WO2012076937A1 - System and method for generating a digitally signed copy from a hardcopy document - Google Patents

System and method for generating a digitally signed copy from a hardcopy document Download PDF

Info

Publication number
WO2012076937A1
WO2012076937A1 PCT/IB2010/055750 IB2010055750W WO2012076937A1 WO 2012076937 A1 WO2012076937 A1 WO 2012076937A1 IB 2010055750 W IB2010055750 W IB 2010055750W WO 2012076937 A1 WO2012076937 A1 WO 2012076937A1
Authority
WO
WIPO (PCT)
Prior art keywords
document
digital
signed
hardcopy
checksum
Prior art date
Application number
PCT/IB2010/055750
Other languages
French (fr)
Inventor
Cláudio Jorge VIEIRA TEIXEIRA
Joaquim Manuel Henriques De Sousa Pinto
Original Assignee
Universidade De Aveiro
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Universidade De Aveiro filed Critical Universidade De Aveiro
Publication of WO2012076937A1 publication Critical patent/WO2012076937A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/44Secrecy systems
    • H04N1/4406Restricting access, e.g. according to user identity
    • H04N1/4413Restricting access, e.g. according to user identity involving the use of passwords, ID codes or the like, e.g. PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/0077Types of the still picture apparatus
    • H04N2201/0081Image reader
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3233Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document of authentication information, e.g. digital signature, watermark
    • H04N2201/3236Details of authentication information generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/328Processing of the additional information
    • H04N2201/3281Encryption; Ciphering

