CN1397869A - Electronic autograph on document - Google Patents
Electronic autograph on document Download PDFInfo
- Publication number
- CN1397869A CN1397869A CN01125447A CN01125447A CN1397869A CN 1397869 A CN1397869 A CN 1397869A CN 01125447 A CN01125447 A CN 01125447A CN 01125447 A CN01125447 A CN 01125447A CN 1397869 A CN1397869 A CN 1397869A
- Authority
- CN
- China
- Prior art keywords
- file
- autographing
- electronic pen
- document
- individual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
An electronic signature of document by electronic pen is disclosed. Its method includes collecting personal signature, authenticating, generating ID, and attaching the personal signature, ID and optical watermark to the document. A method for validating signature on document includes signing with electronic pen, generating abstract of document, encrypting by electronic pen, generating ID, and integrating ID, abstract and document.
Description
Technical field
The present invention relates to a kind of method and system that is used for file electronic signature, relate in particular to but be not limited only to a kind of integrality and original method and system that is used to protect signature file.
Definition
This method and system can use and autograph, and other signature that " can collect (capturable) ", for example digital certificate, voice, sealing, fingerprint, face, eye mask etc.For example, can use smart cards for storage sealed picture picture (seal image), and use it to sign documents.By utilizing optical watermark protection sealing not expose.Another example is to use the voice of signer to sign documents.These voice can use digital recording to note as " signature "." autographing " in the entire description is believed to comprise all these can collect signature.
Therefore, signature device can expand to other sensing equipment from electronic pen, for example digital camera, microphone, scanner etc." electronic pen " that entire description is quoted is believed to comprise the sensing equipment of all these forms.
" file " in instructions comprises the file of business documentation and administrative instrument, letter and other form, image of voice document, image file, software document, document, check, ticket, contract, scanning or other record etc. for example is no matter be hard copy or digital form.The file of quoting in the entire description is believed to comprise all these files.
The computing machine that entire description is quoted is considered to comprise for example computing machine of desk-top computer, personal computer, pocket computer and notebook.
The optical watermark that entire description is quoted is considered to the relevant watermark of International Patent Application PCT/SG00/00147 formerly with submission on September 15th, 2000, and the content of this application is incorporated herein by reference.
Background of invention
For reliably, signature system should provide someone at special time to needed the file correctly non-repudiation and the verifiable evidence of signature.Owing to the infringement to the signature integrity all may take place, from the nothing to do with combination of files of will correctly signing that forges a signature, so confirmative document signatory's identity is very difficult task any time in signature process.When signing documents, have the signal that produces when one of malice can be utilized the sensor record signature, and utilize institute's tracer signal manufacturing to forge a signature.The sample that the assailant also can obtain to autograph really, manually imitation then.When transmitting signature, malice one can be to intercept and capture or to duplicate signed data and it is attached on the irrelevant file from file.The take over party also can forge print file by the signature of forging the correct side on file.
The objective of the invention is to a kind of electric endorsement method and system, can utilize and to collect sign, for example normally autograph and/or the power of the protected file that signs electronically becomes second nature and integrality.Preferably, it can be used for electronics and two kinds of forms of hard copy.
Prior art
United States Patent (USP) 5517579 has been described a kind of person's handwriting and has been confirmed device, comprises the person's handwriting input media of at least two different sensing technologies induction person's handwritings of utilization and receives the Symbol recognition device of person's handwriting input media output, with the output indication of symbol that the person's handwriting representative is provided., although additional sensor provides more information for proof procedure, it can not distinguish the signal of actual signature generation and the tracer signal of signature.The fraudster can produce according to the signature of sensor record signal and playback of recorded and forge a signature.
International Patent Application WO/0049583 relates to a kind of method and apparatus, is used for individualized and identity verification and classified document, and can be used for classified document.Identity or classified document comprise the appointment individual's of alphanumeric and/or graphic form data, these data or be printed on the file and/or storage hereof.Specify individual's these data and/or second form that relevant data is also got with machine readable appear on the file/or file in.This data and appointment individual's data can utilize suitable detection control apparatus to read and check consistance from file., this instructions does not disclose the mechanism of tight protected file content integrity, does not disclose the method for user's proof yet.
International Patent Application WO/0031677 discloses a kind of file authorizing method that comprises preparation by the record of authorized person's reference in the future, comprise sensitive document is provided, authorize individual collection of biological statistics (biometric) data that become contact file authorizing people from request, formation comprises the bar code from individual's biometric data, with bar code attached on the file and the storage file and the bar code of adhering to.Gather current biometric data, more current biometric data and be that identical authorizing contacts file with the mandate individual by individual attached to the bar code on the file, the individual that examines the application contact from request contact file.But it also fails to protect the integrality to the personal identification of specific file; Can not distinguish corresponding to the signal of actual signature and the signal of record; And it needs bar code reader to examine coded data.
International Patent Application WO/0007330 is used to use digital signature with by utilizing Biological indicators that the evidence of non-repudiation is provided.Digitized representations according to the unique biological characteristic of registrant forms digital certificate in safe processor.In safe processor, utilize registrant individual's encryption key signature numeral, and be transferred to voucher authoritative institution by communication network.This registrant's identity is verified at telesecurity registration process device.After authentication, voucher is weighed into mechanism and is formed voucher by this digital signature of encryption keys of utilizing voucher authoritative institution oneself in enrollment process.This voucher also is kept in the public spendable catalogue.This document and voucher are transferred to receiving side terminal then.If transmit leg refusal sends this document, can from voucher, extract biological characteristic and in the affirmation process directly and the actual biological characteristic comparison of transmit leg.This has enlarged the use of existing digital certificate by utilizing biometric data, and irrelevant with file.
