods. Brief description of the drawings
Figure 1: Diagram of the system block implementing the process of document authentication and identification according to an embodiment of the invention;
• Figure 2: a diagram comparing an authentication process according to an existing state of the art and an embodiment of the present invention;
Figure 3: a schematic diagram of an authentication process according to a specific embodiment of the present invention.
Detailed description of the Invention
The solution is composed of an operating model combining a digital signing device according to the present invention, a digital signing device reading device according to the present invention, application software (mobile app, desktop app, website), a server software system responsible for information authentication. In which:
The digital signing device of the present invention must have a fixed code that is a unique identifier (Unique Identifier, UID) and a string of randomly variable data (Unique Data, UData).
Devices that read the digital signing device of the invention are devices that can read the data in the digital signing device of the present invention. According to an embodiment of the present invention, user terminals have built-in functionality to read data stored in the stated digital signing device.
The application software has a task of connecting to the reading device of the digital signing device according to the present invention to read and write data to the digital signing device according to the present invention, and communicates with the software on the server to authenticate the information data.
The server software is responsible for receiving information data from the application software for processing (decoding or not) and validating whether the data is valid. At the same time, when the authentication is successful, data 'is returned (encrypted or not) to the mobile application and through the reading device to update the data into the UData area of the digital signing device according to the invention.
When the information of the digital signing device according to the invention is successfully authenticated, the system will proceed to sign the UID identifier (or RSA encrypted digital signature) on the document. Referring to Figure 1, a schematic diagram of a system for performing an authentication process according to an embodiment of the present invention will be described in detail below.
Digital signing device of the present invention: is a device or an item that stores two information UID and Udata, in a preferred embodiment of an RFID chip, or the like.
UID: An immutable, duplicated code sequence of the digital signing device of the present invention.
UData: store the non-overlapping and deformable data information of the Digital Signing Device according to the present invention.
Application software: mobile application software on smartphone platforms (smartphone), or website, or desktop application software (desktop); or a smartphone designed or integrated with a communication method with a digital signing device according to the invention and an authentication system. The application software will store a public key called Public Key to encrypt the data.
Authentication system: is a server software system with built-in authentication function, on this system will store the private key corresponding to the public key on the application software.
Public Key: is the public key in the RSA encryption algorithm, which can only be used for encryption but cannot be used for decryption.
Private Key: is the private (secret) key in the RSA encryption algorithm, this key is used to decrypt the information string encrypted by the corresponding Public Key.
Database: is where the data information of the system is stored.
. Figure 2 shows two authentication methods, one that is completely online according to the technical condition and potentially compromised by hackers, the other according to the invention as analyzed below.
The authentication method is combined in parallel by two online and offline platforms. The method of validation by the offline device is a required condition in the authentication process to ensure a successful transaction. Because of the principle that hackers entering the system can only attack the online security system, but cannot attack or interfere with the online security method through the authentication code of the digital signature device according to the invention offline unless the user reveals information himself or poorly preserves the digital signature device according to the invention.
With the issuance of online authentication codes in the traditional form such as phone confirmation codes or Smart OTP codes, it is very unsafe and vulnerable to attacks to get data. There is no guarantee of safety in the transaction.
Referring to Figure 3, the authentication and profile identifier process will be detailed as below.
The authentication is performed by a support system software, whose account is granted to the user. In addition to identification by user account and password, each user is given an identifier device called a digital signing device of the present invention. With the description information of the digital signing device according to the invention such as UID is not duplicate, unchanged and Udata is a data series that can change the information at each use, resulting in a series of data that is not duplicate and cannot be faked, authentication, identification, digitization of records, documents, and vouchers is more secure than ever.
This method is thoroughly applied in digitizing each record and attachment. Records are tracked and monitored on a page-by-page basis with detailed content, saved, and traceable to the process, content and person who edited the document. After closing the document, the dossier is approved by the competent person to digitally authenticate the document, triggering the legal effect of the digitally signed document.
