GB2555167A - Method for the electronic signature of a document - Google Patents

Method for the electronic signature of a document Download PDF

Info

Publication number
GB2555167A
GB2555167A GB1711702.9A GB201711702A GB2555167A GB 2555167 A GB2555167 A GB 2555167A GB 201711702 A GB201711702 A GB 201711702A GB 2555167 A GB2555167 A GB 2555167A
Authority
GB
United Kingdom
Prior art keywords
terminal
server
document
signatory
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1711702.9A
Other versions
GB201711702D0 (en
Inventor
Rapoport Claude
Cloesen Christophe
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Portima Scrl
Original Assignee
Portima Scrl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Portima Scrl filed Critical Portima Scrl
Publication of GB201711702D0 publication Critical patent/GB201711702D0/en
Publication of GB2555167A publication Critical patent/GB2555167A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/313User authentication using a call-back technique via a telephone network

Abstract

Electronically signing a document by a signatory having a mobile telephone terminal (1) with a chip and a camera comprises using a signature server and an application store (9), connected to the Internet and having a signature application (7), with a secure cryptographic library. The recipient sends to the server (6) the document to be signed and the signatorys telephone number. The signatory downloads the application on their terminal (1) and the document to be signed, accompanied by the telephone number, appears on the terminal. The signatory is authenticated, a signature certificate is created and the document to be signed undergoes transformation, the signatory signs the electronic document, before sending it to the server for the recipient. The server may send an SMS with a single use code to the terminal. The signatory may also take a photo of an identification card, and send it to the server. The terminal may create private and public keys from the secure library, sending the public key to the server; and the server may create a hash for the document to be signed and a signature certificate for sending to the terminal for signing by use of the private key and a PIN.

