WO2020071939A1 - Procédé et système de présentation sécurisée et sans papier de documents - Google Patents
Procédé et système de présentation sécurisée et sans papier de documentsInfo
- Publication number
- WO2020071939A1 WO2020071939A1 PCT/RU2018/000649 RU2018000649W WO2020071939A1 WO 2020071939 A1 WO2020071939 A1 WO 2020071939A1 RU 2018000649 W RU2018000649 W RU 2018000649W WO 2020071939 A1 WO2020071939 A1 WO 2020071939A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- document
- documents
- module
- copy
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Definitions
- the present solution relates, in general, to the field of digital information processing, and in particular, to a method and system for trusted paperless presentation of documents.
- the DigiLocker solution is based on a digital platform that allows you to store digital copies of documents in a user profile that is associated with a unique identifier, in particular, with an Indian citizen's state number (Aadhaaar ID).
- the main drawback of this solution is the lack of the use of additional means of certifying the authenticity and immutability of documents, digital copies of which can be associated with the user profile, in particular, the use of biometric authentication of the bearer of documents and the use of electronic signatures of copies of documents.
- the known solution is limited in functionality upon request and providing a copy of the document, because it only allows you to create a link to the cloud storage containing a copy of the document, which can be transferred to the corresponding device via a hyperlink.
- the technical problem or technical problem to be solved is to provide a platform for the trusted presentation of digital copies of user documents with confirmation of their immutability and authenticity.
- the technical result achieved in solving the above problem is to provide trusted secure presentation of digital copies of user documents, with confirmation of their invariability and authenticity.
- an additional effect of the application of the claimed solution is to increase the security of the process of presenting documents by the user through the use of biometric identification of the document bearer and the use of cryptographic protection for copies of documents stored in a cloud platform.
- the claimed solution is implemented using a system for trusted paperless presentation of documents containing at least one processor associated with
- a registration and authentication module which is configured to
- biometric authentication and identification a module of biometric authentication and identification, which is configured to receive biometric user data and their
- a document storage module which is designed to store and manage added digital copies of user documents
- a document presentation module which is designed to provide added digital copies of documents to the recipient and configure access policies for providing the said documents to the recipient;
- a document request module which is intended to receive at least one signed copy of a user’s digital document stored in the document storage module, from the document presentation module.
- user registration is performed using at least one identifier selected from groups: SNILS, phone number, email address, passport number / series, TIN, medical policy number, unique identifier (UID).
- SNILS phone number
- email address email address
- passport number / series passport number / series
- TIN passport number
- UID unique identifier
- the message contains a confirmation code or a hyperlink to an authentication resource.
- an authentication module is additionally assigned for each registered user.
- the document storage module is a cloud storage.
- documents are generated by digital copies of documents on the basis of documents uploaded by users to the system of documents and / or by requesting copies of documents from the relevant authorities - publishers of documents.
- the document presentation module generates a QR code containing a link to at least one user document contained in the storage module.
- the electronic document signing module further checks the validity of the electronic signature (ES) for each copy of the document.
- a copy of the document may comprise a group signature.
- the signing of copies of UKEP documents is carried out using a cloud platform.
- the claimed solution is also implemented using the method of providing a certified digital copy of a user’s document, during the implementation of which: - create a user profile in the cloud-based system of trusted document management (OSDD) that contains at least the UID of the user and his biometric sample containing at least an image of the user's face;
- OSDD trusted document management
- an information package is generated containing an electronic link to at least one copy of the document and the user ID associated with his profile in the OSDD;
- the recipient’s device processes the documents in accordance with the established access policy.
- the OSDD provides access to a copy of the document in the event of verification of an additional electronic signature.
- the information packet is a QR code.
- the user's biometric sample further includes at least one of: a fingerprint, retinal image, iris image, palm vein image, brush geometry image or voice sample.
- the claimed solution is also implemented using the method of providing a certified digital copy of a user document, the implementation of which:
- SACS trusted document management
- a first request for a copy of the user’s document comprising obtaining an image of the user's face and an additional biometric sample corresponding to the second biometric sample stored in the user’s profile in the OSD;
- an additional biometric user sample includes at least one of: a fingerprint, an image of the retina, an image of the iris, an image of the veins of the palm, an image of the geometry of the brush, or a voice sample.
- FIG. 1 illustrates the architecture of a trusted workflow system.
- FIG. 2 illustrates an example of user interaction with a workflow system.
- FIG. 3 illustrates an example interaction diagram when providing a digital copy of a document using a user device.