United States Patent (USP) 5867802 is " the biostatistics safety control systems that are used to prevent the use of vehicle unauthorized ".It relates to the effective owner/driver's of vehicle checking.It stores the owner/driver's fingerprint in the storer of vehicle control system.Microprocessor has the main task of execution about the instruction of vehicle operating.Before microprocessor was carried out the instruction of relevant main task, it must be finished and withdraw from and the relevant instruction condition circulation of biometric data that confirms user's " actual input ".This is the fingerprint inlet control to vehicle.
United States Patent (USP) 5721781 is mobile information apparatus, for example smart card.This smart card signs the digital certificate of oneself, this voucher comprises from digital signature and unique public keys of entrusting voucher authoritative institution.Each of smart cards for storage used and also signed the sufficient vouchers of the digital signature with voucher authoritative institution.This system further comprises safe processor, and this processor can be visited smart card.Safe processor has been signed the voucher of oneself, also comprises from digital signature and unique key of entrusting voucher authoritative institution.In transaction phase, smart card and safe processor exchange their voucher mutually with mutual proof, and proof is used.In addition, the holder imports unique PIN with the proof holder.This is three layers of proof system: card, use and the holder, rather than for signature and/solution of documentary evidence.
The influence that all known prior aries are attacked by " record and playback " all easily is not because they all have to be applied at signature the integrality of moment protection signature with its file of file.In addition, great majority rely on the online validation process, and this process is unclear for the final user, and are subject to attack in the network.
Summary of the invention
Therefore the invention provides the method for a kind of individual, comprise that collecting the individual autographs, produce checking ID, will autograph then, verify that ID and optical watermark are attached to the signature process of finishing file on the file by utilizing electronic pen to sign documents.
Preferably, verified personal identification before producing checking ID, checking ID autographs and/or the expression characteristic of document and/or time tag and/or file.Autograph and can be embedded in the optical watermark, and document and/or time tag also can be embedded in the optical watermark, with form file and autograph between contact.In addition, document can be the necessary information of file.
After the safe liaison method enquirement-answer process between server and electronic pen, personal identification can be passed through Public Key Infrastructure (infrastructure) checking, and the identification number that electronic pen can the store electrons pen, electronic pen privacy key, individual's privacy key, measurement features and/or the separable study module that the individual autographs.If many people can use this electronic pen, electronic pen should also can be stored everyone register information.
Server and electronic pen can be with their separately privacy keys, autograph and/or measurement features that the individual autographs is stored in the server.Server and safe liaison method electronic pen between right based on public keys are preferred steps.Autograph and/or individual's measurement features of autographing can be stored in the electronic pen, this process and the checking of autographing also can be carried out in that electronic pen is inner.There is preferred security proving process between server and electronic pen and server and the computing machine.After completing successfully safety contact, the electronic pen collection data of autographing to the data encryption of autographing, and send to server with further processing and checking with it.
Autograph and/or the collection of individual's measurement features of autographing and handle and can carry out in safe processor, result sends to electronic pen with checking.Privacy key and individual autograph and can be stored in the electronic pen, autograph and/or individual's measurement features of autographing is stored in the safe processor, and the measurement features of autographing and/or autographing is stored in the computing machine.Preferably, autograph and/or individual's measurement features of autographing can be stored in the safe storage with encrypted form.This safe storage can be the proof card that is used for the individual.
In terminal, can comprise a document processing module, be used for display file and the insertion file of will autographing.In electronic pen, also can store the sealed picture picture so that in case when signing documents the individual autograph and sealed picture appears on the file as the both.The sealing image can be an optical watermark, has wherein inlayed the implicit information of taking precautions against the stranger.
This method can be applied to accreditation process.
In another mode, the invention provides a kind of method, be used for that electronic pen signs documents by utilizing, the spanned file summary, in electronic pen, encrypt and autograph, produce checking ID, will verify ID insertion file and summary is attached to file and produce effectively autographing of file.
Checking ID can by autographing of collecting, document, time tag and or the expression characteristic of file produce.Autograph and can be embedded in the optical watermark, and the document of file and essential feature one of at least, time tag and file content be embedded in the optical watermark, form file and autograph between get in touch.
The summary that signs documents by generation, utilize document generation decruption key and utilize it checking ID deciphering, relatively the appearance of autographing and sign documents of extracting from checking ID autographs, summary that relatively from file, generates and the summary that from checking ID, generates, autographing and be embedded in autographing in the optical watermark on the comparison document, relatively be embedded in file essential feature/content in the optical watermark and/or the equivalent in time tag and the file, can prove this document.
Expression characteristic according to file can obtain document, can be embedded in expression characteristic in the optical watermark by particular key decoding.
When file is print file, can extract from print file and autograph and document, by on the comparison document autograph with optical watermark in the authenticating documents authenticity of autographing of inlaying.Relatively be embedded in the essential feature/content of the file in the optical watermark and the equivalent in time tag and the file then.
