EP3300545A1 - Method for electronically signing a document by means of a smartphone - Google Patents

Method for electronically signing a document by means of a smartphone

Info

Publication number
EP3300545A1
EP3300545A1 EP17735171.5A EP17735171A EP3300545A1 EP 3300545 A1 EP3300545 A1 EP 3300545A1 EP 17735171 A EP17735171 A EP 17735171A EP 3300545 A1 EP3300545 A1 EP 3300545A1
Authority
EP
European Patent Office
Prior art keywords
document
terminal
server
signatory
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP17735171.5A
Other languages
German (de)
French (fr)
Inventor
Claude RAPOPORT
Christophe CLOESEN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Portima Scrl
Original Assignee
Portima Scrl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Portima Scrl filed Critical Portima Scrl
Publication of EP3300545A1 publication Critical patent/EP3300545A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/313User authentication using a call-back technique via a telephone network

Definitions

  • the present application relates to the electronic signature of documents, such as, for example, insurance contracts, but, more generally, all documents of a service provider or a product supplier.
  • the document to be signed is accompanied by a certificate of characterization of the signatory and his signature.
  • the certificate contains the surname, first name, date of birth of the signatory and an identification number.
  • the signed document contains a quick reference QR code (Quick Reference) that represents an internet link to the signed document.
  • a signature software irreversibly transforms the PDF document to be signed into a string of characters (HASH) that the signatory must sign.
  • the signature is made using a Public Key Infrastructure (PKI).
  • PKI Public Key Infrastructure
  • the smart ID card contains this public key and a private key.
  • the public key is associated with a PKI certificate issued by the PKI server, which is an electronic file that defines the owner of the public key.
  • the identity card of the signatory having been introduced in his reader, and the document to sign transformed into HASH, it is with the signature of the HASH that one proceeds.
  • the signature software the number of personal identification (PIN code) is requested to the signer to have access to the private key stored and recorded in the chip.
  • the HASH is encrypted by means of the private key and the resulting signed HASH, as well as the certificate are sent to the signature server that the PDF document assistants, together with the exact date and time.
  • the recipient can, by means of the public key of the PKI certificate, verify the integrity of the document and the authenticity of the signer. Note that the pairing of both public and private keys is impossible, unless you have exorbitant means.
  • the invention relates to a method of electronically signing a document of a recipient, by a signatory having a smart telephone mobile terminal and to a camera, via the Internet and to the using a signature server and an application store, connected to the Internet and having a signature application, with a secure cryptography library, a method in which
  • the recipient sends the server the document to sign and the telephone number of the signatory
  • the signer downloads the application on his terminal and connects to it,
  • the server sends a service message (MS) to the terminal with a user code for the continuation of the application, code that the terminal returns to it for security,
  • MS service message
  • the signatory using his terminal, takes at least one picture of his identity document which is sent to the server by the Internet,
  • the terminal creates, from the secure library, a private key and a public key that is sent to the server,
  • the server creates the HASH of the document to be signed and a certificate of signature and sends them to the terminal,
  • the terminal as a signature, encrypts the HASH using the private key and a PIN code and
  • the terminal sends the encrypted HASH and the certificate to the server that recompose the signed document thus available to the recipient of the document.
  • the server After reception by the server of the photo of the signer's identity document, the server checks the authenticity of the signer's identity document, preferably by character recognition and image processing.
  • the steps of sending a service message (MS) and returning the code, taking the photo of the identity document and authenticating the signer's identity document constitute a global authentication step of the signatory.
  • the method of the invention can therefore be extended to an electronic signature method, a document of a recipient, by a signer having a smart telephone mobile terminal and to a camera, via the Internet and to using a signature server and an application store, connected to the Internet and having a signature application, with a secure cryptography library, a method in which
  • the recipient sends to the server the document to be signed and the telephone number of the signatory
  • the signer downloads the application on his terminal and connects to it,
  • the signatory proceeds to the signature of the electronic document, before sending it to the server where it is available to the recipient of the document.
  • the authentication of the signatory includes the steps according to which
  • the server sends a service message (MS) to the terminal with a user code for the continuation of the application, code that the terminal returns to it for security,
  • MS service message
  • the signatory using his terminal, takes at least one picture of his identity document which is sent to the server by the Internet,
  • the server checks the authenticity of the signatory's identity document.
  • the signature of the document comprises the steps according to which the terminal creates, from the secure library, a private key and a public key that is sent to the server,
  • the server creates the HASH of the document to be signed and the certificate of signature and sends them to the terminal
  • the terminal as a signature, encrypts the HASH using the private key and a PIN code and
  • the terminal sends the encrypted HASH and the certificate to the server that recompose the signed document thus available to the recipient of the document.
  • FIG. 1 is a general diagram of the system by means of which the method of the invention is implemented;
  • FIG. 2 is a block diagram of the steps of the method of the invention.
  • FIG. 3 is a block diagram of the signatory authentication step
  • FIG. 4 is a block diagram of the certificate creation step
  • FIG. 5 is a copy of a signature certificate
  • the method which will now be described is intended to be signed by a signatory equipped with a mobile telephone terminal 1, here smart phone type, and which has a camera 2 and a chip 3, a document proposed by a recipient, here an insurance broker, intended to receive the signed document and who has a terminal 4, the two terminals 1 and 4 can be connected to the Internet network 5 as well as to a signature server 6 and an application store 9, which can therefore also be connected to the Internet 5.