Description

(54) Title of the Invention: Method for the electronic signature of a document
Abstract Title: Electronic signature of a document using signature application (57) Electronically signing a document by a signatory having a mobile telephone terminal (1) with a chip and a camera comprises using a signature server and an application store (9), connected to the Internet and having a signature application (7), with a secure cryptographic library. The recipient sends to the server (6) the document to be signed and the signatory’s telephone number. The signatory downloads the application on their terminal (1) and the document to be signed, accompanied by the telephone number, appears on the terminal. The signatory is authenticated, a signature certificate is created and the document to be signed undergoes transformation, the signatory signs the electronic document, before sending it to the server for the recipient. The server may send an SMS with a single use code to the terminal. The signatory may also take a photo of an identification card, and send it to the server. The terminal may create private and public keys from the secure library, sending the public key to the server; and the server may create a hash for the document to be signed and a signature certificate for sending to the terminal for signing by use of the private key and a PIN.
Figure GB2555167A_D0001
Fig. 1
At least one drawing originally filed was informal and the print reproduced here is taken from a later filed formal copy.
1/5
Figure GB2555167A_D0002
Fig. 1
Figure GB2555167A_D0003
Fig. 2
2/5
Figure GB2555167A_D0004
Figure GB2555167A_D0005
Fig, 4
3/5
Figure GB2555167A_D0006
Fig. 5
Certificate
Figure GB2555167A_D0007
4/5 ® Document_Baxium_Signed.pdf - Adobe Reader
File Edit View Window Help .H’
120%
LBJ
Signed and ailsignatures are valid.
ID
Signatures i»ii
0
Validate All I
□ Rev. 1: Signed by Christophe Jacques N Cloesen -10/09/1971 (Signature) <chri5tophe.doesen@gmail.com> B
7 Signature is valid: Document has not been modified since this signature vns ap Signer's identity is valid •The signature includes an embedded timestamp. □lied
Signature is LTV enabled E3 Signature Details Reason: Signature electronique par Cloesen Christophe le 19/' Location: Watermael-Soitsfort )4/2016 a Watermael- Be litsfort
Certificate Details... ·., Last Checked: 2016.07.2710:47:30+02Ό0' Field: multiSignOwnerSignatureonpage3 i Click to view th is version
,. .., .,/77,:.- ...... 7777 .-,. : 7-:77..... ., . s....... , , ,. . .. . . ...........
Signature Validation Status I '· : Ή
BEL Signature is VALID, signed byChristophe Jacques N Cloesen ,10/09/1971 (Signature) < christophe.cloesen@gmail.com>. , The Document has not been modified sincethis signature was applied: - The signer's identity is valid. 4; , , ; 1
s i 1' _ i . — H :
' j Signature Properties... Close ·
1
; '7 ' /7 7 · ' '7.......-o ; ' 7 7 : - 7' , 77 μ
Figure GB2555167A_D0008
signed document Fig. 6
Figure GB2555167A_D0009
Figure GB2555167A_D0010
Method for the electronic signature of a document
The present application relates to the electronic signature of documents, for example insurance contracts, but more generally, all documents from a service provider or product supplier.
It may also involve an authentication document to be able to access one's bank account.
It is already known to sign documents electronically with a chip card, an appropriate reader for receiving the chip card and a personal computer on which signature software is installed.
To that end, the method briefly described below is adopted.
A certificate of characterization of the signatory and the latter's signature are attached to the document to be signed. The certificate includes the last name, first name and date of birth of the signatory and an identification number. The signed document contains a QR (Quick Reference) code that represents an Internet link to the signed document.
Signature software irreversibly converts the PDF document to be signed into a string of characters (HASH) that the signatory must sign.
The signature is done using a PKI (Public Key Infrastructure).
The chip identification card contains this public key and a private key. The public key is associated with a PKI certificate, issued by the PKI server, which is an electronic file that defines the owner of the public key.
The identification card of the signatory having been inserted into its reader, and the document to be signed being converted into HASH, the signature of the HASH is then done. Using the signature software, the personal identification number (PIN code) is requested from the signatory in order to access the private key stored and recorded in the chip. Next, the HASH is encrypted using the private key and the resulting signed HASH, as well as the certificate, are sent to the signature server, which attaches them to the PDF document, together with the exact date and time. Owing to the signature of the HASH, the recipient can, using the public key of the PKI certificate, verify the integrity of the document and the authenticity of the signatory. It will be noted that it is impossible to match the two public and private keys, at least without having exorbitant resources.
The electronic signature method of the prior art, as described above, is extremely safe. However, it has drawbacks.
It requires a compatible identification card reader, a computer, the installation of signature software on the computer, the storage of the PIN code of the chip of its identification card, also including identification number.
That is why the applicant has endeavored to propose an electronic signature method using only a mobile telephone terminal with a chip and a camera,
i.e., a smartphone or tablet, and of course a signature server and the
Internet.
The invention thus relates to a method for the electronic signature of a document of a recipient, by a signatory having a mobile telephone terminal with a chip and a camera, via the Internet network and using a signature server and an application store, connected to the Internet network and having a signature application, with a secure cryptographic library, in which method:
- the recipient sends the server the document to be signed and the telephone number of the signatory,
- the signatory downloads the application on his terminal and connects thereto,
- he proceeds in order that the document to be signed, accompanied by the telephone number, appears on the terminal,
- the signatory confirms his telephone number,
- the server sends a service message (MS) to the terminal with a singleuse code to continue the application, the terminal resending it this code for security reasons,
- the signatory, using his terminal, takes at least one photograph of his identification card, which is sent to the server by the Internet,
- the terminal creates, from the secure library, a private key and a public key that is sent to the server,
- the server creates the HASH for the document to be signed and a signature certificate, and sends them to the terminal,
