WO2017059489A1 - Electronic document certification - Google Patents

Electronic document certification Download PDF

Info

Publication number
WO2017059489A1
WO2017059489A1 PCT/AU2016/050937 AU2016050937W WO2017059489A1 WO 2017059489 A1 WO2017059489 A1 WO 2017059489A1 AU 2016050937 W AU2016050937 W AU 2016050937W WO 2017059489 A1 WO2017059489 A1 WO 2017059489A1
Authority
WO
WIPO (PCT)
Prior art keywords
document
certification
electronic document
certified
data
Prior art date
Application number
PCT/AU2016/050937
Other languages
French (fr)
Inventor
Manuel De Jesus ESPINOZA
Original Assignee
Business And Personal Solutions Group Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2015904046A external-priority patent/AU2015904046A0/en
Application filed by Business And Personal Solutions Group Pty Ltd filed Critical Business And Personal Solutions Group Pty Ltd
Publication of WO2017059489A1 publication Critical patent/WO2017059489A1/en
Priority to AU2018100581A priority Critical patent/AU2018100581A4/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services; Handling legal documents
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions

Definitions

  • the present invention relates to a system and process for electronic document certification.
  • Certification is an important process in the creation and distribution of documentation. Certifying a document ensures that a copy of a primary document is a true and valid copy, in the sense that the copy represents an exact replica of the primary document, including its information and structure. Certification allows the owner of the primary document to provide a copy of the document to a party, while guaranteeing that the information within is identical to that within the primary document. This allows the owner to avoid surrendering possession of the original document, while supporting the dissemination of the information contained to one or more other parties. Certification of document copies is frequently required in various contexts of legal and official correspondence, including government applications, court proceedings and commercial dealings.
  • an electronic document certification system including :
  • At least one certification data repository storing document certification templates for respective different types of documents to be certified, and certification authority data representing the certification credentials of a certification authority;
  • a server configured to receive an electronic document and user identification data from client devices of requesting users via a communications network, the electronic document being an official document relating to specific persons identified in the electronic document;
  • a processor configured to process the received electronic document to determine a corresponding document type and a corresponding specific person identified in the electronic document, and to process the corresponding user identification data to determine whether it identifies the specific person identified in the electronic document, and only if the assessment outcome is positive, to access the certification data repository to retrieve one of the stored document certification templates corresponding to the determined document type, and to process the received electronic document and the retrieved corresponding document certification template to generate corresponding certified document data representing a certified copy of the received electronic document.
  • an electronic document certification process including :
  • certification data including a certification template for the type of document to be certified, and certification authority data representing the certification credentials of a certification authority; processing the received electronic document and the retrieved corresponding document certification data to generate corresponding certified document data representing a certified copy of the received electronic document; and transmitting the certified copy to the user.
  • FIG. 1 is a schematic diagram of an electronic document certification system in accordance with an embodiment of the present invention.
  • Figure 2 is a block diagram of a computer system used to implement the computing devices and/or the server devices of the occupant safety determination system in the described embodiments;
  • Figure 3 is a flow diagram of a process for the certification of an electronic document using the electronic document certification system
  • Figure 4 is a schematic diagram of the acquisition of a user request for electronic document certification
  • Figure 5 is a schematic diagram of the verification of a user by the electronic document certification system
  • Figure 6 is a schematic diagram of the certification of a document by the electronic document certification system
  • Figure 7 is a schematic diagram of the transmission of the certified document to a user by the electronic document certification system
  • Figure 8a is an example of a certified driver's licence document produced by the electronic document certification system
  • Figure 8b is an example of an authority verification seal for use within an embodiment of the electronic document certification system
  • Figure 9 is an example of an application form for the certification of a document as performed by the electronic document certification system.
  • Figure 10 is an example of a document acquisition application form in accordance with the electronic document certification system.
  • the described embodiments of the present invention include an electronic document certification system and process that generates an electronic certified copy of a primary document.
  • a primary document is received by the system in electronic form.
  • Data associated with the received primary document is processed by system application components configured to produce a representation of a certified copy of the document.
  • Certification is performed based on data received from a certification authority, which is stored within the system components and processed to generate data representing an endorsement of the primary document.
  • the generated data of the certified electronic document is further processed to secure the document contents against modification.
  • the secured certified electronic document is transmitted to the user via an electronic service, such as email.
  • a physical copy of the certified document is produced by the system, and is sent to the user.
  • the electronic document certification system and process of the described invention provide advantages including :
  • the electronic document certification system and process described herein is configurable to produce certified documents automatically, based on the certification credentials of an authority.
  • Certification authorities include government officials or persons authorised by legislation to perform document certification, such as for example court clerks, solicitors, and notary publics.
  • the nature of the certification authority can vary according to the jurisdiction in which the system is deployed.
  • the system and process of the described embodiments are configured to produce certified copies of a variety of official documents under Australian law. However, the requirements for, and formalities of, achieving certification for a primary document can vary according to national law, and the skilled addressee will note that other embodiments of the system and process can be implemented to produce valid electronic certified documents for these jurisdictions.
  • the described embodiments of the electronic document certification system and process are configured to certify official government and/or legal documents, including, but not limited to, driver's licences from any Australian state or territory, proof of identity cards, affirmations, affidavits, wills, oaths, state and commonwealth statutory declarations, birth certificates, death certificates, marriage certificates, police check certificates, proof-of-age certificates, apostilles and other authentication certificates, and certificates of enduring power of attorney.
  • driver's licences from any Australian state or territory
  • proof of identity cards affirmations, affidavits, wills, oaths, state and commonwealth statutory declarations, birth certificates, death certificates, marriage certificates, police check certificates, proof-of-age certificates, apostilles and other authentication certificates, and certificates of enduring power of attorney.
  • the skilled addressee will appreciate that other embodiments may be configured to perform certification of any arbitrary document given information related to its type and/or properties.
  • alternative embodiments may allow for the certification of academic records
  • the electronic document certification system 100 includes a client device 106 and server devices 108 configured for use by a user 102 and an authority 104 respectively, which together operate to perform electronic document certification, as shown in Figure 2.
  • the server devices 108 include an application device 110, a data repository 112 and an interaction device 105.
  • the client 106 and application 110 devices are computing devices configured to execute client 107 and server 111 applications, respectively.
  • the system 100 can additionally include production devices 114 for generating a physical copy of the produced electronic certified document, and transmission devices 115 for sending the physical certified document copy to the user 102.
  • Figure 3 refers to a block diagram of a computing device 300 configured in accordance with the described embodiments.
  • a computing device 300 configured in accordance with the described embodiments.
  • Figure 3 will recognise that the following descriptions relate to the architecture and configuration of a computing device which can be used to implement the methods and techniques described herein.
  • Other configurations may involve the implementation of the electronic document certification system in combination with other modules or devices.
  • the computing device 300 includes a central system bus 301, a removable storage media 302, a memory system 303, a processor 307, a communication system 308, a display interface 310, and an I/O device interface 312.
  • the processor 307 can be any microprocessor which performs the execution of sequences of machine instructions, and can have architectures consisting of a single or multiple processing cores.
  • the processor 307 issues control signals to other computing device 300 components via the system bus 301, and has direct access to at least some of the memory 303.
  • the memory 303 provides an internal system for the electrical storage of the machine instructions required to execute applications.
  • the applications can include, but are not limited to, a web browser and an electronic document certification system server application.
  • the memory 303 can include random access memory (RAM), non-volatile memory (such as ROM or EPROM), cache memory and registers for fast access by the processor 307, and high volume storage subsystems such as hard disk drives (HDD).
  • RAM random access memory
  • non-volatile memory such as ROM or EPROM
  • cache memory and registers for fast access by the processor 307
  • high volume storage subsystems such as hard disk drives (HDD).
  • Individual memory system components, such as the high volume storage subsystems can include separate interfaces and/or buses to the main system bus in order to increase data transfer efficiency.
  • a removable storage media 302 can be implemented in the form of flash drives or removable high volume storage devices.
  • a portion of the memory 303 can be non-volatile, and can contain a Basic Input/Output System (BIOS) which includes routines facilitating the communication of data and control signals between computing device 300 components.
  • BIOS Basic Input/Output System
  • the memory 303 and removable media 302 store processor executable instructions for one or more programs and data, including an operating system 306, one or more application programs 305, and program data 304.
  • the one or more application programs can include a client application operable by a user to perform processes described herein.
  • Program data 304 can include data instructions and state information produced or used by the electronic document certification system application. More generally, application programs 305 can include methods, data structures or other software services that define data or perform functions.
  • the program data 304, the individual instructions of an application program 305, and the operating system 306 can reside in portions of the memory 303, including the registers, cache, main memory, and high volume storage, or in the removable storage media 302.
  • the skilled person in the art will appreciate that other embodiments of the memory 303 may allow for variation in the distribution of program data and instructions between the individual memory subsystems.
  • the system bus 300 provides a means by which data can be exchanged between the components of the computing device 300.
  • the system bus allows the processor 307 to issue control signals to other components, including memory 303, for the purpose of transferring data.
  • the system bus 300 can be of varying structure, and can possess one or more sub-buses, such as a memory bus interconnecting the memory 303 components and/or a peripheral bus such as AGP or PCI.
  • the I/O device interface 312 provides a means by which the user can interact with the computing device 300, and its stored application programs 305, and data 304 using input devices 313 such as a mouse and keyboard. The user can additionally interact with the computing device 300 and its application programs 305 and data 304 using on-board input devices such as a touchpad or touch screen.
  • the I/O device interface 312 also provides a means for the computing device 300 to instruct output peripherals 314, which can include printers, audio devices, and imaging devices.
  • the display interface 310 can include one or more dedicated graphics interfaces, which transmit graphics and video signals between the computing device 300 and display devices 311.
  • the display devices 311 can consist of external displays, such as CRT, LCD, LED or plasma monitors or TVs, projection devices, or on-board displays.
  • the computing device 300 is operable in a networked environment via the connection of a communication system 308 to the components.
  • the communication system 308 enables the logical connection of the computing device 300 to other networks or computing devices through a wireless or wired transmission media . Connections to networks or other computing devices are formed via wireless and/or physical interfaces 309.
  • the computing device 300 can establish such connections through the use of specialised networking equipment, such as a router, or can connect directly to other communications networks or devices possessing similar interfaces 309.
  • the programs 305 and data 304 of the computing device 300 can be stored, partially or fully, within the memory system of one or more remote devices.
  • the computing device 300 can exchange information with connected networks and other communications devices. Protocols such as the IEEE 702. xx family can be used for exchanging information wirelessly with, for example, a computer, portable device, printer, scanner, or any other device or location associated with a wireless identity. This includes devices connected over technologies such as WiFi, WiMax and Bluetooth, and in the form of either structured or ad-hoc communications. Receiving requests
  • the electronic document certification system 100 of the described embodiments is configured to accept requests to perform document certification 202 from a user 102 via client application 107.
  • requests are Internet based, and are initiated by a standard web browser application 107 executing on a client device 106 and configured to load a web page hosted by the application device 110.
  • the user 102 transmits a request via the browser 107 to the electronic document certification (EDC) application 111 executing on the application device 110.
  • EDC electronic document certification
  • Transmission of data between the client 106 and application 110 devices occurs over a communications network 116, which can include local area networks, wide area networks or mobile networks. Communication between client 106 and application 110 devices is performed over a secure transport layer communications protocol such as HTTPS.
  • Encryption is performed on the information transmitted by the user 102 to the application device 110, where this information can include: data representing the document, and an indication of the type of document, for which certification is requested; and identification documents transmitted by the user 102 to verify their identity, as discussed below.
  • document certification requests are received by the controller 412, which is configurable to process the requests and control the operation of the data repository 112, the verification module 414, and the certification module 416.
  • Certification requests received by the controller 412 include data representing the primary document to be certified, and the details of the user 102 requesting the certification.
  • the primary document can be in the form of a graphical image, such as a JPEG, PNG, TIFF or BMP document.
  • the primary document transmitted by a user 102 for certification can be an electronically scanned version of the corresponding physical document.
  • certification of an electronically scanned document requires a minimum document resolution, such that the characteristic information can be accurately reproduced within the certified copy.