The encryption key that utilization produces according to document can be to autographing and the time tag encryption, and it is right that document is used for obtaining encryption key from the right database of encryption key.In addition, it is right that document can utilize function of keeping secret (function) generation encryption key.Database and/or function of keeping secret are arranged in electronic pen, server or safe storage.
Autographing can comprise signature image and the feature of autographing, and the feature of autographing comprises pressure and speed.For using in the future, pre-registration is autographed and can be stored in electronic pen, server and the safe storage.Preferably, pre-registration is autographed and can be upgraded periodically, and any autographing can be made up with other biometric information of individual.
By public keys to and/or symmetric key can encrypt.
Description of drawings
For understanding the present invention easily and carrying out actual use, only the preferred embodiments of the present invention are described now in the non-limiting example mode, this explanation is with reference to subsidiary illustrative embodiments, wherein:
Fig. 1 is the expression according to typical file signature system of the present invention;
Fig. 2 is the block scheme that is used for the electronic pen of a kind of form of the present invention;
Fig. 3 is the block scheme that is used for the safe processor of a kind of form of the present invention;
Fig. 4 is the diagram of checking ID;
Fig. 5 is the example that signs documents; With
Fig. 6 is the process flow diagram of signature process.
Embodiment
Of the present invention signing documents has following array structure:
File content;
The data of autographing;
Checking ID, it can comprise that following items also can be encrypted:
° autograph and/or its essential feature and/or its summary;
° file content summary (perhaps hash, feature, perhaps necessary project);
° time tag; With
Watermark comprises optical watermark, has the necessary project of autographing of inlaying and file content.
The key step of signature process is:
Autograph the attestation-signatures people by what begin part definition as this instructions;
Collection is autographed, and produces the checking ID that signs documents; With
Produce watermark.
As shown in Figure 1, in a kind of form of the present invention, comprise an electronic pen 10, safe processor 12, safe storage 14, a computing machine 16 and a user 18.These be for:
1. collect autographing of user 18;
2. add time tag;
3. calculate the expression characteristic or the summary of file destination; Then
4. produce the checking ID sign documents, have the user:
(a) autograph, make a summary, and/or utilize the further feature of the file of security algorithm; With
(b) utilize the time tag of security algorithm; With
5. produce the watermark of inlaying signature and necessary information with relevant document.
In addition, this method and system also can comprise:
Equipment or program have the file of signature and optical watermark with printing, are used to prove institute's print file;
Equipment or program, at file processing, transmission, approval, maintain secrecy and the management of authenticity provides facility; With
An agreement is with the authenticity of off line or online validation file with make closing property.
Various possible file signature system designs are arranged.For example, electronic pen can be simple pointer (pointing) equipment; Also can complicated electronic pen to collection signature with safe storage and safe processor.Like this, the safety between electronic pen, safe storage, safe processor and the computing machine is got in touch with and is autographed and verify to have a large amount of agreements.Under each situation, suppose that safe processor is safe; Electronic pen device is safe; Be stored in the electronic pen with electronic pen user's privacy key.Autograph or its feature can be stored in the server.The protocol example that is fit to is:
Agreement 1: in this agreement, do not have independently safe storage.Safe processor and electronic pen can be stored their privacy key in their safe storage, and each all knows the public keys of another one.Electronic pen user's the feature of autographing and/or autograph is stored in the safety database in the safe processor with electronic pen address name and/or other recognition data.Safety contact between signature process and safe processor and the electronic pen is connected by safety for example encrypts socket layer agreement (Secure Socket Layer Protocol) and combines together.
According to public keys to after successfully carrying out the proof of electronic pen and safe processor, electronic pen is gathered user's the data of autographing, and to this data encryption, and sends to safe processor so that further handle and examine.Details for safety contact agreement and encrypted data transmission, with reference to C.Kaufman, R.Perlman and M.Speciner show " Network Security:Private Communication in aPublic World (network security: the secret communication in the public environment) " the 223rd page, the 9th chapter " SecurityHandshaking Pitfalls (safety contact defective) ", PTR Prentice Hall, Englewood Criffs, New Jersey, 1995; Show " Applied Cryptography (applied cryptography) " with Bruce Schneier, the 2nd edition, the 10th chapter " Using Algorithms (use algorithm) ", John Wiley﹠amp; Sons, the content of 1996, two files is incorporated herein by reference.
Agreement 2: identical with agreement 1, except the pattern measurement of autographing and/or autographing is stored in the electronic pen, and the processing of in electronic pen, autographing and examining.This is " more complicated electronic pen " agreement.This electronic pen can be used as certificate (token) in the electronic pen user proof of various application.Do not have safe processor and do not have independently safe storage.
Agreement 3: at safe processor with can be that for example the user proves between the safe storage of card that the security proving process is arranged.Comprise name, privacy key, the customer identification information of the data of autographing or feature is stored in the user proves in the card.In the case, electronic pen can be only as pointing device.In safe processor, collect, handle and examine and autograph.
Agreement 4: identical with agreement 3, except autographing and/or pattern measurement is stored in the safe processor, perhaps be stored in the safe storage with encrypted form.
