EP2194513A1 - Electronic certification and authentication system - Google Patents

Electronic certification and authentication system Download PDF

Info

Publication number
EP2194513A1
EP2194513A1 EP10002826A EP10002826A EP2194513A1 EP 2194513 A1 EP2194513 A1 EP 2194513A1 EP 10002826 A EP10002826 A EP 10002826A EP 10002826 A EP10002826 A EP 10002826A EP 2194513 A1 EP2194513 A1 EP 2194513A1
Authority
EP
European Patent Office
Prior art keywords
module
document information
information
key
certified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP10002826A
Other languages
German (de)
French (fr)
Inventor
Mohammed A. Geoffrey
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP2194513A1 publication Critical patent/EP2194513A1/en
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/004Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip
    • G07D7/0043Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip using barcodes

Definitions

  • the invention relates to electronic document security systems and in particular to the certification and authentication of document information of various type, like whole documents, certificates, signatures, stamps, etc., especially by verifying its correctness and safety / immunity from fraud.
  • the invention uses an electronic system which comprises at least one of several modules:
  • the modules of this invention are linked to each other and preferably share one database, and work as one system.
  • the process to use the system usually starts with an authorized person to enter admin information (name, position, addresses, IP addresses, admin ID, password etc) and at least one, preferably three or more, electronic admin signatures into the Main Module.
  • admin information name, position, addresses, IP addresses, admin ID, password etc
  • the admin is then allowed to log into the Admin Module, e.g. by entering his user ID, password, and electronic signature; this can be done by using an internet or intranet browser and a digital pad and electronic pen, for example.
  • the admin is thus not restricted to use a closed network and can access the admin module from anywhere.
  • the admin in turn can grant access to the Certification Module by entering registrar information (name, employing certification office, address, IP address, registrar ID, password etc) and at least one, preferably three or more, electronic registrar signatures.
  • the registrar is then allowed to log into the Registration Module, e.g. by entering his user ID, password, and electronic signature; this can be done by using an internet or intranet browser and a digital pad and electronic pen, for example.
  • the registrar is thus not restricted to use a closed network and can access the Registration Module from anywhere.
  • the registrar who usually works for a trusted, often governmental, organisation like a certification office, can grant access to the Certification Module to a member of another organisation (often a commercial company) by entering the member information (name, employing company, address, IP address, member ID number, password etc) and at least one, preferably three or more, electronic member signatures.
  • the member is then allowed to log into the Certification Module, e.g. by entering his user ID, password, and electronic signature; this can be done by using an internet or intranet browser and a digital pad and electronic pen, for example.
  • Members using the Certification Module can enter document information after enrolling their signature(s) into the system, e.g. on a digital pad with an electronic pen connect to a PC. After that, the system compares the enrolled signature patterns with the signatures pattern(s) stored in the database to verify the correctness of the signature. If the signature has been positively verified, the document information is stored in the database, thus completing the certification process.
  • a member can also use the system to print, e.g., one or more of: the member's signature, as shown in FIG. 1 , his company stamp as shown in FIG.2 , a certification office stamp as shown in FIG.3 , a certification number, a certification date, a certification time, and a 2D barcode as shown in FIG.4 .
  • Printing can be done by using a printer connected to the member's PC or using a PC on a third person's printer wherein the third person is authorized to print the document. The authentication process is then complete.
  • a typical 2D barcode usually has bars placed on the horizontal and the vertical dimension (as shown schematically in Fig. 4 ) and is generated using a 2D barcode generation program which transfers information into bars form.
  • the document information is compressed.
  • encrypted information is added.
  • Document information and encrypted information are both put into the 2D barcode.
  • the 2D barcode can be generated by, for example:
  • the encryption key is preferably one key out of a key pair, as for example from a asymmetric encription algorithm (e.g. PKI).
  • a asymmetric encription algorithm e.g. PKI
  • the 2D barcode can, for example, contain the following:
  • the Offline Verification Module enables verifiers to read the 2D barcode after scanning the document and to display the corresponding information.
  • the decryption can be carried out by, for example:
  • the verifier can verify using the Online Verification Module through the Internet from displaying the certified document information to verify the correctness and safety of the document from fraud.