  • the required minimum document resolution can vary depending on the document type.
  • the controller 412 is configured to process document certification requests received from the client application 107 via communication with a data repository 112.
  • the data repository 112 is organised as a single database and includes a Database Management System (DBMS) 402.
  • DBMS Database Management System
  • the described embodiment of the system implements a MySQL DBMS, although the skilled addressee will recognise that other management systems, such as PostgreSQL , Microsoft SQL Server, Oracle, Sybase and IBM DB2, may be used in alternative embodiments.
  • the database is configured to store data relating to the users 102 of the system 100 in the user table 404.
  • User data includes the user's name, physical address, email address, other contact details (such as a phone number), and additional personal information such as date of birth.
  • the user table 404 is configurable to store additional information about the user 102 such as the IP address used to access the system 100, hardware identifiers of the client device 106, and/or other tracking or referral information provided by the client application 107 during requests made to the system 100 by the user 102.
  • Document certification requests received by the controller 412 are stored in the requests table 408.
  • the requests table 408 records an identifier of the user initiating the request, an indication of the time at which the request was made, and other details specific to the request, such as payment details and document transmission arrangements.
  • the system 100 performs two types of verification in order to ensure the integrity of the electronic document certification process: i) verification of the identity of the user requesting the electronic certification of a document; and ii) verification of the primary document that is being certified. i) User identity
  • electronic document certification requires verification of the user's identity.
  • User identity verification 204 is performed automatically by the system 100 by the extraction of identity verification data from documents submitted electronically by the user 102, and the subsequent processing of this information.
  • Identification verification data includes: 1) user 102 details, such as the user's name and address, which collectively form an identity claim for the user 102; and 2) one or more verification documents, each containing identity information elements.
  • the identity information elements within a verification document provide information about a particular attribute of the subject of the document.
  • the elements of a driver's licence include the first name, last name, address, date of birth, licence number and signature of the licenced person (i.e. the subject).
  • a user 102 seeking verification will typically submit verification documents in which they are the subject, such that the identity information within each verification document corresponds to their claimed identity.
  • the user 102 can select the types of the documents transmitted for the purposes of identity verification.
  • the types of identification documents that are available to the user 102 for identity verification include official government documents such as driver's licences, birth certificates, social services cards and passports.
  • the system 100 can be configured to accept other document types for the purpose of verification.
  • the system 100 is configured to accept any verification document that is interpretable to provide identity information of its subject. Verification document types can be assigned weightings reflecting the ' influence' of the document for verifying the identity of the user 102.
  • the system 100 can be configured to require that a user 102 submit a combination of verification documents which collectively reach a certain weighting threshold (such as a total number of points).
  • limitations can be placed on the types of document accepted for the verification of a user 102 based on the type of the document for which certification is requested, and on any previous verification processes 204 performed by the system 100 with respect to the user 102.
  • the controller 412 transmits the identification verification data to the data repository 112 for storage in the verification table 406.
  • the records of the verification table 406 store data related to the verification of the identity of a user 102, including the identity verification documents transmitted by the user 102 and the claimed identity of the user 102.
  • the verification table 406 is also configured to store the outcome of verification processes conducted by the system 100 with respect to a particular user 102 based on the user's identity claim and their verification documents as submitted.
  • verification 204 of the identity of a user 102 is performed by the verification module 414.
  • the analysis module 502 receives, from the controller 412, data representing the one or more verification documents supplied by the user 102 and an indication of the type of each of these documents.
  • the analysis module 502 automatically interprets each verification document to produce an indication of the identity of the subject of the document.
  • OCR optical character recognition
  • An application-oriented OCR method is employed in the presented invention such that identity data is extracted from a document based on the structure of, and the specific lexicon used within, the document, as inferred from its type.
  • the OCR technique of the described embodiment performs an initial analysis of the verification document to determine the presence of any noise (such as blur), misalignment, and/or scaling issues.
  • the analysis module 502 is configured to apply pre-processing methods, such as de-skewing, binarisation, filtering and/or normalisation, in order to alleviate problems detected during the initial analysis. This allows the system 100 to maximise the accuracy with which identity information can be extracted from the verification document.
  • the pre-processing stage can be configured to detect flaws in the verification document, such as partial or full occlusion of one or more identity elements.
  • the analysis module 502 indicates the invalidity of the document to the controller 412, which can subsequently transmit an informative error message to the user 102.
  • Line detection and segmentation is performed by the analysis module 502 to identify the existence of characters at pre-determined positions within the document corresponding to the identity information element locations.
  • Character recognition is performed using a two-stage process of 1) feature extraction; and 2) classification.
  • Feature extraction is performed by the calculation of a set of feature values for data within a region of the identity element locations, where the features include: aspect ratio, proportion of pixels above a horizontal half point or to the right of a vertical half point, number of strokes; and the average distance to the image centre.
  • Character determination is performed by classification of the features via the use of character models.
  • the k-nearest neighbours clustering technique is implemented in the described embodiments, such that the determined character is the one whose model centroid has minimal accumulated distance to the features extracted.
  • the OCR process produces data representing a group of characters as recognised within the identity information element location.
  • a post-processing stage is subsequently applied to translate the determined characters into a series of words.
  • the accuracy of the word recognition process is improved by using a lexicon to constrain the output based on the document type, and the identity information expected to be contained within a given element.
  • the analysis module 502 can use a lexicon containing words commonly occurring within addresses, such as 'Street', 'Avenue' and 'Road', to influence recognition and/or to assist in the segmentation phase.
  • a lexicon containing words commonly occurring within addresses such as 'Street', 'Avenue' and 'Road'
  • OCR is applied by the analysis module 502 to each identification information element of a verification document to produce textual data representing the recognised words. For example, if a user 102 supplies a scanned copy of a Georgia driver's licence as a verification document, the analysis module 502 extracts information for elements including the name, date of birth, address and gender of the subject of the licence. The OCR based analysis process is repeated for each verification document. An indication of identity for each verification document is determined from the extracted identification element information, and is stored in the determined ID buffer 506. The controller transmits data representing the claimed identity of the user 102 to the verification module 414 for storage in the claimed ID buffer 504. In the described embodiment the claimed identity includes the name and address of the user 102, as transmitted within the request data received from the client application 107.
  • the comparison module 508 is configurable to produce a verification outcome by comparing the identity determined from each verification document to that of the claimed identity.
  • Text-based matching is used in the described embodiments, where the textual representation of the user's claimed identity is tested for equality against the corresponding representation extracted from each verification document.
  • the comparison process can be configured to allow minor differences in the text representations, such as the presence of additional whitespace or case mismatch within the characters.
  • the claimed identity representation must be equal to the representation extracted from each verification document. Otherwise, a negative verification outcome is produced.
  • the verification outcome represents the validity of the user 102's claimed identity, and is stored in the verification result buffer 510 for subsequent transmission to the controller 412 and storage in the verification table 406 of repository 112.
  • a negative outcome results in the rejection of the certification request by the controller 412.
  • the system can be configured to send a request to the user 102 for additional verification documents in order to verify their identity in the situation where the certification request is rejected due to a negative verification outcome.
  • the user 102 can respond by submitting one or more additional verification documents, which are processed by the system according to the verification processes described above to re-evaluate the verification outcome.
  • the system can be configured to cancel the user's certification request if the verification outcome is negative.
  • the primary document verification process 205 allows the authority 104 to verify that the primary document submitted by the user 102 (i.e. the scanned document copy) accurately and truly represents the original primary document (i.e. the physical original of the document).
  • the system 100 allows the authority 104 to conduct primary document verification 205 using electronic video data.
  • a real-time video transmission link is established between the client device 106 and the application device 110, through respective video cameras connected to each device, enabling a verification interaction to be performed between the authority 104 and the user 102.
  • this verification interaction serves to prove to the authority 104 that: i) the user 102 is currently in possession of the original primary document; and ii) this original primary document matches the electronic representation received by the system 100 within their certification request.
  • this can involve the user 102 demonstrating their possession of the original primary document to the authority 104, and presenting this document to the camera in a variety of configurations such that the authority 104 can verify its details, including the presence of any security or authentication features and/or markings (including optically variable features such as, for example, holographic imprints, diffraction gratings, and the like).
  • security or authentication features and/or markings including optically variable features such as, for example, holographic imprints, diffraction gratings, and the like.
  • the electronic document certification system 100 performs certification 206 of an electronic document via the certification module 416 of the EDC application 111.
  • commencement of the certification process 206 requires verification of the user 102.
  • the controller 412 retrieves and processes the verification outcome data for the user 102 from the verification table 406, and invokes the certification process 206 if the outcome is positive.
  • user identity verification 204 may be optional such that document certification 206 may be performed directly following the receipt of a certification request 202.
  • the certification module 416 is configured to store the data of the document to be certified, and an indication of its type, in a document buffer 602. Certification is performed using : 1) document representation data, which replicates the primary document in the certified copy; and 2) endorsement data, which consists of description data and authority data.
  • Description data is interpretable to provide a description of the certification of the primary document by the certification authority.
  • the description data indicates the type of document certified, the details of the authority performing the certification, and legal information or disclaimers relevant to the certified document copy.
  • An example textual description for the certification of a driver's licence document according to the described embodiment is as follows:
  • the authority data is interpretable to provide a confirmation of the identity of the authority 104, and the intent of the authority 104 to certify the document.
  • the identity and intent of the authority 104 is represented by a signature, stamp and/or seal of the authority 104.
  • the certificates table 410 of the data repository 112 is configured to store endorsement data specific to the authority 104.
  • the controller 412 retrieves from the data repository 112 the description of the certification, as appropriate for the given document type, and the signature, stamp or seal of the authority 104, and transmits this data to the certificate buffer 604.
  • the construction module 606 accepts the primary document data and an indication of the primary document type from the document buffer 602, and the endorsement data from the certificate buffer 604 to generate the certified document data.
  • the certified document data is in the form of a Portable Document Format (PDF) file, which is interpretable by PDF viewing software to produce a representation of the certified electronic document.
  • PDF Portable Document Format
  • the certified document PDF file is generated in accordance with PDF Reference 1.7. Within the PDF representation the certified document data is organised as a collection of string and stream objects.
  • Strings are used to represent fixed length text-only data (such as the description data), while embedded stream objects are used to represent other blocks of data that can be of arbitrary size, such as fonts, page descriptions, security dictionaries, image data, and larger sections of text (such as the representation data).
  • the certified document PDF contains additional data which conveys information about the document's structure, including the document size and the relative arrangement of the sub data components.
  • FIG 8a shows an example of a certified driver's licence document 800 in accordance with the described embodiments of the presented invention.
  • the certified document 800 contents consists of regions of displayable text and/or graphical information corresponding to the primary document content 802, and the endorsement 804 which consists of the certification description 806 and the authority information 808.
  • the authority information 808 includes the name 810 of the authority 104, and their signature 812 and/or seal 814.
  • Figure 8b illustrates an example seal 814 for a registered Justice of the Peace in the State of Kenya.
  • the arrangement of the certified document contents can be configured by the authority 104 via the interaction device 105.
  • the authority 104 can add additional regions of graphical and/or textual content to the certified document. For example, contact details of the authority 104 may be added to the header 810 for the purpose of allowing a reader of the document to contact the authority 104.
  • the contents of the electronic certified document are secured 208 by the application of encryption techniques in order to provide protection against modification.
  • the encryption module 612 receives the certified document data from the buffer 610 and produces corresponding data representing the encrypted version of the certified document.
  • encryption is performed on the PDF file data of the certified document. Encryption is applied to all strings and stream objects in the PDF file, but not to the document's structural data which is typically expressed as a combination of integer and boolean values. Leaving these values unencrypted allows access to the objects within the document, while protecting the document's substantive contents against modification after certification by the authority 104 has occurred.
  • Encryption-related information is stored in the form of encryption dictionary data, which includes: the preferred security handler for the document; an indication of the algorithm to be used in encrypting and decrypting the document; and the length of the encryption key to be used.
