WO2007034255A1 - Procede, appareil et systeme permettant de generer une signature numerique associee a un identifiant biometrique - Google Patents
Procede, appareil et systeme permettant de generer une signature numerique associee a un identifiant biometrique Download PDFInfo
- Publication number
- WO2007034255A1 WO2007034255A1 PCT/HU2006/000081 HU2006000081W WO2007034255A1 WO 2007034255 A1 WO2007034255 A1 WO 2007034255A1 HU 2006000081 W HU2006000081 W HU 2006000081W WO 2007034255 A1 WO2007034255 A1 WO 2007034255A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- electronic document
- biometric
- signature
- time
- signed
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000004422 calculation algorithm Methods 0.000 claims description 20
- 230000000007 visual effect Effects 0.000 claims description 12
- 241001441724 Tetraodontidae Species 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 230000001133 acceleration Effects 0.000 claims description 4
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims 3
- 238000010586 diagram Methods 0.000 description 5
- 229920001690 polydopamine Polymers 0.000 description 5
- 238000013478 data encryption standard Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 210000003462 vein Anatomy 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/68—Special signature format, e.g. XML format
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the invention relates to a method, an apparatus and a system for generating a digital signature linked to a biometric identifier of the signatory.
- Electronic signature of advanced security is defined by the law as an electronic signature being capable of identifying the signatory, being uniquely linked to the signatory, being created using means that the signatory can maintain under his or her sole control and being linked to the content of the document in such a manner that any change of the document made subsequently to the signing is detectable.
- the signatory is able to put his or her signature on the electronic document by using the Public Key Infrastructure (PKI) provided that he or she holds a unique object and/or piece of information.
- the object can be e.g. a smartcard, a USB token, etc. while the piece of information can be a PIN, a password, etc.
- PKI Public Key Infrastructure
- the signing takes place in effect by using a secret key stored on said object, that can be released by means of said piece of information. In this case, however, the signature is, actually, linked to the possession of said object and/or said piece of information instead of the person.
- biometric identifier being uniquely linked to the actual person must (also) be inputted.
- One of the simplest biometric identifier is the biometric data of the handwritten signature of the person, including the co-ordinates, the velocity, the acceleration and the pressing force of the pen as a function of time and/or the co-ordinates of the pen-down or pen-up points.
- the simple image of the signature is the conventional means for signing a paper document.
- Biometric identifiers include e.g. the iris-scan, the retina-scan, the fingerprint, etc.
- Japanese patent application N° JP2003134108 discloses a system for electronic signing linked to a handwritten signature or another personal identifier, a seal impress or a finger- print.
- the user creates an original document and a signature processing unit, on the one hand, receives an electronic version of the original document through inputting means and, on the other hand, after displaying the document, it receives an electronic version of the identifier, e.g. a handwritten signature, through another inputting means.
- the system combines the document and the identifier data, creates a digital signature for the dataset obtained thereby, combines the signature with the dataset and outputs the result obtained.
- a biometric identifier such as a signature created electronically but in a handwritten form
- a further object of certain embodiments of the invention is to provide a solution, in which the digital signature being linked to the biometric identifier can only be put on the electronic document in a trusted and identified environment, i.e. by using such devices.
- FIG. 1 shows a schematic block diagram of a first embodiment of the apparatus according to the invention
- Fig. 2 shows a flowchart illustrating an embodiment of the method according to the invention
- Fig. 3 shows a block diagram of a second embodiment of the apparatus according to the invention.
- Fig. 4 shows a schematic block diagram of an embodiment of the system according to the invention.
- FIGs. 5a and 5b together show a flowchart illustrating another embodiment of the method according to the invention.
- Fig. 6 is a diagram showing the structure of a signed electronic document package that can be generated by means of a preferred embodiment of a method according to the invention.
- FIG 1 A schematic block diagram of a preferred embodiment of the apparatus 1 for generating a digital signature linked to a biometric identifier, according to the invention is showed in figure 1 while a flowchart of a preferred embodiment of the method according to the in- vention is showed in figure 2.
- one or more signatories i.e. one or more so-called 'customers' in this embodiment, put their digital signatures being linked to their biometric identifiers, i.e. to their handwritten signatures in this example, on a document.
- a second person a so-called 'representative' participates in creating the signature; as it will be shown, his or her digital signature based on a crypto- graphic method, i.e., in this case, a PKI-based digital signature is used in the course of the method.