- FIG. 4 - FIG. 5 illustrates the process of providing a digital copy of a document using a user device.
- FIG. 6 illustrates an example interaction scheme when requesting a digital copy of a document using a recipient device.
- FIG. 7 - FIG. 8 illustrates the process of requesting a digital copy of a document using a recipient device.
- FIG. 9 illustrates an example computing device.
- the claimed solution allows you to store and use digital copies of user documents using the cloud-based system of trusted electronic document management (OSDD) for further submission to the necessary authorities and / or officials.
- Such documents may include: passport, driver’s license, insurance policy, medical policy, SNILS, vehicle certificate, technical equipment passport, etc.
- FIG. 1 shows the general structure of the OSDD (100).
- the user (20) using the authentication and registration module (101), creates his profile in the system (100).
- User (20) provides data for registration in the system, for example, a unique citizen identifier, which can be a single citizen identifier (EIG), full name, date of birth, identification document, mobile phone number, biometric samples, SNILS number, email address, passport number / series, TIN, medical policy number, etc.
- EIG single citizen identifier
- the module (101) is designed to register a new user of the system and subsequent authentication of the user.
- Basic authentication is required to use the features of the biometric authentication module and identification (102), a document presentation module (104), a document storage module (105).
- Module (101) sends the documents provided for registration by user (20) for verification in external systems, for example, module (101) can interact with the “unified register of unique identifiers of citizens of the Russian Federation” to verify the correctness of the entered identifier, with the registry of correspondence of mobile phone numbers and a unique user identifier, with a system for sending SMS messages, with an internal database of the system, etc.
- the user (20) also provides biometric samples for subsequent authentication upon presentation of digital copies of documents.
- a mandatory requirement is to provide an image of the user's face (20), which will be the main criterion for its authentication.
- biometric samples such as: fingerprint, voice recording, image of the retina, image of the iris, drawing of the veins of the palm, geometry of the hand, etc. can be associated with the user profile (20).
- System (100) asks user (20) for a unique identifier, an example of which was indicated above.
- the system (100) additionally requests the user's mobile phone number (20).
- the system (100) can additionally request the user's mobile phone number (20) or automatically download the user's mobile phone number, if this number (SIM card) is associated with a unique user ID in an accessible adjacent system;
- the system (100) offers to select one specific one that will be linked in the system (100) to the user profile. Having received a unique identifier and / or a user's mobile phone number (an email address can be additionally used), the system (100), using the module (101), sends an SMS message with a confirmation code to the specified mobile phone number, which must be entered by the user (20) in system (100). Having received the correct confirmation code, system (100) registers a new user (20), adding an entry of the form “unique user identifier and / or user’s mobile phone number” to its own database, which stores information about user profiles (20). Also, the user profile may contain other additional information, for example, one or multiple email addresses, identifying information, biometric data, etc.
- the system (100) allows the user (20) to select options for subsequent authentication, for example, using biometric input (fingerprint scanner, retina scanner / iris, etc.) using a mobile device (smartphone, tablet) authentication by RIN code, two-factor authentication using a username / password combination and code confirmation from an SMS message or application to generate one-time access codes, etc.
- biometric input fingerprint scanner, retina scanner / iris, etc.
- mobile device smarttphone, tablet
- two-factor authentication using a username / password combination
- code confirmation from an SMS message or application to generate one-time access codes, etc.
- system (100) uses the unique user identifier obtained earlier and the secret phrase, which is proposed to invent and remember the user at this stage, as a login. Additionally, a biometric sample of the user's voice with the pronunciation of the secret phrase can be used. After that, the system (100) adds salt to the hash of the passphrase and generates a new hash from the received string, which it adds to the user record (20) in its own database.
- Authentication of the registered user (20) in the system (100) is as follows.
- a registered user (20) logs into the system (100)
- he is invited to use one of the authentication methods: by fingerprint, RIN code, login + password and confirmation code from the message or other authentication type selected by the user during registration .
- the user enters a secret phrase, coined earlier and his UID.
- System (100) with the help of module (101) verifies the entered data with those stored in its own database, and in case of complete coincidence sends to the mobile phone number of the user (20), which receives SMS from the user record in its own database message with confirmation code.
- the user (20) enters a confirmation code from the SMS message, and if the data matches, authentication is considered successful.
- the system (100) gives the user (20) the rights to use the functions of the following modules: biometric authentication and identification (102), presentation of the document (104), storage of the document (105).
- the biometric authentication and registration module (102) is designed to further authenticate the user (20) and provide the user (20) based on this authentication with specialized rights. Also, module (102) is intended to identify the user (20) in the process of presenting a digital copy of a document using the system (100).
