WO2003044639A2 - Method and device for processing digital signatures - Google Patents

Method and device for processing digital signatures Download PDF

Info

Publication number
WO2003044639A2
WO2003044639A2 PCT/FR2002/003977 FR0203977W WO03044639A2 WO 2003044639 A2 WO2003044639 A2 WO 2003044639A2 FR 0203977 W FR0203977 W FR 0203977W WO 03044639 A2 WO03044639 A2 WO 03044639A2
Authority
WO
WIPO (PCT)
Prior art keywords
signature
document
user
signature processing
digital
Prior art date
Application number
PCT/FR2002/003977
Other languages
French (fr)
Other versions
WO2003044639A3 (en
Inventor
Daniel Bois
Laurent Gauteron
Jean-Luc Giraud
Original Assignee
Gemplus
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemplus filed Critical Gemplus
Priority to AU2002356250A priority Critical patent/AU2002356250A1/en
Publication of WO2003044639A2 publication Critical patent/WO2003044639A2/en
Publication of WO2003044639A3 publication Critical patent/WO2003044639A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/84Protecting input, output or interconnection devices output devices, e.g. displays or monitors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Definitions

  • the invention relates to a secure method and device for producing digital signatures and verifying digital signatures. It is particularly suitable for environments that are not secure by nature, including for example computers, Internet links, etc.
  • the invention guarantees that a document viewed and read on a screen or presented to a user by any other device called " peripheral "such as a printer, a speaker, ..., corresponds well to the document which is or will be signed.
  • peripheral such as a printer, a speaker, ...
  • processing of digital signatures to signify the creation or verification of such a signature and we will understand by document any data set in the broad sense: it can be a text, data sound or any other type of data that a user may have an interest in signing to signify his agreement.
  • the prior art is based on cryptographic techniques to generate digital signatures.
  • a prior art device which uses an RSA algorithm in a personal computer environment, is shown in Figure 1.
  • the computer personnel (PC) 1 contains software which manages the production of digital signatures as well as the public key necessary for the cryptographic algorithm.
  • a cryptographic signature unit 3 which mainly comprises a microcontroller, and which performs the signature: this unit in particular ensures that the private key used by the cryptographic signature algorithm remains inaccessible.
  • the PC management software sends the document to be signed to screen 5 to present it to view 6 of the user by a conventional VGA connection connecting the input 4 and output 4 connectors. '' of the screen and the PC respectively. Then the user after reading gives his agreement on the PC: the document is then reduced by a hashing algorithm executed on the PC. The result of this calculation is sent to the cryptographic unit 3 via a digital link between the digital ports 2 of the PC 1 and the cryptographic unit 3. The latter contains the private key and the signature algorithm. with which she transforms the hashed document into a signed hash. Generally, the cryptographic unit uses a smart card for security reasons. Another equivalent device is to provide a PC with an integrated card reader.
  • the signed hashed document, the hashed document, and the public key are sent to the cryptographic unit 3 which verifies by a new calculation using the public key that the signature is valid.
  • the signature calculation or signature verification which can be carried out by various signature algorithms (symmetric cryptography or asymmetrical for example) suitably. Our invention does not relate to this calculation as such.
  • a first object of the present invention consists in defining a method and its associated device for carrying out the digital signature of documents in a reliable manner.
  • a second object of the present invention consists in proposing a relatively simple and inexpensive solution.
  • a third object of the present invention is to provide a solution compatible with existing computer devices, in particular PCs, screens, printers, means of communication ...
  • the invention is based on a secure digital signature processing device comprising a cryptographic unit for processing the digital signature of a document originating from a computer type computer device, characterized in that it comprises means for selecting an operating mode. and display means for presenting said document to a user on a device beyond the influence of the computing device in a signature processing mode.
  • the signature processing device may include means for enabling direct connection between a computing device and a peripheral in a transparent mode of operation. It may include an indicator so as to indicate to a user the current operating mode of said device.
  • It can have a digital port for exchanging a document whose signature is to be processed with a computer device.
  • it is suitable for processing the signature of a document exchanged with a computer device in an interpreted format and contains an interpreter to allow the translation of the document before its display by a video converter.
  • It may further comprise a user-friendly means for controlling the display of a document in a signature processing mode.