Abstract

The invention relates to a certification and authentication system, comprising a Main Module which grants access to the an Admin Module and which provides crypto-data for use with the system, wherein the Admin Module is provided to enter and store certification office information, grant access to the a Registration Module and provide certification office registrars with user IDs and passwords; wherein the Registration Module is provided to enter a companies' information register a companies members' information and enroll member's signatures, activate or deactivate signatories or companies' members; and provide companies' members with their IDs and passwords; and further a Certification Module which is provided to at least enroll the member's signature and compare the enrolled signature with the stored member's signatures and, if the signature is correct, enter and save a document information that needs to be certified and print the certified letter in form of a 2D barcode; and further an Authorization Module which is provided to print the certified letter, and further an Offline Verification Module which is provided to scan the certified document and read the scanned information in the 2D barcode.

Description

    Background of the Invention
  • The invention relates to electronic document security systems and in particular to the certification and authentication of document information of various type, like whole documents, certificates, signatures, stamps, etc., especially by verifying its correctness and safety / immunity from fraud.
  • Current systems use stickers, thermal stamps and watermarks to safeguard against and to discover fraud, mostly by using the naked eye as a detector. The naked eye poses the problem that it is relatively unreliable so that many cases of fraud occur.
  • There exists a need to improve certification and authentification of document information by more reliable means.
    • Detailed Description of Invention
  • The invention uses an electronic system which comprises at least one of several modules:
    1. 1. Main Module. One of the main modules tasks is it to grant access to the system on the highest level. A further task is it to create crypto-data for use with the system, such as system key pairs generated by asymmetrical crypto-algorithms. It typically runs on an application server / server system which connects to a database server / server system. The server is preferably placed in a trusted environment (e.g. as a trust centre), as for example in the data centre of certification offices. The main module updates its data by connecting to this database and/or to other databases and/or by connecting to other modules. This module is preferably used / activated by an internet browser that runs on a PC but can also accessed by other means like programmable interfaces to other programs. The user / supervisor of this module can for e.g. create a system key pair(s), enter administrator rights and information, and enroll administrator signatures.
    2. 2. Admin Module. An administrator can use this module to, for example:
      1. a) Enter certification office information and stamp to be stored in the system;
      2. b) Enter certification office registrars' information and enroll their signatures;
      3. c) Activate or deactivate certification office registrars;
      4. d) Provide certification office registrars with user IDs and passwords;
      5. e) Print admin reports.
      The access to this module is typically granted by entering an administrator ID, password and signature into the module but can also be done in other ways, like by fingerprint sensors, ID cards etc.
    3. 3. Registration Module. A registrar can use this module to typically:
      1. a) Enter companies' information required for certification like letter header, letter footer and stamp;
      2. b) Register companies members' information and enroll their signatures on, e.g., a digital pad and an electronic pen connected to a PC;
      3. c) Activate or deactivate signatories or companies' members;
      4. d) Provide companies' members with their IDs and passwords;
      5. e) Print member transaction reports.
        The access to this module is typically granted by entering a registrar ID number, password and signature but can also be done in other ways, like by fingerprint sensors, ID cards etc.
    4. 4. Certification Module: a member can use this module to, by the way of an example:
      1. a) Enter and save the document information that needs to be certified;
      2. b) Enroll his signature by the way of, for example, a digital pad and an electronic pen. The system then compares the enrolled signature pattern(s) with the member's signatures pattern(s) stored in the database(s). If the signature is correct, the system displays, e.g. on an internet browser, at least one of: the member signature, his company stamp, certification office stamp, Certification number, Certification date, Certification time and a 2D barcode;
      3. c) Print the certified letter displayed himself, i.e. a printer connected to his data station / PC;
      4. d) Authorize the printing by another person.
      The access to this module is typically granted by entering a member ID number, password and signature but can also be done in other ways, like by fingerprint sensors, ID cards etc. Preferably, a transaction amount is directly deducted from the member account. The certified document information is preferably saved in the database.
    5. 5. Authorization Module: an authorized person can use this module esp. to print a certified letter on his printer that is connected to his PC. Preferably, all of the authorization information is saved in the database for future retrieval.
    6. 6. Online Verification Module: a verifier can use this module to esp. do the following:
      1. a) Retrieving a document to be verified by, e.g., entering the document certification number.
      2. b) Comparing and/or printing the information displayed to verify its correctness and safety from fraud.
      The above described modules are preferably run on the application server / server system and are preferably connected to an data network like the internet and activated by, for example, an internet browser that runs on a PC. Thus, users from different levels can access their modules from anywhere. Preferably, the modules check the corresponding user's ID number, password and / or signature before granting access to the respective module.
      Alternatively or in parallel to the Online Verification Module, the system can comprise:
