RU2527731C2 - Method of creating electronic document - Google Patents

Abstract

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to legally valid electronic document management. In the method, a certification centre places, in the body of an electronic document, an additional authentic label on the security level of accessing a personal key of a person registered at the certification centre. The centre verifies the electronic signature of the sent document with a signed hash and creates a security level label containing a label number, a document hash, a current time stamp, information on security parameters of the personal key, then signs the label with a key of the certification centre and returns the signed label. Signature verification can be performed based on biometric authentication of the person that has signed the document, and the security level label of the personal key further includes information on the time and parameters of biometric authentication, which ensures more accurate determination of the time of possible compromise of the personal key.

EFFECT: high reliability of electronic documents.

3 cl

Description

The invention relates to techniques for conducting legally significant electronic document management and can be used in electronic transactions, in electronic commerce, with remote mutual authentication of citizens in an open information environment, for example, on the Internet.

There is a known method of generating an electronic document [1], according to which the author of an electronic document creates a key pair for himself (public key and private key), then the author registers his public key in the certification center and receives a certificate of his public key. The author keeps his private key secret and uses when generating an electronic digital signature for electronic documents (text files, image files, sound files).

The main disadvantage of the method [1] is that the owner of the private key has to keep it secret and provide its protection against compromise. The average owner of a private key cannot find additional financial means for organizing reliable protection of a private key holder: paying for security services, purchasing a certified safe, installing a security system for the perimeter of the key storage location. In this regard, the threat of compromising the private key and its getting to the attacker is obvious. If a fact of compromise is discovered, the owner of the private key notifies the certification center of the compromise, which prematurely terminates the corresponding public key certificate. From the moment of cancellation of the public key certificate, all electronic documents signed on a personal key later are considered invalid. However, uncertainty arises in establishing authorship of signatures on documents that were signed shortly before the cancellation of the public key certificate. In this case, it is impossible to reliably determine who generated the signature on the electronic document: the owner of the private key or the attacker. Therefore, a third party, having received an electronic document, cannot trust the signature if it was generated a few minutes (hours) before the official cancellation of the public key certificate and its inclusion in the lists of revoked certificates.

This drawback eliminates the European standard for advanced digital signatures [2]. According to this standard, the person who signed the electronic document (hereinafter referred to as the signer), requests from the certification center a time stamp signed by the certification center, includes the label in his document and only after that signs it. To create a timestamp, the signer calculates the value of the hash function of the document (hereinafter referred to as the hash), signs it and sends it to the certification center. The certification authority verifies the hash signature using the signer’s public key certificate. In the case of a valid signature, the certification authority, using the hash and the current time value, generates a time stamp, which is signed by the certification authority's private key. As a result, the collision of determining the exact time during the formation of the electronic signature under the document is eliminated. In addition, we note that the signatory can request a time stamp from any certification authority.

Adding timestamps to an electronic document eliminates the situation where an attacker, having acquired a private key, can determine an arbitrary date and time for the creation and signing of the document. However, this method of generating an electronic document does not solve the problem of determining the time interval between the fact of a compromise of a private key and the moment of the statement by its owner about the discovery of a fact of compromise. If the attacker does not generate fraudulent electronic documents, then the owner cannot detect the fact of compromising his private key. Before the forgery attack, the attacker must request the time stamp from the certification authority on behalf of the owner. That is, according to the method [2], only part of the problem is solved: an attacker cannot set arbitrary time stamps, but he can generate false electronic documents with valid marks until the owner detects one of the false documents. The problem is that the owner can cancel his public key only from the moment of the discovery of the fact that the signature was generated on his behalf, but cannot cancel his signature on electronic documents already generated, in particular by the attacker.

The problem of protection against compromising the private key is solved by the method [3], by which the owner’s private key is accessed by presenting his secret biometric image and PIN code. By the method of [3], an attacker cannot compromise his private key, as he is not able to present his secret biometric image.