  • the invention has a card reader of the smart card type, said card comprising an interpreter and / or a cryptographic unit. Provision may be made for a means such as a button for switching from transparent mode to signature processing mode as well as means for identifying the user.
  • the invention is also based on a method of producing a digital signature characterized by the following steps:
  • a document to be signed is sent from a computer device to a secure device for signature processing as presented above; the signature processing device switches from a transparent mode to a signature processing mode during which it presents the document to a user on a peripheral device outside the influence of the computing device; the user triggers the signature of the document which is carried out within the cryptographic unit of said signature processing device; It is possible to add the following step before the previous ones: - the computing device is connected to a peripheral by means of the signature processing device in a transparent mode;
  • the method provides for the transmission of the document to the signature processing device in the form of a digital signal in an interpreted format and the transformation of the signal by an interpreter before being presented to the user on an output device. .
  • the invention is based on a digital signature verification method characterized in that it comprises the following steps:
  • a document whose signature is to be verified as well as his signature are sent from a computer device to a secure signature processing device as described above; the signature processing device switches from a transparent mode to a signature processing mode during which it presents the document to a user on a peripheral device outside the influence of the computing device; the cryptographic unit of the signature processing device verifies the signature of the document.
  • transmission of the document to the signature processing device can be in the form of a digital signal in an interpreted format and the signal can be transformed by an interpreter in order to be presented to the user.
  • FIG. 2 shows a first embodiment of an electronic signature device according to the present invention
  • FIG. 3 shows a second embodiment of an electronic signature device according to the present invention.
  • Figure 1 has been described above.
  • the principle of the invention consists in inserting a secure signature processing device 10 between a computer document storage device (1), such as a computer, a PDA or a telephone for example, and a so-called "peripheral" device such as a screen, printer, etc., the function of which is to present the content of documents to a user.
  • the secure device 10 controls the peripheral in a signature processing mode, during which the non-secure storage device does not intervene.
  • FIG. 2 represents a first embodiment of the invention in which a device 10 is inserted between a PC 1 and a screen 5.
  • a digital link between the device 10 and the PC 1 is established via their ports 2 respective: this link is for example of the USB or network type.
  • the device 10 further comprises an input 4 and an output 4 'of analog type, for the purpose of exchanging analog signals, of VGA type. It also contains an analog / digital converter 11 and a video converter 12, the functions of which are described below.
  • a cryptographic unit 3 similar to that of the prior art processes the digital signature.
  • the microcontroller of this unit also manages the operation of the entire device and in particular, using a s itch 13 and a switch 16 establishes a means of selecting an operating mode from two modes.
  • An indicator is provided (not shown), for example an LED, to indicate to the user the currently selected operating mode.
  • the secure signature device 10 In a first transparent mode, the secure signature device 10 is inactive. The input 4 and its output 4 'are connected directly to each other by means of the switch 13 in a first position and of the switch in the closed position. A conventional VGA link is thus established between the PC 1 and the screen 5. In a second mode, it makes it possible to process the document signature.
  • the document transformed from its analog form into a digital signal, in bitmap format, by the converter 11 before being communicated to the cryptographic unit 3, is signed in a manner similar to art prior.
  • the signed document and the bitmap used are then returned to PC 1.
  • PC contains the bitmap document as well as its signature, a term improperly used to designate the hashed and signed document according to the method described above.
  • the user will indicate his wish to verify the signature of the document by pressing the 1 key.
  • the signature and the bitmap document are transmitted to the cryptographic unit 3 by the digital link (via port 2).
  • the signature is verified according to the method of the prior art.
  • the document is displayed on the screen 5 via the video converter 12 and then its 4 'output, the switch 13 being in the second position.
  • the user can therefore view the document which is signed on the screen, while being sure that what he reads corresponds to what is signed.
  • FIG. 3 represents a second embodiment of the invention.
  • This embodiment is more particularly suitable for signing large documents.
  • the processing of these documents poses a first problem of transfer time to the security device 10 since the data corresponding to images can be very large.
  • a second problem arises when signing these documents by the fact that only a small part can be viewed at a given instant on the screen 5.