  • the encryption module 612 records the security handler used to perform the encryption process with the certified document PDF encryption dictionary.
  • the security handler controls access to the contents of the encrypted document, and is invoked by applications when accessing the secured certified document PDF file.
  • a standard password-based PDF security handler is used allowing decryption of the document using a password.
  • other embodiments may implement different security handlers designed to perform an encryption of the document which is not easily reversible.
  • the encryption module 612 performs encryption of the certified document PDF data using the symmetric key based Advanced Encryption Standard (AES) algorithm to produce the secured certified document copy.
  • AES Advanced Encryption Standard
  • a 256 bit encryption key is utilised to perform the encryption.
  • the length of the data when encrypted is rounded up to a multiple of the block size, which is fixed in the described implementation to 16 bytes.
  • Strings and streams encrypted with AES use a padding scheme according to Internet RFC 2898.
  • the pad For an original message length of M bytes, the pad consists of 16 - (M mod 16) bytes whose value is also 16 - (M mod 16).
  • M mod 16 16
  • a 9-byte message has a pad of 7 bytes, each with the value 0x07.
  • the pad can be unambiguously removed to determine the original message length when decrypting. Note that the pad is present when M is evenly divisible by 16; it contains 16 bytes of 0x10.
  • alternative embodiments may utilise other encryption algorithms
  • An encryption key is generated by the encryption module 612 to encrypt the certified document data.
  • a fixed 'master' encryption key is used to produce the secured certified document independent of the primary document type, and of the details of the user 102 and/or authority 104.
  • the encryption master key can be a 'password', as chosen by the user 102 or the authority 104.
  • a unique encryption key is generated for each secured certified document by augmenting a base encryption key with information specific to the certification request, and/or the details of the user 102 or the authority 104. This allows for the protection of the contents of the certified document in the case that the base encryption key is exposed.
  • Document encryption keys are combined with a salt value, and the encryption and decryption processes are performed using the MD5 hash of the resultant key.
  • the encryption key is stored within the certificates table 410 of the data repository 112 by the controller 412, as received from the encryption module 612 during the content securing process 208.
  • the encryption process 208 digitally signs the certified electronic document for the purpose of: authenticating the authority 104; verifying the integrity of the certification endorsement; and confirming the intent of the authority 104 to certify the document (i.e. providing non-repudiation of the certification endorsement).
  • Alternative embodiments of the invention may implement other digital signing or sealing methods, such as the inclusion of signature and/or seal objects which are encrypted using a different algorithm to that used to secure the document representation data.
  • the encryption module 612 stores the document access permission data within the encryption dictionary of the certified document, where this permission data reflects the various operations which are allowed to be performed on the document.
  • the permission data is in the form of flags, and dictates a user's ability to: modify the document's contents; copy or extract text and graphics from the document; add or modify text annotations; and print the document.
  • the encryption module 612 is configured to set default access permissions which prevent any modification, copying, extraction and/or annotation of the certified document. Printing of the document is enabled by the default access permissions.
  • the skilled addressee will recognise that other embodiments of the system 100 may allow additional configurability of the access permissions applied to the secured certified documents.
  • different sets of access permissions can be defined by the authority 104 which allow combinations of the above described operations to be performed on the contents of the secured certified document.
  • the level of access permission applied to the document can be determined based on the document type, or on the degree of security desired by the user requesting certification.
  • the data representing the secured certified document is transferred from the certified document buffer 610 to the controller 412.
  • the controller 412 transmits secured certified document data to the data repository 112 for storage in the request table 408.
  • the electronic document certification system 100 of the described embodiment is configured to send 210 the generated secured certified document to the user 102, as shown in Figure 7.
  • the EDC application 111 includes an electronic transmission service 701 configured to transmit data representing the secured certified document over a communications network 116, and to the user 102 via the client application 107.
  • the electronic secured certified document is transmitted to the email address of the user 102 for retrieval by the client application 107 via an email service, and subsequent transmission to the user 102.
  • the electronic transmission service 701 receives, from the controller 412, data representing the electronic secured certified document copy and the details of the user 102, including a the user 102 email address.
  • the electronic transmission service 701 is configured to automatically transmit the secured certified document PDF to the user 102 via the extended Simple Mail Transfer Protocol (SMTP), as defined by RFC 5321.
  • SMTP Simple Mail Transfer Protocol
  • other means of may be employed to transmit the document, such as FTP or peer-to-peer connections.
  • the user 102 may be provided with passive access to the generated secured certified electronic document.
  • the process and system 100 of the described embodiments are configured to send a physical copy of the secured certified document to the user 102 via a physical transmission service 702.
  • the physical transmission service 702 facilitates the generation of a physical copy of the secured certified document from the electronic copy stored within the data repository 112.
  • the physical transmission service 702 is configured to communicate with production devices 114, which can include one or more printers 704 and one or more fax machines 706, to issue instructions for the production of the physical document copy.
  • the physical transmission service 702 additionally communicates with one or more transmission devices 115 to organise the transmission of the produced physical document to the user 102.
  • Transmission devices 115 of the described embodiment can include packing and transportation devices operable to automatically package the produced physical document within a container such as a parcel or envelope, and to facilitate physical transmission of the produced document to the user 102.
  • the physical transmission service 702 can receive, from the controller 412, the electronic secured certified document and an indication of the document type.
  • the physical transmission service 702 can subsequently direct a printer 704 to print a physical copy of the certified document, using the print settings, such as paper type, dimensions, and orientation, appropriate for the its type.
  • the physical certified document copy produced may then be packaged into an envelope and loaded onto a vehicle by the transmission devices 115.
  • the user 102 can select a specific type of delivery method during their request for certification of the document.
  • a user 102 can indicate that physical transmission of the certified document should be performed via a standard postal service, or by an express courier depending on their preference.
  • the options available to a user 102 are configurable by the authority 104, and can vary based on factors including the document type, the availability of external services, and/or the address of the user 102. Requesting Certification of a document (ill)
  • the system 100 of the described embodiments is configured to accept document certification requests from user 102 via web page elements rendered by the client browser application 107.
  • the browser 107 is configured to display an application form UI pane when the user selects the document certification service.
  • the system 100 is configured to allow a user 102 to complete the application form electronically by entering information into the fields on the UI pane.
  • Figure 9 shows an example electronic application form UI pane 900 by which the user 102 can request certification of a document.
  • the application form pane 900 includes an application details pane 902 which contains fields for the details of the user 102, such as their title 904, first name 906, surname 908, date of birth 910, phone number 912, and address 914.
  • a confirmation field 916 is also presented to the user 102 in order for the system 100 to obtain confirmation that the authority 104 may act to perform the requested document certification.
  • the confirmation field 916 contains a text field by which the user 102 can enter their name to confirm that they authorise authority 104 to perform the certification, and/or agree with the associated terms and conditions of the certification service.
  • authority to act can be obtained from the user 102 by means of interactive elements (such as a checkbox or confirmation button), or by allowing the user 102 to upload a digital copy of their signature.
  • the pane 900 contains a document selection element 918 configured to allow the user 102 to upload electronic document files to the system 100.
  • the electronic files which the user 102 is required to upload include an electronic version of the primary document for which certification is to be performed.
  • the selection element 918 contains an element 920, such as a button, operable to open a file selection dialog through which the user 102 can select the electronic primary document file.
  • the pane 900 contains a verification element 922 configured to allow the user to verify their identity with the system 100.
  • a plurality of identification verification document files can be uploaded by the user 102 using a combination of list element and selection button pairs 924, through which the user 102 can choose the document type and select the file, respectively.
  • the described system 100 supports the upload of identification verification documents in a variety of electronic file types, including, but not limited to, image files such as JPEG, BMP, GIF, and PNG, and other document formats such as PDF and DOCX.
  • image files such as JPEG, BMP, GIF, and PNG
  • other document formats such as PDF and DOCX.
  • the verification module 414 may execute conversion routines to produce the image data required for the verification and/or certification process described herein above.
  • the application form pane 900 of the described embodiments contains a delivery details element 926 configured to allow the user 102 to select a method for the transmission of the physical copy of the produced certified document.
  • Example delivery options include standard post, express post and direct courier.
  • Other embodiments of the system 100 may be configured to provide additional delivery options, and/or to vary the delivery options available to a given user 102 based on their supplied address.
  • the delivery element 926 provides an indication of the estimated delivery date of the certified document, and the cost of delivery for the selected delivery option.
  • the user 102 is presented with a payment details pane 928 by the application UI pane 900 enabling the selection of a method for payment of the document certification service.
  • the payment details pane 928 includes a list element configured to present selectable payment options to the user 102, and payment entry fields through which the user 102 can provide information required to effect a payment for the selected payment option.
  • An indication of the total cost of the document certification service is also provided to the user 102.
  • the user 102 can complete the document certification request by submitting the application form via the 'Submit' button 930.
  • the document certification request can be performed using a physical application form.
  • the application UI pane 900 provides a button allowing the user 102 to obtain a copy of an application form PDF document which can be printed and completed manually by the user 102.
  • the authority 104 can submit a request for document certification on behalf of the user 102 using the electronic application form 900 (as described above), as rendered on a browser application executing on the interaction device 105. Acquisition of Official Documents
  • the system 100 is configured to acquire one or more official government documents on behalf of a user.
  • the user 102 can place an order for an official Australian Government document, such as a birth Certificate or Marriage Certificate, via a document order form UI pane rendered by the browser application 107.
  • Figure 10 shows an example birth certificate document order form pane 1000 which includes an applicant details pane 1002 which contains fields for the details of the user 102, such as their title 1004, first name 1006, surname 1008, date of birth 1010, phone number 1012, and street address 1014.
  • the document order pane 1000 contains an order details pane 1016 which includes fields enabling the user 102 to specify the information required to obtain the official document requested .
  • the order details pane 1016 can contain fields for the official legal name of the subject 1018, the name of the subject's mother 1020, the birth place 1022 and the birth date 1024.
  • the document order pane 1000 contains an authorisation pane 1026 which provides a disclosure of the terms and conditions under which the authority 104 may act on behalf of the user 102 to apply for, and take delivery of, the requested official government document.
  • the user 102 is required to provide an indication 1028 of the acceptance of these terms in order for the document acquisition request to be accepted by the system 100.
  • the indication 1028 can be in the form of the user's uploaded signature, or other interactive elements (such as a checkbox or confirmation button).
  • the pane 1000 contains a verification element 1030 configured to allow the user to verify their identity for the purpose of requesting an official document.
  • a plurality of identification verification document files can be uploaded by the user 102 using a combination of list element and selection button pairs 1032.
  • the user 102 can choose the types of the verification documents to establish their identity with the system 100.
  • the system 100 requires documents of specific types to be uploaded by the user 102, where the verification document types required are dependent on the official document requested.
  • the verification document files selectable by the user 102 are image files as described above.
  • the birth certificate document order form pane 1000 of the described embodiments contains a delivery details element 1034 configured to allow the user 102 to select a method for the transmission of the physical copy of the acquired document and the produced physical certified document copy.
  • Example delivery options include standard post, express post and direct courier.
  • Other embodiments of the system 100 may be configured to provide additional delivery options, and/or to vary the delivery options available to a given user 102 based on their supplied address.
  • An indication of the estimated cost of delivery for the selected delivery option is presented to the user 102 within element 1034.
  • the user 102 is presented with a payment details pane 1036 by the document order UI pane 1000 enabling the selection of a method for payment of the document ordering service.
  • the payment options offered by the system 100 for document acquisition are identical to those available for certification requests, as described above.
  • the user 102 can complete the document acquisition request by submitting the application form via the 'Submit' button 1038.
  • the document acquisition process of the system 100 allows the authority 104 to obtain a physical copy of an official government document on behalf of, and as requested by, the user 102.
  • the user 102 completes a document request form for the official government document which they wish to obtain, including an "authorisation to act" form that authorises the authority 104 to apply for the official document on behalf of the user 102, and lodges this form with the system 100 according to the processes described above.
  • the system 100 generates an official government request for the specific document requested by the user 102, based on the user 102's identity information, and forwards the official request and the authorisation to act form to the appropriate government office.
  • a scanning process is applied to the acquired physical document to produce a high resolution electronic primary document copy.
  • the electronic document certification process 200 is applied to this electronic primary document to produce secured electronic and physical certified document copies, as described herein above.
  • the produced electronic and physical certified documents and the acquired original document are transmitted to the user 102.
  • suffixes "module” and “unit” are given to components of the described system in consideration of only facilitation of description and do not have meanings or functions discriminated from each other.