- the signatory can be a client of a firm, while the representative can be an employee of said firm.
- the customer can put his or her digital signature being linked to his or her biometric identifier e.g. on an order that he or she intends to give to said firm.
- the document to be signed may be one or more computer files of any types, e.g. files of desktop publishing, word processing, spreadsheet or image processing, etc. applications to mention just a few of the possibilities, among others, these can be files obtained by scanning paper documents.
- the document is composed of XML-structured files.
- the apparatus 1 comprises means 2 for receiving a document to be signed and for storing it as an electronic document; means 3 for receiving an identifier from at least one signatory and means 4 for processing the electronic document and the identifier.
- the processing means 4 comprise means 5 for generating a digest; encrypting means 6 and digital signing means 7.
- the document to be signed is received and it is stored as an electronic document via said means 2 (step 10; see figure 2).
- the document to be signed is ab ovo available in the form of computer file/s, it involves the reception of the file from the given application and the storing thereof on a storage means (not shown).
- a storage means Any type of data storage devices working on an electronic, magnetic, optical, or any other prin- ciple can serve as the storage means, such as a memory, a disk, etc. It can also be envisaged that only the address/es indicating the location/s of the file/s is/are received from the source application and the file/s itself/themselves is/are not copied or moved.
- the digitalization thereof takes place via said means 2, e.g. a scanner and it is stored in a suitable format.
- said means 2 e.g. a scanner and it is stored in a suitable format.
- the electronic document can be displayed on a display device (not shown) of the apparatus 1 at this time.
- biometric data is received via said means 3 and it is stored as biometric data (step 11).
- said means 3 is a digitizing tablet and the handwritten signature of the signatory, i.e. of the costumer is received for the biometric identifier and the complete dynamics thereof are stored as biometric data, i.e. the co-ordinates and/or the velocity and/or the acceleration and/or the pressing force of the pen is/are stored as functions of time and/or the co-ordinates of the pen-down and pen-up points are stored. Accordingly, instead of or in addition to the image of the signature the way of cre- ating the signature is actually stored. These data, unlike the mere image of the signature, allow a true biometric identification.
- biometric identifiers can be used instead of the handwritten signature by utilizing an appropriate means 3; iris- scans, retina-scans, fingerprints, vein patterns, facial images, hand geometries, etc. can be used.
- Said means 3 for capturing the biometric data are well known to a person skilled in the art, the biometric data can be recorded e.g. by means of an iris-scanner in case of iris- scans or by means of a fingerprint reader in case of fingerprints.
- a digest of the electronic document is generated via the digest generating means 5, in this example, by using the SHA-I algorithm (step 12).
- the digest can be made by using the MD5 algorithm or by other suitable algo- rithms.
- the digest is associated with the biometric data and the first set of information obtained thereby is encrypted via said encrypting means 6, in this embodiment, by using the 3DES algorithm in order to generate a biometric signature (step 13). Since the digests of different documents are, with great probability, not identical and the digest of the document is encrypted together with the biometric data, the biometric signature so obtained cannot be transferred to another document. It means that if an attacker extracts the so generated biometric signature from a document that was signed in accordance with the invention, such biometric signature can- not be used to sign a further document having a different digest. In other embodiments other algorithms, such as the DES, AES, Blowfish, RSA, etc. algorithms can be used the same way instead of the 3DES encrypting algorithm.
- biometric signature is associated with the electronic document and the second set of information obtained thereby is signed with the digital signature of the representative via digital signing means 7 in order to generate a signed electronic document package (step 14).
- biometric signature together with the electronic document to be signed is placed into a common standard XML file.
- This XML file holds together the two parts like an envelope.
- the representative creates, via means 7, a PKI- based digital signature which relates both to the document and to the biometric signature simultaneously.
- the object of this digital signature is to bind together the biometric signature and the document and to assure that none of these can be altered later in an unau- thorized manner. Additionally, it also authenticates the circumstances of the creation of the biometric signature originating from the handwritten signature (i.e.
- the digital signature of the representative can be a standard PKI-based digital signature that can be created by means of a certificate and a PKI secret key stored in the apparatus 1.
- the signature of the representative is based on the RSA algorithm, however, other algorithms capable of generating a cryptographic method- based digital signature can also be used, such as KCDSA, ECDSA, DSA, 3DES, DES, AES, Blowfish, etc.