- the terminal, by way of signature, encrypts the HASH using the private key and a PIN code, and
- the terminal sends the encrypted HASH and the certificate to the server, which recomposes the signed document thus available for the recipient of the document.
Advantageously, after the server has received the photograph of the signatory's identification card, the server verifies the authenticity of the signatory's identification card, preferably by character recognition and image processing.
The steps of sending a service message (MS) and returning the code, taking the photograph of the identification card and authenticating the signatory's identification card constitute a step for global authentication of the signatory.
The previous steps and those which begin with the creation of private and public keys constitute a global step for creation of the signature certificate, before the global signature step.
The inventive method can therefore be extended to a method for the electronic signature, of a document of a recipient, by a signatory having a mobile telephone terminal with a chip and camera, via the Internet network and using a signature server and an application store, connected to the
Internet network and having a signature application, with a secure cryptographic library, in which method:
- the recipient sends to the server the document to be signed and the telephone number of the signatory,
- the signatory downloads the application on his terminal and connects thereto,
- he proceeds in order that the document to be signed, accompanied by the telephone number, appears on the terminal,
- the signatory is authenticated, then
- a signature certificate is created and the document to be signed undergoes electronic transformation,
- the signatory signs the electronic document, before sending it to the server where it is available for the recipient of the document.
As before, advantageously, the authentication of the signatory comprises the 15 following steps:
- the signatory confirms his telephone number,
- the server sends a service message (MS) to the terminal with a singleuse code to continue the application, the terminal resending him this code for security reasons,
- the signatory, using his terminal, takes at least one photograph of his identification card, which is sent to the server by the Internet,
- after the server has received the photograph of the signatory's identification card, the server verifies the authenticity of the signatory's identification card.
Likewise, and preferably, the signature of the document includes the following steps:
- the terminal creates, from the secure library, a private key and a public key that is sent to the server,
- the server creates the HASH for the document to be signed and the signature certificate, and sends them to the terminal,
- the terminal, by way of signature, encrypts the HASH using the private key and a PIN code, and
- the terminal sends the encrypted HASH and the certificate to the server, which recomposes the signed document thus available for the recipient ofthe document.
The invention will be better understood using the following description, in reference to the appended drawing, in which:
- figure 1 is an overview diagram of the system according to which the inventive method is implemented;
- figure 2 is a block diagram ofthe inventive method;
- figure 3 is a block diagram of the step for authenticating the signatory:
- figure 4 is a block diagram of the step for creating the certificate;
- figure 5 is a copy of a signature certificate; and
- figure 6 is a copy of the electronically signed document.
The method that will now be described seeks to have a signatory equipped 20 with a mobile telephone terminal 1, here of the smartphone type, and which has a camera 2 and a chip 3, sign a document proposed by a recipient, hear an insurance broker, intended to receive the signed document and who has a terminal 4, both terminals 1 and 4 being able to be connected to the Internet and to a signature server 6 and an application store 9, therefore also able 25 to be connected to the Internet 5.
A signature application is installed in a first part 7' in the server 6 and in a second part 7 in the application store 9. The part 7' is the server application, and the part 7 is the mobile application. A secure cryptographic library 8 is installed in the store 9, preferably, like here, in the mobile application 7.
The recipient begins, via his terminal 4, to use the Internet 5 to send the server 6 a document intended to be signed by the owner of the terminal 1,
i.e., the signatory. The telephone number of the signatory, which is known by the recipient, is also sent with the document to be signed. The signatory downloads the signature application 7' onto his terminal 1 from the server 6 and the signature application 7 from the store 9 and connects to this application, here using a user code and password.
io Here, insurance data and a request to sign the document then appear on the screen of the signatory's terminal 1. By clicking, the signatory displays the document to be signed and the telephone number communicated by the recipient, which he can therefore view.
The signatory then clicks on the to be signed icon, then, by another click, must accept the general terms of use of the signature application.
Then, by clicking again on the start icon, the steps resulting in the signature will take place (figure 2).
Four general major steps follow one another, namely a step 10 for authentication of the signature, a step 11 for creation of the signature certificate, a step 12 for the electronic conversion of the document to be signed, and the signature step strictly speaking 1 3.
Step for authentication of the signatory (figure 3)
After viewing his telephone number as noted by the recipient on the screen of his terminal 1, the signatory confirms 101 this number.
The recipient then sends him (102), directly by the Internet 5, a service message (MS), here a SMS, with a single-use code to continue the application, code which the terminal 1 again sends the recipient for security reasons so as once again to confirm that his telephone number is correct.
After this, the recipient takes shots 1 03 and acquires photos of the front and back of his identification card, if it involves this identification card. It will be noted that other forms of identification may be considered, for example a passport.
The conditions for taking shots are necessarily random, regarding the orientation of the card, the ambient brightness and any disruptive reflections. For the subsequent verification, this must be taken into io consideration.
It will also be noted that to avoid counterfeits, the forms of identification include many visual elements that create noise that disrupts the recognition of their data. Furthermore, several types of identification documents may exist, in each country, with different zone compositions from one another, which must also be taken into consideration in their recognition.