  • a signature application is implemented in a first part 7 'in the server 6 and in a second part 7 "in the application store 9.
  • the part 7' is the" server "application, the part 7", the mobile app.
  • a secure cryptography library 8 is located in the store 9, preferably, as here, in the mobile application 7 ".
  • the recipient begins, through its terminal 4, to send, via the Internet 5, to the server 6 the document to be signed by the owner of the terminal 1, that is to say the signatory. With the document to be signed, is also sent the phone number of the signer who knows the recipient.
  • the signer downloads, in his terminal 1, the signature application 7 'of the server 6 and the signature application 7 "of the store 9 and connects to this application, here through a user code and a password.
  • the signer displays the document to be signed and the phone number provided by the recipient, which he can view.
  • the signatory then clicks on the icon "to sign", then, by another click, must accept the general conditions of the use of the signature application.
  • the recipient read i sends (1 02) directly over the Internet 5 a service message (MS), here an SMS, with a single-use code for the continuation of the application, code that the terminal 1 returns to the recipient by security for once again confirm that his phone number is the correct one.
  • MS service message
  • the recipient proceeds to take a picture 1 03 and takes photos of the front and back of his identity card, if it is this piece of identification. Note that other pieces of identity are possible such as a passport.
  • the shooting conditions are inevitably random, as to the orientation of the map, the ambient light and the disturbing reflections. For subsequent control this should be taken into consideration.
  • identity documents to avoid counterfeits, have many visual elements that create noise that disrupts the recognition of their data.
  • identity documents there may be several types of identity documents in each country, with different zone compositions, which must also be taken into account in their recognition.
  • Terminal 1 sends the photos to the server 6.
  • the control 1 04 of the authenticity of the identity card of the signatory is done as follows, by character recognition and image processing.
  • the data areas are precisely recognized by a pre-cut that remains difficult given the freedom of the shooting by the signatory, with a background, orientation and lighting that can leave something to be desired. In any case, arbitration and corrections are necessary.
  • the saturation channel makes it possible to detect the chip of the identity card.
  • the value channel is used to detect the orientation, the face, the machine readable zone (readable zone, MRZ) and, if it exists, the barcode.
  • Points are detected that may be on an object outline in the image. These points are connected to form candidate lines representing the real edges of all the photographed objects of the image.
  • To straighten the image we extract from the set D of the candidate straight lines di, a set of orientation angles E
  • orientations are sorted according to the number of occurrences. The most present orientation E, is retained and all orientations whose difference with E, in the implementation here performed, less than 3 degrees are rejected. If an element of the line of orientation E can not be detected, we deduce that the orientation is bad and we start again by rejecting the orientation E, and selecting the su ivante. Detection of map elements
  • the image can undergo an "advanced morphological transformation" that highlights the element.
  • An iteration loop on one of the threshold parameters makes it possible to cover some photographs of more extreme contrasts. As soon as the element is detected, we leave the iteration.
  • T text areas, F, areas to be blurred.
  • An adjustment step can be made by comparing names determined by character recognition of the front and back faces, which are in two different formats. It will be noted that the applicant, for these control steps, made use of the "Open Computer Vision" library via Emgu Computer Vision. The purpose of this check is to ensure, with a sufficient degree of certainty, that the person using the signing application is who they claim to be. We make sure that the photographed part is probably a true identity document, that the front face of the part corresponds to its back side, that the part is not outdated and that the holder is major.
  • a cleaning step 1 4 which aims to expell the certificate that will be created data relating to the privacy of the signatory, such as the national registry number.
  • the entire terminal 1 of the signer and the server 6 will create data for certification of the signature.
  • This data includes the signatory's last name, first name and date of birth, his email address, the "reduced" telephone number, and the unique serial number of his certificate.
  • the terminal 1 From the secure library 8 of the application (7 "), the terminal 1 creates (1 1 1) a private key and a cryptographic public key stored in the mobile application 7".
  • This library can be provided by Whitecryption-Approval NIST FIPS 1 40-2 Level 1
  • the terminal 1 sends (1 1 2) the public key to the server 6 to link the data of the signer to the public key, sealed by a signature of a certification authority.
  • the server creates (1 1 3) then the certificate (FIG. 5) that it sends (1 1 4) to the terminal 1.
  • the server 6 in which was entered the document to be signed in PDF format, electronically transforms (1 2) this document into a string of characters (HASH) and that's what the signatory has to sign.
  • the server 6 sends it to the terminal 1.
  • the terminal encrypts the HASH using the private key and a PIN code that is involved at this point in the process.
  • This PIN code has been chosen by the signatory (digital or alphanumeric) for the purposes of signing and to allow access to the private key.
  • the terminal sends the HASH and the certificate to the server that recompose the signed document (Figure 6) before making it available to the signatory. He could also send it to the recipient.
  • this electronic signature method that has just been described is to be implemented by a signer of a document of a recipient when the signatory wants to make this signature for the first time with a terminal with which he had never made such an electronic signature. In other words, it is a first signature with a new empty terminal of the signature application.
  • the recipient sends the server (6) the document to be signed and the telephone number of the signatory
  • the server (6) creates the HASH of the document to be signed and sends it to the terminal (1), the terminal (1), by way of signature, encrypts the HASH using the private key and the PIN code previously chosen by the signatory and
  • the terminal (1) sends the encrypted HASH and the certificate to the server (6) which recomposes the signed document thus available for the recipient of the document.
  • the signature application has been downloaded to the terminal, the server already has the photo of the signer's ID, the private and public keys have already been created and sent to the server and the signature certificate has already been created. .