- the generation of the signature can be accomplished via software means by using a key stored inside the apparatus 1 or by means of a smartcard or a USB token.
- the digital signature of the representative is created on the XML file and the signature itself is also stored in this standard XML package.
- the electronic document package, the signing of which was linked to the biometric identification is ready to be archived and used, at choice, in a computer system or the signature of the representative that has been put on it can be verified, in this case, in accordance with the PKI.
- biometric identifiers of several signatories can be inputted in step 11.
- all of the biometric data belonging to each biometric identifier are associated with the digest of the electronic document and the first set of information obtained thereby is encrypted in step 13.
- the biometric signature obtained comprises all data belonging to the biometric identifier of each signatory.
- the apparatus 1 can be implemented by a PDA or a tablet PC.
- the touch screen of the PDA or the tablet PC forms said means 3 for receiving the biometric identifier, while said other means 2, 4, 5, 6, 7 can be implemented in software.
- a notebook, a desktop PC or other computer devices provided with appropriate peripherals can be used as well. It is also possible to envisage that the different parts of the apparatus 1 are implemented by separate hardware devices or by software running on computer devices constituting a network.
- FIG. 3 shows a slightly modified embodiment of the apparatus according to the inven- tion.
- a visual representation of the biometric identifier e.g. a simple image of the handwritten signature is also generated via said means 8 from the biometric data having been derived from the biometric identifier received.
- the visual representation can be stored e.g. as a bitmap or a vector graphic file.
- the biometric data i.e. the dynamics of the signature cannot be reproduced from the visual representation. Accordingly, prior to signing the electronic document and the biometric signature with the PKI-based digital signature of the representative by means of the digital signing means 7 the visual representation may be associated with the electronic document and with the biometric signature without using the encryption that is applied to the biometric data.
- a benefit of such a visual representation is that it can be freely extracted from the signed electronic docu- ment package and it can be displayed or printed together with the electronic document at any time therefore.
- This will call to mind the well-known conventional signature for the user.
- this extractable information i.e. the image of the signature cannot be used to sign other documents in accordance with the invention since it would require the biometric data.
- the image thereof can be displayed on the display device of the apparatus 1 concurrently with the signing in order to provide the customer with a visual feedback.
- said means 3 for receiving the biometric identifier itself is also a display as in the case of PDAs, tablet PCs, touch screens, etc.
- the second set of information is rather signed with that of the signatory himself or herself. In this way a signed electronic docu- ment package is generated that has been signed with both the biometric and the e.g. PKI- based electronic signature of the signatory.
- the second set of information is rather signed with that of the apparatus 1 or another means connected thereto. In this way a signed electronic document package is generated that is linked to the signatory via the biometric signature and in relation of which the e.g.
- PKI-based digital signature of the apparatus 1 attests that the biometric signature of the signatory was created on a proper apparatus 1.
- This embodiment of the method facilitates the biometric identifier-linked signing of an electronic document by means of an apparatus 1 being placed e.g. in a client room of a governmental organization or a service provider even without the participation of a representative.
- a particularly preferred embodiment of the method of the invention can be performed in a system 30 for generating a digital signature linked to a biometric identifier, the system 30 being shown in figure 4.
- the system 30 comprises one or more apparatuses 1 according to the invention and a central server 32 being connected thereto via network 31.
- the apparatuses 1 operate as client devices of the central server 32.
- the network connections between the central server 32 and the apparatuses 1 can be implemented on several plat- forms like Ethernet, WLAN, GPRS, GSM modems, EDGE, Bluetooth, data cables, infrared ports as well as the combinations thereof.
- the flowchart of this preferred embodiment is shown in figure 5a and in figure 5b connecting thereto; the first five steps 10 to 14 are identical with those steps that were de- scribed with reference to figure 2.
- the already generated electronic document package is sent to the central server 32 by means of the client device through a secure data channel that is implemented over the network 31 as a transmission medium and the central server 32 receives it (step 16).
- the communication established through the secure data channel is based on encryption and the network devices and software means being involved in such a communication are capable of identifying one another.
- the secure data channel is implemented by using the SSL protocol.
- other protocols like the TLS, SNMPv3, VPN, HTTPS, FTPS, TelnetS, IMAPS or IPSec, etc. can also be used.