Definitions

  • the present invention relates to digital signatures, namely certified scanning, digitally signing of copies, and hard- copy authentication.
  • the present invention relates to digital signatures, namely certified scanning, digitally signing of copies, and hard- copy authentication.
  • the present invention discloses how to produce a digitally signed digital document from a hardcopy document and with just a scanning or digitizing device, capable of using asymmetric cryptography based on a certificate presented to the device in a compatible media.
  • the invention creates a digital copy of a physical copy, digitally signed without human intervention further guaranteeing the integrity of the signed information.
  • the present invention describes a system for generating a digitally signed digital copy from a hardcopy document with authentication and validation which comprises:
  • cryptographic module able to use asymmetric cryptography to encode the checksum or hash code with the signer private certificate information
  • assembling module able to combine the digitized data with the encoded checksum or hash code, and with the public certificate information, in order to produce a digitally signed digital document;
  • modules are interconnected and both modules and interconnections are shielded from outside access.
  • a preferred embodiment further comprises a communication module, capable of transmitting, transferring or displacing the signed document to a media or system capable of storing digital information.
  • a preferred embodiment further comprises an input device for private certificate information unlock input and connection, or connections, for smart cards, USB data storage and/or other media capable of holding asymmetric keys .
  • a preferred embodiment further comprises a display and input device for certificate selection, secret code feedback, error messages, operation status, media selection, maintenance tasks, or combinations thereof.
  • the present invention also describes a method for generating a digitally signed digital copy from a hardcopy document with authentication and validation comprising the following steps:
  • a preferred embodiment further comprises transmitting, transferring or displacing the signed document to a media or system capable of storing digital information.
  • a preferred embodiment further comprises receiving user input device of private certificate information unlock input through a connection, or connections, to one or more of a smart card, USB data storage and/or other media capable of holding asymmetric keys.
  • a preferred embodiment further comprises displaying and receiving user input for certificate selection, secret code feedback, error messages, operation status, media selection, maintenance tasks, or combinations thereof.
  • a preferred embodiment further comprises verifying the integrity and validity of the certificate used for signing the document .
  • a digital certificate is based on Public Key Infrastructure (Schneier, 1996) . It is composed by a pair of asymmetric keys: a public key and a private key. The public key is available to everyone, while the private key is used only by the certificate's owner.
  • Document U.S. 6567530 Device and method for authenticating printed documents Certifying and is partly similar, but really focused on analog confrontation of documents sent / received (through digital signatures).
  • Document copy authentication refers to authentication Hard-copy - explains how to generate a physical document that embodies the hallmarks of this unique and, in some ways the opposite of what we want to accomplish. In this case there is no available digital version of the document. Also, small imperfections (derived, printing or use of the document) may invalidate valid signatures. With the system we propose, are guaranteed to conform to the original document, provided it has not been tampered with and while it is in digital format .
  • the document US7007303, Systems and methods for authenticating documents refers to the area of Document Authentication - explains (among other things) how to generate a physical document from an authenticated digital documents, in some ways the opposite of what we want to accomplish. In this case, the invention explains how to ensure the authenticity of the document on paper, given its original (paper or digital) . In the case of the invention explained here, we propose a mechanism independent of the user assurance of authenticity of electronic documents, compared to its counterpart in the paper.
  • the document US11/140, 688, System and method for validating the hard-copy document Against an electronic version, versa also the area of hard-copy authentication in a way complementary to our invention.
  • the document is printed information that allows, after the rescan, check the contents of this document is the same as the original.
  • the digital document In the case of the proposed invention is the digital document that is guaranteed by a mechanism independent of the user, as identical to the original document .
  • the document US7, 761.922 Methods and apparatus for acquiring and contemporaneously Certifying content, authenticate the document using information from its own image acquisition device or computer program used for digital authentication and no user and / or author.
  • the document is signed with the private key of the equipment operator.
  • it will ensure the co-ownership of the equipment operator, in cases of forgery of document pre-scan.
  • the document U.S. 7,523,315, Method and Process for Creating an Electronically signed document refers to the creation of visible digital signature, even after printing and subsequent retrieval of information in rescanning.
  • the signature is valid provided that the document exists in digital format. After printing, we cannot guarantee the authenticity of the copy (the actual wear and tear of the document will invalidate a valid document in rescanning) .
  • the proposed invention it requires no special software or hardware, beyond the initial scanning equipment.
  • the document U.S. 20070016785 System and method for digital signature and authentication, says the capture of a visible signature, inclusion in the digital document and digital signature (digest and private key) .
  • the signing of the document is personal, but it happens on a digital document.
  • This invention does not suit the purpose of the proposed invention, since the signing of the document scanning and occur at times (and spaces) distinct.
  • the proposed invention provides scanning and digital signing physical documents in a single moment, using a single device and without the possibility of user intervention as the process unfolds.
  • the present invention relates to digital signatures, namely certified scanning, digitally signing of copies, and hard ⁇ copy authentication.
  • the presented invention discloses how to produce a digitally signed digital document from a hardcopy document and with just a scanning or digitizing device, capable of using asymmetric cryptography based on a certificate presented to the device in a compatible media.
  • a certification party certifies a hardcopy document
  • the party is required to emit a statement validating the compliance of the copied document with its original version. This is the case when issuing hardcopy versions of the original document.
  • the certification party When referring to digitally certified versions, the certification party must digitally sign a scanned version of the original hardcopy document. This process currently requires two different steps: 1) digitally scan the hardcopy document; 2) digitally sign the digital version. These steps require different hardware and software items, usually a scanner, an attached device such as a desktop computer or laptop, and signing software installed in the attached device. In the time gap that mediates the two steps, there is no assurance regarding changes to the digital copy of the original hard copy document. The certification party may in fact change the digital copy before signing it, thus nullifying and invalidating (from the original document point of view) the integrity of the certified document.
  • the proposed invention claims to reduce this software and hardware paraphernalia to a single hardware device, capable of processing the necessary workflow for creating a digitally signed version of a hardcopy document and deliver it in the designated media.
  • a secondary advantage (when comparing to the process described before) is the assurance of the original document's integrity, since the entire process is hardware based, with no human intervention in workflow .
  • This invention may be realized in a hardware system resembling a usual scanner with an input keyboard and a media reader/writer .
  • Optional network communication capabilities and/or direct machine communication like USB, serial ports, parallel ports, etc.
  • USB Universal Serial Bus
  • serial ports serial ports
  • parallel ports etc.
  • This kind of solution may be of great assistance to everyone that requires absolute confidence on the validity of the digital copy documents handled.
  • attorneys, public notaries, law agents and military personal may be remedied with this invention.
  • This invention is composed of a system and method for generating a signed digital copy from a hardcopy document with authentication of digital document and respective signer.
  • a digital data representation of a hardcopy document is recorded by a scanning device, transforming analog information into digital data.
  • the digital data comprising the document may be compressed before proceeding with the signing.
  • a checksum or hash value is calculated using the digital data and optional parameters.