Abstract

An electronic document certification system including: at least one certification data repository storing document certification templates for respective different types of documents to be certified, and certification authority data representing the certification credentials of a certification authority; a server configured to receive an electronic document and user identification data from client devices of requesting users via a communications network, the electronic document being an official document relating to specific persons identified in the electronic document; a processor configured to process the received electronic document to determine a corresponding document type and a corresponding specific person identified in the electronic document, and to process the corresponding user identification data to determine whether it identifies the specific person identified in the electronic document, and only if the assessment outcome is positive, to access the certification data repository to retrieve one of the stored document certification templates corresponding to the determined document type, and to process the received electronic document and the retrieved corresponding document certification template to generate corresponding certified document data representing a certified copy of the received electronic document.

Description

ELECTRONIC DOCUMENT CERTIFICATION
Technical Field
The present invention relates to a system and process for electronic document certification.
Background
Certification is an important process in the creation and distribution of documentation. Certifying a document ensures that a copy of a primary document is a true and valid copy, in the sense that the copy represents an exact replica of the primary document, including its information and structure. Certification allows the owner of the primary document to provide a copy of the document to a party, while guaranteeing that the information within is identical to that within the primary document. This allows the owner to avoid surrendering possession of the original document, while supporting the dissemination of the information contained to one or more other parties. Certification of document copies is frequently required in various contexts of legal and official correspondence, including government applications, court proceedings and commercial dealings.
Traditional approaches to producing certified documents involves the reproduction of the physical primary document and the certification of each of the associated copies by an authority (such as a notary public). This type of certification takes place manually and requires the authority to physically stamp, sign or affix a seal to the document to ensure its validity in relation to the original. This process must be performed individually for each physical certified document copy produced. The disadvantages of this approach include the inefficiency associated with the manual certification process when the authorised person has multiple documents, each requiring a large number of certified copies, and the limitation of the certified copies to a physical form.
It is generally desirable to overcome or ameliorate one or more of the above mentioned difficulties, or to at least provide a useful alternative. Summarv
According to some embodiments of the present invention, there is provided an electronic document certification system including :
at least one certification data repository storing document certification templates for respective different types of documents to be certified, and certification authority data representing the certification credentials of a certification authority;
a server configured to receive an electronic document and user identification data from client devices of requesting users via a communications network, the electronic document being an official document relating to specific persons identified in the electronic document;
a processor configured to process the received electronic document to determine a corresponding document type and a corresponding specific person identified in the electronic document, and to process the corresponding user identification data to determine whether it identifies the specific person identified in the electronic document, and only if the assessment outcome is positive, to access the certification data repository to retrieve one of the stored document certification templates corresponding to the determined document type, and to process the received electronic document and the retrieved corresponding document certification template to generate corresponding certified document data representing a certified copy of the received electronic document.
According to some embodiments of the present invention, there is also provided an electronic document certification process, including :
receiving, from a user, an electronic document and user identification data, the electronic document being an official document relating to specific persons identified in the electronic document;
processing the received electronic document to determine a corresponding document type and a corresponding specific person identified in the electronic document;
retrieving, from a certification data repository, certification data including a certification template for the type of document to be certified, and certification authority data representing the certification credentials of a certification authority; processing the received electronic document and the retrieved corresponding document certification data to generate corresponding certified document data representing a certified copy of the received electronic document; and transmitting the certified copy to the user.
Brief Description of the Drawings
Some embodiments of the present invention are hereafter described, by way of non- limiting example only, with reference to the accompanying drawings in which :
Figure 1 is a schematic diagram of an electronic document certification system in accordance with an embodiment of the present invention;
Figure 2 is a block diagram of a computer system used to implement the computing devices and/or the server devices of the occupant safety determination system in the described embodiments;
Figure 3 is a flow diagram of a process for the certification of an electronic document using the electronic document certification system;
Figure 4 is a schematic diagram of the acquisition of a user request for electronic document certification;
Figure 5 is a schematic diagram of the verification of a user by the electronic document certification system;
Figure 6 is a schematic diagram of the certification of a document by the electronic document certification system;
Figure 7 is a schematic diagram of the transmission of the certified document to a user by the electronic document certification system;
Figure 8a is an example of a certified driver's licence document produced by the electronic document certification system;
Figure 8b is an example of an authority verification seal for use within an embodiment of the electronic document certification system;
Figure 9 is an example of an application form for the certification of a document as performed by the electronic document certification system; and
Figure 10 is an example of a document acquisition application form in accordance with the electronic document certification system. Detailed Description General Overview
The described embodiments of the present invention include an electronic document certification system and process that generates an electronic certified copy of a primary document. A primary document is received by the system in electronic form. Data associated with the received primary document is processed by system application components configured to produce a representation of a certified copy of the document. Certification is performed based on data received from a certification authority, which is stored within the system components and processed to generate data representing an endorsement of the primary document. The generated data of the certified electronic document is further processed to secure the document contents against modification. The secured certified electronic document is transmitted to the user via an electronic service, such as email. A physical copy of the certified document is produced by the system, and is sent to the user. The electronic document certification system and process of the described invention provide advantages including :
1) Increased efficiency by eliminating the need for the authority to complete the certification by manually signing, sealing or stamping the document; and 2) Improved portability as resulting from the generation of an electronic document which allows the user to store certified document copies on a mobile computing device.
The electronic document certification system and process described herein is configurable to produce certified documents automatically, based on the certification credentials of an authority. Certification authorities include government officials or persons authorised by legislation to perform document certification, such as for example court clerks, solicitors, and notary publics. The nature of the certification authority can vary according to the jurisdiction in which the system is deployed. The system and process of the described embodiments are configured to produce certified copies of a variety of official documents under Australian law. However, the requirements for, and formalities of, achieving certification for a primary document can vary according to national law, and the skilled addressee will note that other embodiments of the system and process can be implemented to produce valid electronic certified documents for these jurisdictions. The described embodiments of the electronic document certification system and process are configured to certify official government and/or legal documents, including, but not limited to, driver's licences from any Australian state or territory, proof of identity cards, affirmations, affidavits, wills, oaths, state and commonwealth statutory declarations, birth certificates, death certificates, marriage certificates, police check certificates, proof-of-age certificates, apostilles and other authentication certificates, and certificates of enduring power of attorney. The skilled addressee will appreciate that other embodiments may be configured to perform certification of any arbitrary document given information related to its type and/or properties. For example, alternative embodiments may allow for the certification of academic records from an institution subject to the configuration of the system with details of the transcript document size and format. As shown in Figure 1, the electronic document certification system 100 includes a client device 106 and server devices 108 configured for use by a user 102 and an authority 104 respectively, which together operate to perform electronic document certification, as shown in Figure 2. The server devices 108 include an application device 110, a data repository 112 and an interaction device 105. The client 106 and application 110 devices are computing devices configured to execute client 107 and server 111 applications, respectively. The system 100 can additionally include production devices 114 for generating a physical copy of the produced electronic certified document, and transmission devices 115 for sending the physical certified document copy to the user 102.
Figure 3 refers to a block diagram of a computing device 300 configured in accordance with the described embodiments. Those skilled in the art will recognise that the following descriptions relate to the architecture and configuration of a computing device which can be used to implement the methods and techniques described herein. Other configurations may involve the implementation of the electronic document certification system in combination with other modules or devices.
The computing device 300 includes a central system bus 301, a removable storage media 302, a memory system 303, a processor 307, a communication system 308, a display interface 310, and an I/O device interface 312. The processor 307 can be any microprocessor which performs the execution of sequences of machine instructions, and can have architectures consisting of a single or multiple processing cores. The processor 307 issues control signals to other computing device 300 components via the system bus 301, and has direct access to at least some of the memory 303.
The memory 303 provides an internal system for the electrical storage of the machine instructions required to execute applications. The applications can include, but are not limited to, a web browser and an electronic document certification system server application. The memory 303 can include random access memory (RAM), non-volatile memory (such as ROM or EPROM), cache memory and registers for fast access by the processor 307, and high volume storage subsystems such as hard disk drives (HDD). Individual memory system components, such as the high volume storage subsystems, can include separate interfaces and/or buses to the main system bus in order to increase data transfer efficiency. A removable storage media 302 can be implemented in the form of flash drives or removable high volume storage devices.
A portion of the memory 303 can be non-volatile, and can contain a Basic Input/Output System (BIOS) which includes routines facilitating the communication of data and control signals between computing device 300 components. The memory 303 and removable media 302 store processor executable instructions for one or more programs and data, including an operating system 306, one or more application programs 305, and program data 304. The one or more application programs can include a client application operable by a user to perform processes described herein. Program data 304 can include data instructions and state information produced or used by the electronic document certification system application. More generally, application programs 305 can include methods, data structures or other software services that define data or perform functions. The program data 304, the individual instructions of an application program 305, and the operating system 306 can reside in portions of the memory 303, including the registers, cache, main memory, and high volume storage, or in the removable storage media 302. The skilled person in the art will appreciate that other embodiments of the memory 303 may allow for variation in the distribution of program data and instructions between the individual memory subsystems. The system bus 300 provides a means by which data can be exchanged between the components of the computing device 300. The system bus allows the processor 307 to issue control signals to other components, including memory 303, for the purpose of transferring data. The system bus 300 can be of varying structure, and can possess one or more sub-buses, such as a memory bus interconnecting the memory 303 components and/or a peripheral bus such as AGP or PCI.