The terminal 1 sends the photos to the server 6.
The verification 104 of the authenticity of the signatory's identification document is done as follows, through character recognition and image processing. The data zones are recognized with precision, through a pre20 division that remains difficult in light of the freedom afforded to signatory when taking the shot, with a background, orientation and lighting that may leave much to be desired. In any case, arbitration and corrections are necessary.
More specifically, the following steps are carried out:
- decomposition of the image,
- detection of the orientation,
- detection of the elements, and
- determination of the zones.
Decomposition of the image
This is done by decomposition into three channels: “Hue, “Saturation and Value (HSV). The saturation channel makes it possible to detect the chip of the identification card. The value channel makes it possible to detect the orientation, the face, the machine-readable zone (MRZ) and, if applicable, the barcode.
Detection of the orientation
Points that may be on a contour of an object in the image are detected. These points are connected to form candidate lines representing the actual edges of all of the photographed objects of the image. To correct the image, a set of orientation angles E is extracted from the set D of candidate lines d,
E ={tan-1(mdi), tan-Tmdij+nldieD} where mdi is the calculated orientation of the line d, relative to the horizontal.
All of the orientations are sorted based on the number of occurrences. The 15 most present orientation E, is selected, and all orientations for which the difference with respect to E, is, in the embodiment carried out here, less than degrees are rejected. If an element of the orientation line E, cannot be detected, it is deduced from this that the orientation is incorrect, and one starts over by rejecting the orientation E, and selecting the next one.
Detection of the elements
With a determined orientation, based on the element to be detected, the image may undergo an advanced morphological transformation that emphasizes the element. An iterative loop on one of the threshold parameters makes it possible to cover certain photographs with more extreme contrasts. Once the element is detected, one leaves the iteration.
Determination of the zones
For an identification card from Belgium, the content table is as follows:
Zones Front Back
card Contours of the card
TI Name of the country (Belgium), type of card Machine Readable Zone (MRZ)
T2 Last name, First names, Place of birth, Salutation Barcode
T3 Expiration date Place of birth
FI Hologram National Number
F2 National Number in the MRZ
F3 Barcode
SI Extended face
T indicates text zones, F indicating zones to be blurred. One may wish to carry out an adjustment step by comparing names determined by character recognition on the front and back faces, which are found in two different formats. It will be noted that the applicant, for these verification steps, used the Open Computer Vision library via Emgu Computer Vision.
This verification seeks to ensure, with a sufficient degree of certainty, that the person using the signature application is indeed who he claims to be. It is ensured that the photographed document is in all likelihood a real identification document, that the front face of the document indeed corresponds to its rear face, that the document is not expired and that the holder is a legal adult.
After the authentication step 10, a cleaning step 14 is carried out here that seeks to redact data to protect the signatory's privacy, for example the national identification number, from the certificate that will be created.
Step for creating the certificate (figure 4)
Based on the data captured to identify the signatory, the assembly consisting of the signatory's terminal 1 and the server 6 will create data allowing the certification of the signature.
Among these data, the last name, first name and date of birth of the signatory are considered, as well as his e-mail address, the reduced telephone number, and the unique serial number of the certificate.
From the secure library 8 of the application (7”), the terminal 1 creates (111) a private cryptographic key and a public cryptographic key stored in the io mobile application 7. This library can be provided by the entity
Whitecryption-approbation NIST FIPS 140-2Level 1 (http://csrc.nist.qov./qroups/STM/cmvp/documents/l 40-1 /1 4Qsp/14Qsp
2284.pdf). The terminal 1 sends (112) the public key to the server 6 to link the signatory's data to the public key, sealed by the signature of a certifying authority. The server then creates (113) the certificate (5), which it sends (11 4) to the terminal 1.
In parallel with the creation of the certificate, the server 6, in which the document to be signed has been entered in PDF format, electronically converts (12) this document into a string of characters (HASH), and this is what the signatory must sign. The server 6 sends it to the terminal 1.
Signature step (figure 2)
The terminal encrypts the HASH using the private key and a PIN code that participates at this stage of the method. This PIN code has been chosen by the signatory (numerical or alphanumeric) for the purposes of the signature and to allow access to the private key.
The terminal then sends the HASH and the certificate to the server, which recomposes the signed document (figure 6) before providing it to the signatory. It could also send it to the recipient.
It will be understood that this electronic signature method described above is to be implemented by a signatory of a document from a recipient when this signatory wishes to perform this signature for the first time with a terminal with which he has never before performed such an electronic signature. In other words, it involves a first signature with a new terminal not bearing the signature application.
io To later perform a new electronic signature with the same terminal, which therefore has thus been initialized, it suffices to carry out only part of the steps:
- the recipient sends the server (6) the document to be signed and the telephone number of the signatory,
- the signatory connects to the application (7', 7),
- the document to be signed appears on the terminal (1),
- the server (6) creates the HASH for the document to be signed and sends it to the terminal (1),
- the terminal (1), by way of signature, encrypts the HASH using the private key and the PIN code previously chosen by the signatory, and
- the terminal (1) sends the encrypted HASH and the certificate to the server (6), which recomposes the signed document thus available for the recipient of the document.
The signature application has been downloaded on the terminal, the server already has the photograph of the signatory's identification document, the private and public keys have already been created and sent to the server, and the signature certificate has also already been created.