- a database being stored on the central server 32 or being accessible for the central server 32 is established, which contains information relating to the client devices being used in the system 30, based on which information the client devices can be identified.
- information relating to entities authorized to digitally sign the second set of information with the cryptographic method-based digital signature is stored in said database, based on which information the signing entities can be identified.
- entities can be the representatives, the signatories or the devices already mentioned in connection with the respective embodiments of the invention, the cryptographic method-based digital signature of each of whom/which is put on the second set of information.
- the database has to be updated in order to ensure that it always contains information relating to the actual client devices and sign- ing entities.
- the central server 32 identifies the client device (the hardware device itself and/or the sending application running on it) sending the signed electronic document package in the course of the communication through the secure data channel and goes on with the execu- tion of the method only if the client device is present in the database (steps 17, 18). As a result of this, a fake signed electronic document package having possibly been generated on an attacking device connected to the network will not be processed.
- the central server 32 identifies the signing entity based on the cryptographic method-based digital signature that has been put on the signed electronic document package and proceeds with the exe- cution of the method only if it is also present in the database (steps 19, 20). Thus, in those embodiments where the signing entity is a natural person, the signing of the electronic document by means of a device belonging to the system 30 with the participation of an unauthorized person can be avoided.
- the validity of the signature can be checked. If the identification of the sending client device or the second person failed, preferably, an error message can also be generated and it can be sent to the client device and/or to a person administering the system or the fact of the failed identification can be logged.
- the central server 32 puts its own cryptographic method-based, e.g. PKI-based, digital signature to the received package in order to generate a double signed electronic document package (step 21).
- the central server 32 authenticates thereby that the given package arriving from a client device being recognised by the central server 32 as authentic (and, in case of some embodiments, by the participation of an authorized representative or an authorized signatory). Furthermore, this signature protects the whole package from the subsequent alteration attempts.
- the digital signature of the central server 32 can be based on one of the protocols that were mentioned in connection with the signature of the representative or another signing entity.
- the XML package is signed and the signature itself is also stored in the XML package.
- time-stamp server 33 responds to the request by sending a time-stamp to the central server 32, which time-stamp is received by means of the central server 32 (step 23) and the received time-stamp is attached to the double signed electronic document package afterwards in order to generate a time-stamped double signed electronic document package (step 24).
- the time-stamp made is written into the XML package as a set of binary data.
- the time-stamp server 33 can be an independent, separate server maintained by an independent organisation that guaranties the accuracy and the authenticity of the time information.
- the time-stamp server 33 can be a separate application running on a computer being the central server 32.
- the object of the time-stamp in the procedure is to authenticate that the time of signing precedes a given moment, i.e. the time of requesting the time-stamp. Thus, a subsequent conflict regarding the time of generation can be prevented.
- an acknowledgement concerning the successful execution of the procedure is then sent to the client device through the secure data channel by means of the central server 32 (step 25).
- One or more preferred steps can be omitted and/or the time-stamp can be attached to the signed electronic document package prior to signing if digitally.
- FIG. 6 shows an example of the structure of a time-stamped double signed electronic document package generated by means of one of the above described preferred embodi- ments of the method according to the invention.
- the biometric signature 43 is formed by encrypting the digest 41 and the biometric data 42. Having been added the electronic document 44 and possibly the visual representation 45 of the biometric identifier thereto and having been signed it with the cryptographic method-based digital signature 46 of the representative or other signing entity, the signed electronic document package 47 is ob- tained.
- the digital signature 48 of the central server 32 is put thereon, resulting in the double signed electronic document package 49 and, lastly, having been attached the time-stamp 50 thereto, the time-stamped double signed electronic document package 40 is obtained.
- the embedded structure of the repeatedly referenced preferred example as it is shown in figure 6 indicates the embedded structure within an XML file compliant to the ETSI TS 101 903 standard.
- An advantage of the present invention is that it facilitates an authentication method being based on a biometric identifier e.g. a handwritten signature created by means of an electronic device.
- a biometric identifier e.g. a handwritten signature created by means of an electronic device.
- processes currently being implemented on a paper basis can be transferred into the electronic domain, which processes were not suitable for it because of the necessity of the handwritten signature.
- the biometric data 42 are encrypted. It assures that these are not accessible for other persons.
- the digest 41 of the electronic document 44 to be signed is also incorporated in the encrypted data.