The I/O device interface 312 provides a means by which the user can interact with the computing device 300, and its stored application programs 305, and data 304 using input devices 313 such as a mouse and keyboard. The user can additionally interact with the computing device 300 and its application programs 305 and data 304 using on-board input devices such as a touchpad or touch screen. The I/O device interface 312 also provides a means for the computing device 300 to instruct output peripherals 314, which can include printers, audio devices, and imaging devices.
The display interface 310 can include one or more dedicated graphics interfaces, which transmit graphics and video signals between the computing device 300 and display devices 311. The display devices 311 can consist of external displays, such as CRT, LCD, LED or plasma monitors or TVs, projection devices, or on-board displays.
The computing device 300 is operable in a networked environment via the connection of a communication system 308 to the components. The communication system 308 enables the logical connection of the computing device 300 to other networks or computing devices through a wireless or wired transmission media . Connections to networks or other computing devices are formed via wireless and/or physical interfaces 309. The computing device 300 can establish such connections through the use of specialised networking equipment, such as a router, or can connect directly to other communications networks or devices possessing similar interfaces 309. In a networked environment the programs 305 and data 304 of the computing device 300 can be stored, partially or fully, within the memory system of one or more remote devices.
The computing device 300 can exchange information with connected networks and other communications devices. Protocols such as the IEEE 702. xx family can be used for exchanging information wirelessly with, for example, a computer, portable device, printer, scanner, or any other device or location associated with a wireless identity. This includes devices connected over technologies such as WiFi, WiMax and Bluetooth, and in the form of either structured or ad-hoc communications. Receiving requests
The electronic document certification system 100 of the described embodiments is configured to accept requests to perform document certification 202 from a user 102 via client application 107. In the described embodiments, requests are Internet based, and are initiated by a standard web browser application 107 executing on a client device 106 and configured to load a web page hosted by the application device 110. The user 102 transmits a request via the browser 107 to the electronic document certification (EDC) application 111 executing on the application device 110. Transmission of data between the client 106 and application 110 devices occurs over a communications network 116, which can include local area networks, wide area networks or mobile networks. Communication between client 106 and application 110 devices is performed over a secure transport layer communications protocol such as HTTPS. Encryption is performed on the information transmitted by the user 102 to the application device 110, where this information can include: data representing the document, and an indication of the type of document, for which certification is requested; and identification documents transmitted by the user 102 to verify their identity, as discussed below.
With reference to Figure 4, document certification requests are received by the controller 412, which is configurable to process the requests and control the operation of the data repository 112, the verification module 414, and the certification module 416. Certification requests received by the controller 412 include data representing the primary document to be certified, and the details of the user 102 requesting the certification. In the described embodiments, the primary document can be in the form of a graphical image, such as a JPEG, PNG, TIFF or BMP document.
The primary document transmitted by a user 102 for certification can be an electronically scanned version of the corresponding physical document. In the described embodiments, certification of an electronically scanned document requires a minimum document resolution, such that the characteristic information can be accurately reproduced within the certified copy. The required minimum document resolution can vary depending on the document type. The skilled addressee will recognise that other embodiments of the system may support additional document formats, and that the concepts and principles described herein are easily extendible to these alternative embodiments.
The controller 412 is configured to process document certification requests received from the client application 107 via communication with a data repository 112. In the described embodiments the data repository 112 is organised as a single database and includes a Database Management System (DBMS) 402. The described embodiment of the system implements a MySQL DBMS, although the skilled addressee will recognise that other management systems, such as PostgreSQL , Microsoft SQL Server, Oracle, Sybase and IBM DB2, may be used in alternative embodiments. The database is configured to store data relating to the users 102 of the system 100 in the user table 404. User data includes the user's name, physical address, email address, other contact details (such as a phone number), and additional personal information such as date of birth. In other embodiments the user table 404 is configurable to store additional information about the user 102 such as the IP address used to access the system 100, hardware identifiers of the client device 106, and/or other tracking or referral information provided by the client application 107 during requests made to the system 100 by the user 102. Document certification requests received by the controller 412 are stored in the requests table 408. The requests table 408 records an identifier of the user initiating the request, an indication of the time at which the request was made, and other details specific to the request, such as payment details and document transmission arrangements.
Verification
The system 100 performs two types of verification in order to ensure the integrity of the electronic document certification process: i) verification of the identity of the user requesting the electronic certification of a document; and ii) verification of the primary document that is being certified. i) User identity
In the described embodiments of the described invention, electronic document certification requires verification of the user's identity. User identity verification 204 is performed automatically by the system 100 by the extraction of identity verification data from documents submitted electronically by the user 102, and the subsequent processing of this information.
The certification request involves the transmission of identification verification data from the client application 107 to the controller 412. Identification verification data includes: 1) user 102 details, such as the user's name and address, which collectively form an identity claim for the user 102; and 2) one or more verification documents, each containing identity information elements. The identity information elements within a verification document provide information about a particular attribute of the subject of the document. For example, the elements of a driver's licence include the first name, last name, address, date of birth, licence number and signature of the licenced person (i.e. the subject). A user 102 seeking verification will typically submit verification documents in which they are the subject, such that the identity information within each verification document corresponds to their claimed identity.
In the described embodiments, the user 102 can select the types of the documents transmitted for the purposes of identity verification. The types of identification documents that are available to the user 102 for identity verification include official government documents such as driver's licences, birth certificates, social services cards and passports. In alternative embodiments, the system 100 can be configured to accept other document types for the purpose of verification. In some embodiments, the system 100 is configured to accept any verification document that is interpretable to provide identity information of its subject. Verification document types can be assigned weightings reflecting the 'influence' of the document for verifying the identity of the user 102. The system 100 can be configured to require that a user 102 submit a combination of verification documents which collectively reach a certain weighting threshold (such as a total number of points). In alternative embodiments, limitations can be placed on the types of document accepted for the verification of a user 102 based on the type of the document for which certification is requested, and on any previous verification processes 204 performed by the system 100 with respect to the user 102.
The controller 412 transmits the identification verification data to the data repository 112 for storage in the verification table 406. The records of the verification table 406 store data related to the verification of the identity of a user 102, including the identity verification documents transmitted by the user 102 and the claimed identity of the user 102. The verification table 406 is also configured to store the outcome of verification processes conducted by the system 100 with respect to a particular user 102 based on the user's identity claim and their verification documents as submitted.
In the described embodiments of the invention, verification 204 of the identity of a user 102 is performed by the verification module 414. As shown in Figure 5, the analysis module 502 receives, from the controller 412, data representing the one or more verification documents supplied by the user 102 and an indication of the type of each of these documents. The analysis module 502 automatically interprets each verification document to produce an indication of the identity of the subject of the document. In the described embodiment, optical character recognition (OCR) is used to generate data representing information extracted from each identity element of a given verification document.
An application-oriented OCR method is employed in the presented invention such that identity data is extracted from a document based on the structure of, and the specific lexicon used within, the document, as inferred from its type. The OCR technique of the described embodiment performs an initial analysis of the verification document to determine the presence of any noise (such as blur), misalignment, and/or scaling issues. The analysis module 502 is configured to apply pre-processing methods, such as de-skewing, binarisation, filtering and/or normalisation, in order to alleviate problems detected during the initial analysis. This allows the system 100 to maximise the accuracy with which identity information can be extracted from the verification document. In some embodiments, the pre-processing stage can be configured to detect flaws in the verification document, such as partial or full occlusion of one or more identity elements. In cases where the existence of flaws renders the document unsuitable for verification purposes, the analysis module 502 indicates the invalidity of the document to the controller 412, which can subsequently transmit an informative error message to the user 102.
Line detection and segmentation is performed by the analysis module 502 to identify the existence of characters at pre-determined positions within the document corresponding to the identity information element locations. Character recognition is performed using a two-stage process of 1) feature extraction; and 2) classification. Feature extraction is performed by the calculation of a set of feature values for data within a region of the identity element locations, where the features include: aspect ratio, proportion of pixels above a horizontal half point or to the right of a vertical half point, number of strokes; and the average distance to the image centre. Character determination is performed by classification of the features via the use of character models. The k-nearest neighbours clustering technique is implemented in the described embodiments, such that the determined character is the one whose model centroid has minimal accumulated distance to the features extracted. The OCR process produces data representing a group of characters as recognised within the identity information element location. A post-processing stage is subsequently applied to translate the determined characters into a series of words. The accuracy of the word recognition process is improved by using a lexicon to constrain the output based on the document type, and the identity information expected to be contained within a given element. For example, when operating on the 'address' element of a driver's licence document the analysis module 502 can use a lexicon containing words commonly occurring within addresses, such as 'Street', 'Avenue' and 'Road', to influence recognition and/or to assist in the segmentation phase. The skilled addressee will appreciate that other methods for performing character detection and recognition in the context of OCR, such as matrix matching, can be easily implemented in the context of the system 100 to conduct the verification processes described herein above.