Claims (5)

1. A method for the electronic signature of a document of a recipient, by a signatory having a mobile telephone terminal (1) with a chip and a
5 camera, via the Internet network (5) and using a signature server (6) and an application store (9), connected to the Internet network and having a signature application (7), with a secure cryptographic library (8), in which method:
- the recipient sends to the server (6) the document to be signed and io the telephone number of the signatory,
- the signatory downloads the application (7’, 7”) on his terminal (1) and connects thereto,
- he proceeds in order that the document to be signed, accompanied by the telephone number, appears on the terminal (1),
15 - the signatory confirms his telephone number,
- the server (6) sends a service message (MS) to the terminal (1) with a single-use code to continue the application, the terminal (1) resending it this code for security reasons,
- the signatory, using his terminal (1), takes at least one photograph of
20 his identification card, which is sent to the server (6) by the Internet network (5),
- the terminal (1) creates, from the secure library (8), a private key and a public key that is sent to the server (6),
- the server (6) creates the HASH for the document to be signed and a
25 signature certificate, and sends them to the terminal (1),
- the terminal (1), by way of signature, encrypts the HASH using the private key and a PIN code, and
- the terminal (1) sends the encrypted HASH and the certificate to the server (6), which recomposes the signed document thus available for the recipient of the document.
2. The method according to claim 1, wherein, after the server (6) has received the photograph of the signatory's identification card, the server (6) verifies the authenticity of the signatory's identification card.
3. A method for the electronic signature, of a document of a recipient, by a signatory having a mobile telephone terminal (1) with a chip and a camera, via the Internet network (5) and using a signature server and an application store (9), connected to the Internet network and having a signature application (7’, 7”), with a secure cryptographic library (8), in which method:
- the recipient sends to the server (6) the document to be signed and the telephone number of the signatory,
- the signatory downloads the application (7’, 7”) on his terminal (1) and connects thereto,
- he proceeds in order that the document to be signed, accompanied by the telephone number, appears on the terminal (1),
- the signatory is authenticated, then
- a signature certificate is created and the document to be signed undergoes electronic transformation,
- the signatory signs the electronic document, before sending it to the server (6) where it is available for the recipient of the document.
4. The method according to claim 3, wherein the authentication of the signatory comprises the following steps:
- the signatory confirms his telephone number,
- the server (6) sends a service message (MS) to the terminal (1) with a single-use code to continue the application, the terminal (1) resending it this code for security reasons,
- the signatory, using his terminal (1), takes at least one
5. The method according to one of claims 3 and 4, wherein the signature of the document includes the following steps:
- the terminal (1) creates, from the secure library (8), a private key and a public key that is sent to the server (6),
15 - the server (6) creates the HASH for the document to be signed and the signature certificate and sends them to the terminal (1),
- the terminal (1), by way of signature, encrypts the HASH using the private key and a PIN code and
- the terminal (1) sends the encrypted HASH and the certificate
20 to the server (6) which recomposes the signed document thus available for the recipient of the document.
Intellectual
Property
Office
Application No: GB 1711702.9 Examiner: Mr Andrew Stephens
5 photograph of his identification card which is sent to the server (6) by the Internet network (5),
- after the server (6) has received the photograph of the signatory's identification card, the server (6) verifies the authenticity of the signatory's identification card.
io
GB1711702.9A 2016-08-02 2017-07-20 Method for the electronic signature of a document Withdrawn GB2555167A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
BE2016/5625A BE1023971B1 (en) 2016-08-02 2016-08-02 METHOD FOR ELECTRONIC SIGNATURE OF A DOCUMENT

