METHOD, APPARATUS AND SYSTEM

FOR GENERATING A DIGITAL SIGNATURE

LINKED TO A BIOMETRIC IDENTIFIER

The invention relates to a method, an apparatus and a system for generating a digital signature linked to a biometric identifier of the signatory.

There are a number of different methods known for the electronic authentication and signing of electronic documents. Electronic signature of advanced security is defined by the law as an electronic signature being capable of identifying the signatory, being uniquely linked to the signatory, being created using means that the signatory can maintain under his or her sole control and being linked to the content of the document in such a manner that any change of the document made subsequently to the signing is detectable.

In case of most of the solutions in the field of electronic signatures the signatory is able to put his or her signature on the electronic document by using the Public Key Infrastructure (PKI) provided that he or she holds a unique object and/or piece of information. The object can be e.g. a smartcard, a USB token, etc. while the piece of information can be a PIN, a password, etc. In most cases the signing takes place in effect by using a secret key stored on said object, that can be released by means of said piece of information. In this case, however, the signature is, actually, linked to the possession of said object and/or said piece of information instead of the person. Accordingly, a need has arisen for a solution in which a biometric identifier being uniquely linked to the actual person must (also) be inputted. One of the simplest biometric identifier is the biometric data of the handwritten signature of the person, including the co-ordinates, the velocity, the acceleration and the pressing force of the pen as a function of time and/or the co-ordinates of the pen-down or pen-up points. At the same time, further to the biometric data of the signature, the simple image of the signature is the conventional means for signing a paper document. Biometric identifiers include e.g. the iris-scan, the retina-scan, the fingerprint, etc.

Japanese patent application N° JP2003134108 discloses a system for electronic signing linked to a handwritten signature or another personal identifier, a seal impress or a finger-

print. In this solution the user creates an original document and a signature processing unit, on the one hand, receives an electronic version of the original document through inputting means and, on the other hand, after displaying the document, it receives an electronic version of the identifier, e.g. a handwritten signature, through another inputting means. The system combines the document and the identifier data, creates a digital signature for the dataset obtained thereby, combines the signature with the dataset and outputs the result obtained. It is a drawback of this system that the electronic version of the identifier inputted cannot be uniquely linked to the signed electronic document and the signature extracted from the signed document can be used to sign a further document therefore. It is another drawback that the signatory must have a digital signature (which, actually, on its own could serve for signing the electronic document).

It is a main object of the present invention to provide a solution, in which a biometric identifier, such as a signature created electronically but in a handwritten form, can meet the requirements set for electronic signatures even if the signatory does not hold a conventional signature based on a cryptographic method, which is a PKI-based signature in most of the cases.

A further object of certain embodiments of the invention is to provide a solution, in which the digital signature being linked to the biometric identifier can only be put on the electronic document in a trusted and identified environment, i.e. by using such devices.

These objects can be attained by means of providing a system, an apparatus and a method as defined in the independent claims. Certain preferred embodiments are disclosed in the dependent claims.

The invention will be described in details below by way of exemplary embodiments thereof with reference to the accompanying drawings in which

Fig. 1 shows a schematic block diagram of a first embodiment of the apparatus according to the invention;

Fig. 2 shows a flowchart illustrating an embodiment of the method according to the invention;

Fig. 3 shows a block diagram of a second embodiment of the apparatus according to the invention;

Fig. 4 shows a schematic block diagram of an embodiment of the system according to the invention;

Figs. 5a and 5b together show a flowchart illustrating another embodiment of the method according to the invention and

Fig. 6 is a diagram showing the structure of a signed electronic document package that can be generated by means of a preferred embodiment of a method according to the invention.

A schematic block diagram of a preferred embodiment of the apparatus 1 for generating a digital signature linked to a biometric identifier, according to the invention is showed in figure 1 while a flowchart of a preferred embodiment of the method according to the in- vention is showed in figure 2. By means of the apparatus and the method, one or more signatories, i.e. one or more so-called 'customers' in this embodiment, put their digital signatures being linked to their biometric identifiers, i.e. to their handwritten signatures in this example, on a document. A second person, a so-called 'representative' participates in creating the signature; as it will be shown, his or her digital signature based on a crypto- graphic method, i.e., in this case, a PKI-based digital signature is used in the course of the method. E.g., the signatory can be a client of a firm, while the representative can be an employee of said firm. By using the apparatus and the method, the customer can put his or her digital signature being linked to his or her biometric identifier e.g. on an order that he or she intends to give to said firm.