  • the previous embodiment is suitable for processing these documents by a "screen by screen” processing: the signals corresponding to a screen are sent to the device 10, presented on the screen 5, signed and then returned to the PC before then allowing similar signature of the following data corresponding to a new screen.
  • the second embodiment seeks to improve the user-friendliness of this treatment.
  • the device 10 includes some differences compared to the device of the previous embodiment.
  • a new driver is planned within the PC which offers the menus of "signature” and "signature verification” to the user. The processing of the signature is thus managed on the PC in a similar way to the processing of a print for example.
  • the user 6 wishing to sign a document chooses a "signature" option on his PC.
  • the signature driver will then transform the document into a predetermined digital format, chosen for its universal character as well as for the small space memory it uses: for example, postscript, PCL, Windows Meta File (WMF), PDF formats may be suitable, bitmap format is not suitable because it requires too much memory space.
  • WMF Windows Meta File
  • PDF formats may be suitable, bitmap format is not suitable because it requires too much memory space.
  • the term "interpreted format” will be used to determine this set of possible formats having the qualities described above.
  • this transformed document is sent to the cryptographic unit 3.
  • the entire document is transmitted to the device 10. Thanks to the interpreted format, this transmission is rapid.
  • the switch 13 then switches to its second position and the device 10 takes control of the screen 5.
  • the display of the entire document on the screen 5 is then managed by the device 10 via the interpreter 17 and the video converter 12.
  • Means are provided within the device 10 (not shown) to allow the user of user-friendly display commands such as scrolling through the document to facilitate re-reading, for example.
  • This embodiment offers this possibility in particular by the fact that the device 10 has the entire document.
  • the user will then trigger the signature by pressing the key 15.
  • the realization of the signature then proceeds as before.
  • This embodiment is suitable for signing the document as a whole as for signing the document in pieces, page by page for example.
  • the document is sent to the device 10 by the signature driver in the same way as for the signature.
  • the corresponding signature (the signed hashed document) is also transmitted to the device 10.
  • the latter performs, on the one hand, the usual calculations for verifying the signature and, on the other hand, displays the content of the signed document for verification by the user. .
  • the result of the verification can be displayed on screen 5 or be indicated to the user by means of a red / green indicator.
  • This second embodiment therefore offers a user-friendly solution adapted to the processing of the signature of large documents since it allows on the one hand a user-friendly visualization of the document and on the other hand rapid data exchanges between the PC and the device. It can therefore be seen that the invention provides a reliable solution for processing the signature, which guarantees the user the accuracy of the content of the document which he is handling and which is signed.
  • This content is presented via a peripheral such as a screen 5, a printer 20 for a paper output or a loudspeaker (not shown) for the sound data.
  • the transparent mode described in the modes of embodiment consists in interposing the device between a computer and a screen, so that the connectors 4 and 4 ′ are connectors for “screen” signals.
  • the same inventive concept can be reproduced with any other combination of computing device and output device.
  • the solution requires little or no change to PCs and peripherals, and is based on a simple and inexpensive device.
  • the use of a smart card within the device 10 to fulfill certain functions requiring great security such as the storage of the private key and / or the execution of the algorithm signing and / or checking the display, including for example the interpreter, can bring great benefits, not only in terms of security but also in terms of flexibility of use; indeed, by a simple change of card, the device can allow several users to sign one or more documents (each inserts their personal card), the device can become compatible with several PCs which would not have opted for the same driver signature (insert the card containing the correct interpreter) ... -The device 10 can be provided with a device test program, which sends specific data to the latter, to verify that it does not have a abnormal behavior.
  • the same device can be easily adapted to digital screens by a person skilled in the art: in fact, in this context, the device 10 is simplified since there is in particular no longer any need to provide analog / digital converters.
  • -We can provide that the user gives the green light for a signature after identifying himself by entering a PIN code or biometric data, either by a sensor on the device 10 or by a sensor located directly on a smart card.

Abstract

The invention concerns a secure device for signature processing (10) interposed between a computerized device for storing documents (1), such as a computer, a PDA or a telephone for example, and a so-called peripheral device (5) such as a display screen, a printer, which is used to display to a user the content of the document whereof the digital signature is to be processed. In that configuration, the secure device (10) controls the peripheral in a signature processing mode, during which the non-secure storage device is not involved. Said device (10) further contains a digital port, a cryptographic unit, a video converter, an input and a display output.