- the input to module (102) are: user input and contextual information obtained from adjacent systems.
- Module (102) interacts with a biometric authentication center (108) to implement biometric verification algorithms, with an internal database of the system, with a document request module (107) for collecting a biometric sample, an electronic document signing module (106), and a document adding module (103) .
- the center of biometric authentication (108) can be a separate special body that allows all users (20) to provide biometric samples in person and produces an identity card of the applicant (20). In this case, a correspondence is created between the biometric samples of the user and the information that identifies him, in particular, the passport number or a unique user identifier, mobile phone number, full name, date of birth, and any other information that allows simplifying user identification (20).
- the center of biometric authentication (108) can also be any adjacent system that provides an open interface for biometric authentication and identification, having a user profile (20) containing identifying information and complying with the legislation of the Russian Federation.
- the biometric authentication module (102) verifies the rights of the user (20) in the system (100).
- rights can be, for example, an ordinary user, the recipient of a copy of a document (the application can receive and verify documents), the publisher (can add a document to the user's repository that issues it - for example, an insurance policy can be automatically added by the insurance company as a publisher in the user’s repository), trusted user (the functionality of biometric registration of new users is available).
- recipients generally get access to the document request module (107) and additionally they are assigned a role according to which they can request documents (for example, the role is DPS, only a driver’s license, STS, PTS and CTP insurance policy can be requested; Federal Tax Service - copies of TIN, passport, etc.).
- the role is DPS, only a driver’s license, STS, PTS and CTP insurance policy can be requested; Federal Tax Service - copies of TIN, passport, etc.
- Authentication of the registered user (20) using the module (102) is as follows.
- System (100) asks user (20) provide a biometric sample - the image of the face that the user (20) receives using the camera of a mobile device, or records a video transmitted to the system (100).
- System (100) receives an image from a user device or selects a frame from a received video.
- the system (100) receives, from the registration and authentication module (101), contextual information about the user (20) who is currently authenticated in the application, in particular, a unique identifier and mobile phone number.
- the received information is sent to the adjacent biometric authentication center (108), where the received biometric sample of the user (20) is verified with the sample stored in the center (108).
- an additional search can be performed by the user ID and mobile phone number. If the biometric samples, the user ID of the user (20) and the mobile phone number match correctly, the system (100) sends an SMS message with a confirmation code to the mobile phone number, which must be entered by the user (20) in the system (100). If the confirmation code is successfully entered, user (20) is considered authenticated.
- the system (100) receives user context data from the adjacent biometric authentication center (108): full name, date of birth, and other information that makes it possible to simplify user identification (20) in the future. This information is stored in system (100) and cannot be changed by the user (20).
- the system (100) Upon successful authentication, the system (100) receives the user role from the center (108) and, on its basis, provides the user (20) with access to the functionality of the system (100). Biometric identification is available to users (20) with the rights of the “recipient” and is necessary for identification of the person presenting the document.
- the identification is as follows.
- the recipient of a digital copy of the document takes a photo of the user (20) using his own mobile device.
- the system (100) sends the photo to the biometric authentication center (108), where the photo is analyzed for similarity with the user's image (20).
- the system (100) provides a report on the degree of similarity of the user's image (20) with the data stored in the center (108) for registered users (20).
- the system (100) can send some contextual data to the biometric authentication center (108) to speed up the search correspondence, for example, of various types of metadata.
- Such data can be previously transferred by the user to the recipient using the technology of encoding information into a QR code or NFC. If the necessary threshold of “similarity” is exceeded, user (20) is considered identified, and the recipient can compare the documents presented by the user with registered trusted users.
- the document adding module (103) is designed to add digital copies of user documents (20) to the system (100) that are stored in the system (100).
- Self-adding a document to the repository can be either trusted or not.
- the trusted addition of a digital copy of the document implies the ability to present the document to the recipient by analogy with a regular paper document.
- Documents added independently undergo a classification procedure for automatically adding to the correct cell in the storage of the document storage module (105).
- Self-adding a copy of the document by the user is as follows.
- User (20) performs biometric authentication through module (102).
- the user (20) uploads to the system (100) a photo or a scan copy of the document that he wants to add, while the user (20) independently indicates the type of document, for example, passport, insurance policy, etc.
- System (100) checks the file for the presence of a user's personal digital signature. If the document contains a user's personal digital signature, then its characteristics are verified with a user certificate, which is preloaded from the biometric authentication center (108). If the certificates match, then a check is made for the presence of additional signatures in the file. If the certificates do not match, then the system (100) refuses the user to add the document.