The document to be signed may be one or more computer files of any types, e.g. files of desktop publishing, word processing, spreadsheet or image processing, etc. applications to

mention just a few of the possibilities, among others, these can be files obtained by scanning paper documents. Preferably, the document is composed of XML-structured files.

The apparatus 1 comprises means 2 for receiving a document to be signed and for storing it as an electronic document; means 3 for receiving an identifier from at least one signatory and means 4 for processing the electronic document and the identifier. The processing means 4 comprise means 5 for generating a digest; encrypting means 6 and digital signing means 7.

At the beginning of the method the document to be signed is received and it is stored as an electronic document via said means 2 (step 10; see figure 2). In case the document to be signed is ab ovo available in the form of computer file/s, it involves the reception of the file from the given application and the storing thereof on a storage means (not shown). Any type of data storage devices working on an electronic, magnetic, optical, or any other prin- ciple can serve as the storage means, such as a memory, a disk, etc. It can also be envisaged that only the address/es indicating the location/s of the file/s is/are received from the source application and the file/s itself/themselves is/are not copied or moved. If the document to be signed is a paper document, the digitalization thereof takes place via said means 2, e.g. a scanner and it is stored in a suitable format. In a preferred embodiment of the method according to the invention the electronic document can be displayed on a display device (not shown) of the apparatus 1 at this time.

Then the biometric identifier of the customer is received via said means 3 and it is stored as biometric data (step 11). In this embodiment said means 3 is a digitizing tablet and the handwritten signature of the signatory, i.e. of the costumer is received for the biometric identifier and the complete dynamics thereof are stored as biometric data, i.e. the co-ordinates and/or the velocity and/or the acceleration and/or the pressing force of the pen is/are stored as functions of time and/or the co-ordinates of the pen-down and pen-up points are stored. Accordingly, instead of or in addition to the image of the signature the way of cre- ating the signature is actually stored. These data, unlike the mere image of the signature, allow a true biometric identification. In other embodiments other biometric identifiers can be used instead of the handwritten signature by utilizing an appropriate means 3; iris-

scans, retina-scans, fingerprints, vein patterns, facial images, hand geometries, etc. can be used. Said means 3 for capturing the biometric data are well known to a person skilled in the art, the biometric data can be recorded e.g. by means of an iris-scanner in case of iris- scans or by means of a fingerprint reader in case of fingerprints.

After storing the electronic document — optionally concurrently with the reception of the biometric identifier — a digest of the electronic document is generated via the digest generating means 5, in this example, by using the SHA-I algorithm (step 12). In other embodiments the digest can be made by using the MD5 algorithm or by other suitable algo- rithms.

Having the digest been obtained and the biometric data been stored, the digest is associated with the biometric data and the first set of information obtained thereby is encrypted via said encrypting means 6, in this embodiment, by using the 3DES algorithm in order to generate a biometric signature (step 13). Since the digests of different documents are, with great probability, not identical and the digest of the document is encrypted together with the biometric data, the biometric signature so obtained cannot be transferred to another document. It means that if an attacker extracts the so generated biometric signature from a document that was signed in accordance with the invention, such biometric signature can- not be used to sign a further document having a different digest. In other embodiments other algorithms, such as the DES, AES, Blowfish, RSA, etc. algorithms can be used the same way instead of the 3DES encrypting algorithm.

Lastly, the biometric signature is associated with the electronic document and the second set of information obtained thereby is signed with the digital signature of the representative via digital signing means 7 in order to generate a signed electronic document package (step 14). In this embodiment the biometric signature together with the electronic document to be signed is placed into a common standard XML file. This XML file holds together the two parts like an envelope. The representative creates, via means 7, a PKI- based digital signature which relates both to the document and to the biometric signature simultaneously. The object of this digital signature is to bind together the biometric signature and the document and to assure that none of these can be altered later in an unau-

thorized manner. Additionally, it also authenticates the circumstances of the creation of the biometric signature originating from the handwritten signature (i.e. that the customer made his or her signature before a given representative, by his or her own hand and on a given means 3). The digital signature of the representative can be a standard PKI-based digital signature that can be created by means of a certificate and a PKI secret key stored in the apparatus 1. In this embodiment the signature of the representative is based on the RSA algorithm, however, other algorithms capable of generating a cryptographic method- based digital signature can also be used, such as KCDSA, ECDSA, DSA, 3DES, DES, AES, Blowfish, etc. The generation of the signature can be accomplished via software means by using a key stored inside the apparatus 1 or by means of a smartcard or a USB token. The digital signature of the representative is created on the XML file and the signature itself is also stored in this standard XML package.