Abstract

Method for electronically signing a document of an addressee, by a signatory having a mobile telephone terminal (1) with an electronic chip and a camera, over the Internet (5) and a signature server and an application store (9), linked to the Internet and having a signature application (7', 7"), with a cryptographically secure library. - The addressee sends the document to be signed and the telephone number of the signatory to the server (6), - the signatory downloads the application (7', 7") on his terminal (1) and connects to it, - the document to be signed is made to appear on the terminal (1) accompanied by the telephone number, - authentication of the signatory is carried out, - a signing certificate is created and the electronic document to be signed is transformed, - the signatory signs the electronic document, before sending it to the server (6), to the attention of the addressee.

Description

PROCEDE DE SIGNATURE ELECTRONIQUE D UN DOCUMENT AU MOYEN D'UN TÉLÉPHONE  METHOD FOR ELECTRONIC SIGNATURE OF A DOCUMENT USING A TELEPHONE
INTELIGENT  INTELIGENT
La présente demande concerne la signature électronique de documents, comme par exemple des contrats d'assu rance, mais, plus généralement, tous documents d'u n prestataire de services ou d'un fournisseur de produits. The present application relates to the electronic signature of documents, such as, for example, insurance contracts, but, more generally, all documents of a service provider or a product supplier.
Il peut aussi s'agir d'un document d'authentification pour pouvoir accéder à son compte bancaire. It can also be an authentication document to access his bank account.
Il est déjà connu de signer de façon électronique des documents avec une carte d'identité à puce, un lecteur approprié de réception de la carte avec sa puce et un ordinateur personnel dans lequel est installé un logiciel de signature. It is already known to electronically sign documents with a smart identity card, a suitable reader for receiving the card with its chip and a personal computer in which is installed a signature software.
A cet effet, il est procédé de la façon décrite succinctement ci-après. For this purpose, it is proceeded as briefly described below.
Au document à signer sont adjoints un certificat de caractérisation du signataire et sa signature. Le certificat comporte les nom, prénom, date de naissance du signataire et u n numéro d'identification. Le document signé contient un code QR de référencement rapide (Quick Référence) qu i représente un lien internet vers le document signé. The document to be signed is accompanied by a certificate of characterization of the signatory and his signature. The certificate contains the surname, first name, date of birth of the signatory and an identification number. The signed document contains a quick reference QR code (Quick Reference) that represents an internet link to the signed document.
Un logiciel de signature transforme de façon irréversible le document PDF à signer en une chaîne de caractères (HASH) que le signataire doit signer. La signature s'effectue à l'aide d'une infrastructu re PKI à clé publique (Public Key Infrastructure). A signature software irreversibly transforms the PDF document to be signed into a string of characters (HASH) that the signatory must sign. The signature is made using a Public Key Infrastructure (PKI).
La carte d'identité à puce contient cette clé publique et une clé privée. A la clé publique est associé un certificat PKI, émis par le serveur PKI, qui est u n fichier électronique qui définit le propriétaire de la clé publique. La carte d'identité du signataire ayant été introduite dans son lecteur, et le document à signer transformé en HASH, c'est à la signature du HASH qu'on procède. Par le logiciel de signature, le nombre d'identification personnel (code PIN) est demandé au signataire pour avoir accès à la clé privée stockée et consignée dans la puce. Ensuite le HASH est crypté au moyen de la clé privée et le HASH signé, qui en résulte, ainsi que le certificat sont envoyés au serveur de signature qu i les adjoints au document PDF, en même temps que la date et l'heure exactes. Grâce à la signature du HASH, le destinataire peut, au moyen de la clé publique du certificat PKI, vérifier l'intégrité du document et l'authenticité du signataire. On notera que l'appariement des deux clés publique et privée est impossible, sauf à disposer de moyens exorbitants. The smart ID card contains this public key and a private key. The public key is associated with a PKI certificate issued by the PKI server, which is an electronic file that defines the owner of the public key. The identity card of the signatory having been introduced in his reader, and the document to sign transformed into HASH, it is with the signature of the HASH that one proceeds. By the signature software, the number of personal identification (PIN code) is requested to the signer to have access to the private key stored and recorded in the chip. Then the HASH is encrypted by means of the private key and the resulting signed HASH, as well as the certificate are sent to the signature server that the PDF document assistants, together with the exact date and time. With the signature of the HASH, the recipient can, by means of the public key of the PKI certificate, verify the integrity of the document and the authenticity of the signer. Note that the pairing of both public and private keys is impossible, unless you have exorbitant means.
Le procédé de signature électronique de l'art antérieur, tel que décrit ci- dessus, est d'une grande sécurité. Toutefois, il présente des inconvénients. The electronic signature method of the prior art, as described above, is of great security. However, it has disadvantages.
Il nécessite un lecteu r de carte d'identité compatible, un ordinateur, l'installation d'un logiciel de signature dans l'ordinateur, la mémorisation du code PIN de la puce de sa carte d'identité comportant, de surcroit, un numéro d'identification. It requires a compatible identity card reader, a computer, the installation of a signature software in the computer, the memorization of the PIN code of the chip of his identity card including, in addition, a number Identification.
C'est pourquoi la demanderesse s'est attachée à proposer un procédé de signature électronique à l'aide seulement d'un terminal mobile téléphonique à puce et à appareil photographique c'est-à-dire un « smart phone » ou une tablette et, bien sûr, d'un serveur de signature et du réseau Internet. This is why the applicant has endeavored to propose an electronic signature process using only a smart telephone and smart phone mobile terminal, that is to say a "smart phone" or a tablet and , of course, a signature server and the Internet.
Et c'est ainsi que l'invention concerne un procédé de signature électronique d'un document d'un destinataire, par un signataire possédant un terminal mobile téléphonique à puce et à appareil photographique, par l'intermédiaire du réseau Internet et à l'aide d'un serveur de signature et d'un magasin d'applications, reliés au réseau Internet et possédant une application de signature, avec une librairie sécurisée de cryptographie, procédé dans lequel And this is how the invention relates to a method of electronically signing a document of a recipient, by a signatory having a smart telephone mobile terminal and to a camera, via the Internet and to the using a signature server and an application store, connected to the Internet and having a signature application, with a secure cryptography library, a method in which
- le destinataire envoie au serveur le docu ment à signer et le nu méro de téléphone du signataire, - the recipient sends the server the document to sign and the telephone number of the signatory,
- le signataire télécharge l'application sur son terminal et s'y connecte, the signer downloads the application on his terminal and connects to it,
- il fait apparaître sur le terminal le document à signer accompagné du numéro de téléphone - le signataire confirme son numéro de téléphone, - it shows on the terminal the document to be signed accompanied by the telephone number - the signatory confirms his telephone number,
- le serveur envoie un message de service (MS) au terminal avec un code à usage u nique pour la poursuite de l'application, code que le terminal lui renvoie par sécurité,  the server sends a service message (MS) to the terminal with a user code for the continuation of the application, code that the terminal returns to it for security,
- le signataire, à l'aide de son terminal, prend au moins une photo de sa pièce d'identité qui est envoyée au serveur par le réseau Internet, the signatory, using his terminal, takes at least one picture of his identity document which is sent to the server by the Internet,
- le terminal crée, à partir de la librairie sécurisée, une clé privée et une clé publique qui est envoyée au serveur, the terminal creates, from the secure library, a private key and a public key that is sent to the server,