- system (100) divides them into the following categories: someone else's personal EDS, system EDS, trusted Publisher EDS.
- the system (100) checks the type of the added document using an automatic document classifier. If the type of document does not match the one indicated earlier, then the system (100) refuses to add the document. If the type of the document matches the one indicated earlier, then the system (100) checks the necessity and possibility of having several personal digital signatures for this document using the internal directory. If the document implies a group digital signature, then a check is made for the presence of additional signatures in the file. If the document does not imply a group EDS, then the system (100) refuses to add the document.
- system (100) verifies the authenticity of the EDS. If the result is negative, system (100) refuses to add the document. In the case of a positive test result, system (100) checks for a system EDS. If a system EDS is present, the document is added to the storage module (105) associated with the user profile (20). If there is no system EDS, then the system (100) clarifies with the user (20) about the need to add someone else's personal EDS to a copy of the document. If the answer is yes, then the system (100) automatically classifies the document and compares the possibility and necessity of several personal digital signatures on the document using the internal directory.
- the system (100) provides the user (20) the opportunity to provide access to the document to other users. After the document is signed by all interested users, the system (100) automatically puts down a system EDS, which changes the technical characteristics of the document to “not editable” and adds the document to the repository associated with the user profile.
- the system (100) refuses to add the document. If a system EDS is detected without a personal EDS, the system (100) also refuses to add a document. If there is no EDS on the document, system (100) prompts the user to add a personal EDS. In the case of a positive response from the user (20), the system (100) transmits the document to the external system of the cloud EDS (module 106), where the personal EDS is affixed user (20). Next, the system (100) clarifies with the user (20) about the need to add other people's personal digital signatures to a copy of the document.
- the system (100) automatically classifies the document and compares the possibility and necessity of several personal digital signatures on the document using the internal directory. If the document implies a group signature, then the system (100) gives the user (20) the opportunity to provide access to another user, otherwise the system (100) does not allow this.
- system (100) After the document is signed by all interested users, the system (100) automatically puts down a system EDS, which changes the technical characteristics of the document to “not editable” and adds the document to the user's repository associated with its profile. If the answer about personal EDS is negative, then system (100) adds the document to the user's repository but at the same time this document is not recognized as trusted.
- system EDS system EDS
- the document storage module (105) is designed to store and manage the added digital copies of user documents (20). Module (105) provides functionality for manipulating these documents, in particular, deleting, renaming, creating cells for storing classified documents, etc. Module (105) may be cloud storage.
- Adding a copy of a document using a document creation request is as follows.
- the user (20) performs biometric authentication by providing his biometric sample.
- System (100) generates the necessary package of documents from previously added by the user and a request to create a digital copy of the document.
- System (100) transmits a request to create a document, a package of necessary documents, a user ID and other user data depending on the requested document to the publisher.
- the system (100) “reserves” in the storage module (105) a cell for a specific type of copy of the document, the production of which is requested by the user (20).
- the system suggests adding the necessary documents.
- the received request can be processed in a way that is most convenient for the publisher: manual processing of the request, automatic processing of the request. Automatic processing is done using the publisher’s own software, which interacts with system (100) using the software interface provided by system (100). Manual processing is carried out in accordance with the internal regulations of the operator.
- Adding a document to the user repository is done by specifying the user ID. Upon receipt of the created document and a unique identifier, the system checks for the presence of a “reserved” cell in the storage module (105) for the specified identifier. If this cell exists, the document is added to the user's repository for its profile. In the absence of access to the repository, the user refuses.
- Adding a document using a request to issue a document is as follows.
- User (20) performs biometric authentication.
- the partners connected to the system (100) the partners connected to the system (100) (departments, commercial organizations, etc., each partner has a unique connection)
- the user requests the release of a digital version of a document that the user already has on paper.
- the system (100) generates a request that contains the UID and user data, and sends this request to its own module ("agent"), which is integrated into the partner environment. After generating the request, the system (100) “reserves” a cell in the storage module (105) for a specific type of document for the selected user (20).
- the agent converts the received request into a format for automatically requesting information on the availability of the issued document for the user (20) and sends it to the partner’s own database. If a user document (20) is found in the partner’s database, for example, a passport office or the Federal Tax Service, the agent generates a pdf-file (or other type of file), into which it adds information about the document from the partner’s database.
- the agent accesses the partner’s EDS system and signs the pdf file of the partner’s EDS, which adds the trust property to the file.