The disadvantage of the method [3] is that the third party cannot know how securely the private key of generating the electronic signature is protected from compromise. Therefore, all recipients of an electronic document are forced to relate to it with a minimum low level of trust, believing that the owner of the private key implements at least minimal measures to protect the private key.

The purpose of this invention is to increase confidence in signed electronic documents by third parties. This is achieved by including in the electronic document additional reliable information about the level of protection of the private key by its owner.

The goal according to claim 1 is achieved by the fact that the person who generated the electronic document with or without a time stamp calculates the hash of the document, the hash with its signature, sends the signed hash to the certification center in which the signer was previously registered. The certification authority verifies the authenticity of the hash signature using the signer’s public key certificate. If the signature is correct, the certification center generates a security level label containing the label number, document hash, date and time of the receipt of the hash, information about the characteristics of the personal key protector declared (selected) by the signatory during its registration. After that, the certification center signs the security level label with its digital signature and transfers it to the archive and the signatory.

As a result of performing the actions according to claim 1 of the claims, confidence in the generated electronic document is increased. A third party, having received a signed electronic document executed according to the proposed method, can evaluate the reliability of storing the private key that signed the person’s document, according to the security level label. If a third party discovers an insufficient level of protection, then it can reduce the level of trust in the content of this electronic document. If the document contains a security level label containing information about the high level of protection of the private key, the third party establishes a higher level of trust in the content of this document. The proposed method allows a third party to assess the material and organizational costs of the owner of a private key on the security of storage of his private key, thereby grading electronic documents by the degree of confidence in their contents. A third party interested in the reliability of the content of the electronic document and not wishing to bear additional risks may require increasing the level of protection of the electronic document due to the use by the signatory of additional organizational and technical measures to protect the private key and the formation of the corresponding label of the protection level.

An additional positive effect of the method according to claim 1 is the ability of a third party to apply for a copy of the security label of an electronic document to a certification center if it becomes aware of attacks carried out on a private key of a certification center or a private key of a signatory. Having received the security level label of the electronic document directly from the certificate authority's archive, the relying party can be sure that no one has made changes to it since the electronic document was registered in the archive, despite the fact that the public key certificates of the signer and the certification center in the electronic document have already been canceled .

Even in case of compromising the private keys of the certification center and the signatory, the integrity of the archive and the orderliness of the security level marks of documents certified by the certification center guarantee their authenticity. Attempts to counterfeit easily come to light, because there will be no corresponding document hashes in the archive of the certification center located inside the label of the document protection level. Also, the one whose private key (of the certification center or its user) is compromised first is reliably revealed.

In addition, it is proposed to strengthen the level of trust in an electronic document by a method performed in accordance with claim 2. In accordance with clause 2, after receiving the hash of the electronic document and checking it, but before grabbing the security level label with an electronic signature, an additional remote or local biometric authentication of the signatory is performed. After performing positive biometric authentication, confirming that the hash of the public key has indeed signed the hash of the electronic document, the certification center enters information about the time of additional biometric authentication and its parameters in the security level label of the generated document and signs it.

A positive effect of using the method according to claim 2 is that after the information on the additional biometric authentication of the signatory is placed in the security level label and certified by an electronic digital signature of the certification center, the third party can be sure that the signatory has confirmed their actions biometrically. And, even if the security level label indicates that access to the private key is protected by a regular password, the trust of third parties to sign the document will be high, as the signer, firstly, used password protection of the private key, and secondly, the certification center checked the biometrics of the signatory and thereby confirmed that it was the owner who had previously obtained access to the private key for generating the digital signature. Thus, the electronic digital signature of the signer is enhanced by its subsequent biometric authentication, and this fact is certified by the electronic signature of the certification center under the label of biometric authentication. The trust of a third party in two electronic signatures and the biometric authentication procedure performed between them is much higher than in one electronic signature of the owner of a private key, protected only by an access password stored on a digital medium.