  • the checksum is digitally signed using asymmetric cryptography (such as the Private Key in a smart card certificate) provided by a device operating user.
  • the digital data is combined with the signed checksum (or signed hash) to create a digital version of the hardcopy document (digital document) .
  • the digital document may then be saved in any digital media device compliant with the device's media interfaces that support recording.
  • the digital document is a visually exact replica of the hardcopy document, with evidence of hardcopy authenticity and evidence of hardcopy authentifier (the person who digitized the document and provided the asymmetric cryptography key, thus personally certifying the document) .
  • the validity of the document can be verified by software capable of cross-checking the recalculated checksum or hash of the digital data (with regards to the optional parameters), with the deciphered value of the signed checksum (or signed hash) .
  • the deciphered value is calculated using the asymmetric key pair (public key) for the asymmetric key used to sign the checksum (private key) .
  • Figure 1 Schematic representation of the invention where:
  • (101) represents the set of interfaces for data acquisition
  • (102) represents the scanning module of the physical document (eg scanner module)
  • (103) represents the card reader capable of storing and processing, asymmetric keys (eg, contactless smart cards),
  • (104) represents a keyboard that not only allows to configure different parameters to the level of compression and signature, as well as enter the access code (pin code) typically associated with and required to use the private key,
  • (105) represents the set of interfaces that can be used for both reading and writing
  • (106) represents the module for communication between devices (eg network card, USB module, etc..)
  • (107) represents the module for reading and writing media devices (eg CD player, flash memory reader, external disk player, media card reader, etc..)
  • media devices eg CD player, flash memory reader, external disk player, media card reader, etc..
  • (109) represents the module responsible for calculating the hash of the document, according to the parameters provided by (110),
  • (110) represents the storage module of the configuration parameters of the process of scanning and document signing, given that the same configuration (key location, type of compression, so signing, local / local output of data, etc..) can be reused between scans,
  • (111) represents the encryption management module responsible for delivering, to and from the interfaces, the correct requests for keys.
  • the module itself may, depending on the settings, provide the encryption from (112), in the remaining cases, requests for encryption of data (eg in case of using smart cards) will be forwarded to the corresponding module, leaving it to act as a proxy,
  • (112) represents the encryption module of the hash or checksum, being responsible for the interface between (109) and (111),
  • (113) represents the module for selecting the output interface. It is responsible for delivering the scanned document and signed to the interface (s) by the operator (114) represents the module for assembly of the final document, which is combined from the scanned document (102), together with optional (108), the encrypted hash and the certificate data from (112),
  • (118) represents the various options for writing the final document .
  • (119) represents the specific need of communication between the card reader (smart card) and keyboard for input pin / key to access the private key that enables the digital signing of documents, and
  • (120) represents a display unit status of operations, maintenance and configuration menus.
  • FIG. 1 Schematic representation of the invention activity flow
  • (201) represents the beginning of the operation of scanning and digitally signing a document
  • (204) represents the operation of compression of scanned document .
  • (209) represents the verification of the used certificate type.
  • the cipher is made outside the system, such as in smart cards where the encryption is carried out within the card itself,
  • (210) represents the required processing by the external system to perform encryption of the hash or checksum
  • (211) represents the internal operation encryption of the hash or checksum of the document
  • (212) represents the information of the digital signature
  • (215) represents the digital version (compressed or not, depending on the parameters defined in the initial configuration) of the physical document
  • (216) represents the verification of the need to digitally sign the document.
  • Figure 3 Schematic representation of a preferred embodiment of the invention, for scanning and sending by email of the signed documents where: (301) represents the scanning device for digitizing documents ,
  • (303) represents the keyboard used for entering the personal code associated with the private key for the management of device settings, and also optionally the introduction of address (es) for destination of the e-mail documents ,
  • (306) represents the module responsible for calculating the hash of the document
  • (308) represents the module for assembly of the final document, which is combined from the scanned document (301), the encrypted hash and the certificate data from (307)
  • Figure 1 shows one exemplary embodiment of a hardcopy certification device 115 implementing the systems and methods necessary for hardcopy certification.
  • the hardcopy certification device 115 includes input interfaces 111, a display unit 120 and input/output interfaces 105.
  • Figure 3 shows another exemplary embodiment of a hardcopy document, tailored to a specific application: a standalone machine capable of emailing digitally signed versions of hardcopy documents. In this case, most of the general purpose, multiple use complexity of 115 is removed.
  • This embodiment keeps the main functionalities of scan 301, calculate hash 306, hash sign using an asymmetric key pair reader 302, 307, 303, 304, final document assembler 308 and the designated SMTP output 305.
  • the scanning modules 102 and 301 can be any one of a number of different sources, as long as they can be attached to the certification device, thus ensuring data integrity.
  • a scanner, a digital copier and a facsimile device suitable for generating electronic image data are just a few examples.
  • 102 and 301 modules can be any known or future developed sources capable of providing a digital version of a hardcopy document, as long as it can be attached or be part of the hardcopy certification device.
  • each of the illustrated modules (or a combination of those) can be replaced by existing, known or future developed modules (or combination of modules), as long as the replacement version retains equivalent capabilities to perform the designated task .
  • the crucial goal is to eliminate the user interaction at most, so that users can be assured that the digital pre-signed version of the original hardcopy document has not been compromised in any way.
  • all operations are executed in the same device and, after scanning, users can only access the final version of the document after the signing phase. This ensures that the signed document is in fact a digital replica of the original document.
  • the person that digitized the hardcopy document (the machine operator) is also responsible for the hardcopy information, since our invention guarantees the original's compliance thereafter.
  • a preferred embodiment decribes a certification scanner - more and more companies and public services are using digital documents. So that paper documents may come into the flow management of digital documents, these have to be scanned, and preferably digitally signed. This invention accomplishes this set of tasks at once, ensuring document integrity. None prevents the present invention from scanning unsigned documents, so preferably this invention will not be a second scanner, but will preferably be integrated into existing scanners. This scanner has the same outputs and inputs that of the traditional equipments, a smart card reader and a keypad / keyboard for entering settings and pin to access the user's certificate.
  • Certified mail is another preferred embodiment in companies and institutions where mail is centrally handled, where it is scanned and emailed to their recipients. This device ensures, in a single step, the integrity of data sent and the identity of those who placed the information in the system, since this person is the recognized signer. Moreover, the actual e-mail message can also be digitally signed .
  • Another preferred embodiment is a specific application for military, security forces and intelligence networks, and secret services, as e.g. the case of document exchange within the EU or NATO.
  • documents that must be addressed within these communities there is also the need to digitize physical documents.
  • the invention presented allows a precise answer to this point ensuring the compliance of information and even the identity of the sender. Ensuring the identity of the sender is information that usually exists only in the origin and which is not visible to the receiver end.
  • this invention being prepared to make interfacing with multiple devices and protocols for writing the digital document signed, one can connect it with cipher machines (already existing in the communication network of these communities) of digital information for secure communication of information.
  • Another preferred embodiment has the specific application in the public administration, enhancing the scanning and authentication of documents on paper, whether for delivery