Thus, the electronic document package, the signing of which was linked to the biometric identification is ready to be archived and used, at choice, in a computer system or the signature of the representative that has been put on it can be verified, in this case, in accordance with the PKI.

Obviously, the biometric identifiers of several signatories can be inputted in step 11. In this case all of the biometric data belonging to each biometric identifier are associated with the digest of the electronic document and the first set of information obtained thereby is encrypted in step 13. This way, the biometric signature obtained comprises all data belonging to the biometric identifier of each signatory. As a further option, it is also possible to additionally receive the biometric identifier of the representative via said means 3 and to incorporate the biometric data belonging thereto in the biometric signature in addition to the biometric data of the signatory.

Preferably, the apparatus 1 can be implemented by a PDA or a tablet PC. In this case the touch screen of the PDA or the tablet PC forms said means 3 for receiving the biometric identifier, while said other means 2, 4, 5, 6, 7 can be implemented in software. Instead of the PDA or the tablet PC, a notebook, a desktop PC or other computer devices provided with appropriate peripherals can be used as well. It is also possible to envisage that the

different parts of the apparatus 1 are implemented by separate hardware devices or by software running on computer devices constituting a network.

Figure 3 shows a slightly modified embodiment of the apparatus according to the inven- tion. In this embodiment a visual representation of the biometric identifier e.g. a simple image of the handwritten signature is also generated via said means 8 from the biometric data having been derived from the biometric identifier received. The visual representation can be stored e.g. as a bitmap or a vector graphic file. The biometric data, i.e. the dynamics of the signature cannot be reproduced from the visual representation. Accordingly, prior to signing the electronic document and the biometric signature with the PKI-based digital signature of the representative by means of the digital signing means 7 the visual representation may be associated with the electronic document and with the biometric signature without using the encryption that is applied to the biometric data. A benefit of such a visual representation is that it can be freely extracted from the signed electronic docu- ment package and it can be displayed or printed together with the electronic document at any time therefore. This will call to mind the well-known conventional signature for the user. However, this extractable information i.e. the image of the signature cannot be used to sign other documents in accordance with the invention since it would require the biometric data.

It is to be noted that in a preferred embodiment, when the handwritten signature is inputted, the image thereof can be displayed on the display device of the apparatus 1 concurrently with the signing in order to provide the customer with a visual feedback. This will be most effective when said means 3 for receiving the biometric identifier itself is also a display as in the case of PDAs, tablet PCs, touch screens, etc.

In another embodiment of the method, instead of a cryptographic method-based digital signature of a second person i.e. the representative, the second set of information is rather signed with that of the signatory himself or herself. In this way a signed electronic docu- ment package is generated that has been signed with both the biometric and the e.g. PKI- based electronic signature of the signatory.

In a further embodiment of the method, instead of a cryptographic method-based digital signature of a second person i.e. the representative, the second set of information is rather signed with that of the apparatus 1 or another means connected thereto. In this way a signed electronic document package is generated that is linked to the signatory via the biometric signature and in relation of which the e.g. PKI-based digital signature of the apparatus 1 attests that the biometric signature of the signatory was created on a proper apparatus 1. This embodiment of the method facilitates the biometric identifier-linked signing of an electronic document by means of an apparatus 1 being placed e.g. in a client room of a governmental organization or a service provider even without the participation of a representative.

A particularly preferred embodiment of the method of the invention can be performed in a system 30 for generating a digital signature linked to a biometric identifier, the system 30 being shown in figure 4.

The system 30 comprises one or more apparatuses 1 according to the invention and a central server 32 being connected thereto via network 31. In the course of the method the apparatuses 1 operate as client devices of the central server 32. The network connections between the central server 32 and the apparatuses 1 can be implemented on several plat- forms like Ethernet, WLAN, GPRS, GSM modems, EDGE, Bluetooth, data cables, infrared ports as well as the combinations thereof.