- the agent returns the signed pdf-file to the system (100) using the user's UID and the presence of a “reserved” cell in module (105) for its profile.
- System (100) offers the user (20) to sign a personal digital signature document. If the answer is no, the document is canceled. If the answer is yes, the system (100) sends the document to the electronic signature module of the document (106), where the user's personal digital signature is added to the document (20), thus the non-repudiation property is assigned to the document.
- the system (100) After receiving a user's personal digital signature, the system (100) adds its own digital signature to the RSI file and prohibits making changes to the specified file with a copy of the document. After receiving all the EDS, the system (100) adds the document to the reserved cell of the storage module (105) for the user profile (20).
- the electronic document signing module (106) is designed to sign digital copies of documents added to the system (100) with a personal enhanced qualified electronic digital signature (CEP).
- This module (106) can be performed in the form of an adjacent service that performs the signing of documents of a cloud digital signature. Integration is carried out after biometric user registration (20). There are two types of possible integration: integration with an existing cloud-based digital signature account, creating a new account in the cloud-based digital signature service. As part of the integration, the module transfers to the cloud EDS system copies of documents (files) for signing a user's personal digital signature.
- the document presentation module (104) is intended to provide added digital copies of documents to the recipient and configure access policies for providing the said documents to the recipient.
- Module (104) provides remote and personal presentation of pre-added copies of documents to the recipient.
- the document request module (107) is designed to receive a copy of a user’s digital document (20) stored in the document storage module (105), upon request of the document presentation module (104).
- System (100) is a software and hardware solution, for example, a cloud platform based on one or more servers.
- the main process of software data processing for the operation of the system (100) is performed by one or more processors (computing module).
- the indicated modules of system (100) are connected with one or several processors for the implementation of the necessary information processing operations to implement their functionality.
- the specialist should also be obvious that various solutions can be applied in the field of parallel processing of information flows when performing the necessary algorithmic calculations when operating a computer device (or several devices).
- FIG. Figure 2 shows an example of user interaction (20) with OSDD (100).
- the user (20) transmits data (201) for registration in the OSDD (100).
- the user (20) provides the image of his face as the main biometric sample (202) to the biometric authentication center (108).
- a profile (250) is created for him, which will be used for the trusted exchange of digital copies of documents.
- user (20) sets the access policy for each copy of a digital document.
- An access policy also means ensuring the access of the relevant person / body to digital copies of documents, which is due to the list of documents that such a person or body can use in terms of identification and / or permission of the user (20).
- the provision of digital copies of user documents (20) can be carried out remotely to the device of the recipient of documents (22) using the electronic device of the user (21).
- the term "remotely” refers to the transfer of digital copies of documents through information packets using data channels, for example, TCP / IP, GSM / 3G / 4G, Wi-Fi, radio (Bluetooth, BLE, NFC), etc.
- a method for remotely providing documents (300) is as follows.
- the user (20) generates a personal profile (250) in the OSDD (100) using the registration process described above (step 301).
- a personal profile 250
- one or several copies of documents are loaded into the profile (250) (step 302), at least one of which will be presented to the recipient's device (22).
- Added copies of documents in the user profile (250) are signed by the user’s signature (UECP) (step 303) to fulfill the requirements for their authenticity and non-repudiation.
- UECP user’s signature
- an appropriate access policy is established to ensure that the authorized (trusted) recipient device (22) is provided for processing this copy (step 304).
- the user (20) using his device (21), for example, a smartphone or tablet selects one or more copies of documents from his profile (250) for transfer to the recipient's device (22).
- An information package is formed from the selected documents for transmission to the device (22) to the data channel (step 305).
- FIG. 5 shows a process for processing (400) an information packet received from a user device (21) using a recipient device (22).
- An information package may be presented as a hyperlink to a digital copy of a document with additional information, for example, user ID (20) in the OSDD (100), additional metadata associated with the user profile (250).
- the package can be encrypted in a QR code or in another form suitable for transmission via a radio channel (Bluetooth, NFC, etc.).
- Hyperlink in a data packet leads to the corresponding copy of the document associated with the user profile (250).
- the recipient device (22) fulfills the request for a copy of the document according to the received hyperlink in the SSC (100).
- the identification of a user (20) presenting copies of documents by means of an information package is performed by obtaining a biometric sample of the user, in particular, the image of his face at the time of verification (step 404).
- Obtaining a face image can be carried out using a camera built into the recipient’s device (22), or obtained using a photo and video recording tool connected to the device (22) (for example, surveillance cameras, WEB cameras, PTZ cameras, etc.).