Abstract

The present invention relates to digital signatures, namely certified scanning, digitally signing of copies, and hard- copy authentication. The present invention discloses how to produce a digitally signed digital document (305, 308) from a hardcopy document and with just a scanning or digitizing (301) device, capable of using asymmetric cryptography (302) based on a certificate presented (303, 304) to the device in a compatible media. The invention creates a digital copy of a physical copy, digitally signed without human intervention further guaranteeing the integrity of the signed information (306, 307).

Description

D E S C R I P T I O N
SYSTEM AND METHOD FOR GENERATING A DIGITALLY SIGNED COPY FROM A HARDCOPY DOCUMENT
Technical Field
The present invention relates to digital signatures, namely certified scanning, digitally signing of copies, and hard- copy authentication.
Summary
The present invention relates to digital signatures, namely certified scanning, digitally signing of copies, and hard- copy authentication.
The present invention discloses how to produce a digitally signed digital document from a hardcopy document and with just a scanning or digitizing device, capable of using asymmetric cryptography based on a certificate presented to the device in a compatible media.
The invention creates a digital copy of a physical copy, digitally signed without human intervention further guaranteeing the integrity of the signed information.
All operations for reaching the desired goal take place in the same system. There is no need to upload the digital unsigned document to another system. There is no user intervention at the digital unsigned document version level. Under normal working conditions (i.e. without malicious users), the unsigned document is unreachable within the system.
From start to finish, the digital unsigned copy of the hardcopy document is never presented to the device operator, thus ensuring that under regular circumstances, without hardware and/or software tampering, users are unable to access such document. Even for signing purposes, at most, the hash code is presented to the user. In this case, tampering with the hash code or checksum will result in an invalid signed final document.
The present invention describes a system for generating a digitally signed digital copy from a hardcopy document with authentication and validation which comprises:
digitizer module of analog or hardcopy documents;
data processor module able to compute a checksum or hash code of the analog document;
cryptographic module, able to use asymmetric cryptography to encode the checksum or hash code with the signer private certificate information;
assembling module, able to combine the digitized data with the encoded checksum or hash code, and with the public certificate information, in order to produce a digitally signed digital document;
wherein said modules are interconnected and both modules and interconnections are shielded from outside access.
A preferred embodiment further comprises a communication module, capable of transmitting, transferring or displacing the signed document to a media or system capable of storing digital information.
A preferred embodiment further comprises an input device for private certificate information unlock input and connection, or connections, for smart cards, USB data storage and/or other media capable of holding asymmetric keys .
A preferred embodiment further comprises a display and input device for certificate selection, secret code feedback, error messages, operation status, media selection, maintenance tasks, or combinations thereof.
The present invention also describes a method for generating a digitally signed digital copy from a hardcopy document with authentication and validation comprising the following steps:
digitizing analog or hardcopy documents;
computing a checksum or hash code of the analog document; using asymmetric cryptography to encode the checksum or hash code with the signer private certificate information; combining the digitized data with the encoded checksum or hash code, and with the public certificate information, in order to produce a digitally signed digital document;
wherein said steps are shielded from outside access.
A preferred embodiment further comprises transmitting, transferring or displacing the signed document to a media or system capable of storing digital information.
A preferred embodiment further comprises receiving user input device of private certificate information unlock input through a connection, or connections, to one or more of a smart card, USB data storage and/or other media capable of holding asymmetric keys.
A preferred embodiment further comprises displaying and receiving user input for certificate selection, secret code feedback, error messages, operation status, media selection, maintenance tasks, or combinations thereof.
A preferred embodiment further comprises verifying the integrity and validity of the certificate used for signing the document .
Background
A digital certificate is based on Public Key Infrastructure (Schneier, 1996) . It is composed by a pair of asymmetric keys: a public key and a private key. The public key is available to everyone, while the private key is used only by the certificate's owner.
Using asymmetric key pairs to sign an electronic document is a well known and documented model. The signer uses its private key to sign the document, and everyone may use the signer's public key to validate the document's digital signature. Using such model, any person or system handling the digital document can be assured that its contents have not been altered in any kind of way since it was signed and that the digital document's creator was in fact the holder of the digital certificate. This is an extra security when comparing with traditional hardcopy signed papers, easily forged . REFERENCES
Schneier, B. (1996) . Applied Cryptography. New York: John Wiley & Sons, Inc.
Patents
Document U.S. 6567530, Device and method for authenticating printed documents Certifying and is partly similar, but really focused on analog confrontation of documents sent / received (through digital signatures).
The document US5157726, Document copy authentication refers to authentication Hard-copy - explains how to generate a physical document that embodies the hallmarks of this unique and, in some ways the opposite of what we want to accomplish. In this case there is no available digital version of the document. Also, small imperfections (derived, printing or use of the document) may invalidate valid signatures. With the system we propose, are guaranteed to conform to the original document, provided it has not been tampered with and while it is in digital format .
The document US7007303, Systems and methods for authenticating documents, refers to the area of Document Authentication - explains (among other things) how to generate a physical document from an authenticated digital documents, in some ways the opposite of what we want to accomplish. In this case, the invention explains how to ensure the authenticity of the document on paper, given its original (paper or digital) . In the case of the invention explained here, we propose a mechanism independent of the user assurance of authenticity of electronic documents, compared to its counterpart in the paper.
The document US7268906, Systems and methods for authenticating documents and Verifying, deals with the area of Document Authentication - explains how to authenticate a physical document in the recipient without the original remote document, in a way complementary to our invention, using features embedded in the document copy. In the case of the invention explained here, we propose a mechanism independent of the user assurance of authenticity of electronic documents, compared to its counterpart in the paper .
The document US11/140, 688, System and method for validating the hard-copy document Against an electronic version, versa also the area of hard-copy authentication in a way complementary to our invention. In this case the document is printed information that allows, after the rescan, check the contents of this document is the same as the original. In the case of the proposed invention is the digital document that is guaranteed by a mechanism independent of the user, as identical to the original document .
The document US7, 761.922, Methods and apparatus for acquiring and contemporaneously Certifying content, authenticate the document using information from its own image acquisition device or computer program used for digital authentication and no user and / or author. In the case of the proposed invention, the document is signed with the private key of the equipment operator. Thus, in addition to guaranteeing the authenticity of the document, it will ensure the co-ownership of the equipment operator, in cases of forgery of document pre-scan.