In Fig. 6, represent a kind of form of file electric endorsement method, comprised step:
1) document, and it is sent to processor;
2) from file, extract summary or expression characteristic;
3) produce keys for encryption/decryption according to summary/feature;
4) utilize the user to autograph and sign documents, collection is autographed, and utilizes key that it is encrypted;
5) produce checking ID;
6) produce have autographing of inlaying, the optical watermark of time tag and file necessary information; With
7) file of synthetic signature parcel comprises file, the data of autographing, checking ID and optical watermark.
Fig. 2 and 3 has represented file electric signing system of the present invention.It has and resides in and the interior service routine of extraneous computing machine of communicate by letter.It can representative of consumer and and server communication.In the case, service routine can be online and client software program server communication, and by server controls.The All Files that this server is coordinated in all other client computer is handled, manages, is exchanged and approval.Receive the file that to handle and to sign and when file arrives and from where all providing the checking request, this service routine also can be used as e-mail client work by signing documents to the client computer of another client computer from transmission.
By client-server or by distributed frame, service routine can play mass action in file processing, management and distribution, and provides necessary facility for safety and the service for checking credentials.This includes but not limited to: unique user and the registration of their electronic pen; Who signs documents; Between the user, maintain secrecy and transmit file; Maintenance customer and electronic pen database; Or the like.
Electronic pen is a secure hardware equipment.It can be used by any other people that the owner or the owner authorize.It can be identified by id number and encryption key as hardware.Preferably, encryption key is the key and/or the digital certificate of maintaining secrecy.The information of relevant owner's identity preferably also is provided, and encryption key can be possessory privacy key in the case.Electronic pen can use in the smart card mode.
Keys for encryption/decryption can be embedded in the electronic pen by the third party of manufacturer or trust.In this design, keys for encryption/decryption is to playing the electronic pen sign.Encryption key remains in the electronic pen safely, and encryption key can openly be issued.
Another mode, keys for encryption/decryption can produce according to document.Have several modes to produce: the keys for encryption/decryption based on document is right, and the sign or the public/secret key of pen/safe storage/server are right, and/or user's public/secret key is right.For example, one group of public/secret key is to producing in advance and be stored in electronic pen or safe storage or the server.When signing documents, the hashed value of this document or its summary can merge with the sign (if desired) of electronic pen/safe storage/server, are used to produce index number.Electronic pen/safe storage/server can utilize index number to select then, and the key that produces in advance from safe storage is right to selecting public/secret key in the group.The data of autographing and other support information can utilize selected privacy key hash and encryption.The hashed value that electronic pen/safe storage/server will be autographed after the encryption of data turns back to service routine.Because the right public keys of key that produces is disclosed and carries out index in the identical mode of the indexed mode in electronic pen/safe storage/server in advance, so utilize document can easily find the correct public keys of decryption verification ID, this can easily calculate according to file content.
The user can utilize its privacy key that the keyed hash value of the data of autographing is further encrypted.This encrypting step can provide the supporting evidence of identifying user identity.
The user proves by checking or the alternate manner of autographing, if desired, and PIN number for example.Electronic pen can comprise one or several sensor, processor and relevant peripheral hardware, to collect handwritten signature and it is converted to numerical data.Essential feature is then by from extracting data, and encrypted and storage is used for checking when the user registers.
Electronic pen is not necessarily had by the user, and can be used by any people who signs documents.An example is signature bill payment when the retailer permits.In the case, electronic pen can be pointer equipment or safety equipment, is used to collect signed data.
Electronic pen is by entrusting manufacturer to make and check, guaranteeing that program stored is not distorted in the electronic pen safe storage, and prevents when the program run in service of electronic pen processor under fire.Electronic pen can have hardware cell, comprises intelligence sensor, internal clocking, safe storage and safe processor.
When file signature process began, the service routine in the computing machine was communicated by letter with electronic pen or safe processor, and proved mutually by a series of enquirements and answer process.Details for safety contact agreement and encrypted data transmission, show " network security-in public environment secret communication " the 223rd page with reference to C.Kaufman, R.Perlman and M.Spciner, the 9th chapter " safety contact defective ", PTR PrenticeHall, 1995.
After electronic pen/safe processor and service routine successfully proved, service routine sent document to electronic pen/safe processor.Electronic pen/safe processor is collected and is autographed, and if necessary handles it.Produce checking ID, and utilize the electronic pen privacy key that they are encrypted by composition file summary, autograph summary or essential feature and time tag then.Checking ID can easily utilize the public keys checking of electronic pen, this public keys be disclose spendable.
Another mode, encryption key can produce by the document according to electronic pen/safe storage/server inside in the signature process.Checking ID in this case is by summary or essential feature and the time tag combination results of will autographing, and the encryption key that utilization produces is encrypted them.Checking ID can utilize the decruption key checking that produces in electronic pen/safe storage/server, this decruption key be disclose spendable.
Service routine can be communicated by letter with delegator device then, and for example safe storage and/or server are to produce optical watermark.The content that is embedded in the optical watermark can comprise file content and the necessary information of autographing.When also occurring hereof when autographing, optical watermark can be inlayed the consistance of information and the information that presents by verifying this on file, as a kind of means of forging of preventing.
The user can use any instrument, any method document.Before the transmission file was to service routine, file must be an electronic form.File can be changed from the method that the user transfers to signature equipment or program., preferably utilize secure file to shift channel.For example can be to encrypt the socket layer agreement.The proof of transmit leg and signature device identification can be undertaken by utilizing a series of safety enquirements and answer process.