- the recipient’s device (22) After receiving the image of the user’s face (20), the recipient’s device (22) generates an information packet containing a photo of the user (20) and the UID received from the transmitted information packet from the device (21) (step 405). The packet generated by the device (22) is transmitted to the SSC (100) to check the biometric sample of the user (202) and the associated MIA.
- the received data in step (406) of the SSCC (100) is checked by sending a corresponding request to the biometric authentication center (108), which analyzes the similarity of the received user image with the information stored in his profile (250). The analysis can be performed using various photogrammetric and / or analytical algorithms. Additionally, the biometric authentication center (108) can send a user ES certificate (20), which is compared with the certificate received with the document earlier when it was uploaded to the user profile (250).
- the recipient device receives a hyperlinked copy of the document from the user device (21), associates the submitted copy with the appropriate user (20), and further uses the copy of the document according to internal regulations.
- the user (20) added the STS, PTS, MTPL and a driver’s license to the system. And he allowed the recipient (22) to download automatically only the driver’s license.
- a traffic police officer with the role of an inspector can only upload documents of the form: driver’s license, STS, CTP when performing user biometric authentication (20), for example, using an office smartphone or tablet (22).
- the SSC (100) transmits a corresponding message to the recipient's device (22), which refuses to use the received copy of the document.
- a copy of a user’s document (20) may contain additional electronic signature, for example, of a publisher’s authority.
- additional electronic signature for example, of a publisher’s authority.
- confirmation of the authenticity and non-repudiation of the copy of the bearer’s document is subject to verification of all electronic copies of the document.
- FIG. 6 shows an embodiment of the claimed solution, in which the request for a copy of the document by the recipient device (22) is performed without using the user's electronic device (21).
- the request for a copy of the document by the recipient device (22) is performed without using the user's electronic device (21).
- one or more additional samples are used that allow identification of the bearer of digital copies of documents.
- FIG. 7 shows the sequence of steps of the method for performing the specified procedure for using copies of documents (500).
- the user (20) performs the registration process in the SSC (100) by providing a biometric sample - an image of a person identifying his information and an additional biometric sample for further formation of the user profile (250) in the SSC (100).
- an additional biometric sample it can be used, but not limited to: fingerprint, image of the retina, image of the iris, image of the veins of the palm, image of the geometry of the brush, voice sample, etc.
- the user (20) uploads one or more copies of documents to the profile (250) (step 502) and signs them with personal UECP (step 503). For each digital document signed by the UECP, an appropriate access policy is established (step 504).
- FIG. 8 shows a process (600) for requesting and receiving copies of user documents (20) using a recipient device (22) without generating an information packet by a user device (21).
- the recipient device (22) captures the image of the user's face (20), for example, using the built-in camera or photo and video recording means associated with the device (22) (step 601).
- the user also provides a second, additional biometric sample that is associated with his profile (250) in the SDDD (100) (step 602).
- An additional biometric sample is obtained using the means installed or associated with the recipient's device (22).
- the device (22) After receiving two biometric samples, the device (22) generates a primary request (step 603) and sends it to the DRC (100) (step 604) to identify the user (20) (step 605).
- the DRC 100
- the latter returns to the recipient device (22) the ID of the corresponding user (20), the user's ES certificate (step 607). Additionally, information about the degree of similarity of the user's main biometric sample may also be provided (202).
- the recipient device (22) generates a second request for access to one or more copies of user profile documents (250) (step 608).
- the second request contains the previously received user ID, which provides access to documents on the basis of the recipient's access policy (22) to one or more copies of documents.
- the OSDD (100) provides access to them in the user profile (250).
- a copy of the document (step 609) can be downloaded to the recipient's device (22).
- the presence of the corresponding electronic copies of the document and their validity are checked.
- the comparison of the user's ES certificate received from the OSDD (100) is carried out and the document is signed when it is loaded into the OSDD (100), and the certificate of the downloaded document from the second request. If the certificate verification is successful, the recipient (22) accepts a copy of the document as a trusted authentic document of a proper bearer (20).
- step (606) If at step (606) the user (20) is not identified in the OSDD (100) (step 610), then the OSDD (100) notifies the recipient device (22), and the user (20) is refused to provide digital copies of documents .
- a copy of a document may also contain several electronic signature, for example, the electronic signature of a publisher or other trusted authority. In this case, a successful verification of the authenticity of a copy of a document will only be possible if all electronic signature of such a document is successfully verified.
- FIG. 9 shows an example of a computing device (700) that is used to implement the claimed solution.