The document U.S. 7,523,315, Method and Process for Creating an Electronically signed document, refers to the creation of visible digital signature, even after printing and subsequent retrieval of information in rescanning. In the case of the proposed invention, the signature is valid provided that the document exists in digital format. After printing, we cannot guarantee the authenticity of the copy (the actual wear and tear of the document will invalidate a valid document in rescanning) . Moreover, if the proposed invention, it requires no special software or hardware, beyond the initial scanning equipment.
The document U.S. 20070016785, System and method for digital signature and authentication, says the capture of a visible signature, inclusion in the digital document and digital signature (digest and private key) . In this case, the signing of the document is personal, but it happens on a digital document. This invention does not suit the purpose of the proposed invention, since the signing of the document scanning and occur at times (and spaces) distinct. The proposed invention provides scanning and digital signing physical documents in a single moment, using a single device and without the possibility of user intervention as the process unfolds.
General description of the invention
The present invention relates to digital signatures, namely certified scanning, digitally signing of copies, and hard¬ copy authentication. The presented invention discloses how to produce a digitally signed digital document from a hardcopy document and with just a scanning or digitizing device, capable of using asymmetric cryptography based on a certificate presented to the device in a compatible media.
When a certification party certifies a hardcopy document, the party is required to emit a statement validating the compliance of the copied document with its original version. This is the case when issuing hardcopy versions of the original document. When referring to digitally certified versions, the certification party must digitally sign a scanned version of the original hardcopy document. This process currently requires two different steps: 1) digitally scan the hardcopy document; 2) digitally sign the digital version. These steps require different hardware and software items, usually a scanner, an attached device such as a desktop computer or laptop, and signing software installed in the attached device. In the time gap that mediates the two steps, there is no assurance regarding changes to the digital copy of the original hard copy document. The certification party may in fact change the digital copy before signing it, thus nullifying and invalidating (from the original document point of view) the integrity of the certified document.
The proposed invention claims to reduce this software and hardware paraphernalia to a single hardware device, capable of processing the necessary workflow for creating a digitally signed version of a hardcopy document and deliver it in the designated media. A secondary advantage (when comparing to the process described before) is the assurance of the original document's integrity, since the entire process is hardware based, with no human intervention in workflow .
This invention may be realized in a hardware system resembling a usual scanner with an input keyboard and a media reader/writer . Optional network communication capabilities and/or direct machine communication (like USB, serial ports, parallel ports, etc.) may be considered a better/faster way of obtaining the digital signed version of the original document. This kind of solution may be of great assistance to everyone that requires absolute confidence on the validity of the digital copy documents handled. In the immense pool of potential users, attorneys, public notaries, law agents and military personal may be beneficed with this invention.
Even though the required components for this system are all known (and in use in several commercial applications), they have never been assembled in a way that could potentiate the outcome claimed with this invention.
This invention is composed of a system and method for generating a signed digital copy from a hardcopy document with authentication of digital document and respective signer. A digital data representation of a hardcopy document is recorded by a scanning device, transforming analog information into digital data. The digital data comprising the document may be compressed before proceeding with the signing. A checksum or hash value is calculated using the digital data and optional parameters. The checksum is digitally signed using asymmetric cryptography (such as the Private Key in a smart card certificate) provided by a device operating user. The digital data is combined with the signed checksum (or signed hash) to create a digital version of the hardcopy document (digital document) . The digital document may then be saved in any digital media device compliant with the device's media interfaces that support recording. The digital document is a visually exact replica of the hardcopy document, with evidence of hardcopy authenticity and evidence of hardcopy authentifier (the person who digitized the document and provided the asymmetric cryptography key, thus personally certifying the document) . The validity of the document can be verified by software capable of cross-checking the recalculated checksum or hash of the digital data (with regards to the optional parameters), with the deciphered value of the signed checksum (or signed hash) . The deciphered value is calculated using the asymmetric key pair (public key) for the asymmetric key used to sign the checksum (private key) .
Description of the Figures
The attached figures should not be read as limiting but only as preferred embodiments.
Figure 1: Schematic representation of the invention where:
(101) represents the set of interfaces for data acquisition,
(102) represents the scanning module of the physical document (eg scanner module)
(103) represents the card reader capable of storing and processing, asymmetric keys (eg, contactless smart cards),
(104) represents a keyboard that not only allows to configure different parameters to the level of compression and signature, as well as enter the access code (pin code) typically associated with and required to use the private key,
(105) represents the set of interfaces that can be used for both reading and writing,
(106) represents the module for communication between devices (eg network card, USB module, etc..)
(107) represents the module for reading and writing media devices (eg CD player, flash memory reader, external disk player, media card reader, etc..)
(108) represents the modulus of compression of the scanned document before its signing,
(109) represents the module responsible for calculating the hash of the document, according to the parameters provided by (110),
(110) represents the storage module of the configuration parameters of the process of scanning and document signing, given that the same configuration (key location, type of compression, so signing, local / local output of data, etc..) can be reused between scans,
(111) represents the encryption management module responsible for delivering, to and from the interfaces, the correct requests for keys. The module itself may, depending on the settings, provide the encryption from (112), in the remaining cases, requests for encryption of data (eg in case of using smart cards) will be forwarded to the corresponding module, leaving it to act as a proxy,
(112) represents the encryption module of the hash or checksum, being responsible for the interface between (109) and (111),
(113) represents the module for selecting the output interface. It is responsible for delivering the scanned document and signed to the interface (s) by the operator (114) represents the module for assembly of the final document, which is combined from the scanned document (102), together with optional (108), the encrypted hash and the certificate data from (112),
(115) represents all operations and internal modules of the system, where there is no human intervention,
(116) represents the scanned document, not yet signed,
(117) represents the various possibilities regarding the presentation of digital certificates to the system,
(118) represents the various options for writing the final document ,
(119) represents the specific need of communication between the card reader (smart card) and keyboard for input pin / key to access the private key that enables the digital signing of documents, and