- le serveur crée le HASH du document à signer et un certificat de signatu re et les envoie au terminal,  the server creates the HASH of the document to be signed and a certificate of signature and sends them to the terminal,
- le terminal, en guise de signature, encrypte le HASH à l'aide de la clé privée et d'un code PIN et  - the terminal, as a signature, encrypts the HASH using the private key and a PIN code and
- le terminal envoie le HASH crypté et le certificat au serveur qui recompose le document signé ainsi disponible pour le destinataire du document.  the terminal sends the encrypted HASH and the certificate to the server that recompose the signed document thus available to the recipient of the document.
Avantageusement, après réception par le serveur de la photo de la pièce d'identité du signataire, le serveur contrôle l'authenticité de la pièce d'identité du signataire, de préférence par reconnaissance de caractères et traitement d'images. Advantageously, after reception by the server of the photo of the signer's identity document, the server checks the authenticity of the signer's identity document, preferably by character recognition and image processing.
Les étapes d'envoi d'un message de service (MS) et renvoi du code, de prise de la photo de la pièce d'identité et d'authentification de la pièce d'identité du signataire constituent u ne étape globale d'authentification du signataire. The steps of sending a service message (MS) and returning the code, taking the photo of the identity document and authenticating the signer's identity document constitute a global authentication step of the signatory.
Les étapes précédentes et celles qu i commencent par la création des clés privée et publique constituent une étape globale de création du certificat de signatu re, avant l'étape globale de signatu re. The preceding steps and those that begin with the creation of the private and public keys constitute a global step of creation of the signatu re certificate, before the global signatu re step.
Le procédé de l'invention peut donc être étendu à un procédé de signature électronique, d'un document d'un destinataire, par un signataire possédant un terminal mobile téléphonique à puce et à appareil photographique, par l'intermédiaire du réseau Internet et à l'aide d'un serveur de signature et d'un magasin d'applications, reliés au réseau Internet et possédant une application de signature, avec une librairie sécurisée de cryptographie, procédé dans lequel The method of the invention can therefore be extended to an electronic signature method, a document of a recipient, by a signer having a smart telephone mobile terminal and to a camera, via the Internet and to using a signature server and an application store, connected to the Internet and having a signature application, with a secure cryptography library, a method in which
- le destinataire envoie au serveu r le document à signer et le numéro de téléphone du signataire, - the recipient sends to the server the document to be signed and the telephone number of the signatory,
- le signataire télécharge l'application sur son terminal et s'y connecte, the signer downloads the application on his terminal and connects to it,
- il fait apparaître sur le terminal le document à signer accompagné du numéro de téléphone, - it shows on the terminal the document to be signed accompanied by the telephone number,
- il est procédé à l'authentification du signataire, puis - the signatory is authenticated, then
- il est procédé à la création d'un certificat de signature et à la transformation électronique du document à signer,  - the creation of a signature certificate and the electronic transformation of the document to be signed,
- le signataire procède à la signature du document électronique, avant de l'envoyer au serveur où il est disponible pour le destinataire du document.  - the signatory proceeds to the signature of the electronic document, before sending it to the server where it is available to the recipient of the document.
Comme précédemment, avantageusement, l'authentification du signataire comporte les étapes selon lesquelles As previously, advantageously, the authentication of the signatory includes the steps according to which
- le signataire confirme son numéro de téléphone, - the signatory confirms his telephone number,
- le serveur envoie un message de service (MS) au terminal avec un code à usage u nique pour la poursuite de l'application, code que le terminal lui renvoie par sécurité, the server sends a service message (MS) to the terminal with a user code for the continuation of the application, code that the terminal returns to it for security,
- le signataire, à l'aide de son terminal, prend au moins une photo de sa pièce d'identité qui est envoyée au serveur par le réseau Internet, the signatory, using his terminal, takes at least one picture of his identity document which is sent to the server by the Internet,
- après réception par le serveur de la photo de la pièce d'identité du signataire, le serveur contrôle l'authenticité de la pièce d'identité du signataire. - after receiving the photo of the signatory's identity document from the server, the server checks the authenticity of the signatory's identity document.
De même, et de préférence, la signature du document comporte les étapes selon lesquelles - le terminal crée, à partir de la librairie sécurisée, une clé privée et une clé publique qui est envoyée au serveur, Likewise, and preferably, the signature of the document comprises the steps according to which the terminal creates, from the secure library, a private key and a public key that is sent to the server,
- le serveur crée le HASH du document à signer et le certificat de signatu re et les envoie au terminal, the server creates the HASH of the document to be signed and the certificate of signature and sends them to the terminal,
- le terminal, en guise de signature, encrypte le HASH à l'aide de la clé privée et d'un code PIN et - the terminal, as a signature, encrypts the HASH using the private key and a PIN code and
- le terminal envoie le HASH crypté et le certificat au serveur qui recompose le document signé ainsi disponible pour le destinataire du document. the terminal sends the encrypted HASH and the certificate to the server that recompose the signed document thus available to the recipient of the document.
L'invention sera mieux comprise à l'aide de la description suivante, en référence au dessin en annexe, sur lequel The invention will be better understood with the aid of the following description, with reference to the drawing in the appendix, on which
- la figure 1 est un schéma d'ensemble du système grâce auquel le procédé de l'invention est mis en œuvre ; FIG. 1 is a general diagram of the system by means of which the method of the invention is implemented;
- la figure 2 est un schéma-bloc des étapes du procédé de l'invention ; FIG. 2 is a block diagram of the steps of the method of the invention;
- la figure 3 est un schéma-bloc de l'étape d'authentification du signataire ; FIG. 3 is a block diagram of the signatory authentication step;
- la figure 4 est un schéma-bloc de l'étape de création du certificat ; FIG. 4 is a block diagram of the certificate creation step;
- la figure 5 est une copie d'un certificat de signature et FIG. 5 is a copy of a signature certificate and
- la figure 6 est une copie du document signé électroniquement.  - Figure 6 is a copy of the document signed electronically.
Le procédé qu i va maintenant être décrit vise à faire signer par un signataire doté d'un terminal téléphonique mobile 1 , ici de type smart phone, et qui possède un appareil photographique 2 et une puce 3 , un document proposé par un destinataire, ici un courtier d'assurance, destiné à recevoir le document signé et qui possède un terminal 4, les deux terminaux 1 et 4 pouvant être reliés au réseau Internet 5 ainsi qu 'à un serveur de signature 6 et un magasin d'applications 9, pouvant donc aussi être reliés au réseau Internet 5. Une application de signature est implantée en une première partie 7' dans le serveur 6 et en une deuxième partie 7 " dans le magasin d'applications 9. La partie 7' est l'application « serveur », la partie 7", l'application mobile. Une librairie sécurisée de cryptographie 8 est implantée dans le magasin 9, de préférence, comme ici, dans l'application mobile 7". The method which will now be described is intended to be signed by a signatory equipped with a mobile telephone terminal 1, here smart phone type, and which has a camera 2 and a chip 3, a document proposed by a recipient, here an insurance broker, intended to receive the signed document and who has a terminal 4, the two terminals 1 and 4 can be connected to the Internet network 5 as well as to a signature server 6 and an application store 9, which can therefore also be connected to the Internet 5. A signature application is implemented in a first part 7 'in the server 6 and in a second part 7 "in the application store 9. The part 7' is the" server "application, the part 7", the mobile app. A secure cryptography library 8 is located in the store 9, preferably, as here, in the mobile application 7 ".