Signature is collected and processing module can reside in safe processor, computing machine or the electronic pen.Collect and " automatic signature proof procedure " World Scientific that the treatment technology problem can be edited at Rejean Plamondon, Singapore finds in 1994, and this article content is incorporated herein by reference.Autograph position, speed and pressure can be collected with pre-service and is used for eigenvector, and is sent out and is used for checking.
Signed data can obtain equipment according to autographing and obtain.This equipment is encrypted digitized signature hash numerical value when collecting.The key that is used for the ciphering signature data can be set in advance by manufacturer or user, or provides by cipher key generation device and/or program.Signed data can comprise except with the relevant information of autographing information.For example, it can comprise user's other biometric data, time tag and be applied to electronic pen or electronic pen applied pressure in the signature process.
A kind of form of user's signature data comprises the user's who is stored in safe storage, electronic pen or the server the data of autographing of registration in advance.Proving program can obtain user's public keys from entrusting third party's (for example, voucher authoritative institution), and the public keys that utilizes the user is to the data decryption of autographing.The data of autographing of deciphering can be with the authenticity that appears at the signed data on the file of verifying for referencial use.Because autographing of user can change in time, may need to upgrade periodically with reference to autographing.
Can produce document with one or several method.A method is to produce hash according to file.Other method comprises the important content of extraction document.For example, check summary can comprise payee name, check quantity and currency, signed data and any provide revoke strategy.For example, " bearer " can nullify; Check also can be nullified, and can be labeled as and only be used for payee's account number.Summary can be represented with plain text form or other coding form.
Expression characteristic can comprise the important graphic feature of document image.For example, the expression characteristic of face-image can be the eigenwert of photo in the photo, and the profile that the expression characteristic of text can be used as its constituent shape provides.
Can add optical watermark hereof so that documentary evidence to be provided, prevent that file is copied and/or forges.The content that is embedded in the optical watermark can comprise one or several: the file content necessary information, image and checking ID autograph.
File printout equipment or program can comprise the function of printing the file with signature and optical watermark in a controlled manner.Print the quantity that controlling schemes can be applied to the control documents authoritative copy.File printout evaluation method selecting optimal equipment ground but not necessarily be delegator device.It can be that to accept office consistent at the international patent application of phase same date application " remote printing of the file of safety and/or proof " with Singapore.
The equipment of safety management or program can comprise database, its storage:
1) user's security information;
2) utilize provide or the key of registration in advance to the function of input data encryption and deciphering; With
3) function that identifies by a series of enquirements and answer process proof miscellaneous equipment.
Utilize Public Key Infrastructure, this facility to provide the safety of signature process with secret the encryption and decryption optimum system choosing.
Checking is applied to autographing on the e-file and can comprises:
1) receives file with electronic form;
2) from file, extract summary or expression characteristic;
3) from file, extract the data of autographing;
4) from optical watermark, extract summary data and any implicit information that other is inlayed;
5) produce decruption key;
6) according to the hashed value deciphering of checking ID to the data of autographing;
7) by the document that will be extracted and autograph with optical watermark in summary data and autograph and compare the authenticating documents content;
8) hashed value by the data of autographing that will extract the ID from checking compares with the hashed value that is applied to the data of clearly autographing on the file, and checking is applied to the integrality of the data of autographing on the file; With
9) originality and the validity of autographing by the decrypted signature data verification.
The service for checking credentials may not be to entrust service.After receiving file, by utilizing the optical decoder device or by utilizing the area of computer aided decoding program can extract content in the optical watermark.This can craft or automatically performs.This service for checking credentials produces document and its hash then, and the checking ID in the file is decrypted.
If checking ID utilizes electronic pen or safe processor or user's secret key encryption in the signature process, decruption key can openly obtain.This decruption key also can produce according to summary/feature.The hashed value of document is used to form the right phase index numerical value of keys for encryption/decryption in the signature process.Decruption key can with reference to this phase index numerical value from advance the registration key to obtaining the form.
By the proof procedure of document of relatively deciphering and the summary data that from the reception file, produces, verified the originality of file content.
By the signed data that occurs on signed data of relatively deciphering and the file that is received, the proof of certifying signature.
Proof procedure also can the supervision time label and the validity of other support information, and they may be embedded in the data of autographing of encryption.
When being applied to printing or hard copy file, the method for certifying signature can comprise:
1) file of reception print form;
2) by utilizing " key " from optical watermark, to extract signed data, time tag and summary data; With
3) by with institute's extraction document summary, time tag and autograph with optical watermark in be attached to the summary data on the file and autograph and compare the originality of authenticating documents content and signature.
The take over party can receive the file of print form.Digital image device can be applied to the hard copy of file is converted to electronic form.
Document and signed data can manual or extractions automatically from optical watermark.For example, can use the optical decoder device, make the take over party read the content of optical watermark and its manual being input in the processor.
Be applied to the data of autographing on the file integrality can by will from optical watermark, decode autograph data with appear at autographing on the file and compare and verify.
The take over party also can be embedded in the originality that document in the optical watermark proves the file that receives by checking.