- a particular signature cannot be attached to another document, hence, the system guaranties that the signatures (biometric identifiers) already captured cannot be used in an unauthorized manner or cannot be faked.
- the signing takes place with the participation of two persons.
- One of the persons is the representative, who (e.g. in the course of the conclusion of a contract) represents one of the parties while the other person is the customer, who puts his or her handwritten signature on the elec- tronic documents 44 being made.
- the biometric signature 43 and the electronic document 44 is bound together by means of the PKI-based digital signature 46 of the representative. It has two advantages. On the one hand, it renders the security level of the binding of the two parts extremely high and on the other hand, it also authenticates (certifies) the circumstances of the creation of the handwritten signature. In other embodiments, where the cryptographic method-based digital signature is linked to a device instead of a person, the circumstances of the creation of the biometric identifier-linked digital signature are likewise authenticated because it could only be created by using that certain device.
- the method, the apparatus 1 and the system 30 according to the invention can be used even for notarizing, wherein the second set of information is signed with a cryptographic method-based, e.g. PKI-based, digital signature of a notary public.
- a cryptographic method-based e.g. PKI-based, digital signature of a notary public.
- the central server 32 also puts its own digital signature 48 on the signed electronic document package 47 incorporating the handwritten signature/s and then it requests a time-stamp 50 therefor. Thus, it authenticates that all data arrived from a trusted environment through a secure data channel and the time of the arrival is recorded in a demonstrable manner by means of the time-stamp 50.
- An extremely advantageous aspect of the method, the apparatus 1 and the system 30 according to the invention is that those are based on the most secure and most reliable cryptographic solutions of our days and the digital signature linked to the biometric identi- bomb is likewise secure and reliable therefore. Moreover, as the infrastructure of cryptography develops, the cryptographic tools used for generating the digital signature of the invention can be upgraded as well.
- WLAN Wireless Local Area Network GPRS General Packet Radio Services GSM Global System for Mobile Communication EDGE Enhanced Data GSM Environment TLS Transport Layer Security SSL Secure Socket Layer SNMPv3 Single Network Management Protocol version 3
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un procédé permettant de générer une signature numérique associée à un identifiant biométrique. Ce procédé comprend les étapes consistant : à recevoir un document à signer et à stocker ce dernier sous forme de document électronique (44) ; à recevoir un identifiant biométrique en provenance d'au moins un signataire et à stocker celui-ci sous forme de données biométriques (42) ; à générer un condensé (41) du document électronique (44) ; à associer le condensé (41) aux données biométriques (42) afin d'obtenir un premier ensemble d'informations et à chiffrer ledit premier ensemble d'informations afin que soit générée une signature biométrique (43) ; et à associer ladite signature biométrique au document électronique (44) afin d'obtenir un deuxième ensemble d'informations et à signer celui-ci au moyen d'une signature numérique (46) fondée sur un procédé cryptographique afin que soit généré un paquetage de document électronique signé (47). L'invention concerne également un appareil et un système permettant de générer une signature numérique associée à un identifiant biométrique.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP06795039A EP1938505A1 (fr) | 2005-09-21 | 2006-09-21 | Procede, appareil et systeme permettant de generer une signature numerique associee a un identifiant biometrique |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
HUP0500872 | 2005-09-21 | ||