Le destinataire, commence, par son terminal 4, à envoyer, via le réseau Internet 5 , au serveur 6 le document destiné à être signé par le propriétaire du terminal 1 , c'est-à-dire le signataire. Avec le document à signer, est également envoyé le numéro de téléphone du signataire que connaît le destinataire. Le signataire télécharge, dans son terminal 1 , l'application de signature 7' du serveur 6 et l'application de signature 7" du magasin 9 et se connecte à cette application, ici grâce à un code utilisateur et un mot de passe. The recipient, begins, through its terminal 4, to send, via the Internet 5, to the server 6 the document to be signed by the owner of the terminal 1, that is to say the signatory. With the document to be signed, is also sent the phone number of the signer who knows the recipient. The signer downloads, in his terminal 1, the signature application 7 'of the server 6 and the signature application 7 "of the store 9 and connects to this application, here through a user code and a password.
Apparaissent alors, sur l'écran du terminal 1 du signataire, ici des données d'assurance et une demande de signature du document. Par un clic, le signataire fait apparaître le document à signer et le numéro de téléphone communiqué par le destinataire, qu'il peut donc visualiser. Then appear on the screen of the terminal 1 of the signer, here insurance data and a request for signature of the document. With a click, the signer displays the document to be signed and the phone number provided by the recipient, which he can view.
Le signataire clique alors sur l'icône « à signer », puis, par un autre clic, doit accepter les conditions générales de l'utilisation de l'application de signature. The signatory then clicks on the icon "to sign", then, by another click, must accept the general conditions of the use of the signature application.
Puis, par un nouveau clic sur l'icône « commencer », vont se dérouler les étapes aboutissant à la signature (figure 2). Then, by a new click on the icon "to begin", will proceed the steps leading to the signature (figure 2).
Quatre grandes étapes générales se succèdent que sont une étape 1 0 d'authentification du signataire, une étape 1 1 de création du certificat de signature, une étape 1 2 de transformation électronique du document à signer et l'étape de signature proprement dite 1 3. Etape d'authentification du signataire (figure 3) Four main general steps follow one another that are a signatory authentication step 1 0, a step 1 1 of creation of the signature certificate, a step 1 2 of electronic transformation of the document to be signed and the actual signature step 1 3 . Signatory authentication step (Figure 3)
Après visualisation sur l'écran de son terminal 1 , de son numéro de téléphone tel que noté par le destinataire, le signataire procède à la confirmation 1 01 de ce numéro. After viewing on the screen of its terminal 1, its telephone number as noted by the recipient, the signer makes the confirmation 1 01 of this number.
Puis le destinataire lu i envoie (1 02) directement par le réseau Internet 5 un message de service (MS), ici un SMS, avec un code à usage unique pour la poursuite de l'application, code que le terminal 1 renvoie au destinataire par sécurité pour une nouvelle fois confirmer que son numéro de téléphone est le bon. Then the recipient read i sends (1 02) directly over the Internet 5 a service message (MS), here an SMS, with a single-use code for the continuation of the application, code that the terminal 1 returns to the recipient by security for once again confirm that his phone number is the correct one.
Après quoi, le destinataire procède à une prise de vues 1 03 et prend des photos du recto et du verso de sa carte d'identité, s'il s'agit de cette pièce d'identité. On notera que d'autres pièces d'identité sont envisageables comme par exemple un passeport. After that, the recipient proceeds to take a picture 1 03 and takes photos of the front and back of his identity card, if it is this piece of identification. Note that other pieces of identity are possible such as a passport.
Les conditions de prise de vues sont forcément aléatoires, quant à l'orientation de la carte, la luminosité ambiante et les reflets perturbateurs. Pour le contrôle ultérieur, cela devra être pris en considération. The shooting conditions are inevitably random, as to the orientation of the map, the ambient light and the disturbing reflections. For subsequent control this should be taken into consideration.
On notera également que les pièces d'identité, pour éviter les contrefaçons, comportent de nombreux éléments visuels qui créent du bruit qui perturbe la reconnaissance de leurs données. Par ailleurs, il peut exister plusieurs types de pièces d'identité, dans chaque pays, avec des compositions de zones différentes les unes des autres, ce qui doit aussi être pris en considération dans leur reconnaissance. It should also be noted that identity documents, to avoid counterfeits, have many visual elements that create noise that disrupts the recognition of their data. In addition, there may be several types of identity documents in each country, with different zone compositions, which must also be taken into account in their recognition.
Le terminal 1 envoie les photos au serveur 6. Terminal 1 sends the photos to the server 6.
Le contrôle 1 04 de l'authenticité de la carte d'identité du signataire s'effectue comme suit, par reconnaissance de caractères et traitement d'images. Les zones de données sont reconnues avec précision, par u n prédécoupage qui reste difficile compte-tenu de la liberté de la prise de vue par le signataire, avec un fond, une orientation et un éclairage qui peuvent laisser à désirer. En tout état de cause, un arbitrage et des corrections sont nécessaires. The control 1 04 of the authenticity of the identity card of the signatory is done as follows, by character recognition and image processing. The data areas are precisely recognized by a pre-cut that remains difficult given the freedom of the shooting by the signatory, with a background, orientation and lighting that can leave something to be desired. In any case, arbitration and corrections are necessary.
Plus précisément, on procède à More specifically, we proceed to
- la décomposition de l'image, - the decomposition of the image,
- la détection de l'orientation,  - the detection of the orientation,
- la détection des éléments et  - the detection of elements and
- la détermination des zones.  - the determination of the zones.
Décomposition de l'image Decomposition of the image
Elle s'effectue par décomposition en les trois canaux « teinte, « saturation » et « valeur » (Hue, Satu ration, Value, HSV). Le canal saturation permet de détecter la puce de la carte d'identité. Le canal valeur permet de détecter l'orientation, le visage, la zone lisible par machine (machine readable zone, MRZ) et, s'il existe, le code-barres. It is carried out by decomposition into the three channels "hue, saturation" and "value" (Hue, Saturation, Value, HSV). The saturation channel makes it possible to detect the chip of the identity card. The value channel is used to detect the orientation, the face, the machine readable zone (readable zone, MRZ) and, if it exists, the barcode.
Détection de l'orientation Orientation detection
On détecte des points susceptibles d'être sur un contour d'objet dans l'image. On relie ces points pour former des droites candidates représentant les bords réels de tous les objets photographiés de l'image. Pou r redresser l'image, on extrait de l'ensemble D des droites candidates di , un ensemble d'angles d'orientations E Points are detected that may be on an object outline in the image. These points are connected to form candidate lines representing the real edges of all the photographed objects of the image. To straighten the image, we extract from the set D of the candidate straight lines di, a set of orientation angles E
E ={tan-1 (mcii), l dieD} où mdi est l'orientation calculée de la droite d, par rapport à l'horizontale. E = {tan- 1 (m c ii), dieD} where mdi is the calculated orientation of the line d, relative to the horizontal.
L'ensemble des orientations est soumis à un tri selon le nombre d'occurrences. L'orientation la plus présente E, est retenue et toutes les orientations dont la différence avec E, est, dans la mise en œuvre ici effectuée, inférieure à 3 degrés sont rejetées. Si un élément de la droite d'orientation E, ne peut être détecté, on en déduit que l'orientation est mauvaise et on recommence en rejetant l'orientation E, et en sélectionnant la su ivante. Détection des éléments de la carte All orientations are sorted according to the number of occurrences. The most present orientation E, is retained and all orientations whose difference with E, in the implementation here performed, less than 3 degrees are rejected. If an element of the line of orientation E can not be detected, we deduce that the orientation is bad and we start again by rejecting the orientation E, and selecting the su ivante. Detection of map elements