    7. 7. An Offline Verification Module that runs on a stand alone verifier data system, e.g. a PC notebook, palm, mobile phone etc., connected to a scanner. The verifier can use this module to esp. do the following:
      1. a) Scanning the certified document with the scanner;
      2. b) Reading the information in the 2D barcode after either:
        decrypting the random key with the system decryption key, and decrypting the compressed document information with the random key
        or: decrypting the hash code with the system decryption key and comparing it with compressed document information Hash code);
      3. c) Decompressing the document information and displaying it;
      4. d) Comparing and/or printing the information displayed to verify its correctness and safety from fraud.
      At least the Main Module, Admin Module, and Registration Module may be run on the same application server.
  • In order that the invention may be more readily understood and put into practical effect, a preferred embodiment of the invention will now be described with reference to the accompanying drawings, in which :
    • FIG.1 schematically shows a handwritten signature captured by a digital pad and an electronic pen;
    • FIG.2 schematically shows a company stamp,
    • FIG.3 schematically shows a certification office stamp,
    • FIG.4 schematically shows a 2D barcode.
  • It is understood that this exemplary description does not limit the scope of the invention.
  • The modules of this invention are linked to each other and preferably share one database, and work as one system.
  • The process to use the system usually starts with an authorized person to enter admin information (name, position, adress, IP adress, admin ID, password etc) and at least one, preferably three or more, electronic admin signatures into the Main Module.
  • The admin is then allowed to log into the Admin Module, e.g. by entering his user ID, password, and electronic signature; this can be done by using an internet or intranet browser and a digital pad and electronic pen, for example. The admin is thus not restricted to use a closed network and can access the admin module from anywhere.
  • The admin in turn can grant access to the Certification Module by entering registrar information (name, employing certification office, address, IP address, registrar ID, password etc) and at least one, preferably three or more, electronic registrar signatures. The registrar is then allowed to log into the Registration Module, e.g. by entering his user ID, password, and electronic signature; this can be done by using an internet or intranet browser and a digital pad and electronic pen, for example. The registrar is thus not restricted to use a closed network and can access the Registration Module from anywhere.
  • The registrar on the other hand, who usually works for a trusted, often governmental, organisation like a certification office, can can grant access to the Certification Module to a member of another organisation (often a commercial company) by entering the member information (name, employing company, address, IP address, member ID number, password etc) and at least one, preferably three or more, electronic member signatures. The member is then allowed to log into the Certification Module, e.g. by entering his user ID, password, and electronic signature; this can be done by using an internet or intranet browser and a digital pad and electronic pen, for example.
  • Members using the Certification Module can enter document information after enrolling their signature(s) into the system, e.g. on a digital pad with an electronic pen connect to a PC. After that, the system compares the enrolled signature patterns with the signatures pattern(s) stored in the database to verify the correctness of the signature. If the signature has been positively verified, the document information is stored in the database, thus completing the certification process.
  • A member can also use the system to print, e.g., one or more of: the member's signature, as shown in FIG. 1, his company stamp as shown in FIG.2, a certification office stamp as shown in FIG.3, a certification number, a certification date, a certification time, and a 2D barcode as shown in FIG.4. Printing can be done by using a printer connected to the member's PC or using a PC on a third person's printer wherein the third person is authorized to print the document. The authentication process is then complete.
  • A typical 2D barcode usually has bars placed on the horizontal and the vertical dimension (as shown schematically in Fig. 4) and is generated using a 2D barcode generation program which transfers information into bars form. To be able to encode longer documents in barcode form, the document information is compressed. In order to prevent forgery and fraud, encrypted information is added. Document information and encrypted information are both put into the 2D barcode. The 2D barcode can be generated by, for example:
    • ■ encrypting the compressed document information with a system generated random key, encrypting the random key with a system encryption key and generating the 2D barcode from the encrypted random key and the encrypted compressed document information.
      or by:
    • ■ encrypting the compressed document information Hash code with the system encryption key, generating the 2D barcode from the encrypted Hash code and the compressed document information.
  • The encryption key is preferably one key out of a key pair, as for example from a asymmetric encription algorithm (e.g. PKI).
  • The 2D barcode can, for example, contain the following:
    1. 1. document information
    2. 2. member name
    3. 3. company name
    4. 4. certification office name
    5. 5. certification office stamp
    6. 6. system decryption key name
    7. 7. random key or hash code.
  • The Offline Verification Module enables verifiers to read the 2D barcode after scanning the document and to display the corresponding information.
  • The decryption can be carried out by, for example:
    • ■ decrypting the random key by the system decryption key, decrypt the compressed document information using the random key
      or by
    • ■ decrypting the hash code with the system decryption key and comparing it with the compressed document information hash code,
    resp. After that, the compressed document information is decompressed and the module displays it so that the verifier can compare this document information with the printed document information to verify the correctness and safety of the document from fraud.
  • The verifier can verify using the Online Verification Module through the Internet from displaying the certified document information to verify the correctness and safety of the document from fraud.