- the device (700) can be selected from a wide range of known devices providing the necessary functionality, for example, a computer, laptop, server, tablet, smartphone, portable game console, mainframe, supercomputer, etc.
- the user device (21), the recipient device (22), the OSDD (100) can be partially organized on the basis of or represent one example of the device (700).
- a computing device (700) comprises one or more processors (701) connected by a common bus, memory means such as RAM (702) and ROM (703), input / output interfaces (704), input devices / output (705), and a device for network interaction (706).
- processors 701
- memory means such as RAM (702) and ROM (703
- input / output interfaces 704
- input devices / output 705
- device for network interaction 706
- a processor (701) (or multiple processors, a multi-core processor) can be selected from a variety of currently widely used devices, for example, Intel TM, AMD TM, Apple TM, Samsung Exynos TM, MediaTEK TM, Qualcomm Snapdragon TM and etc.
- RAM (702) is a random access memory and is intended to store machine-readable instructions executed by the processor (701) to perform the necessary operations for logical data processing.
- RAM (702) contains executable instructions of the operating system and corresponding software components (applications, program modules, etc.).
- the ROM (703) is one or more permanent storage devices, for example, a hard disk drive (HDD), a solid state drive (SSD), flash memory (EEPROM, NAND, etc.), optical storage media ( CD-R / RW, DVD-R / RW, BlueRay Disc, MD), etc.
- HDD hard disk drive
- SSD solid state drive
- EEPROM electrically erasable programmable read-only memory
- NAND flash memory
- optical storage media CD-R / RW, DVD-R / RW, BlueRay Disc, MD, etc.
- I / O interfaces are used to organize the operation of the components of the device (700) and organize the operation of external connected devices.
- the choice of appropriate interfaces depends on the particular computing device, which can be, but not limited to: PCI, AGP, PS / 2, IrDa, FireWire, LPT, COM, SATA, IDE, Lightning, USB (2.0, 3.0, 3.1, micro, mini, type C), TRS / Audio jack (2.5, 3.5, 6.35), HDMI, DVI, VGA, Display Port, RJ45, RS232, etc.
- Various means (705) of I / O information for example, a keyboard, a display (monitor), a touch screen, a touch pad, a joystick, a mouse, a light pen, a stylus, are used to provide user interaction with a computing device (700), touchpad, trackball, speakers, microphone, augmented reality, optical sensors, tablet, light indicators, projector, camera, biometric identification tools (retina scanner, fingerprint scanner, voice recognition module), etc.
- the network interaction tool (706) enables data transmission by the device (700) via an internal or external computer network, for example, an Intranet, the Internet, a LAN, and the like.
- an internal or external computer network for example, an Intranet, the Internet, a LAN, and the like.
- it can be used, but not limited to: Ethernet card, GSM modem, GPRS modem, LTE modem, 5G modem, satellite communications module, NFC module, Bluetooth and / or BLE module, Wi-Fi module and etc.
- satellite navigation aids for example, GPS, GLONASS, BeiDou, Galileo, can also be used.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un procédé et un système de présentation sécurisée et sans papier de documents. Ce système comprend au moins un processeur connecté à: un module d'enregistrement et d'authentification qui peut enregistrer de nouveaux utilisateurs du système puis les authentifier; un module d'authentification biométrique et d'identification qui peut obntenir des données biométriques d'un utilisateur et les analyser ultérieurement à des fins d'authentification afin d'effectuer des opérations avec des documents; un module d'addition de documents servant à ajouter dans le système des copies numériques des documents de l'utilisateur; un module de stockage des documents servant à stocker et commander les copies numériques ajoutées des documents des utilisateurs; un module de présentation de documents servant à présenter des copies numériques ajoutées de documents à un utilisateur et d'ajuster la politique d'accès de présentation desdits documents à un utilisateur; un module de signature électronique de document servant à signer des copies numériques ajoutées de documents avec une signature électronique qualifiée renforcée (SEQR) personnelle; un module de demande de document servant à obtenir au moins une copie signée d'un document numérique d'utilisateur que l'on stocke dans le module de stockage de documents à partir du module de présentation de document.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2018134907 | 2018-10-03 | ||