Avec une orientation déterminée, en fonction de l'élément à détecter, l'image peut subir une « transformation morphologique avancée » qui met l'élément en valeur. Une boucle d'itération sur un des paramètres de seuil permet de couvrir certaines photographies de contrastes plus extrêmes. Dès que l'élément est détecté, on sort de l'itération. With a determined orientation, depending on the element to be detected, the image can undergo an "advanced morphological transformation" that highlights the element. An iteration loop on one of the threshold parameters makes it possible to cover some photographs of more extreme contrasts. As soon as the element is detected, we leave the iteration.
Détermination des zones Pour une carte d'identité de Belgique, la table du contenu est la suivante : Determination of zones For a Belgian identity card, the table of contents is as follows:
T sont des zones de texte, F, des zones à rendre floues. On peut vou loir procéder à une étape d'ajustement en comparant des noms déterminés par reconnaissance de caractères des faces recto et verso, qui s'y trouvent sous deux formats différents. On notera que la demanderesse, pour ces étapes de contrôle, a fait usage de la bibliothèque d' « Open Computer Vision » via Emgu Computer Vision. Ce contrôle vise à s'assurer, avec un degré de certitude suffisant, que la personne qui utilise l'application de signature est bien celle qu'elle prétend être. On s'assure que la pièce photographiée est vraisemblablement une vraie pièce d'identité, que la face avant de la pièce correspond bien à sa face arrière, que la pièce n'est pas périmée et que le détenteur est majeur. T are text areas, F, areas to be blurred. An adjustment step can be made by comparing names determined by character recognition of the front and back faces, which are in two different formats. It will be noted that the applicant, for these control steps, made use of the "Open Computer Vision" library via Emgu Computer Vision. The purpose of this check is to ensure, with a sufficient degree of certainty, that the person using the signing application is who they claim to be. We make sure that the photographed part is probably a true identity document, that the front face of the part corresponds to its back side, that the part is not outdated and that the holder is major.
Après l'étape d'authentification 1 0, on procède ici à une étape de nettoyage 1 4 qui vise à expurger du certificat qui va être créé des données relatives à la vie privée du signataire, comme par exemple le numéro de registre national. After the authentication step 1 0, we proceed here to a cleaning step 1 4 which aims to expell the certificate that will be created data relating to the privacy of the signatory, such as the national registry number.
Etape de création du certificat (figure 4) Certificate creation step (Figure 4)
Sur la base des données capturées pour identifier le signataire, l'ensemble du terminal 1 du signataire et du serveur 6 va créer des données permettant la certification de la signature. Based on the data captured to identify the signer, the entire terminal 1 of the signer and the server 6 will create data for certification of the signature.
Parmi ces données, on considère le nom, le prénom et la date de naissance du signataire, son adresse email, le nu méro de téléphone « réduit », et le numéro de série unique de son certificat. This data includes the signatory's last name, first name and date of birth, his email address, the "reduced" telephone number, and the unique serial number of his certificate.
A partir de la librairie sécurisée 8 de l'application (7"), le terminal 1 crée (1 1 1 ) une clé privée et une clé publique cryptographiques stockées dans l'application mobile 7". Cette librairie peut être fournie par l'entité Whitecryption-approbation NIST FIPS 1 40-2 Level 1From the secure library 8 of the application (7 "), the terminal 1 creates (1 1 1) a private key and a cryptographic public key stored in the mobile application 7". This library can be provided by Whitecryption-Approval NIST FIPS 1 40-2 Level 1
(http: / /csrc.nist.goV/groups/STM /cmvp/documents/ l 40-1 / l 40sp/ l 40sp 2284.pdf). Le terminal 1 envoie (1 1 2) la clé publique au serveur 6 pour lier les données du signataire à la clé publique, scellée par signature d'une autorité de certification. Le serveur crée (1 1 3) alors le certificat (figure 5) qu 'il envoie (1 1 4) au terminal 1 . (http://csrc.nist.goV/groups/STM/cmvp/documents/ l 40-1 / l 40sp / l 40sp 2284.pdf). The terminal 1 sends (1 1 2) the public key to the server 6 to link the data of the signer to the public key, sealed by a signature of a certification authority. The server creates (1 1 3) then the certificate (FIG. 5) that it sends (1 1 4) to the terminal 1.
En parallèle à la création du certificat, le serveur 6, dans lequel a été saisi le document à signer dans le format PDF, transforme électroniquement (1 2) ce document en une chaîne de caractères (HASH) et c'est elle que le signataire doit signer. Le serveur 6 l'envoie au terminal 1 . In parallel with the creation of the certificate, the server 6, in which was entered the document to be signed in PDF format, electronically transforms (1 2) this document into a string of characters (HASH) and that's what the signatory has to sign. The server 6 sends it to the terminal 1.
Etape de signature (figure 2) Signature stage (Figure 2)
Le terminal encrypte le HASH à l'aide de la clé privée et d'un code PIN qu i intervient à ce moment du procédé. Ce code PIN a été choisi par le signataire (numérique ou alphanu mérique) pour les besoins de la signature et pour permettre l'accès à la clé privée. The terminal encrypts the HASH using the private key and a PIN code that is involved at this point in the process. This PIN code has been chosen by the signatory (digital or alphanumeric) for the purposes of signing and to allow access to the private key.
Puis le terminal envoie le HASH et le certificat au serveur qu i recompose le document signé (figure 6) avant de le mettre à la disposition du signataire. Il pourrait aussi l'envoyer au destinataire. Then the terminal sends the HASH and the certificate to the server that recompose the signed document (Figure 6) before making it available to the signatory. He could also send it to the recipient.
On aura compris que ce procédé de signature électronique qui vient d'être décrit est à mettre en œuvre par un signataire d'un document d'un destinataire quand ce signataire veut procéder à cette signature pour la première fois avec un terminal avec lequel il n'avait encore jamais procédé à une telle signature électronique. En d'autres termes, il s'agit d'une première signature avec un nouveau terminal vide de l'application de signature. It will be understood that this electronic signature method that has just been described is to be implemented by a signer of a document of a recipient when the signatory wants to make this signature for the first time with a terminal with which he had never made such an electronic signature. In other words, it is a first signature with a new empty terminal of the signature application.
Pou r procéder ultérieurement à une nouvelle signature électronique avec le même terminal qu i a donc, pour ainsi dire, été initialisé, il suffit de ne dérouler qu'une partie des étapes : In order to subsequently proceed to a new electronic signature with the same terminal that has, so to speak, been initialized, it suffices to carry out only a part of the steps:
- le destinataire envoie au serveur (6) le document à signer et le numéro de téléphone du signataire, the recipient sends the server (6) the document to be signed and the telephone number of the signatory,
- le signataire se connecte à l'application (7', 7"),  the signatory connects to the application (7 ', 7 "),
- il fait apparaître sur le terminal (1 ) le document à signer,  - it shows on the terminal (1) the document to sign,
- le serveur (6) crée le HASH du document à signer et l'envoie au terminal (1 ), - le terminal (1 ), en gu ise de signature, encrypte le HASH à l'aide de la clé privée et du code PIN préalablement choisi par le signataire etthe server (6) creates the HASH of the document to be signed and sends it to the terminal (1), the terminal (1), by way of signature, encrypts the HASH using the private key and the PIN code previously chosen by the signatory and
- le terminal (1 ) envoie le HASH crypté et le certificat au serveur (6) qui recompose le document signé ainsi disponible pour le destinataire du document. the terminal (1) sends the encrypted HASH and the certificate to the server (6) which recomposes the signed document thus available for the recipient of the document.
L'application de signature a été téléchargée dans le terminal, le serveu r a déjà la photo de la pièce d'identité du signataire, les clés privée et publique ont déjà été créées et envoyées au serveur et le certificat de signature a aussi déjà été créé. The signature application has been downloaded to the terminal, the server already has the photo of the signer's ID, the private and public keys have already been created and sent to the server and the signature certificate has already been created. .