Claims (15)

1. A system for electronic certification and authentication, comprising the following components:
- a Certification Module which is provided to at least:
enter and save document information intended for certification;
encrypt the document information using a random key;
encrypt the random key using a system encryption key, wherein said encrypted random key is capable of being decrypted using a system decryption key; and
produce a certified document including the document information and the random key.
2. The system of claim 1 further comprising:
- an Offline Verification Module which is provided to at least:
(i) receive the certified document;
(ii) decrypt the random key using the system decryption key; and
(iii) decrypt the document information using the random key.
3. The system of claim 1 or 2 further comprising:
- a Main Module which grants access to the an Admin Module and which provides crypto-data, especially a crypto key pair comprising the system encryption key and the system decryption key, for use with the system;
- wherein the Admin Module is provided to at least:
(i) enter and store certification office information;
(ii) grant access to a Registration Module by entering and storing at least a registrars' information and registrar's at least one electronic signature;
(iiii) activate or deactivate registrars;
(iv) provide registrars with user IDs and passwords.
4. The system of claim 3, wherein the Registration Module is provided to at least:
(i) enter a companies' information;
(ii) register a companiy member's information and enroll member's signatures;
(iii) activate or deactivate signatories or companies' members; and
(iv) provide the company member with member's ID and password.
5. The system of any of the preceding claims, wherein the Certification Module is provided to at least:
(i) enroll a member's signature and compare the enrolled signature with stored member's signatures and, if the signature is correct, enter and save the document information that needs to be certified;
(ii) print a certified letter in form of a 2D barcode.
6. The system of claim 5, further comprising:
- an Authorization Module which is provided to at least:
(i) print the certified letter.
7. The system of claim 5 or 6, wherein the Offline Verification Module is provided to:
(i) scan the certified document; and
(ii) read the scanned information in the 2D barcode.
8. The system of Claims 5 to 7, wherein the 2D barcode is generated by the following steps:
(i) compressing the document information;
(ii) encrypting the compressed document information with a system generated random key,
(iii) encrypting the random key with a system encryption key from the Main Module, and
(iv) generating the 2D barcode from the encrypted random key and the encrypted compressed document information.
9. The system of Claim 8, further comprising an Offline Verification Module which is provided to at least:
(i) scan the certified document;
(ii) decrypt the random key with the system decryption key,
(iii) decrypt the compressed document information with the random key;
(iv) decompress the document information;
(v) compare the document information from the 2D barcode with another shown document information.
10. The system of Claims 5 to 7, wherein the 2D barcode is generated by the following steps:
(i) compressing the document information;
(ii) encrypting the compressed document information Hash code with a system encryption key from the Main Module,
(iii) generating the 2D barcode from the encrypted Hash code and the compressed document information.
11. The system of Claim 10, further comprising an Offline Verification Module which is provided to at least:
(i) scan the certified document;
(ii) decrypt the random key with the system decryption key,
(iii) decrypt the hash code with the system decryption key,
(iv) compare the hash code with the compressed document information hash code;
(iv) decompress the document information;
(v) compare the document information from the 2D barcode with another shown document information.
12. The system of one of the Claims 3 to 11, wherein the signature is enrolled by the way of a digital pad and an electronic pen.
13. The system of one of the Claims 1 to 12, wherein the access to one of the modules is granted by entering an ID number, a password, and an electronic signature.
14. The system of one of the Claims 1 to 13, wherein at least one of the modules can be accessed over the internet using an internet browser.
15. A method for electronic certification and authentication, comprising the steps:
encrypting document information using a random key;
encrypting the random key using a system encryption key, wherein said encrypted random key is capable of being decrypted using a system decryption key; and
producing a certified document including the document information and the random key.
EP10002826A 2005-02-02 2005-02-02 Electronic certification and authentication system Ceased EP2194513A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP05002155A EP1688891B1 (en) 2005-02-02 2005-02-02 Electronic certification and authentication system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
EP05002155.9 Division 2005-02-02