When being applied to printing or hard copy file, the another kind of method of certifying signature can comprise:
1) file of reception print form;
2) the print file numeral is transformed into electronic form;
3) from digital file, extract summary or expression characteristic;
4) from digital file, extract signature;
5) from optical watermark, extract summary data;
6) produce decruption key;
7) according to the hashed value deciphering of checking ID to the data of autographing;
8) by the document that will be extracted and autograph with optical watermark in summary data, time tag and autograph and compare the originality of authenticating documents content;
9) hashed value by the data of autographing that will be extracted the ID from proof compares with the hash numerical value that is attached to the data of autographing on the file and verifies the integrality that is applied to the signed data on the file; With
10) by being deciphered, signed data verifies the originality and the validity of autographing.
This scheme is very similar to the indentification protocol of e-file, except some difference.First difference is that digital image device can be used for hard copy file is converted to electronic form.The second, proof procedure is imported in the processing in printout and scanning and is avoided wrong mode to extract summary or expression characteristic from digital file with relative.This can carry out by hand or automatically.For example, if document is the vital document content of plain text form, it can by manual input or by area of computer aided confirm algorithm for example optical character identification (OCR) in proof procedure, produce.In addition, when document is the expression characteristic of file, can select a feature with representation file, this feature is avoided changing or mistake in printing and scanning process.
A secured user proves equipment, and for example smart card can be attached on the processor to allow the off line checking.Also can provide other personal information.These signatures can integratedly become checking ID if desired, and proving program can extract they and with they with the file of signature in occur autograph and compare.
Safe storage can be that the user proves card if desired.Usually, in proving card, the user realizes that complex operations is very difficult.Therefore, safe processor preferably is utilized to prove cartoon letters with the user.The user proves that card can have internal clocking, safe storage and internal security processor.
When service routine request documentary evidence, it is communicated by letter with safe processor and they prove mutually by a series of enquirements and answer.Then file is sent to safe processor.It is right to produce document and session key that safe processor sends a series of security services then.This session key is to proving document and public keys combination results in the card according to the user.
When the session key that was provided with before passing through was encrypted, safe processor obtained autograph data and its hash from electronic pen then.Security service is deciphered signed data then, its signature with the time tag of obvious form and registration is in advance merged, and utilize the session key of individual's generation or the privacy key of user or proof card that it is encrypted once more.
The signature of encrypting is used to form checking ID.The service of entrusting can produce the optical watermark of having inlayed content then, and content comprises document and autographs.
Can verify autographing of collection by signature equipment.After good authentication was autographed, autographing can be attached on the file to finish the signature process of file with digital signature.
For example the verification method of dynamic programming and neural network can be used for input vector and the template matches of being stored.
One aspect of the present invention is the possessory privacy key of electron gain pen, it is stored in the electronic pen, and collects and handle and be stored in autographing in electronic pen or other safe storage and be used for pattern measurement.At this, preferably the method with Qualify Phase is identical to collect the method for autographing with processing.
Owing to autograph and may change in time, the template of being stored should regular update be refused in correct normal running mistakenly avoiding.
As seen, the present invention relates to signature and proof procedure at the documentary evidence of transmission over networks.This has reduced the expensive and slow physics transmission of proof paper spare file.But documentary evidence also can transmit by traditional approach.
By utilizing the present invention, can obtain than classic method and for example pen-op and the higher security of IBM of other electronic pen scheme.By out of Memory that other method can not obtain for example pressure and time series are provided, autograph than having higher user cipher device in the past.
It also can be protected and be applied to the integrality of autographing on the file, and utilizes sensor to stop record and Replay Attack basically effectively, and former method can not be accomplished.This attack all was fatal to former electronic stylus system usually.So, the present invention preferably combines with smart card, and the method that makes things convenient for of off line checking can be provided.
It need can be applied to all occasions of traditional paper to the paper signature, for example eCheck.Bank can have the smart card that the user uses as " e-chequebooks ".Smart card is stored the dialogue ID of registration in advance in the mode identical with using the paper check book.The client can finish its content, signs it, and sends to the take over party.After the signature process, Deng Ji check ID will be destroyed in advance.Another is the e-credit of storage user real credit card number sign indicating number, and it and two signatures are made up.Also can sign a contract, deliver with it voucher or transmission has sender's the mail of autographing.
Although described the present invention in the invention described above preferred embodiment, those skilled in the art are to be understood that and can carry out change on many details and modification to the present invention and do not depart from the scope of the present invention.
The present invention expands to all with separately with the disclosed technical characterictic of possible permutation and combination method.
Claims (47)
1. the method for an individual by utilizing electronic pen (as defined at this) to sign documents (as defined at this) comprises step:
(a) collect individual autograph (as defined) at this;
(b) produce a checking ID; Then
(c) will autograph and verify that ID and optical watermark append on the file, to finish file signature process.
2. the method for claim 1 is verified personal identification before wherein producing checking ID, and this checking ID is according to one or several generation in the group that is made of the autographing of collection, document, time tag and document presentation feature.
3. method as claimed in claim 1 or 2, autographing of wherein collecting is embedded in the optical watermark.
4. method as claimed in claim 3, wherein from the group that document and time tag constitute selected go out one or several be mounted in the optical watermark, with form file and autograph between contact.
5. method as claimed in claim 2, wherein document is the necessary information of file.
6. as any one described method of claim 1 to 5, wherein after the contact safely of server and electronic pen is putd question to and answered dialogue, verify personal identification by Public Key Infrastructure.