Records are stored completely online/stored on the software system, for those who want to store documents offline or use digitally signed documents (archive software system, no paper files are signed live), stamped by the parties), the solution leads to an additional integration process to ensure proper legality for the needs of using paper records. Ensure that the process of digitizing notarization and document authentication activities takes place in parallel and synchronously. Notaries are responsible for checking, evaluating and verifying the contents and forms of records from the system data. Implement the notarization of documents, make sure that the paper documents (notarized copies) are also applied with TrueVerified solutions according to the invention to implement the digitization of system management records and attach an RFID chip to track and authenticate the notarized documents.
The protocol for authenticating records according to a particular embodiment of the present invention is described as follows. Step 1: through the user terminal, at the interface of the application software, the user (user) logs in with the system account, then the terminal performs a digital signature device scan according to the present invention to verify the identity of the user.
Step 2: The user attaches the document file to the agreement, which needs to be checked and signed by an authorized person.
Step 3: User (s) check records, send editing documents or attach editing contents to the system. Correction information, comments, etc. are recorded by the system and are an integral part of the dossier when the contents are closed and approved, validated and signed by the competent person.
Step 4: The profile after being authenticated will be sealed, not allowing direct editing. In the related data stream will be stored the documents related to the main record with the form of attachment, editing the same.
Step 5: determine the value of digitized records. Records are stored on the system as an encrypted, unmodified PDF file that can be viewed directly on the system or downloaded and allowed to be printed. However, depending on the conditions and legal requirements for authentication of the record, the case where the profile is printed directly by the user will not guarantee the legality of the authenticity of the profile.
To ensure the legal safety corridor, the notary is responsible for checking, collating and verifying the contents and forms of documents for photocopies from system records with specific profile information in the system. Notarial records should be chipped to monitor and digitize the records of notaries and attestations.
The Coldkey authentication procedure according to the present invention will be detailed as a technical solution as below.
Step 1: Reading the unique identifier (Unique Identifier, UID) information and the non-duplicate unique string (Unique Data, UData) data on the digital signing device according to the present invention by the user terminal and displaying it through the application software, to identify the user (the person holding the authentication role).
Step 2: Encrypting the UID information, UData and other data using the RSA algorithm into an encrypted sequence by the user terminal using the application software containing the public key.
Step 3: Send the encryption string with the public key to the authentication system through the application software by the user terminal. Step 4: Decrypt the encrypted string into UID, UData and other data by the server in the authentication system using the private key corresponding to the public key attached in the above step.
Step 5 : check the validity of UID, UData by the server in the authentication system; If the result is valid, the authentication system will create a new UData (unique and not duplicate) and send it back to the application software.
Step 6: Update the new UData for the digital signature device according to the invention by the user terminal through the application software.
The effect achieved by the present invention
The digital signature device solution of the present invention provides the user with almost absolute security.
Ensure that transactions are carried out in a secure manner.
Keep all information used for trading put of reach of attackers.
Method of digitizing documents and applications in office and administrative management activities.
Applications in industry
Transactions are applied in the digitization of office records, decisions, documents, contracts, and records that need to be stored. Instead of having to work directly and store offline records with a very large volume of records, it is difficult for many individuals to control and store records.
Records can be checked online and stored conveniently for users.
The systems and techniques described herein may be implemented in a computer system that includes a back end component (e.g., a data server) or that includes a firmware component (e.g., an application server) or that includes a user interface component (e.g., a client having a graphical user interface or a Web browser through which a user may interact with an implementation of the systems and techniques described herein), or any combination of such back end, firmware, front end components. The components of the system may be interconnected by any form or means of digital data communication (e.g., communication network). Examples of communication networks include local area networks (LANs), wide area networks (WANs), and the Internet.
A computer system can include clients and servers. Clients and servers are often far apart and often interacting through communication networks. Client- server relationships arise because computer programs run on corresponding computers and have client-server relationships with each other.
-Although various implementations have been described in detail above, other modifications are still possible. In addition, the logical streams described in the figures do not require the specific order shown, or sequential order, to achieve the desired result. Alternatively, another step may be provided or steps may be removed from the described process and other components may be added to or removed from the described system. Accordingly, other implementations fall within the scope of the following claim protection.