Claims

REVENDICATIONS
Procédé de signature électronique d'un document d'un destinataire, par un signataire possédant un terminal mobile téléphonique (1 ) à puce et à appareil photographique, par l'intermédiaire du réseau Internet (5) et à l'aide d'un serveur de signature (6) et d'un magasin d'applications (9), reliés au réseau Internet et possédant u ne application de signature (7), avec une librairie sécurisée de cryptographie (8), procédé dans lequel Method of electronically signing a document of a recipient, by a signer having a smart phone and mobile telephone terminal (1) and a camera, via the Internet (5) and using a server of signature (6) and an application store (9), connected to the Internet and having a signature application (7), with a secure cryptography library (8), in which method
-le destinataire envoie au serveur (6) le document à signer et le numéro de téléphone du signataire, the recipient sends the server (6) the document to be signed and the telephone number of the signatory,
-le signataire télécharge l'application (7', 7") sur son terminal (1 ) et s'y connecte, the signer downloads the application (7 ', 7 ") to his terminal (1) and connects to it,
-il fait apparaître sur le terminal (1 ) le document à signer accompagné du numéro de téléphone, it shows on the terminal (1) the document to be signed accompanied by the telephone number,
-le signataire confirme son numéro de téléphone, -the signatory confirms his phone number,
-le serveur (6) envoie un message de service (MS) au terminal (1 ) avec un code à usage u nique pour la poursuite de l'application, code que le terminal (1 ) lui renvoie par sécurité, the server (6) sends a service message (MS) to the terminal (1) with a user code for the continuation of the application, code that the terminal (1) returns to it for security,
-le signataire, à l'aide de son terminal (1 ), prend au moins une photo de sa pièce d'identité qu i est envoyée au serveur (6) par le réseau Internet (5), the signatory, using his terminal (1), takes at least one picture of his identity document which is sent to the server (6) over the Internet (5),
-le terminal (1 ) crée, à partir de la librairie sécurisée (8), une clé privée et une clé publique qui est envoyée au serveur (6), the terminal (1) creates, from the secure library (8), a private key and a public key that is sent to the server (6),
-le serveur (6) crée le HASH du document à signer et un certificat de signatu re et les envoie au terminal (1 ), -le terminal (1 ), en guise de signature, encrypte le HASH à l'aide de la clé privée et d'un code PIN et the server (6) creates the HASH of the document to be signed and a certificate of signature and sends them to the terminal (1), the terminal (1), as a signature, encrypts the HASH using the private key and a PIN code and
-le terminal (1 ) envoie le HASH crypté et le certificat au serveur (6) qui recompose le document signé ainsi disponible pour le destinataire du document. the terminal (1) sends the encrypted HASH and the certificate to the server (6) which recomposes the signed document thus available for the recipient of the document.
Procédé selon la revendication 1 , selon lequel, après réception par le serveur (6) de la photo de la pièce d'identité du signataire, le serveur (6) contrôle l'authenticité de la pièce d'identité du signataire. Method according to claim 1, wherein after the server (6) receives the photo of the signer's identity document, the server (6) checks the authenticity of the signatory's identity document.
Procédé de signature électronique, d'un document d'un destinataire, par un signataire possédant un terminal mobile téléphonique (1 ) à puce et à appareil photographique, par l'intermédiaire du réseau Internet (5) et à l'aide d'un serveur de signature et d'un magasin d'applications (9), reliés au réseau Internet et possédant une application de signature (7',7"), avec une librairie sécurisée de cryptographie (8), procédé dans lequel Method of electronic signature, of a document of a recipient, by a signatory having a mobile telephone terminal (1) chip and camera, via the Internet network (5) and using a signature server and an application store (9), connected to the Internet and having a signature application (7 ', 7 "), with a secure cryptography library (8), in which method
- le destinataire envoie au serveur (6) le document à signer et le numéro de téléphone du signataire,  the recipient sends the server (6) the document to be signed and the telephone number of the signatory,
- le signataire télécharge l'application (7', 7") sur son terminal (1 ) et s'y connecte,  the signer downloads the application (7 ', 7 ") on his terminal (1) and connects to it,
- il fait apparaître sur le terminal (1 ) le document à signer accompagné du numéro de téléphone,  - it shows on the terminal (1) the document to be signed accompanied by the telephone number,
- il est procédé à l'authentification du signataire, puis  - the signatory is authenticated, then
- il est procédé à la création d'un certificat de signature et à la transformation électronique du document à signer,  - the creation of a signature certificate and the electronic transformation of the document to be signed,
-le signataire procède à la signature du document électronique, avant de l'envoyer au serveur (6) où il est disponible pour le destinataire du document. the signatory proceeds to the signature of the electronic document, before sending it to the server (6) where it is available to the recipient of the document.
4. Procédé selon la revendication 3, selon lequel l'authentification du signataire comporte les étapes selon lesquelles 4. The method of claim 3, wherein the authentication of the signer comprises the steps according to which
- le signataire confirme son numéro de téléphone,  - the signatory confirms his telephone number,
-le serveur (6) envoie un message de service (MS) au terminal (1 ) avec un code à usage unique pour la poursuite de l'application, code que le terminal (1 ) lui renvoie par sécurité,  the server (6) sends a service message (MS) to the terminal (1) with a single-use code for the continuation of the application, code that the terminal (1) returns to it for security,
-le signataire, à l'aide de son terminal (1 ), prend au moins u ne photo de sa pièce d'identité qui est envoyée au serveur (6) par le réseau Internet (5),  the signatory, using his terminal (1), takes at least one photo of his identity document which is sent to the server (6) via the Internet network (5),
-après réception par le serveur (6) de la photo de la pièce d'identité du signataire, le serveur (6) contrôle l'authenticité de la pièce d'identité du signataire.  after the server (6) receives the photo of the signatory's identity document, the server (6) checks the authenticity of the signatory's identity document.
5. Procédé selon l'une des revendications 3 et 4, selon lequel la signature du document comporte les étapes selon lesquelles 5. Method according to one of claims 3 and 4, wherein the signature of the document comprises the steps according to which
- le terminal (1 ) crée, à partir de la librairie sécurisée (8), une clé privée et une clé publique qui est envoyée au serveur (6), the terminal (1) creates, from the secure library (8), a private key and a public key that is sent to the server (6),
- le serveur (6) crée le HASH du document à signer et le certificat de signature et les envoie au terminal (1 ), the server (6) creates the HASH of the document to be signed and the signature certificate and sends them to the terminal (1),
- le terminal (1 ), en guise de signature, encrypte le HASH à l'aide de la clé privée et d'un code PIN et  the terminal (1), as a signature, encrypts the HASH using the private key and a PIN code and
-le terminal (1 ) envoie le HASH crypté et le certificat au serveur (6) qui recompose le document signé ainsi disponible pour le destinataire du docu ment.  the terminal (1) sends the encrypted HASH and the certificate to the server (6) which recomposes the signed document thus available for the recipient of the document.
EP17735171.5A 2016-08-02 2017-07-07 Method for electronically signing a document by means of a smartphone Withdrawn EP3300545A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BE2016/5625A BE1023971B1 (en) 2016-08-02 2016-08-02 METHOD FOR ELECTRONIC SIGNATURE OF A DOCUMENT
PCT/EP2017/067134 WO2018024445A1 (en) 2016-08-02 2017-07-07 Method for electronically signing a document by means of a smartphone