HU0500872A HUP0500872A2 (en) | 2005-09-21 | 2005-09-21 | Method and apparatus for creating digital signature defined by biometric identification |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2007034255A1 true WO2007034255A1 (fr) | 2007-03-29 |
Family
ID=89986273
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/HU2006/000081 WO2007034255A1 (fr) | 2005-09-21 | 2006-09-21 | Procede, appareil et systeme permettant de generer une signature numerique associee a un identifiant biometrique |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1938505A1 (fr) |
HU (1) | HUP0500872A2 (fr) |
WO (1) | WO2007034255A1 (fr) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009053500A1 (fr) | 2007-10-24 | 2009-04-30 | Scytl Secure Electronic Voting, S.A. | Procédé et système de protection de registres d'informations d'utilisateurs applicable à des processus électoraux |
US20150222437A1 (en) * | 2012-10-15 | 2015-08-06 | Obshestvo S Ogranichennoj Otvetstvennostyu "Laboratoriya Elandis" | Method for signing electronic documents with an analog-digital signature with additional verification |
WO2016027111A1 (fr) | 2014-08-18 | 2016-02-25 | Csík Balázs | Procédés pour signer numériquement un fichier électronique, et procédé d'authentification |
US9734386B2 (en) | 2014-09-12 | 2017-08-15 | Qualcomm Incorporated | Methods, systems and devices for electronic notary with signature and biometric identifier |
WO2018176140A1 (fr) * | 2017-03-31 | 2018-10-04 | Syngrafii Inc. | Systèmes et procédés d'exécution et de distribution de documents électroniques |
CN109064606A (zh) * | 2018-08-03 | 2018-12-21 | 广州邦讯信息系统有限公司 | 门禁任务执行方法、系统、门禁系统和可读存储介质 |
CN111898558A (zh) * | 2020-08-03 | 2020-11-06 | 西南大学 | 一种多维度加密隐藏顺序的多重签名保护和识别方法 |
EP3709567A4 (fr) * | 2017-11-07 | 2021-03-24 | SECUVE Co., Ltd. | Système d'authentification de signature électronique sur la base d'informations biométriques, et procédé d'authentification de signature électronique associé |
US11080384B2 (en) * | 2015-12-15 | 2021-08-03 | Applied Recognition Corp. | Systems and methods for authentication using digital signature with biometrics |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998039876A1 (fr) | 1997-03-06 | 1998-09-11 | Skylight Software, Inc. | Procede d'identification cryptographique numerique |
US5818955A (en) * | 1994-08-31 | 1998-10-06 | Penop Limited | Document and signature verification system and method |
US20030028774A1 (en) * | 2001-08-06 | 2003-02-06 | Meka Anil Kumar | Ensuring the integrity of an electronic document |
JP2003134108A (ja) | 2001-10-30 | 2003-05-09 | Ricoh Co Ltd | 電子署名システム、電子署名検証装置、電子署名検証方法、プログラム、及び記録媒体 |
-
2005
- 2005-09-21 HU HU0500872A patent/HUP0500872A2/hu unknown
-
2006
- 2006-09-21 WO PCT/HU2006/000081 patent/WO2007034255A1/fr active Application Filing
- 2006-09-21 EP EP06795039A patent/EP1938505A1/fr not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5818955A (en) * | 1994-08-31 | 1998-10-06 | Penop Limited | Document and signature verification system and method |
WO1998039876A1 (fr) | 1997-03-06 | 1998-09-11 | Skylight Software, Inc. | Procede d'identification cryptographique numerique |
US20030028774A1 (en) * | 2001-08-06 | 2003-02-06 | Meka Anil Kumar | Ensuring the integrity of an electronic document |
JP2003134108A (ja) | 2001-10-30 | 2003-05-09 | Ricoh Co Ltd | 電子署名システム、電子署名検証装置、電子署名検証方法、プログラム、及び記録媒体 |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009053500A1 (fr) | 2007-10-24 | 2009-04-30 | Scytl Secure Electronic Voting, S.A. | Procédé et système de protection de registres d'informations d'utilisateurs applicable à des processus électoraux |
US20150222437A1 (en) * | 2012-10-15 | 2015-08-06 | Obshestvo S Ogranichennoj Otvetstvennostyu "Laboratoriya Elandis" | Method for signing electronic documents with an analog-digital signature with additional verification |
CN105074721A (zh) * | 2012-10-15 | 2015-11-18 | 依兰蒂思研究室有限责任公司 | 使用具有附加验证的模拟数字签名签署电子文档的方法 |
US9698992B2 (en) * | 2012-10-15 | 2017-07-04 | Obshestvo S Ogranichennoj Otvetstvennostyu “Laboratoriya Elandis” | Method for signing electronic documents with an analog-digital signature with additional verification |
WO2016027111A1 (fr) | 2014-08-18 | 2016-02-25 | Csík Balázs | Procédés pour signer numériquement un fichier électronique, et procédé d'authentification |