OCR is applied by the analysis module 502 to each identification information element of a verification document to produce textual data representing the recognised words. For example, if a user 102 supplies a scanned copy of a Victorian driver's licence as a verification document, the analysis module 502 extracts information for elements including the name, date of birth, address and gender of the subject of the licence. The OCR based analysis process is repeated for each verification document. An indication of identity for each verification document is determined from the extracted identification element information, and is stored in the determined ID buffer 506. The controller transmits data representing the claimed identity of the user 102 to the verification module 414 for storage in the claimed ID buffer 504. In the described embodiment the claimed identity includes the name and address of the user 102, as transmitted within the request data received from the client application 107. The comparison module 508 is configurable to produce a verification outcome by comparing the identity determined from each verification document to that of the claimed identity. Text-based matching is used in the described embodiments, where the textual representation of the user's claimed identity is tested for equality against the corresponding representation extracted from each verification document. The comparison process can be configured to allow minor differences in the text representations, such as the presence of additional whitespace or case mismatch within the characters. To produce a positive verification, the claimed identity representation must be equal to the representation extracted from each verification document. Otherwise, a negative verification outcome is produced. The verification outcome represents the validity of the user 102's claimed identity, and is stored in the verification result buffer 510 for subsequent transmission to the controller 412 and storage in the verification table 406 of repository 112. In the described embodiments, a negative outcome results in the rejection of the certification request by the controller 412. The system can be configured to send a request to the user 102 for additional verification documents in order to verify their identity in the situation where the certification request is rejected due to a negative verification outcome. The user 102 can respond by submitting one or more additional verification documents, which are processed by the system according to the verification processes described above to re-evaluate the verification outcome. Alternatively, the system can be configured to cancel the user's certification request if the verification outcome is negative. ii) Primary Document Representation
Electronic document certification requires verification of the primary document. The primary document verification process 205 allows the authority 104 to verify that the primary document submitted by the user 102 (i.e. the scanned document copy) accurately and truly represents the original primary document (i.e. the physical original of the document).
The system 100 allows the authority 104 to conduct primary document verification 205 using electronic video data. A real-time video transmission link is established between the client device 106 and the application device 110, through respective video cameras connected to each device, enabling a verification interaction to be performed between the authority 104 and the user 102. Specifically, this verification interaction serves to prove to the authority 104 that: i) the user 102 is currently in possession of the original primary document; and ii) this original primary document matches the electronic representation received by the system 100 within their certification request. For example, this can involve the user 102 demonstrating their possession of the original primary document to the authority 104, and presenting this document to the camera in a variety of configurations such that the authority 104 can verify its details, including the presence of any security or authentication features and/or markings (including optically variable features such as, for example, holographic imprints, diffraction gratings, and the like). As the verification occurs over video data exchanged in real-time, fraudulent certification requests based on document scans which do not match the true primary document can be detected by authority 104. Additionally, this allows the authority 104 to recognise situations where unauthorised document scans are used to obtain a certified electronic copy of a document, and to subsequently cancel the associated certification request.
Certification
The electronic document certification system 100 performs certification 206 of an electronic document via the certification module 416 of the EDC application 111. In the described embodiments, commencement of the certification process 206 requires verification of the user 102. The controller 412 retrieves and processes the verification outcome data for the user 102 from the verification table 406, and invokes the certification process 206 if the outcome is positive. The skilled addressee will note that in other embodiments of the electronic document certification system 100 user identity verification 204 may be optional such that document certification 206 may be performed directly following the receipt of a certification request 202.
As shown in Figure 6, the certification module 416 is configured to store the data of the document to be certified, and an indication of its type, in a document buffer 602. Certification is performed using : 1) document representation data, which replicates the primary document in the certified copy; and 2) endorsement data, which consists of description data and authority data.
Description data is interpretable to provide a description of the certification of the primary document by the certification authority. In the described embodiment the description data indicates the type of document certified, the details of the authority performing the certification, and legal information or disclaimers relevant to the certified document copy. An example textual description for the certification of a driver's licence document according to the described embodiment is as follows:
'To Whom it may concern: The undersigned Justice of the Peace No. of , been duly appointed authorize person and registered with the Department of
Justice and the Australian office of the Department of Foreign Affairs & Trade
(DFAT).
...
Hereby certify that this Australian Driving Licence of is a true copy of the original document that I have sighted. And also attesting to their existence and any alteration to this document will make invalidate or null and void. " The authority data is interpretable to provide a confirmation of the identity of the authority 104, and the intent of the authority 104 to certify the document. In the described embodiment the identity and intent of the authority 104 is represented by a signature, stamp and/or seal of the authority 104. The certificates table 410 of the data repository 112 is configured to store endorsement data specific to the authority 104. During certification the controller 412 retrieves from the data repository 112 the description of the certification, as appropriate for the given document type, and the signature, stamp or seal of the authority 104, and transmits this data to the certificate buffer 604. The construction module 606 accepts the primary document data and an indication of the primary document type from the document buffer 602, and the endorsement data from the certificate buffer 604 to generate the certified document data. In the described embodiments, the certified document data is in the form of a Portable Document Format (PDF) file, which is interpretable by PDF viewing software to produce a representation of the certified electronic document. The certified document PDF file is generated in accordance with PDF Reference 1.7. Within the PDF representation the certified document data is organised as a collection of string and stream objects. Strings are used to represent fixed length text-only data (such as the description data), while embedded stream objects are used to represent other blocks of data that can be of arbitrary size, such as fonts, page descriptions, security dictionaries, image data, and larger sections of text (such as the representation data). The certified document PDF contains additional data which conveys information about the document's structure, including the document size and the relative arrangement of the sub data components. Following completion of the certification process 206 the construction module 606 transfers the certified document representation data to the certified document buffer 610.
Figure 8a shows an example of a certified driver's licence document 800 in accordance with the described embodiments of the presented invention. The certified document 800 contents consists of regions of displayable text and/or graphical information corresponding to the primary document content 802, and the endorsement 804 which consists of the certification description 806 and the authority information 808. The authority information 808 includes the name 810 of the authority 104, and their signature 812 and/or seal 814. Figure 8b illustrates an example seal 814 for a registered Justice of the Peace in the State of Tasmania. The arrangement of the certified document contents can be configured by the authority 104 via the interaction device 105. The authority 104 can add additional regions of graphical and/or textual content to the certified document. For example, contact details of the authority 104 may be added to the header 810 for the purpose of allowing a reader of the document to contact the authority 104.
Security
The contents of the electronic certified document are secured 208 by the application of encryption techniques in order to provide protection against modification. The encryption module 612 receives the certified document data from the buffer 610 and produces corresponding data representing the encrypted version of the certified document. In the described embodiments, encryption is performed on the PDF file data of the certified document. Encryption is applied to all strings and stream objects in the PDF file, but not to the document's structural data which is typically expressed as a combination of integer and boolean values. Leaving these values unencrypted allows access to the objects within the document, while protecting the document's substantive contents against modification after certification by the authority 104 has occurred. Encryption-related information is stored in the form of encryption dictionary data, which includes: the preferred security handler for the document; an indication of the algorithm to be used in encrypting and decrypting the document; and the length of the encryption key to be used.
The encryption module 612 records the security handler used to perform the encryption process with the certified document PDF encryption dictionary. The security handler controls access to the contents of the encrypted document, and is invoked by applications when accessing the secured certified document PDF file. In the described embodiment a standard password-based PDF security handler is used allowing decryption of the document using a password. However, other embodiments may implement different security handlers designed to perform an encryption of the document which is not easily reversible.
The encryption module 612 performs encryption of the certified document PDF data using the symmetric key based Advanced Encryption Standard (AES) algorithm to produce the secured certified document copy. A 256 bit encryption key is utilised to perform the encryption. The length of the data when encrypted is rounded up to a multiple of the block size, which is fixed in the described implementation to 16 bytes. Strings and streams encrypted with AES use a padding scheme according to Internet RFC 2898. For an original message length of M bytes, the pad consists of 16 - (M mod 16) bytes whose value is also 16 - (M mod 16). For example, a 9-byte message has a pad of 7 bytes, each with the value 0x07. The pad can be unambiguously removed to determine the original message length when decrypting. Note that the pad is present when M is evenly divisible by 16; it contains 16 bytes of 0x10. The skilled addressee will appreciate that alternative embodiments may utilise other encryption algorithms, such as the RC4 symmetric stream cipher.
An encryption key is generated by the encryption module 612 to encrypt the certified document data. In one possible embodiment of the system a fixed 'master' encryption key is used to produce the secured certified document independent of the primary document type, and of the details of the user 102 and/or authority 104. The encryption master key can be a 'password', as chosen by the user 102 or the authority 104. In alternative embodiments, a unique encryption key is generated for each secured certified document by augmenting a base encryption key with information specific to the certification request, and/or the details of the user 102 or the authority 104. This allows for the protection of the contents of the certified document in the case that the base encryption key is exposed. Document encryption keys are combined with a salt value, and the encryption and decryption processes are performed using the MD5 hash of the resultant key. The encryption key is stored within the certificates table 410 of the data repository 112 by the controller 412, as received from the encryption module 612 during the content securing process 208.
The encryption process 208 digitally signs the certified electronic document for the purpose of: authenticating the authority 104; verifying the integrity of the certification endorsement; and confirming the intent of the authority 104 to certify the document (i.e. providing non-repudiation of the certification endorsement). Alternative embodiments of the invention may implement other digital signing or sealing methods, such as the inclusion of signature and/or seal objects which are encrypted using a different algorithm to that used to secure the document representation data.
The encryption module 612 stores the document access permission data within the encryption dictionary of the certified document, where this permission data reflects the various operations which are allowed to be performed on the document. The permission data is in the form of flags, and dictates a user's ability to: modify the document's contents; copy or extract text and graphics from the document; add or modify text annotations; and print the document. In the described embodiments, the encryption module 612 is configured to set default access permissions which prevent any modification, copying, extraction and/or annotation of the certified document. Printing of the document is enabled by the default access permissions. The skilled addressee will recognise that other embodiments of the system 100 may allow additional configurability of the access permissions applied to the secured certified documents. For example, different sets of access permissions can be defined by the authority 104 which allow combinations of the above described operations to be performed on the contents of the secured certified document. The level of access permission applied to the document can be determined based on the document type, or on the degree of security desired by the user requesting certification. Following the encryption based content securing process 208, the data representing the secured certified document is transferred from the certified document buffer 610 to the controller 412. The controller 412 transmits secured certified document data to the data repository 112 for storage in the request table 408. Transmission