Claims

CLAIM PROTECTION
1. The process of authentication and identification of records using digital signatures, this process includes the following steps: allowing a user to log in a user terminal via application software with an identifier and a password stored in a database of the system; read the information stored in the digital signing device of the invention by the user terminal, to identify the user (who holds the role of authenticator); where the digital signing device is configured to have at least one container for a unique identifier (unique identifier, UID) and one container for a randomly changing data code sequence (unique data, Udata); encrypt UID, UData and other data with RSA algorithm into encrypted string by user terminal using application software containing public key; send the encryption string with the public key to the authentication system through the application software by the user terminal; decrypt the encryption string to a UID, UData, and other data by a server in the authentication system using a private key corresponding to the public key enclosed in the preceding step; check the validity of UID, UData by the server in the authentication system will; if the result is valid, the authentication system will create a new UData (unique and not duplicate) and send it back to the application software; update the new UData for the digital signing device according to the present invention by the user terminal through the application software; in which, the digital signature device is an integrated RFID chip (Radio Frequency Identification, radio identification) and can be read by any user terminal with built-in RFID reading function without communicate via USB port.
PCT/VN2023/000005 2022-09-12 2023-03-28 Verification and identification process records using digital signatures WO2024059884A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
VN2-2022-00388 2022-09-12
VN2202200388 2022-09-12

Publications (1)

Publication Number Publication Date
WO2024059884A1 true WO2024059884A1 (en) 2024-03-21

Family

ID=90275876

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/VN2023/000005 WO2024059884A1 (en) 2022-09-12 2023-03-28 Verification and identification process records using digital signatures

Country Status (1)

Country Link
WO (1) WO2024059884A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080001752A1 (en) * 2005-04-21 2008-01-03 Skyetek, Inc. System and method for securing rfid tags
US20080244271A1 (en) * 2007-03-28 2008-10-02 Legend Holdings Ltd Method and system for authentication based on wireless identification, wireless identification and server
US20100308978A1 (en) * 2009-04-30 2010-12-09 Certicom Corp. System and method for authenticating rfid tags
US20140286491A1 (en) * 2011-08-08 2014-09-25 Mikoh Corporation Radio frequency identification technology incorporating cryptographics
US10885220B2 (en) * 2018-01-24 2021-01-05 Zortag Inc. Secure access to physical and digital assets using authentication key

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080001752A1 (en) * 2005-04-21 2008-01-03 Skyetek, Inc. System and method for securing rfid tags
US20080244271A1 (en) * 2007-03-28 2008-10-02 Legend Holdings Ltd Method and system for authentication based on wireless identification, wireless identification and server
US20100308978A1 (en) * 2009-04-30 2010-12-09 Certicom Corp. System and method for authenticating rfid tags
US20140286491A1 (en) * 2011-08-08 2014-09-25 Mikoh Corporation Radio frequency identification technology incorporating cryptographics
US10885220B2 (en) * 2018-01-24 2021-01-05 Zortag Inc. Secure access to physical and digital assets using authentication key

Similar Documents

Publication Publication Date Title
RU2747947C2 (en) Systems and methods of personal identification and verification
US9596089B2 (en) Method for generating a certificate
EP1571525B1 (en) A method, a hardware token, and a computer program for authentication
JP5470344B2 (en) User authentication methods and related architectures based on the use of biometric identification technology
KR101863953B1 (en) System and method for providing electronic signature service
CN101312453B (en) User terminal, method for login network service system
JP7083892B2 (en) Mobile authentication interoperability of digital certificates
US20130219481A1 (en) Cyberspace Trusted Identity (CTI) Module
US20030101348A1 (en) Method and system for determining confidence in a digital transaction
KR19990044692A (en) Document authentication system and method
CN109039652B (en) Digital certificate generation and application method
WO2009091588A2 (en) Device and method for loading managing and using smartcard authentication token and digital certificates in e-commerce
CN101216923A (en) A system and method to enhance the data security of e-bank dealings
US20170154329A1 (en) Secure transaction system and virtual wallet
CN104125064A (en) Dynamic password authentication method, client and authentication system
JPH09223210A (en) Portable information storage medium and authentication method and authentication system using the same
Shakiba et al. ESIV: an end-to-end secure internet voting system
CA2898587C (en) Digitised handwritten signature authentication
EP3684004A1 (en) Offline interception-free interaction with a cryptocurrency network using a network-disabled device
US11671475B2 (en) Verification of data recipient
WO2024059884A1 (en) Verification and identification process records using digital signatures
US20240127242A1 (en) Methods and systems for processing customer-initiated payment transactions
Megha Authentication of Financial Wallet System and Data Protection using BlockChain
KR200466551Y1 (en) Multifunctional pin pad
Fujita et al. Design and Implementation of a multi-factor web authentication system with MyNumberCard and WebUSB