(120) represents a display unit status of operations, maintenance and configuration menus.
Figure 2: Schematic representation of the invention activity flow where:
(201) represents the beginning of the operation of scanning and digitally signing a document,
(202) represents the operation of scanning the document,
(203) represents the verification of the use of compression or no compression of the paper document,
(204) represents the operation of compression of scanned document ,
(205) represents the calculation of the hash of the document prepared (215),
(206) represents the verification of such certificate and keys selected for signing the document. Depending on the certificate and the manner of its presentation, it may not be necessary that the user enters a secret code to access it. This ensures that sensitive information of the user is requested only when and where needed. In cases where, although the user has configured the scan to be done, problems may exist in terms of hardware, such code should not be asked,
(207) represents the request of the user secret code,
(208) represents the secret code entered by the user,
(209) represents the verification of the used certificate type. Depending on the certificate, it may be required that the cipher is made outside the system, such as in smart cards where the encryption is carried out within the card itself,
(210) represents the required processing by the external system to perform encryption of the hash or checksum,
(211) represents the internal operation encryption of the hash or checksum of the document,
(212) represents the information of the digital signature,
(213) represents the construction operation of the signed digital document
(214) represents the write operation of the signed digital document to the interface (s) selected output, and
(215) represents the digital version (compressed or not, depending on the parameters defined in the initial configuration) of the physical document,
(216) represents the verification of the need to digitally sign the document.
Figure 3: Schematic representation of a preferred embodiment of the invention, for scanning and sending by email of the signed documents where: (301) represents the scanning device for digitizing documents ,
(302) represents the smart card reader,
(303) represents the keyboard used for entering the personal code associated with the private key for the management of device settings, and also optionally the introduction of address (es) for destination of the e-mail documents ,
(304) represents the unit of information visualization and user interaction,
(305) represents the use of the e-mail interface for sending signed digital documents
(306) represents the module responsible for calculating the hash of the document,
(307) represents the aggregation module of subscriber data with data from the figure returned by the hash (302), and
(308) represents the module for assembly of the final document, which is combined from the scanned document (301), the encrypted hash and the certificate data from (307)
Detailed Description
Figure 1 shows one exemplary embodiment of a hardcopy certification device 115 implementing the systems and methods necessary for hardcopy certification. As shown in Figure 1, the hardcopy certification device 115 includes input interfaces 111, a display unit 120 and input/output interfaces 105.
Figure 3 shows another exemplary embodiment of a hardcopy document, tailored to a specific application: a standalone machine capable of emailing digitally signed versions of hardcopy documents. In this case, most of the general purpose, multiple use complexity of 115 is removed. This embodiment keeps the main functionalities of scan 301, calculate hash 306, hash sign using an asymmetric key pair reader 302, 307, 303, 304, final document assembler 308 and the designated SMTP output 305.
The scanning modules 102 and 301 can be any one of a number of different sources, as long as they can be attached to the certification device, thus ensuring data integrity. A scanner, a digital copier and a facsimile device suitable for generating electronic image data are just a few examples. 102 and 301 modules can be any known or future developed sources capable of providing a digital version of a hardcopy document, as long as it can be attached or be part of the hardcopy certification device. In fact, each of the illustrated modules (or a combination of those) can be replaced by existing, known or future developed modules (or combination of modules), as long as the replacement version retains equivalent capabilities to perform the designated task .
In both embodiments, the crucial goal is to eliminate the user interaction at most, so that users can be assured that the digital pre-signed version of the original hardcopy document has not been compromised in any way. To ensure the process, all operations are executed in the same device and, after scanning, users can only access the final version of the document after the signing phase. This ensures that the signed document is in fact a digital replica of the original document. By digitally signing a document, the person that digitized the hardcopy document (the machine operator) is also responsible for the hardcopy information, since our invention guarantees the original's compliance thereafter.
Even when dealing with tampered versions of this invention, and following Figure 2, showing the workflow for digitize and sign a hard copy document using the Figure 1 embodiment, there would be a few steps where malicious users could alter data: 215, 205, 212, 213 and 214. The step 215 requires an in-depth research; all others will lead to an invalid signature on the final document, thus invalidating the compliance with the original document. Nevertheless, this approach is better than all current approaches, where by default all users (malicious or not) have access to the digital version of the document prior to signing it. With this approach, in order to modify the digital version, and considering that during the entire process the digital unsigned copy of the hardcopy document is never presented to the device operator, the digitizing device would have to be disassembled, and it's hardware modified by the malicious user in order to enable on the fly digital modification.
A preferred embodiment decribes a certification scanner - more and more companies and public services are using digital documents. So that paper documents may come into the flow management of digital documents, these have to be scanned, and preferably digitally signed. This invention accomplishes this set of tasks at once, ensuring document integrity. Nothing prevents the present invention from scanning unsigned documents, so preferably this invention will not be a second scanner, but will preferably be integrated into existing scanners. This scanner has the same outputs and inputs that of the traditional equipments, a smart card reader and a keypad / keyboard for entering settings and pin to access the user's certificate.
Certified mail is another preferred embodiment in companies and institutions where mail is centrally handled, where it is scanned and emailed to their recipients. This device ensures, in a single step, the integrity of data sent and the identity of those who placed the information in the system, since this person is the recognized signer. Moreover, the actual e-mail message can also be digitally signed .
Another preferred embodiment is a specific application for military, security forces and intelligence networks, and secret services, as e.g. the case of document exchange within the EU or NATO. In both cases, where there are documents that must be addressed within these communities there is also the need to digitize physical documents. Given the degree of confidentiality of documents, it is of interest to ensure the fidelity of the fully digital document in respect of the physical document and the person who is responsible for its communication. The invention presented allows a precise answer to this point ensuring the compliance of information and even the identity of the sender. Ensuring the identity of the sender is information that usually exists only in the origin and which is not visible to the receiver end. Furthermore, this invention being prepared to make interfacing with multiple devices and protocols for writing the digital document signed, one can connect it with cipher machines (already existing in the communication network of these communities) of digital information for secure communication of information.
Another preferred embodiment has the specific application in the public administration, enhancing the scanning and authentication of documents on paper, whether for delivery