The electronic document certification system 100 of the described embodiment is configured to send 210 the generated secured certified document to the user 102, as shown in Figure 7. The EDC application 111 includes an electronic transmission service 701 configured to transmit data representing the secured certified document over a communications network 116, and to the user 102 via the client application 107. In the described embodiments, the electronic secured certified document is transmitted to the email address of the user 102 for retrieval by the client application 107 via an email service, and subsequent transmission to the user 102.
The electronic transmission service 701 receives, from the controller 412, data representing the electronic secured certified document copy and the details of the user 102, including a the user 102 email address. In the described embodiments, the electronic transmission service 701 is configured to automatically transmit the secured certified document PDF to the user 102 via the extended Simple Mail Transfer Protocol (SMTP), as defined by RFC 5321. In alternative embodiments, other means of may be employed to transmit the document, such as FTP or peer-to-peer connections. Alternatively, the user 102 may be provided with passive access to the generated secured certified electronic document.
The process and system 100 of the described embodiments are configured to send a physical copy of the secured certified document to the user 102 via a physical transmission service 702. The physical transmission service 702 facilitates the generation of a physical copy of the secured certified document from the electronic copy stored within the data repository 112. The physical transmission service 702 is configured to communicate with production devices 114, which can include one or more printers 704 and one or more fax machines 706, to issue instructions for the production of the physical document copy. The physical transmission service 702 additionally communicates with one or more transmission devices 115 to organise the transmission of the produced physical document to the user 102. Transmission devices 115 of the described embodiment can include packing and transportation devices operable to automatically package the produced physical document within a container such as a parcel or envelope, and to facilitate physical transmission of the produced document to the user 102. For example, the physical transmission service 702 can receive, from the controller 412, the electronic secured certified document and an indication of the document type. The physical transmission service 702 can subsequently direct a printer 704 to print a physical copy of the certified document, using the print settings, such as paper type, dimensions, and orientation, appropriate for the its type. The physical certified document copy produced may then be packaged into an envelope and loaded onto a vehicle by the transmission devices 115. The user 102 can select a specific type of delivery method during their request for certification of the document. For example, a user 102 can indicate that physical transmission of the certified document should be performed via a standard postal service, or by an express courier depending on their preference. The options available to a user 102 are configurable by the authority 104, and can vary based on factors including the document type, the availability of external services, and/or the address of the user 102. Requesting Certification of a document (ill)
The system 100 of the described embodiments is configured to accept document certification requests from user 102 via web page elements rendered by the client browser application 107. The browser 107 is configured to display an application form UI pane when the user selects the document certification service. In one embodiment, the system 100 is configured to allow a user 102 to complete the application form electronically by entering information into the fields on the UI pane. Figure 9 shows an example electronic application form UI pane 900 by which the user 102 can request certification of a document. The application form pane 900 includes an application details pane 902 which contains fields for the details of the user 102, such as their title 904, first name 906, surname 908, date of birth 910, phone number 912, and address 914. A confirmation field 916 is also presented to the user 102 in order for the system 100 to obtain confirmation that the authority 104 may act to perform the requested document certification. In the described embodiment the confirmation field 916 contains a text field by which the user 102 can enter their name to confirm that they authorise authority 104 to perform the certification, and/or agree with the associated terms and conditions of the certification service. In other embodiments, authority to act can be obtained from the user 102 by means of interactive elements (such as a checkbox or confirmation button), or by allowing the user 102 to upload a digital copy of their signature. The pane 900 contains a document selection element 918 configured to allow the user 102 to upload electronic document files to the system 100. The electronic files which the user 102 is required to upload include an electronic version of the primary document for which certification is to be performed. In the described embodiment the selection element 918 contains an element 920, such as a button, operable to open a file selection dialog through which the user 102 can select the electronic primary document file.
The pane 900 contains a verification element 922 configured to allow the user to verify their identity with the system 100. In the described embodiments, a plurality of identification verification document files can be uploaded by the user 102 using a combination of list element and selection button pairs 924, through which the user 102 can choose the document type and select the file, respectively. The described system 100 supports the upload of identification verification documents in a variety of electronic file types, including, but not limited to, image files such as JPEG, BMP, GIF, and PNG, and other document formats such as PDF and DOCX. However, the skilled addressee will note that other embodiments may allow the user 102 to select verification documents which are not in image data format. In these embodiments the verification module 414 may execute conversion routines to produce the image data required for the verification and/or certification process described herein above.
The application form pane 900 of the described embodiments contains a delivery details element 926 configured to allow the user 102 to select a method for the transmission of the physical copy of the produced certified document. Example delivery options include standard post, express post and direct courier. Other embodiments of the system 100 may be configured to provide additional delivery options, and/or to vary the delivery options available to a given user 102 based on their supplied address. The delivery element 926 provides an indication of the estimated delivery date of the certified document, and the cost of delivery for the selected delivery option.
The user 102 is presented with a payment details pane 928 by the application UI pane 900 enabling the selection of a method for payment of the document certification service. The payment details pane 928 includes a list element configured to present selectable payment options to the user 102, and payment entry fields through which the user 102 can provide information required to effect a payment for the selected payment option. An indication of the total cost of the document certification service is also provided to the user 102. The user 102 can complete the document certification request by submitting the application form via the 'Submit' button 930.
In an alternative embodiment of the system 100, the document certification request can be performed using a physical application form. The application UI pane 900 provides a button allowing the user 102 to obtain a copy of an application form PDF document which can be printed and completed manually by the user 102. Upon receiving a completed physical application form, the authority 104 can submit a request for document certification on behalf of the user 102 using the electronic application form 900 (as described above), as rendered on a browser application executing on the interaction device 105. Acquisition of Official Documents
In alternative embodiments, the system 100 is configured to acquire one or more official government documents on behalf of a user. The user 102 can place an order for an official Australian Government document, such as a Birth Certificate or Marriage Certificate, via a document order form UI pane rendered by the browser application 107. Figure 10 shows an example birth certificate document order form pane 1000 which includes an applicant details pane 1002 which contains fields for the details of the user 102, such as their title 1004, first name 1006, surname 1008, date of birth 1010, phone number 1012, and street address 1014. The document order pane 1000 contains an order details pane 1016 which includes fields enabling the user 102 to specify the information required to obtain the official document requested . For example, within an order form for a birth certificate the order details pane 1016 can contain fields for the official legal name of the subject 1018, the name of the subject's mother 1020, the birth place 1022 and the birth date 1024. The document order pane 1000 contains an authorisation pane 1026 which provides a disclosure of the terms and conditions under which the authority 104 may act on behalf of the user 102 to apply for, and take delivery of, the requested official government document. The user 102 is required to provide an indication 1028 of the acceptance of these terms in order for the document acquisition request to be accepted by the system 100. The indication 1028 can be in the form of the user's uploaded signature, or other interactive elements (such as a checkbox or confirmation button).
The pane 1000 contains a verification element 1030 configured to allow the user to verify their identity for the purpose of requesting an official document. In the described embodiments, a plurality of identification verification document files can be uploaded by the user 102 using a combination of list element and selection button pairs 1032. In some embodiments, the user 102 can choose the types of the verification documents to establish their identity with the system 100. In alternative embodiments, the system 100 requires documents of specific types to be uploaded by the user 102, where the verification document types required are dependent on the official document requested. The verification document files selectable by the user 102 are image files as described above. The birth certificate document order form pane 1000 of the described embodiments contains a delivery details element 1034 configured to allow the user 102 to select a method for the transmission of the physical copy of the acquired document and the produced physical certified document copy. Example delivery options include standard post, express post and direct courier. Other embodiments of the system 100 may be configured to provide additional delivery options, and/or to vary the delivery options available to a given user 102 based on their supplied address. An indication of the estimated cost of delivery for the selected delivery option is presented to the user 102 within element 1034. The user 102 is presented with a payment details pane 1036 by the document order UI pane 1000 enabling the selection of a method for payment of the document ordering service. The payment options offered by the system 100 for document acquisition are identical to those available for certification requests, as described above. The user 102 can complete the document acquisition request by submitting the application form via the 'Submit' button 1038.
The document acquisition process of the system 100 allows the authority 104 to obtain a physical copy of an official government document on behalf of, and as requested by, the user 102. The user 102 completes a document request form for the official government document which they wish to obtain, including an "authorisation to act" form that authorises the authority 104 to apply for the official document on behalf of the user 102, and lodges this form with the system 100 according to the processes described above. The system 100 generates an official government request for the specific document requested by the user 102, based on the user 102's identity information, and forwards the official request and the authorisation to act form to the appropriate government office.
Following the acquisition of the document, a scanning process is applied to the acquired physical document to produce a high resolution electronic primary document copy. The electronic document certification process 200 is applied to this electronic primary document to produce secured electronic and physical certified document copies, as described herein above. The produced electronic and physical certified documents and the acquired original document are transmitted to the user 102. In the above description, suffixes "module" and "unit" are given to components of the described system in consideration of only facilitation of description and do not have meanings or functions discriminated from each other.
Many modifications will be apparent to those skilled in the art without departing from the scope of the present invention.
Throughout this specification, unless the context requires otherwise, the word "comprise", and variations such as "comprises" and "comprising", will be understood to imply the inclusion of a stated integer or step or group of integers or steps but not the exclusion of any other integer or step or group of integers or steps.
The reference to any prior art in this specification is not, and should not be taken as, an acknowledgment or any form of suggestion that the prior art forms part of the common general knowledge in Australia.