Publications (2)

Publication Number Publication Date
GB201711702D0 GB201711702D0 (en) 2017-09-06
GB2555167A true GB2555167A (en) 2018-04-25

Family

ID=56737841

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1711702.9A Withdrawn GB2555167A (en) 2016-08-02 2017-07-20 Method for the electronic signature of a document

Country Status (6)

Country Link
EP (1) EP3300545A1 (en)
BE (1) BE1023971B1 (en)
FR (1) FR3054906B1 (en)
GB (1) GB2555167A (en)
NL (1) NL2019358B1 (en)
WO (1) WO2018024445A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3092419B1 (en) * 2019-02-05 2021-05-21 In Idt Method and System for authenticating a handwritten signature.
CN114338035A (en) * 2021-12-15 2022-04-12 南京壹证通信息科技有限公司 Mobile terminal PDF electronic signature method and system based on key collaborative signature

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014114513A1 (en) * 2013-01-22 2014-07-31 IDnow GmbH User identification
WO2016110601A1 (en) * 2015-01-05 2016-07-14 Ebiid,Products & Solutions, S.L. Method for generating a digital identity for a user of a mobile device, digital user identity, and authentication method using said digital user identity

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102015206623A1 (en) * 2015-04-14 2016-10-20 IDnow GmbH DIGITAL SIGNATURE WITH REMOTE IDENTIFICATION

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014114513A1 (en) * 2013-01-22 2014-07-31 IDnow GmbH User identification
WO2016110601A1 (en) * 2015-01-05 2016-07-14 Ebiid,Products & Solutions, S.L. Method for generating a digital identity for a user of a mobile device, digital user identity, and authentication method using said digital user identity

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
(IDNOW); "IDnow eSign B2B EN" *

Also Published As

Publication number Publication date
NL2019358B1 (en) 2018-02-09
EP3300545A1 (en) 2018-04-04
GB201711702D0 (en) 2017-09-06
FR3054906A1 (en) 2018-02-09
BE1023971B1 (en) 2017-09-26
WO2018024445A1 (en) 2018-02-08
FR3054906B1 (en) 2019-06-07

Similar Documents

Publication Publication Date Title
US10652018B2 (en) Methods and apparatus for providing attestation of information using a centralized or distributed ledger
US10210343B2 (en) Systems and methods for sharing verified identity documents
US10122535B2 (en) Electronic document notarization
US11470074B2 (en) Systems and methods for electronically sharing private documents using pointers
JP2019511758A (en) System and method for authenticity verification of document information
US20180026790A1 (en) Evidence system and method to determine whether digital file is forged or falsified by using smart phone and smart phone having certification function of smart phone screen capture image and method thereof
US20180365447A1 (en) System and Method for Signing and Authentication of Documents
CN109118377B (en) Processing method and system for claim settlement event based on block chain and electronic equipment
GB2555167A (en) Method for the electronic signature of a document
US20210344504A1 (en) Universal certified and qualified contracting method
TWI595380B (en) Device for generating or verifying authenticate electronic document with electronic and paper certification and method thereof
EP3998742A1 (en) System for generating a digital handwritten signature using a mobile device
JP2017175377A (en) Time stamp storage server, portable terminal, electronic data storage server, time stamp storage program, portable terminal program, and electronic data storage program
KR20160124053A (en) Smart phone having certificationdd funstion of smart phone screen capture image and method thereof
KR20150067558A (en) System for registrating one or more certification photos

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)