The flowchart of this preferred embodiment is shown in figure 5a and in figure 5b connecting thereto; the first five steps 10 to 14 are identical with those steps that were de- scribed with reference to figure 2. The already generated electronic document package is sent to the central server 32 by means of the client device through a secure data channel that is implemented over the network 31 as a transmission medium and the central server 32 receives it (step 16). The communication established through the secure data channel is based on encryption and the network devices and software means being involved in such a communication are capable of identifying one another. In this embodiment the secure data channel is implemented by using the SSL protocol. In other embodiments other

protocols like the TLS, SNMPv3, VPN, HTTPS, FTPS, TelnetS, IMAPS or IPSec, etc. can also be used.

When the system 30 is set up, a database being stored on the central server 32 or being accessible for the central server 32 is established, which contains information relating to the client devices being used in the system 30, based on which information the client devices can be identified. The similar way, information relating to entities authorized to digitally sign the second set of information with the cryptographic method-based digital signature is stored in said database, based on which information the signing entities can be identified. These entities can be the representatives, the signatories or the devices already mentioned in connection with the respective embodiments of the invention, the cryptographic method-based digital signature of each of whom/which is put on the second set of information. Throughout the use of the system 30 the database has to be updated in order to ensure that it always contains information relating to the actual client devices and sign- ing entities.

The central server 32 identifies the client device (the hardware device itself and/or the sending application running on it) sending the signed electronic document package in the course of the communication through the secure data channel and goes on with the execu- tion of the method only if the client device is present in the database (steps 17, 18). As a result of this, a fake signed electronic document package having possibly been generated on an attacking device connected to the network will not be processed. The central server 32 identifies the signing entity based on the cryptographic method-based digital signature that has been put on the signed electronic document package and proceeds with the exe- cution of the method only if it is also present in the database (steps 19, 20). Thus, in those embodiments where the signing entity is a natural person, the signing of the electronic document by means of a device belonging to the system 30 with the participation of an unauthorized person can be avoided.

Preferably, when identifying the signing entity, at the time of the processing of his, her or its digital signature, the validity of the signature can be checked.

If the identification of the sending client device or the second person failed, preferably, an error message can also be generated and it can be sent to the client device and/or to a person administering the system or the fact of the failed identification can be logged.

If the identification was successful, the central server 32 puts its own cryptographic method-based, e.g. PKI-based, digital signature to the received package in order to generate a double signed electronic document package (step 21). The central server 32 authenticates thereby that the given package arriving from a client device being recognised by the central server 32 as authentic (and, in case of some embodiments, by the participation of an authorized representative or an authorized signatory). Furthermore, this signature protects the whole package from the subsequent alteration attempts. The digital signature of the central server 32 can be based on one of the protocols that were mentioned in connection with the signature of the representative or another signing entity. In a preferred embodiment the XML package is signed and the signature itself is also stored in the XML package.

Then, as an extremely preferred step of the method according to the invention, it is also possible to request, by means of the central server 32, a time-stamp compliant to the RFC 3161 protocol, likewise, through a secure data channel from a time-stamp server 33 being connected to the network (step 22). The time-stamp server 33 responds to the request by sending a time-stamp to the central server 32, which time-stamp is received by means of the central server 32 (step 23) and the received time-stamp is attached to the double signed electronic document package afterwards in order to generate a time-stamped double signed electronic document package (step 24). Preferably, the time-stamp made is written into the XML package as a set of binary data.

The time-stamp server 33 can be an independent, separate server maintained by an independent organisation that guaranties the accuracy and the authenticity of the time information. Alternatively, the time-stamp server 33 can be a separate application running on a computer being the central server 32. The object of the time-stamp in the procedure is to authenticate that the time of signing precedes a given moment, i.e. the time of requesting

the time-stamp. Thus, a subsequent conflict regarding the time of generation can be prevented.

Expediently, an acknowledgement concerning the successful execution of the procedure is then sent to the client device through the secure data channel by means of the central server 32 (step 25).

One or more preferred steps (digital signing by the central server 32, attaching a time- stamp, sending an acknowledgement) described in relation to the system of the invention can be omitted and/or the time-stamp can be attached to the signed electronic document package prior to signing if digitally.