Claims

Claims
1. An electronic document certification system including :
at least one certification data repository storing document certification templates for respective different types of documents to be certified, and certification authority data representing the certification credentials of a certification authority;
a server configured to receive an electronic document and user identification data from client devices of requesting users via a communications network, the electronic document being an official document relating to specific persons identified in the electronic document;
a processor configured to process the received electronic document to determine a corresponding document type and a corresponding specific person identified in the electronic document, and to process the corresponding user identification data to determine whether it identifies the specific person identified in the electronic document, and only if the assessment outcome is positive, to access the certification data repository to retrieve one of the stored document certification templates corresponding to the determined document type, and to process the received electronic document and the retrieved corresponding document certification template to generate corresponding certified document data representing a certified copy of the received electronic document.
2. The electronic document certification system of claim 1, wherein the user identification data includes data representing one or more verification documents, with each verification document containing identity information for a subject of the document.
3. The electronic document certification system of claim 2, wherein processing the user identification data involves performing optical character recognition on each of the one or more identity verification documents.
4. The electronic document certification system of any one of claims 1 to 3, wherein the certified document data includes:
a representation of the received electronic document; and
description data representing a description of the certification of the electronic document by the certification authority in accordance with the associated document certification template; and certification authority data representing the certification credentials of the authority certifying the document.
5. The electronic document certification system of any one of claims 1 to 4, including :
one or more production devices configured to:
receive certified document data generated by the application device; and
produce a physical copy of the certified document; and
one or more transmission devices configured to transmit the produced physical copy of the certified document to the user.
An electronic document certification process, including :
receiving, from a user, an electronic document and user identification data, the electronic document being an official document relating to specific persons identified in the electronic document;
processing the received electronic document to determine a corresponding document type and a corresponding specific person identified in the electronic document;
retrieving, from a certification data repository, certification data including a certification template for the type of document to be certified, and certification authority data representing the certification credentials of a certification authority;
processing the received electronic document and the retrieved corresponding document certification data to generate corresponding certified document data representing a certified copy of the received electronic document; and
transmitting the certified copy to the user.
7. The electronic document certification process of claim 6, including processing the user identification data to produce an assessment outcome which determines whether said user identification data identifies the specific person identified in the electronic document, and
where the retrieving of the certification data, and the generation of certified document data are performed only if the assessment outcome is positive.
8. The electronic document certification process of claim 7, wherein the user identification data includes data representing one or more verification documents, and where the processing of the user identification data involves performing optical character recognition on each of the one or more identity verification documents.
9. The electronic document certification process of any one of claims 6 to 8, wherein the certified document data includes:
a representation of the received electronic document; and description data representing a description of the certification of the electronic document by the certification authority in accordance with the associated document certification template; and
certification authority data representing the certification credentials of the authority certifying the document.
10. The electronic document certification process of any one of claims 6 to 9, including :
receiving, by one or more production devices, the certified document data;
processing the received certified document data to produce a physical copy of the certified document; and
transmitting the produced physical copy of the certified document to the user.
11. The electronic document certification process of any one of claims 6 to 10, including applying encryption to the generated certified document data, said encryption securing the contents of the certified document against modification.
12. The electronic document certification process of claim 11, wherein the certified document is encrypted using Advanced Encryption Standard (AES).
PCT/AU2016/050937 2015-10-06 2016-10-06 Electronic document certification WO2017059489A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2018100581A AU2018100581A4 (en) 2015-10-06 2018-05-07 Electronic document certification

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2015904046 2015-10-06
AU2015904046A AU2015904046A0 (en) 2015-10-06 Electronic document certification

Related Child Applications (1)

Application Number Title Priority Date Filing Date
AU2018100581A Division AU2018100581A4 (en) 2015-10-06 2018-05-07 Electronic document certification

Publications (1)

Publication Number Publication Date
WO2017059489A1 true WO2017059489A1 (en) 2017-04-13

Family

ID=58487148

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2016/050937 WO2017059489A1 (en) 2015-10-06 2016-10-06 Electronic document certification

Country Status (1)

Country Link
WO (1) WO2017059489A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11863615B2 (en) 2022-03-18 2024-01-02 T-Mobile Usa, Inc. Content management systems providing zero recovery time objective

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060161781A1 (en) * 2005-01-18 2006-07-20 Robert Rice Automated notary acknowledgement
WO2010143001A1 (en) * 2009-06-12 2010-12-16 Provenance Information Assurance Ltd Electronic document verification system and method
US20110010757A1 (en) * 2008-02-04 2011-01-13 Tharakan Web Innovations Pvt. Ltd. Electronically implemented method and system for authentication and sharing of documents via a communication network
US8540158B2 (en) * 2007-12-12 2013-09-24 Yiwu Lei Document verification using dynamic document identification framework
US20140372766A1 (en) * 2013-06-14 2014-12-18 Pitney Bowes Inc. Automated document notarization

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060161781A1 (en) * 2005-01-18 2006-07-20 Robert Rice Automated notary acknowledgement
US8540158B2 (en) * 2007-12-12 2013-09-24 Yiwu Lei Document verification using dynamic document identification framework
US20110010757A1 (en) * 2008-02-04 2011-01-13 Tharakan Web Innovations Pvt. Ltd. Electronically implemented method and system for authentication and sharing of documents via a communication network
WO2010143001A1 (en) * 2009-06-12 2010-12-16 Provenance Information Assurance Ltd Electronic document verification system and method
US20140372766A1 (en) * 2013-06-14 2014-12-18 Pitney Bowes Inc. Automated document notarization

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11863615B2 (en) 2022-03-18 2024-01-02 T-Mobile Usa, Inc. Content management systems providing zero recovery time objective

Similar Documents

Publication Publication Date Title
US10210343B2 (en) Systems and methods for sharing verified identity documents
US20210192166A1 (en) Transferring data files using a series of visual codes
US10402784B2 (en) Dynamic notary system
US11470074B2 (en) Systems and methods for electronically sharing private documents using pointers
EP2924604B1 (en) Electronic biometric (dynamic) signature references enrollment method
US20170300681A1 (en) System and method for user enrollment in a secure biometric verification system
US7894634B2 (en) Generation and authentication of digitized biometric data for conducting a transaction
US20060263134A1 (en) Method for managing transaction document and system therefor
EP2767947A1 (en) Integrated authentication system using electronic contract
US10814661B2 (en) Method and system for verifying authenticity of a document
AU2018100581A4 (en) Electronic document certification
WO2017059489A1 (en) Electronic document certification
CN109547468A (en) First battalion's data electronic transmission method and system
WO2020071939A1 (en) Method and system for confidential paperless presentation of documents
US20220129569A1 (en) Method and system for verifying authenticity of a document
US11764970B2 (en) Method of verifying partial data based on collective certificate
US20220164480A1 (en) System for generating a digital handwritten signature using a mobile device
US20230362013A1 (en) Systems and methods for token authentication
VS et al. Optimization of digitalized document verification using e-governance service delivery platform (e-SDP)
CN113128644A (en) Electronic device with unique ticket and information processing method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16852899

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16852899

Country of ref document: EP

Kind code of ref document: A1