Description

Procédé et dispositif pour le traitement des signatures numériques Method and device for processing digital signatures
L'invention concerne un procédé et un dispositif sécurisé pour réaliser des signatures numériques et vérifier les signatures numériques. Elle est notamment adaptée aux environnements non sécurisés par nature, comprenant par exemple des ordinateurs, des liaisons Internet... Particulièrement, l'invention garantit qu'un document visualisé et lu sur un écran ou présenté à un utilisateur par tout autre appareil dit « périphérique » comme une imprimante, un haut- parleur,..., correspond bien au document qui est ou sera signé. Nous utiliserons par la suite le terme « traitement » de signatures numériques pour signifier la réalisation ou la vérification d'une telle signature et nous entendrons par document tout ensemble de données au sens large : il peut s'agir d'un texte, de données sonores ou de tout autre type de données qu'un utilisateur peut avoir intérêt à signer pour signifier son accord.The invention relates to a secure method and device for producing digital signatures and verifying digital signatures. It is particularly suitable for environments that are not secure by nature, including for example computers, Internet links, etc. In particular, the invention guarantees that a document viewed and read on a screen or presented to a user by any other device called " peripheral "such as a printer, a speaker, ..., corresponds well to the document which is or will be signed. We will then use the term “processing” of digital signatures to signify the creation or verification of such a signature and we will understand by document any data set in the broad sense: it can be a text, data sound or any other type of data that a user may have an interest in signing to signify his agreement.
Avec le développement du commerce électronique et des échanges électroniques en général, le développement de la signature numérique devient nécessaire. Un cadre légal se met déjà en place pour reconnaître la signature numérique comme moyen de preuve. Dans ces conditions, il est important de considérer les moyens techniques pour générer des signatures numériques fiables . L' art antérieur repose sur des techniques de cryptographie pour générer les signatures numériques . Un dispositif de l'art antérieur, qui utilise un algorithme RSA dans un environnement d' ordinateur personnel, est représenté sur la figure 1. L'ordinateur personnel (PC) 1 contient un logiciel qui gère la réalisation des signatures numériques ainsi que la clé publique nécessaire à l'algorithme cryptographique. Pour assurer la sécurité du procédé, il est relié à une unité cryptographique 3 de signature, qui comprend principalement un microcontrôleur, et qui réalise la signature : cette unité assure notamment que la clé privée utilisée par l'algorithme cryptographique de signature reste inaccessible. En vue de signer un document, le logiciel de gestion du PC envoie à l'écran 5 le document à signer pour le présenter à la vue 6 de l'utilisateur par une connexion classique VGA reliant les connecteurs d'entrée 4 et de sortie 4' respectivement de l'écran et du PC. Puis l'utilisateur après lecture donne son accord sur le PC : le document est alors réduit par un algorithme de hachage exécuté sur le PC. Le résultat de ce calcul est envoyé à l'unité cryptographique 3 par l'intermédiaire d'une liaison numérique entre les ports numériques 2 du PC 1 et de l'unité cryptographique 3. Cette dernière contient la clé privée et l'algorithme de signature avec lesquels elle transforme le document haché en un haché signé. Généralement, l'unité cryptographique utilise une carte à puce pour des raisons de sécurité. Un autre dispositif équivalent consiste à prévoir un PC avec un lecteur de cartes intégré. Ensuite, pour vérifier la validité d'une signature, le document haché signé, le document haché, et la clé publique sont envoyés à l'unité cryptographique 3 qui vérifie par un nouveau calcul utilisant la clé publique que la signature est valide. Nous n'entrerons pas en détail sur le calcul lui-même de signature ni de vérification de signature, qui peut être réalisé par divers algorithmes de signature (cryptographie symétrique ou asymétrique par exemple) de manière convenable. Notre invention ne porte pas sur ce calcul en tant que tel .With the development of electronic commerce and electronic exchanges in general, the development of the digital signature becomes necessary. A legal framework is already in place to recognize the digital signature as a means of proof. In these conditions, it is important to consider the technical means to generate reliable digital signatures. The prior art is based on cryptographic techniques to generate digital signatures. A prior art device, which uses an RSA algorithm in a personal computer environment, is shown in Figure 1. The computer personnel (PC) 1 contains software which manages the production of digital signatures as well as the public key necessary for the cryptographic algorithm. To ensure the security of the process, it is connected to a cryptographic signature unit 3, which