US20180212782A1 (en) * | 2014-08-18 | 2018-07-26 | Balazs Csik | Methods For Digitally Signing An Electronic File And Authentication Method |
EP3355224A1 (fr) | 2014-08-18 | 2018-08-01 | Csík, Balázs | Procédés pour signer numériquement un fichier électronique, et procédé d'authentification |
US11310058B2 (en) | 2014-08-18 | 2022-04-19 | Antal Rogan | Methods for digitally signing an electronic file and authentication method |
US10547453B2 (en) * | 2014-08-18 | 2020-01-28 | Antal Rogan | Methods for digitally signing an electronic file and authentication method |
US9734386B2 (en) | 2014-09-12 | 2017-08-15 | Qualcomm Incorporated | Methods, systems and devices for electronic notary with signature and biometric identifier |
US11080384B2 (en) * | 2015-12-15 | 2021-08-03 | Applied Recognition Corp. | Systems and methods for authentication using digital signature with biometrics |
WO2018176140A1 (fr) * | 2017-03-31 | 2018-10-04 | Syngrafii Inc. | Systèmes et procédés d'exécution et de distribution de documents électroniques |
US11900491B2 (en) | 2017-03-31 | 2024-02-13 | Syngrafii Inc. | Systems and methods for executing and delivering electronic documents |
US20240169457A1 (en) * | 2017-03-31 | 2024-05-23 | Syngrafii Inc. | Systems and methods for executing and delivering electronic documents |
EP3709567A4 (fr) * | 2017-11-07 | 2021-03-24 | SECUVE Co., Ltd. | Système d'authentification de signature électronique sur la base d'informations biométriques, et procédé d'authentification de signature électronique associé |
CN109064606A (zh) * | 2018-08-03 | 2018-12-21 | 广州邦讯信息系统有限公司 | 门禁任务执行方法、系统、门禁系统和可读存储介质 |
CN111898558A (zh) * | 2020-08-03 | 2020-11-06 | 西南大学 | 一种多维度加密隐藏顺序的多重签名保护和识别方法 |
CN111898558B (zh) * | 2020-08-03 | 2022-03-15 | 西南大学 | 一种多维度加密隐藏顺序的多重签名保护和识别方法 |
Also Published As
Publication number | Publication date |
---|---|
HU0500872D0 (en) | 2005-11-28 |
HUP0500872A2 (en) | 2007-05-02 |
EP1938505A1 (fr) | 2008-07-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11799668B2 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
US11206133B2 (en) | Methods and systems for recovering data using dynamic passwords | |
KR101676215B1 (ko) | 추가적 검증에 의해 아날로그 디지털 서명으로 전자문서에 사인하는 방법 | |
EP2924604B1 (fr) | Procédé permettant de créer des références de signature (dynamique) biométrique électronique | |
US8185938B2 (en) | Method and system for network single-sign-on using a public key certificate and an associated attribute certificate | |
US7024562B1 (en) | Method for carrying out secure digital signature and a system therefor | |
WO2019237570A1 (fr) | Procédé, dispositif et serveur de signature de contrat électronique | |
US7069440B2 (en) | Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system | |
JP3754565B2 (ja) | 電子印鑑マーク認証システム | |
WO2018145127A1 (fr) | Procédés et systèmes de vérification d'une identification électronique avec stockage d'enregistrements de certification sur une chaîne latérale | |
US20050132201A1 (en) | Server-based digital signature | |
WO2007034255A1 (fr) | Procede, appareil et systeme permettant de generer une signature numerique associee a un identifiant biometrique | |
US20050154889A1 (en) | Method and system for a flexible lightweight public-key-based mechanism for the GSS protocol | |
CN107209821A (zh) | 用于对电子文件进行数字签名的方法以及认证方法 | |
TW200402224A (en) | Biometric private key infrastructure | |
JP2007081482A (ja) | 端末認証方法及びその装置、プログラム | |
JP2003244139A (ja) | 電子文書に対するタイムスタンプ押印システム、及び、そのプログラム媒体 | |
CN105635187B (zh) | 带印模的电子文件的生成方法与装置、认证方法与装置 | |
CN108833431A (zh) | 一种密码重置的方法、装置、设备及存储介质 | |
US6904524B1 (en) | Method and apparatus for providing human readable signature with digital signature | |
JP2003169051A (ja) | 電子印鑑システム | |
CA3227278A1 (fr) | Procedes et systemes pour generer et valider des utilisations de justificatifs d'identite numeriques et d'autres documents | |
JP2003134108A (ja) | 電子署名システム、電子署名検証装置、電子署名検証方法、プログラム、及び記録媒体 | |
USRE49968E1 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
Ahn et al. | Towards scalable authentication in health services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006795039 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2006795039 Country of ref document: EP |