The method implemented according to claim 2 of the proposed claims does not regulate the biometric authentication procedures used by the certification authority. It is important that the biometric authentication procedure is used and strengthens the electronic signature of the person signing the document. Any known biometric authentication procedures may be applied. For example, a procedure can be used to compare the submitted biometrics at the request of a certification center with a reference biometric template stored in a certification center. At the same time, a person who left his biometric template in the certification center deliberately takes the risk associated with the possible compromise of his biometric template by employees of the certification center.

This disadvantage is eliminated by the method proposed in paragraph 3 of the claims. In this way, during registration of the owner of the private key in the certification center, the owner creates an additional pair of the public and private keys. Further, he teaches an artificial neural network to reproduce an additional private key using examples of his secret biometric image. After training, the additional private key and all examples of the secret biometric image of the person being registered are destroyed. An additional public key is stored in the certification center without publishing it. Remote biometric authentication of the registered person who signed the electronic document from the certification center is carried out using the unpublished additional public key and the private key of the certification center. At the same time, the signatory proves its authenticity through the use of the public key of the certification center and its secret biometric image, which the previously trained neural network converts into its additional private key. Using an additional private key, the signer signs the authentication request sent by the certification authority and sends it back. The certification authority verifies the signature on the request using an additional public key and, if this signature is correct, draws a conclusion about the positive biometric-cryptographic authentication of the signatory. After additional biometric authentication of the person using an additional public key and an additional private key, the certification center adds information about the additional biometric authentication, time and its parameters to the security level label. After entering this additional data into the security level label, the certification authority signs the security level label with its electronic signature.

In case of detection of a compromise of the private key of a person registered in the certification center, the certification center shall revoke the certificate of its public key. After that, the certification center creates a new public key certificate from an additional key pair of a previously registered person, publishes this certificate and informs the registered person about the activation of its additional key pair.

A positive technical effect is that the generated electronic document is protected from distortion by two signatures and a full biometric-cryptographic authentication performed between them. If a private key for generating an electronic signature is compromised, for example, by force search, an additional private key cannot be compromised by power search, since the certification center does not publish the additional public key. The implementation of the method according to claim 3 simultaneously protects from a possible attack the selection of a person’s private key based on his public key and performs biometric authentication of the person. The method according to claim 3 implements a variant of the most reliable biometric remote authentication of the person who has just signed the electronic document and the hash from it. Even if the first private key is compromised, it will remain legitimate, since the certification center will sign hashes of genuine electronic documents only after biometric verification of the identity of the signatory. For third parties, at the moment of compromising the private key, nothing changes, since at that moment the previous public key certificate of the person registered in the certification center will continue to be valid.

Another important point in increasing confidence in the system is that an attacker who compromised a private key and generated a fake electronic document, trying to apply for an additional certifying electronic tag of the certification center, will not be able to pass additional biometric authentication using an additional public but not published key and an additional private key. The attacker does not know the additional private key and cannot find it by forceful selection. The attacker does not know the secret biometric image of the attacked person and does not have his neural network that converts the secret image into an additional private key.

As a result, the implementation of the method according to claims 1, 2, 3 of the claims gives the highest level of trust in an electronic document. The reliability of electronic documents generated by paragraphs 1, 2, 3 is significantly higher than that of existing ones, since the fact of compromising a private key is carried out by a certification center, performing biometric confirmation of compliance of the electronic signature with the hash of the document to the signer each time it is contacted with a request for generation signed security level label. Negative biometric authentication or termination of the signatory’s biometric authentication session is the reason for the temporary or complete cancellation of the corresponding certificate of the first signature verification public key. The response time of the certification authority to the threat of compromising the private key is reduced.

In the event that the compromise of a private key is discovered by its owner or certification center, the technological process of electronic document management is not interrupted. Instead of a pair of the registered person’s public key and private key, an additional key pair is entered, and simultaneously with the cancellation of the public key certificate of the first key pair, the public key certificate for the additional key pair is published.