RU2018134907A RU2701088C1 (ru) | 2018-10-03 | 2018-10-03 | Способ и система для доверенного безбумажного предъявления документов |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020071939A1 true WO2020071939A1 (fr) | 2020-04-09 |
Family
ID=68063561
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/RU2018/000649 WO2020071939A1 (fr) | 2018-10-03 | 2018-10-03 | Procédé et système de présentation sécurisée et sans papier de documents |
Country Status (3)
Country | Link |
---|---|
EA (1) | EA038055B1 (fr) |
RU (1) | RU2701088C1 (fr) |
WO (1) | WO2020071939A1 (fr) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
RU2759249C1 (ru) * | 2021-02-20 | 2021-11-11 | Илья Иосифович Лившиц | Вычислительное устройство для осуществления трансграничного электронного документооборота (варианты) и способ осуществления трансграничного электронного документооборота |
RU2768544C1 (ru) * | 2021-07-16 | 2022-03-24 | Общество С Ограниченной Ответственностью "Инновационный Центр Философия.Ит" | Способ распознавания текста на изображениях документов |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100088233A1 (en) * | 2001-06-18 | 2010-04-08 | Oliver Tattan | Electronic data vault providing biometrically protected electronic signatures |
US8296477B1 (en) * | 2011-04-22 | 2012-10-23 | Symantec Corporation | Secure data transfer using legitimate QR codes wherein a warning message is given to the user if data transfer is malicious |
US20160224773A1 (en) * | 2012-05-15 | 2016-08-04 | Bphav, Llc | Biometric authentication system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7216083B2 (en) * | 2001-03-07 | 2007-05-08 | Diebold, Incorporated | Automated transaction machine digital signature system and method |
-
2018
- 2018-10-03 WO PCT/RU2018/000649 patent/WO2020071939A1/fr active Application Filing
- 2018-10-03 RU RU2018134907A patent/RU2701088C1/ru active
- 2018-10-16 EA EA201892088A patent/EA038055B1/ru unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100088233A1 (en) * | 2001-06-18 | 2010-04-08 | Oliver Tattan | Electronic data vault providing biometrically protected electronic signatures |
US8296477B1 (en) * | 2011-04-22 | 2012-10-23 | Symantec Corporation | Secure data transfer using legitimate QR codes wherein a warning message is given to the user if data transfer is malicious |
US20160224773A1 (en) * | 2012-05-15 | 2016-08-04 | Bphav, Llc | Biometric authentication system |
Also Published As
Publication number | Publication date |
---|---|
EA201892088A1 (ru) | 2020-04-30 |
EA038055B1 (ru) | 2021-06-29 |
RU2701088C1 (ru) | 2019-09-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110462658B (zh) | 用于提供数字身份记录以核实用户的身份的系统和方法 | |
EP3631664B1 (fr) | Authentification biométrique sécurisée utilisant une identité électronique | |
US11588813B2 (en) | Systems and methods for biometric authentication using existing databases | |
EP3813331B1 (fr) | Systèmes et procédés de partage électronique de documents privés à l'aide de pointeurs | |
US20210224938A1 (en) | System and method for electronically providing legal instrument | |
US9698992B2 (en) | Method for signing electronic documents with an analog-digital signature with additional verification | |
US7690032B1 (en) | Method and system for confirming the identity of a user | |
US11093597B2 (en) | Identity credential verification techniques | |
EP3736781A1 (fr) | Systèmes et procédés de partage de documents à identité vérifiée | |
US9294438B2 (en) | Cloud computing method and system | |
KR20130090320A (ko) | 자필 서명을 등록 및 인증하고 자필 정보를 보관하기 위한 장치, 시스템 및 방법 | |
RU2673401C2 (ru) | Способ и устройство для получения удостоверяющего документа | |
US11126999B1 (en) | Officially authorized virtual identification cards | |
EP3762843B1 (fr) | Une procédure de connexion en un clic | |
US20150046497A1 (en) | System and method for tracking items at an event | |
RU2701088C1 (ru) | Способ и система для доверенного безбумажного предъявления документов | |
US10860702B2 (en) | Biometric authentication of electronic signatures | |
EP2254093A1 (fr) | Procédé et système pour confirmer l'identité d'un utilisateur utilisant l'arrière-plan de l'invention | |
US11610196B1 (en) | Officially authorized virtual identification cards | |
CN112367314B (zh) | 身份认证的方法、装置、计算设备和介质 | |
EP3748905B1 (fr) | Procédé de vérification de données partielles sur la base d'un certificat collectif | |
US20210136064A1 (en) | Secure use of authoritative data within biometry based digital identity authentication and verification | |
US20230325484A1 (en) | Systems and methods for identity authentication and feedback | |
US20200159954A1 (en) | Method Of Processing Document Requests | |
EP3884611A1 (fr) | Procédé et système de fourniture d'une chaîne d'enregistrements inviolable |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18936208 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18936208 Country of ref document: EP Kind code of ref document: A1 |