Publications (1)

Publication Number Publication Date
EP2194513A1 true EP2194513A1 (en) 2010-06-09

Family

ID=35696440

Family Applications (2)

Application Number Title Priority Date Filing Date
EP10002826A Ceased EP2194513A1 (en) 2005-02-02 2005-02-02 Electronic certification and authentication system
EP05002155A Active EP1688891B1 (en) 2005-02-02 2005-02-02 Electronic certification and authentication system

Family Applications After (1)

Application Number Title Priority Date Filing Date
EP05002155A Active EP1688891B1 (en) 2005-02-02 2005-02-02 Electronic certification and authentication system

Country Status (6)

Country Link
EP (2) EP2194513A1 (en)
AT (1) ATE463020T1 (en)
DE (1) DE602005020245D1 (en)
EG (1) EG25980A (en)
HK (1) HK1091305A1 (en)
WO (1) WO2006081861A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8531401B2 (en) 2009-08-13 2013-09-10 Hewlett-Packard Development Company, L.P. Computer accessory device
US8799675B2 (en) 2012-01-05 2014-08-05 House Of Development Llc System and method for electronic certification and authentication of data
CN103825734B (en) 2012-11-16 2016-11-09 深圳市腾讯计算机系统有限公司 Sensitive operation verification method, terminal device, server and checking system
US9819660B2 (en) 2014-04-11 2017-11-14 Xerox Corporation Systems and methods for document authentication
CN104581726B (en) * 2015-01-15 2018-07-17 天地融科技股份有限公司 A kind of authentication method and system
CN104992206A (en) * 2015-06-12 2015-10-21 孙红琴 Two-dimension code coding and decoding system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020023220A1 (en) * 2000-08-18 2002-02-21 Distributed Trust Management Inc. Distributed information system and protocol for affixing electronic signatures and authenticating documents

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020023220A1 (en) * 2000-08-18 2002-02-21 Distributed Trust Management Inc. Distributed information system and protocol for affixing electronic signatures and authenticating documents

Also Published As

Publication number Publication date
HK1091305A1 (en) 2007-01-12
EP1688891A1 (en) 2006-08-09
EP1688891B1 (en) 2010-03-31
EG25980A (en) 2012-11-19
DE602005020245D1 (en) 2010-05-12
WO2006081861A1 (en) 2006-08-10
ATE463020T1 (en) 2010-04-15

Similar Documents

Publication Publication Date Title
US7519825B2 (en) Electronic certification and authentication system
CN103679436B (en) A kind of electronic contract security system and method based on biological information identification
US7490240B2 (en) Electronically signing a document
US8285991B2 (en) Electronically signing a document
US9369287B1 (en) System and method for applying a digital signature and authenticating physical documents
US8689287B2 (en) Federated credentialing system and method
US4993068A (en) Unforgeable personal identification system
JP4323098B2 (en) A signature system that verifies the validity of user signature information
US20030012374A1 (en) Electronic signing of documents
US20030115475A1 (en) Biometrically enhanced digital certificates and system and method for making and using
US20030089764A1 (en) Creating counterfeit-resistant self-authenticating documents using cryptographic and biometric techniques
WO2003007527A2 (en) Biometrically enhanced digital certificates and system and method for making and using
CN105074721A (en) Method for signing electronic documents with an analog-digital signature with additional verification
US20090031139A1 (en) System and Method for Electronic Certification and Authentification
US20040068470A1 (en) Distributing public keys
EP1688891B1 (en) Electronic certification and authentication system
US11444784B2 (en) System and method for generation and verification of a subject's identity based on the subject's association with an organization
Chowdhary et al. Blockchain based framework for student identity and educational certificate verification
EP1280098A1 (en) Electronic signing of documents
WO2003009217A1 (en) Electronic signing of documents
CN1220932C (en) Electronic autograph on document
KR20020029926A (en) Method, article and apparatus for registering registrants, such as voter registrants
CN1959711B (en) Electronic identification and authentication system
US20030005298A1 (en) Method and apparatus for authenticating people using business cards
EP1975885A1 (en) System and method for electronic certification and authentification

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AC Divisional application: reference to earlier application

Ref document number: 1688891

Country of ref document: EP

Kind code of ref document: P

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR LV MK YU

17P Request for examination filed

Effective date: 20100930

17Q First examination report despatched

Effective date: 20110517

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20160412