Further, in the description of examples of implementation of the proposed method, the following abbreviations are used:

- EP - electronic signature;

- CA - certification center;

- PIN - PIN code.

As an example of the implementation of the proposed method according to claim 1, we consider a typical option for protecting access to a private key for generating an electronic digital signature by placing a container with a private key in an eToken storage medium and accessing the key by entering a password from the keyboard. Under these conditions, the hash of the generated electronic document is sent to the certification center where the person who has signed this hash is registered. The Certification Authority verifies the electronic signature under the hash of the generated electronic document against the public key of the signatory and, if the hash is correct, reads data on the level of protection of the personal key of the signatory. Next, the certification authority forms a security level label by adding the following entry to the document hash: “Access to the private key is protected by password, the container with the private key is placed in the eToken medium, the time of certification of the electronic document label by the certification center YYYY-MM-DD hh: mm: ss, the tag number of the certified document XXXXXXX in the CA archive ”. After that, the certification center signs (certifies) the security level label of the electronic document with its electronic signature, places the security level label in its archive and sends the generated security level label to the signatory.

In the case of more reliable protection of access to the private key, for example, when implementing the method according to the patent [3], the entry should be entered in the document: “The protection of the private key is carried out according to the PIN code and secret biometric image, the private key and biometric image does not leave the trusted signer wearable hardware and software computing environment owned by the certification center and leased under contract No.XXXXX from YYYY-MM-DD hh: mm: ss. The time of certification of the document security level label by the certifying center YYYY-MM-DD hh: mm: ss, number of the security level label of the document XXXXXXX in the CA archive ”. This entry indicates a much higher level of protection compared to simple password access to eToken media, the contents of which can easily be copied by an attacker.

Obviously, the trust in the content of the second electronic document will be higher, since access to the private key of the second electronic document is protected biometrically, the private key and secret biometrics of the owner of the private key does not leave the hardware-software trusted computing environment owned by the CA and leased to a person, registered in CA. It is impossible to extract the internal software from the trusted computing environment of the CA or bring the virus into the trusted computing environment without the physical destruction of the trusted computing environment itself. In fact, the record of the security level label added in the second document indicates the maximum possible level of protection of the private key of an ordinary citizen that existed at the time of filing this application for this invention. The method of generating an electronic document according to claim 1 of the formula provides a positive effect, as it allows third parties to relate to electronic documents of different levels of protection of their integrity with a different level of trust. Naturally, a different level of costs for information protection leads to a different level of trust in an electronic document formed with the participation of one means or another. A consumer who wants the highest level of trust in his electronic documents should provide the maximum level of protection for his personal key for generating electronic signatures. The proposed method allows holders of private keys to increase the level of public trust in electronic documents signed by them.

In the event that the person signing the electronic document does not want to rent the trusted computing environment of the CA, but wants to increase confidence in his electronic document, he can send his request for the formation of the security level label of the electronic document to the certification center for additional certification with the CA signature . Further, the signatory must personally call the CA and re-ask him to certify his electronic document with a security level label with a record of voice biometric authentication of the confirmation of the authenticity of the electronic document. In order to conduct biometric authentication of a person by voice, the certification authority must have voice samples of the person being verified and an automatic machine capable of performing such verification. Modern machines cannot understand the meaning of a voice request, respectively, the meaning of a voice request must be understood by a human operator and entered as a record in an electronic document, and the speech itself must be compared with existing samples of speech fragments by a machine. That is, when implementing claim 2 of the claims, the security level label should be entered in the electronic document in the form of the following entry: “Access to the private key is protected by password, the container with the private key is placed in the eToken medium, the time of certification of the security level mark of the document with center YYYY-MM-DD hh: mm: ss, number of the certified label of the security level of the document XXXXXXX in the archive of the CA. Certification of the security level mark of the document was carried out at the personal voice request of the owner of the electronic signature Ivan Ivanov, received by phone, a biometric voice authentication of the person was carried out automatically by 27 words of the person being verified, spoken by him in an arbitrary dialogue with the operator, the probability of a second error for the authentication performed on arbitrary 27 words no more than 0.000003. During the dialogue, the verifier reproduced the voice passphrase, the probability of a second kind of error during authentication on the passphrase does not exceed 0.0000001. "