Publications (1)

Publication Number Publication Date
EP3300545A1 true EP3300545A1 (en) 2018-04-04

Family

ID=56737841

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17735171.5A Withdrawn EP3300545A1 (en) 2016-08-02 2017-07-07 Method for electronically signing a document by means of a smartphone

Country Status (6)

Country Link
EP (1) EP3300545A1 (en)
BE (1) BE1023971B1 (en)
FR (1) FR3054906B1 (en)
GB (1) GB2555167A (en)
NL (1) NL2019358B1 (en)
WO (1) WO2018024445A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3092419B1 (en) * 2019-02-05 2021-05-21 In Idt Method and System for authenticating a handwritten signature.
CN114338035A (en) * 2021-12-15 2022-04-12 南京壹证通信息科技有限公司 Mobile terminal PDF electronic signature method and system based on key collaborative signature

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102013100635A1 (en) * 2013-01-22 2014-07-24 IDnow GmbH User identification
US20160360403A1 (en) * 2015-01-05 2016-12-08 Ebid,Products & Solutions, S.L. Procedure for generating a digital identity of a user of a mobile device, digital identity of the user, and authentication procedure using said digital identity of the user
DE102015206623A1 (en) * 2015-04-14 2016-10-20 IDnow GmbH DIGITAL SIGNATURE WITH REMOTE IDENTIFICATION

Also Published As

Publication number Publication date
FR3054906B1 (en) 2019-06-07
BE1023971B1 (en) 2017-09-26
NL2019358B1 (en) 2018-02-09
FR3054906A1 (en) 2018-02-09
GB2555167A (en) 2018-04-25
GB201711702D0 (en) 2017-09-06
WO2018024445A1 (en) 2018-02-08

Similar Documents

Publication Publication Date Title
EP2619941B1 (en) Method, server and system for authentication of a person
US20180026790A1 (en) Evidence system and method to determine whether digital file is forged or falsified by using smart phone and smart phone having certification function of smart phone screen capture image and method thereof
EP3690686B1 (en) Authentication procedure, server and electronic identity device
EP3665600B1 (en) Method for electronic signing of a document by a plurality of signatories
EP2591463B1 (en) Secure system and method for the identification and recording of an identity
EP3803670A1 (en) A software application and a computer server for authenticating the identity of a digital content creator and the integrity of the creator's published content
FR3061792A1 (en) METHOD AND DEVICE FOR HORODATING DIGITAL IMAGES
FR3054906B1 (en) METHOD FOR ELECTRONIC SIGNATURE OF A DOCUMENT
FR3073643A1 (en) METHOD FOR OBTAINING A DIGITAL IDENTITY OF HIGH LEVEL OF SECURITY
EP2954449B1 (en) Digitised handwritten signature authentication
EP3594880A1 (en) Method for secured cryptographic data transmission
AU2016261026B2 (en) Method for checking an identity of a person
EP2005379B1 (en) System for securing electronic transactions over an open network
KR101765328B1 (en) mobile system for acquiring information of identification for electric contract
FR3095874A1 (en) PROCESS FOR GENERATING AN ARCHIVING CODE TO CREATE A FOOTPRINT OF MULTIMEDIA CONTENT
AU2018455995A1 (en) Universal certified and qualified contracting method
KR20150069249A (en) Method for Instant Gathering of Evidence
FR3115126A3 (en) METHOD AND DEVICE FOR REMOTE SIGNATURE AND CERTIFICATION OF IDENTIFICATION DATA OF A PERSON
KR100713695B1 (en) Civil Application Service Proffer Method Using Pixel Encryption and Decryption Method
FR3093836A1 (en) Numeric identity
WO2023170186A1 (en) Portable, self-contained device for securing data transfer and corresponding method
KR20160124053A (en) Smart phone having certificationdd funstion of smart phone screen capture image and method thereof
KR20230082150A (en) An electric contract system and a contract document sending and receiving algorithm
WO2022028788A1 (en) Method for generating a secure digital document stored on a mobile terminal and associated with a digital identity
FR3089080A1 (en) Securing data display with augmented reality

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20171117

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20190115

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20190528