Claims

to a citizen, whether for purposes of inter-institutional communication. In the case of institutional communication, the validity of the digital document will be dependent on the terms agreed between the institutions, regarding the exchange of digitally signed documents. This usage scenario may allow, for example, a foreigner to use in a host country a digital birth certificate (delivered by the online service from the origin country) and have it considered valid, as would also be the case with a paper version duly signed and stamped.
The following claims set out particular embodiments of the invention .
C L A I M S
A system for generating a digitally signed digital copy from a hardcopy document with authentication and validation characterized by comprising:
a. digitizer module (102) of analog or hardcopy documents ;
b. data processor module able to compute a checksum or hash code of the analog document;
c. cryptographic module (111), able to use asymmetric cryptography to encode the checksum or hash code with the signer private certificate information;
d. assembling module (114), able to combine the digitized data with the encoded checksum or hash code, and with the public certificate information, in order to produce a digitally signed digital document ;
wherein said modules are interconnected and both modules and interconnections are shielded from outside access .
The system according to the previous claim characterized by further comprising a communication module (113, 118), capable of transmitting, transferring or displacing the signed document to a media or system capable of storing digital information.
The system according to the previous claims characterized by further comprising an input device (104) for private certificate information unlock input and connection, or connections, for smart cards, USB data storage and/or other media capable of holding asymmetric keys (103).
4. The system according to the previous claims characterized by further comprising a display (120) and input device (104) for certificate selection, secret code feedback, error messages, operation status, media selection, maintenance tasks, or combinations thereof.
5. A method for generating a digitally signed digital copy from a hardcopy document with authentication and validation characterized by comprising the following steps :
a. digitizing analog or hardcopy documents (202);
b. computing a checksum or hash code of the analog document (205) ;
c. using asymmetric cryptography (210, 211) to encode the checksum or hash code with the signer private certificate information;
d. combining (213) the digitized data with the encoded checksum or hash code, and with the public certificate information, in order to produce a digitally signed digital document;
wherein said steps are shielded from outside access.
6. The method according to the previous claim characterized by further comprising transmitting, transferring or displacing (214) the signed document to a media or system capable of storing digital information .
7. The method according to the claims 5 - 6 characterized by further comprising receiving user input device (207, 208) of private certificate information unlock input through a connection, or connections, to one or more of a smart card, USB data storage and/or other media capable of holding asymmetric keys.
8. The method according to the claims 5 - 7 characterized by further comprising displaying and receiving user input for certificate selection, secret code feedback, error messages, operation status, media selection, maintenance tasks, or combinations thereof.
9. The method according to the claims 5 - 8 characterized by further comprising verifying the integrity and validity of the certificate used for signing the document .
PCT/IB2010/055750 2010-12-10 2010-12-10 System and method for generating a digitally signed copy from a hardcopy document WO2012076937A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
PT9386610 2010-12-10
PT20101000093866 2010-12-10

Publications (1)

Publication Number Publication Date
WO2012076937A1 true WO2012076937A1 (en) 2012-06-14

Family

ID=44276326

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2010/055750 WO2012076937A1 (en) 2010-12-10 2010-12-10 System and method for generating a digitally signed copy from a hardcopy document

Country Status (1)

Country Link
WO (1) WO2012076937A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124277A (en) * 2016-02-25 2017-09-01 上海传真通信设备技术研究所有限公司 A kind of hard copy control system based on national commercial cipher algorithm
IT201900024006A1 (en) * 2019-12-13 2021-06-13 Stefano Quagliarella System and method for generating and storing digitally signed documents
US20220301051A1 (en) * 2013-01-11 2022-09-22 Capital One Services, Llc Systems and methods for managing a loan application