7. method as claimed in claim 6, wherein the group that electronic pen storage measurement features of autographing from electronic pen identification number, electronic pen privacy key, individual privacy key, individual and separable study module constitute selected go out one or several.
8. method as claimed in claim 7 wherein has a plurality of people can utilize electronic pen, and electronic pen can be stored everyone register information.
9. as claim 7 or 8 described methods, wherein server and electronic pen are stored their privacy key respectively, and the measurement features that the individual autographs and/or the individual autographs is stored in the server.
10. method as claimed in claim 9 is comprising a preliminary step of safety between server and electronic pen being got in touch with according to public keys.
11. as any one described method of claim 7 to 10, wherein the measurement features that the individual autographs and/or the individual autographs is stored in the electronic pen, processing of autographing and checking are also carried out in electronic pen.
12. any one the described method as claim 7 to 11 wherein has the security proving process between server and the electronic pen and between server and the service routine.
13. method as claimed in claim 12, wherein after completing successfully safety contact, the electronic pen collection data of autographing to the data encryption of autographing, and send to server with it and are used for further handling and checking.
14., wherein collect and handle and autograph and/or individual's measurement features of autographing is carried out in safe processor as claim 12 or the described method of claim 13.
15. as claim 13 or the described method of claim 14, wherein result be sent to electronic pen be used for the checking.
16. as any one described method of claim 7 to 15, wherein privacy key and individual autograph and are stored in the electronic pen.
17. as claim 14 or the described method of claim 15, wherein the measurement features that the individual autographs and/or the individual autographs is stored in the safe processor.
18. as claim 14 or the described method of claim 15, the measurement features of wherein autographing and/or autographing is stored in the server.
19. as any one described method of claim 7 to 18, wherein the measurement features that the individual autographs and/or the individual autographs is stored with encrypted form.
20. as any one described method of claim 7 to 19, wherein the measurement features that the individual autographs and/or the individual autographs is stored in the safe storage.
21. method as claimed in claim 20, wherein safe storage is individual's proof card.
22. any one the described method as claim 12 to 19 further comprises the document processing module in the computing machine, is used for display file and will autographs the insertion file.
23. as any one described method of claim 1 to 21, further be included at least one the sealed picture picture in the electronic pen, so that in case file is given in signature, the individual autographs and this at least one sealed picture picture will appear on the file.
24. method as claimed in claim 23, wherein this at least one sealed picture similarly is an optical watermark, has inlayed implicit information to prevent the stranger in optical watermark.
25. as any one described method of claim 1 to 24, wherein this method is applied to handle approval.
26. the method that (as defined at this) effectively autographed in generation to file (as defined at this) comprises:
(a) utilize electronic pen (as defined) to sign documents at this;
(b) produce document;
(c) in electronic pen to the encryption of autographing;
(d) produce a checking ID; With
(e) will verify that ID is inserted in the file, it is integrated with file to make a summary.
27. method as claimed in claim 26, wherein one or several from the group that autographing of collecting, document, time tag and document presentation feature constitute produces checking ID.
28. as claim 26 or 27 described methods, wherein autographing is embedded in the optical watermark.
29. method as claimed in claim 28, being embedded in the optical watermark one of at least in the essential feature of document, file content and the time tag wherein, with form file and autograph between getting in touch.
30. method as claimed in claim 29, wherein file prove by: produce the summary sign documents; Utilize document generation decruption key and utilize it proof ID deciphering; Will be from autographing of extracting of proof ID and appear at autographing on signing documents and compare; Compare with summary that will produce according to file and the summary that produces according to proof ID.
31. method as claimed in claim 30 is comprising other step: autographing and being embedded in autographing in the optical watermark on the file compared; Compare being embedded in the essential feature/content of the file in the optical watermark and the equivalent in time tag and the file.
32. as any one described method of claim 26 to 31, wherein document obtains according to the expression characteristic of file.
33. method as claimed in claim 31 is wherein decoded to being embedded in the optical watermark those by specific key.
34. as any one described method of claim 26 to 31, wherein when file was print file, extraction was autographed and document according to print file.
35. method as claimed in claim 34 is wherein by comparing the authenticating documents authenticity with autographing and being embedded in autographing in the optical watermark on the file.
36. method as claimed in claim 35 wherein is embedded in the essential feature/content of the file in the optical watermark and the equivalent in time tag and the file and compares.
37. as any one described method of claim 26 to 36, wherein utilize the encryption key that produces according to document, to autographing and the time tag encryption.
38. method as claimed in claim 37, wherein to be used for from encryption key database being obtained encryption key right for document.
39. method as claimed in claim 37, it is right that wherein document is used to utilize security function generation encryption key.
40. as claim 38 and 39 described methods, wherein database and security function are positioned at one of them of the group that is made of electronic pen, server and safe storage.
41. as any one described method of claim 1 to 40, wherein autographing comprises signature image and the feature of autographing.
42. method as claimed in claim 41, the feature of wherein autographing comprises pressure and speed.
43. as any one described method of claim 1 to 42, wherein autographing of registration in advance is stored for using in the future.
44. method as claimed in claim 43, wherein registration in advance autograph be stored in from the group that comprises electronic pen, server and safe storage selected go out one or several in.
45. as claim 43 or 44 described methods, wherein autographing of registration upgraded periodically in advance.