From the entry in the document it follows that the authenticity of the electronic document is confirmed not only by the electronic signature under it, but also by subsequent contact with the CA of the signer by phone, as well as voice authentication of the signer with a low probability of errors of the second kind (mistaking "Alien" for "His") . It is obvious that the CA conducts additional biometric authentication of the person who signed the document, increases confidence in the electronic document itself.

In the case when the owner of a private key wants to protect himself not only from the threat of compromising his secret biometric image (handwritten or voice), but also from the threat of compromising his private key to generate an electronic signature using his published public key, he can use the proposed method according to claim 3 of the formula inventions. In this case, the generated security level label should additionally contain a record of the following form: “Additionally, a biometric authentication of the person who signed the document hash with the help of his secret biometric image connected to the neural network with an additional private key and verification using an additional unpublished public verification key was performed.”

     The implementation of the method according to claim 3 allows you to withstand attacks by cybercriminals even if quantum computers are created in the near future. The growth of the computing capabilities of quantum computers is compensated by the fact that an additional private key for generating an electronic signature is difficult to pick up due to the concealment of an additional public key by the certification center. Since the public key is not published, the task of selecting a private key is much more complicated, since it is impossible to verify the results of attempts of directed selection. It is known that the strength of asymmetric cryptography is much lower than the strength of symmetric cryptography with the same key length. However, if the public key is not published, then the resistance to attacks of the selection of symmetric and asymmetric cryptography is leveled. The durability of the personal key of the certification center is ensured by active monitoring of attempts to fake electronic documents, archiving of the security level labels of electronic documents with time stamps, and quick change of pairs of keys used when they are compromised. According to the proposed method for generating electronic documents, the durability of the entire electronic document management system includes not only the durability of asymmetric cryptography of the certification center, but also the durability of individual means of biometric authentication of each registered person. A short-term defeat of the asymmetric cryptography of the certification center does not lead to the destruction of all protection. Even insignificant stops of electronic document management during the change of key pairs do not occur. A slight delay is possible only when the private key of the certification authority itself is compromised for the time of re-issuance of all currently valid public key certificates. Additional key pairs (unpublished public and private), as well as biometric authentication of previously registered persons, are those elements of the new electronic document management system that allow you to relatively reliably (without material and moral harm to consumers) restart the certification center using a new public key and a new personal identification key center.

Record labels created according to claim 1 of the claims, can be implemented in the following option No. 1:

Label No.xxx, hash of the document - (xxxxxxxxxxxx) CPU of the signer of the document - (xxxxxxxxxx), current time of label generation - 01/10/2014 13 hours 10 minutes 32 seconds, access to the personal key of the digital signature generator of the signature placed in the container is password protected the record is confirmed by the signature of the certification center - (xxxxxxxxxxx)

From the above example, it is clear that access to the CPU generation key is only password protected, the key is located in the container, the container is opened with a password, the CPU generation key appears in the CPU generation software product, the software product is located on the user's computer, the password and software product could be transferred to another to a person by conspiracy or received without the knowledge of their owner.