Figure 6 shows an example of the structure of a time-stamped double signed electronic document package generated by means of one of the above described preferred embodi- ments of the method according to the invention. The biometric signature 43 is formed by encrypting the digest 41 and the biometric data 42. Having been added the electronic document 44 and possibly the visual representation 45 of the biometric identifier thereto and having been signed it with the cryptographic method-based digital signature 46 of the representative or other signing entity, the signed electronic document package 47 is ob- tained. Preferably, the digital signature 48 of the central server 32 is put thereon, resulting in the double signed electronic document package 49 and, lastly, having been attached the time-stamp 50 thereto, the time-stamped double signed electronic document package 40 is obtained. The embedded structure of the repeatedly referenced preferred example as it is shown in figure 6 indicates the embedded structure within an XML file compliant to the ETSI TS 101 903 standard.

An advantage of the present invention is that it facilitates an authentication method being based on a biometric identifier e.g. a handwritten signature created by means of an electronic device. By using the invention, processes currently being implemented on a paper basis can be transferred into the electronic domain, which processes were not suitable for it because of the necessity of the handwritten signature.

At the time of inputting the biometric identifier the biometric data 42 are encrypted. It assures that these are not accessible for other persons. In the course of this encryption the digest 41 of the electronic document 44 to be signed is also incorporated in the encrypted data. Thus, a particular signature cannot be attached to another document, hence, the system guaranties that the signatures (biometric identifiers) already captured cannot be used in an unauthorized manner or cannot be faked. In some embodiments the signing takes place with the participation of two persons. One of the persons is the representative, who (e.g. in the course of the conclusion of a contract) represents one of the parties while the other person is the customer, who puts his or her handwritten signature on the elec- tronic documents 44 being made. The biometric signature 43 and the electronic document 44 is bound together by means of the PKI-based digital signature 46 of the representative. It has two advantages. On the one hand, it renders the security level of the binding of the two parts extremely high and on the other hand, it also authenticates (certifies) the circumstances of the creation of the handwritten signature. In other embodiments, where the cryptographic method-based digital signature is linked to a device instead of a person, the circumstances of the creation of the biometric identifier-linked digital signature are likewise authenticated because it could only be created by using that certain device.

The method, the apparatus 1 and the system 30 according to the invention can be used even for notarizing, wherein the second set of information is signed with a cryptographic method-based, e.g. PKI-based, digital signature of a notary public.

In some preferred embodiments of the invention the central server 32 also puts its own digital signature 48 on the signed electronic document package 47 incorporating the handwritten signature/s and then it requests a time-stamp 50 therefor. Thus, it authenticates that all data arrived from a trusted environment through a secure data channel and the time of the arrival is recorded in a demonstrable manner by means of the time-stamp 50.

An extremely advantageous aspect of the method, the apparatus 1 and the system 30 according to the invention is that those are based on the most secure and most reliable cryptographic solutions of our days and the digital signature linked to the biometric identi-

fier is likewise secure and reliable therefore. Moreover, as the infrastructure of cryptography develops, the cryptographic tools used for generating the digital signature of the invention can be upgraded as well.

Although the invention has been illustrated by describing preferred embodiments thereof, it is not limited to those embodiments; a person skilled in the art can perform a great number of variants and modifications without departing from the scope of the appended claims.

List of abbreviations

PKI Public Key Infrastructure USB Universal Serial Bus PIN Personal Identification Number XML eXtensible Markup Language SHA-I Secure Hash Algorithm MD5 Message Digest 3DES Triple Data Enciyption Standard DES Data Encryption Standard AES Advanced Encryption Standard RSA Rivest-Shamir-Adleman KCDSA Korean Certificate-based Digital Signature Algorithm ECDSA Elliptic Curve Digital Signature Algorithm DSA Digital Signature Algorithm PDA Personal Digital Assistant PC Personal Computer

WLAN Wireless Local Area Network GPRS General Packet Radio Services GSM Global System for Mobile Communication EDGE Enhanced Data GSM Environment TLS Transport Layer Security SSL Secure Socket Layer

SNMPv3 Single Network Management Protocol version 3

VPN Virtual Private Network

HTTPS HyperText Transfer Protocol over SSL

FTPS File Transfer Protocol over SSL

TelnetS Telnet over SSL

IMAPS Internet Message Access Protocol over SSL

IPSec Internet Protocol Seurity