46., wherein autograph and made up by other biometric information with the individual as any one described method of claim 1 to 45.
47. as any one described method of claim 1 to 46, wherein by from comprise public keys to the group of symmetric key selected one or several encrypt.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB011254475A CN1220932C (en) | 2001-07-16 | 2001-07-16 | Electronic autograph on document |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB011254475A CN1220932C (en) | 2001-07-16 | 2001-07-16 | Electronic autograph on document |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1397869A true CN1397869A (en) | 2003-02-19 |
| CN1220932C CN1220932C (en) | 2005-09-28 |
Family
ID=4665987
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB011254475A Expired - Fee Related CN1220932C (en) | 2001-07-16 | 2001-07-16 | Electronic autograph on document |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1220932C (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006039863A1 (en) * | 2004-10-11 | 2006-04-20 | Enxin Liu | A network whiteboard system based on the paper and a realizing method thereof |
| CN100337423C (en) * | 2004-01-14 | 2007-09-12 | 哈尔滨工业大学 | Method of handling secrecy, authentication, authority management and dispersion control for electronic files |
| CN1963720B (en) * | 2005-11-08 | 2010-06-16 | 刘恩新 | Method for realizing random controlled dynamic solid electronic subscribing |
| US8010796B2 (en) | 2007-12-21 | 2011-08-30 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. | System and method for digitally signing an electronic document |
| CN104361293A (en) * | 2014-10-20 | 2015-02-18 | 北京数字认证股份有限公司 | Methods and devices for generating and distinguishing anti-counterfeiting paper document |
| CN104572461A (en) * | 2014-12-30 | 2015-04-29 | 北京奇虎科技有限公司 | File automatically detecting method and device |
| CN101789067B (en) * | 2009-12-31 | 2015-12-16 | 北京书生电子技术有限公司 | electronic document signature protecting method and system |
-
2001
- 2001-07-16 CN CNB011254475A patent/CN1220932C/en not_active Expired - Fee Related
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100337423C (en) * | 2004-01-14 | 2007-09-12 | 哈尔滨工业大学 | Method of handling secrecy, authentication, authority management and dispersion control for electronic files |
| WO2006039863A1 (en) * | 2004-10-11 | 2006-04-20 | Enxin Liu | A network whiteboard system based on the paper and a realizing method thereof |
| CN1963720B (en) * | 2005-11-08 | 2010-06-16 | 刘恩新 | Method for realizing random controlled dynamic solid electronic subscribing |
| US8010796B2 (en) | 2007-12-21 | 2011-08-30 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. | System and method for digitally signing an electronic document |
| CN101789067B (en) * | 2009-12-31 | 2015-12-16 | 北京书生电子技术有限公司 | electronic document signature protecting method and system |
| CN104361293A (en) * | 2014-10-20 | 2015-02-18 | 北京数字认证股份有限公司 | Methods and devices for generating and distinguishing anti-counterfeiting paper document |
| CN104361293B (en) * | 2014-10-20 | 2018-05-01 | 北京数字认证股份有限公司 | A kind of papery security document generation and the method and device distinguished |
| CN104572461A (en) * | 2014-12-30 | 2015-04-29 | 北京奇虎科技有限公司 | File automatically detecting method and device |
| CN104572461B (en) * | 2014-12-30 | 2018-03-02 | 北京奇虎科技有限公司 | A kind of file automatic testing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1220932C (en) | 2005-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8285991B2 (en) | Electronically signing a document | |
| CN109190347B (en) | Electronic signature method | |
| US20030012374A1 (en) | Electronic signing of documents | |
| US7490240B2 (en) | Electronically signing a document | |
| CN110674523B (en) | Method for confirming electronic contract signer by combining digital signature with handwritten signature | |
| CA2925325C (en) | Document authentication based on expected wear | |
| US7519825B2 (en) | Electronic certification and authentication system | |
| EP1238321B1 (en) | Method and system for generating a secure electronic signature | |
| US9729326B2 (en) | Document certification and authentication system | |
| US9531544B2 (en) | Two-dimensional bar code for ID card | |
| WO2014098136A1 (en) | Information code, method for generating information code, device for reading information code, and system for using information code | |
| CN1361960A (en) | Legitimacy protection of electronic document and a printed copy thereof | |
| KR20200096136A (en) | Method of authentication, server and electronic identity device | |
| JP6201706B2 (en) | Information code usage system | |
| CN105635187B (en) | Method and device for generating electronic file with stamp and method and device for authenticating electronic file with stamp | |
| US8578168B2 (en) | Method and apparatus for preparing and verifying documents | |
| EP1280098A1 (en) | Electronic signing of documents | |
| CN1220932C (en) | Electronic autograph on document | |
| Yahya et al. | A new academic certificate authentication using leading edge technology | |
| CN1321507C (en) | Soft certification anti-false method based on graphic code primary and secondary signet series information association mechanism | |
| WO2003009217A1 (en) | Electronic signing of documents | |
| CN1235317A (en) | Universal payment coding system for bank | |
| RU2647642C1 (en) | Method of the document certification with an irreversible digital signature | |
| JP2003223435A (en) | Document printing device, document authentication device, document printing method, document authentication method, document authentication system, program, and storage media | |
| JP2003134108A (en) | Electronic signature, apparatus and method for verifying electronic signature, program and recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20050928 Termination date: 20130716 |