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5157726A (en) 1991-12-19 1992-10-20 Xerox Corporation Document copy authentication
WO1998044676A1 (en) * 1997-03-31 1998-10-08 Intel Corporation A peripheral device preventing post-scan modification
GB2366469A (en) * 2000-08-25 2002-03-06 Hewlett Packard Co Document printout device having digital certificate store.
US6567530B1 (en) 1997-11-25 2003-05-20 Canon Kabushiki Kaisha Device and method for authenticating and certifying printed documents
US20030145200A1 (en) * 2002-01-31 2003-07-31 Guy Eden System and method for authenticating data transmissions from a digital scanner
US7007303B2 (en) 2001-10-10 2006-02-28 Xerox Corporation Systems and methods for authenticating documents
JP2006235885A (en) * 2005-02-23 2006-09-07 Ricoh Co Ltd Document digitization method, document digitization apparatus and document digitization program
US20070016785A1 (en) 2005-07-14 2007-01-18 Yannick Guay System and method for digital signature and authentication
US7268906B2 (en) 2002-01-07 2007-09-11 Xerox Corporation Systems and methods for authenticating and verifying documents
US20070291977A1 (en) * 2006-06-16 2007-12-20 Mccomb Robert James Assured document and method of making
US7523315B2 (en) 2003-12-22 2009-04-21 Ingeo Systems, Llc Method and process for creating an electronically signed document
US20100067691A1 (en) * 2008-04-25 2010-03-18 Feng Lin Document certification and authentication system

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5157726A (en) 1991-12-19 1992-10-20 Xerox Corporation Document copy authentication
WO1998044676A1 (en) * 1997-03-31 1998-10-08 Intel Corporation A peripheral device preventing post-scan modification
US6567530B1 (en) 1997-11-25 2003-05-20 Canon Kabushiki Kaisha Device and method for authenticating and certifying printed documents
GB2366469A (en) * 2000-08-25 2002-03-06 Hewlett Packard Co Document printout device having digital certificate store.
US7007303B2 (en) 2001-10-10 2006-02-28 Xerox Corporation Systems and methods for authenticating documents
US7268906B2 (en) 2002-01-07 2007-09-11 Xerox Corporation Systems and methods for authenticating and verifying documents
US20030145200A1 (en) * 2002-01-31 2003-07-31 Guy Eden System and method for authenticating data transmissions from a digital scanner
US7523315B2 (en) 2003-12-22 2009-04-21 Ingeo Systems, Llc Method and process for creating an electronically signed document
JP2006235885A (en) * 2005-02-23 2006-09-07 Ricoh Co Ltd Document digitization method, document digitization apparatus and document digitization program
US20070016785A1 (en) 2005-07-14 2007-01-18 Yannick Guay System and method for digital signature and authentication
US20070291977A1 (en) * 2006-06-16 2007-12-20 Mccomb Robert James Assured document and method of making
US20100067691A1 (en) * 2008-04-25 2010-03-18 Feng Lin Document certification and authentication system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SCHNEIER, B.: "Applied Cryptography", 1996, JOHN WILEY & SONS, INC.

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220301051A1 (en) * 2013-01-11 2022-09-22 Capital One Services, Llc Systems and methods for managing a loan application
CN107124277A (en) * 2016-02-25 2017-09-01 上海传真通信设备技术研究所有限公司 A kind of hard copy control system based on national commercial cipher algorithm
CN107124277B (en) * 2016-02-25 2023-08-11 上海航天智能装备有限公司 Hard copy control system based on national commercial cryptographic algorithm
IT201900024006A1 (en) * 2019-12-13 2021-06-13 Stefano Quagliarella System and method for generating and storing digitally signed documents

Similar Documents

Publication Publication Date Title
JP6296060B2 (en) How to use an analog digital (AD) signature with additional confirmation to sign a document
US7178030B2 (en) Electronically signing a document
KR100734737B1 (en) Methods, apparatus and computer programs for generating and/or using conditional electronic signatures for reporting status changes
US7188362B2 (en) System and method of user and data verification
US8285991B2 (en) Electronically signing a document
US20120191979A1 (en) System and method for electronic signature via proxy
US7353393B2 (en) Authentication receipt
JP4788212B2 (en) Digital signature program and digital signature system
CN101136046B (en) Electric signing verification system and method thereof
US20060224895A1 (en) System and methods for electronically notarizing scanned documents
US20020004800A1 (en) Electronic notary method and system
JP2007081482A (en) Terminal authentication method, apparatus and program thereof
US20020054334A1 (en) Document transmission Techniques I
US10250391B2 (en) Communication apparatus, method of controlling the same, and storage medium
CN102867261A (en) Fingerprint digital certificate-based electronic contract signing method
US8737614B1 (en) Document imaging system with identity-based encryption
US20030145200A1 (en) System and method for authenticating data transmissions from a digital scanner
CN108833431A (en) A kind of method, apparatus, equipment and the storage medium of password resetting
US20080034212A1 (en) Method and system for authenticating digital content
US6904524B1 (en) Method and apparatus for providing human readable signature with digital signature
WO2012076937A1 (en) System and method for generating a digitally signed copy from a hardcopy document
JP2008234143A (en) Subject limited mail opening system using biometrics, method therefor, and program therefor
US20020032862A1 (en) Document Transmission techniques II
KR101933090B1 (en) System and method for providing electronic signature service
JP2003134108A (en) Electronic signature, apparatus and method for verifying electronic signature, program and recording medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10813120

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10813120

Country of ref document: EP

Kind code of ref document: A1