There is another option for forming a stronger security label according to the following option No. 2:

Label No.xxx, hash of the document - (xxxxxxxxxxxx) CPU of the signer of the document - (xxxxxxxxxx), current time of label generation - 01/10/2014 13 hours 10 minutes 32 seconds, access to the digital signature generator's personal key is password protected, the key is located in the container, the container is nowhere is not stored, the container code appears at the output of the neural network upon presentation of a fingerprint picture, the CPU is formed in a trusted computing environment protected by hardware, the correctness of the record is confirmed by the signature of the certification center - (xxxxxxxxxx)

Obviously, the option of tag number 2 is stronger in security than the tag number 1 option, since access to the CPU key has been protected by the consistent presentation of biometrics. Next, a container closed with a password is obtained from the biometric image. Opening the container by entering the access password. In addition, there is a trusted computing environment that is protected by hardware, that is, the signature is formed in a specialized device, where there can be no viruses and spyware. With such protection, it is impossible to conspire to pass both the password and biometrics to another person; you cannot also intercept the password and the biometric image.

An example of label recording according to claim 2 of the formula by modifying the label, option No. 3

Label No.xxx, hash of the document - (xxxxxxxxxxxx) CPU of the signer of the document - (xxxxxxxxxx), current time of label formation is 01/10/2014 13 hours 10 minutes 32 seconds, access to the digital signature generator's personal key is password protected, the CPU is generated by software on a universal computing machine , the fidelity of the record is confirmed by the signature of the certification center - (xxxxxxxxxxx)

At 13 hours 20 minutes 15 seconds, a biometric authentication of the identity of the person who signed the document by phone call was made, the person who knows the person’s voice verified, the person named the password, the person’s voice recording is stored in the archive, the second signature of the certification center is (xxxxxxxxxx)

Literature

1. Romanets Yu.V., Timofeev P.L., Shalygin V.F. Information security in computer systems and networks. M .: Radio and communications - 1999

2. CAdES (ETSI TS 101 733). A version of this standard is published as the Internet standard RFC 5126 "CMS Advanced Electronic Signatures (CAdES)".

3. Patent RU 2365047, MKI: H04L 9/36, application No. 2007120788/09 (022642), authors Ivanov A.P., Funtikov V.A. “A method for generating electronic documents and a device for its implementation”, priority dated June 4, 2007, published August 20, 2009. Bull. Number 3.

Claims (3)

1. The method of generating an electronic document, which reduces to using a pair of a private key and a public key of a person previously registered with a certification center, certified by a certification center of time stamps, which consists in covering electronic document data with an electronic signature of a registered person, verifying the signature using a published certificate of a registered public key person, calculating and sending to the certification center a hash of a document signed on the personal key of the registered person, checks a certificate of electronic signature of the hash, characterized in that the signed document hash is sent to the certification center where the person who signed it was previously registered, then, in case of a positive result of verification of the signature of the document hash, a certification level mark is created in the certification center containing the label number , a hash of the document, information about the type and conditions of access to the private key for the formation of a digital signature of the registered person, then cover the label with an electronic signature of the certifying center tra further signed label placed in the archive of the certification center, and the label face is returned signed, the signed document and a hash of it. 2. The method according to claim 1, characterized in that upon receipt of the signed hash of the electronic document, the certification center and the signatory enter into interaction, during which the certification center carries out additional biometric authentication of the person who signed the document, further, in case of positive biometric authentication create a label for the security level of the document containing the label number, hash of the document, information about the time and parameters of the additional biometric authentication, then cover the electronic label onnoy signature certification center, then place a label signed by the certification center in the archive and return the signed mark the person who signed the document and a hash of it. 3. The method according to claim 2, characterized in that when registering the person, an additional pair is created from the public and private key, then the artificial neural network is trained to reproduce the additional private key of the registered person using examples of his secret biometric image, after training, the additional private key is destroyed, also they destroy the examples of his secret biometric image, and the additional public key of the person is stored in the certification center without publishing it, then the remote biometric authentication of the person with the certification center’s calls are carried out using its unpublished additional public key and the certification center’s private key, and the person proves his authenticity by using the certification center’s public key and his secret biometric image, which, during biometric authentication, the trained neural network transforms into an additional private key, if detecting the fact of compromising the private key of the registered person in the certification center annul the corresponding certificate ifikat public key, then create a public key certificate for the additional public key certificate and publish the report of the registered person commissioning it extra pair of keys.