mainly comprises a microcontroller, and which performs the signature: this unit in particular ensures that the private key used by the cryptographic signature algorithm remains inaccessible. With a view to signing a document, the PC management software sends the document to be signed to screen 5 to present it to view 6 of the user by a conventional VGA connection connecting the input 4 and output 4 connectors. '' of the screen and the PC respectively. Then the user after reading gives his agreement on the PC: the document is then reduced by a hashing algorithm executed on the PC. The result of this calculation is sent to the cryptographic unit 3 via a digital link between the digital ports 2 of the PC 1 and the cryptographic unit 3. The latter contains the private key and the signature algorithm. with which she transforms the hashed document into a signed hash. Generally, the cryptographic unit uses a smart card for security reasons. Another equivalent device is to provide a PC with an integrated card reader. Then, to check the validity of a signature, the signed hashed document, the hashed document, and the public key are sent to the cryptographic unit 3 which verifies by a new calculation using the public key that the signature is valid. We will not go into detail on the signature calculation or signature verification, which can be carried out by various signature algorithms (symmetric cryptography or asymmetrical for example) suitably. Our invention does not relate to this calculation as such.
L'inconvénient de ces solutions de l'art antérieur vient du fait qu'une partie du procédé repose sur un PC 1 ou un autre appareil informatique de stockage de documents, qui n'est pas par nature un dispositif sécurisé puisqu' il est ouvert au monde extérieur par divers moyens de communications comme Internet par exemple. En effet, des attaques par l'intermédiaire de chevaux de Troie qui consistent à dissimuler un programme malveillant sur ces dispositifs sont possibles . Un tel programme peut par exemple modifier les données du document que l'utilisateur souhaite signer entre le moment où il les visualise et le moment où la signature est générée. Ces solutions ne sont donc pas fiables.The disadvantage of these solutions of the prior art comes from the fact that part of the method relies on a PC 1 or another computer document storage device, which is not by nature a secure device since it is open. to the outside world by various means of communication such as the Internet for example. In fact, attacks using Trojans that hide a malicious program on these devices are possible. Such a program can for example modify the data of the document that the user wishes to sign between the moment when he views them and the moment when the signature is generated. These solutions are therefore not reliable.
Un premier objet de la présente invention consiste à définir un procédé et son dispositif associé pour réaliser la signature numérique de documents de manière fiable.A first object of the present invention consists in defining a method and its associated device for carrying out the digital signature of documents in a reliable manner.
Un second objet de la présente invention consiste à proposer une solution relativement simple et peu coûteuse .A second object of the present invention consists in proposing a relatively simple and inexpensive solution.
Un troisième objet de la présente invention consiste à proposer une solution compatible avec les dispositifs informatiques existants, notamment les Pcs, écrans, imprimantes, moyens de communication...A third object of the present invention is to provide a solution compatible with existing computer devices, in particular PCs, screens, printers, means of communication ...
L' invention repose sur un dispositif sécurisé de traitement de signature numérique comportant une unité cryptographique pour traiter la signature numérique d'un document provenant d'un dispositif informatique de type ordinateur caractérisé en ce qu' il comprend un moyen pour sélectionner un mode de fonctionnement et un moyen d' affichage de manière à présenter ledit document à un utilisateur sur un périphérique hors de toute influence du dispositif informatique dans un mode de traitement de signature.The invention is based on a secure digital signature processing device comprising a cryptographic unit for processing the digital signature of a document originating from a computer type computer device, characterized in that it comprises means for selecting an operating mode. and display means for presenting said document to a user on a device beyond the influence of the computing device in a signature processing mode.
Le dispositif de traitement de signature peut comprendre un moyen pour permettre une liaison directe entre un dispositif informatique et un périphérique dans un mode de fonctionnement transparent . Il peut comprendre un indicateur de manière à indiquer à un utilisateur le mode de fonctionnement en cours dudit dispositif.The signature processing device may include means for enabling direct connection between a computing device and a peripheral in a transparent mode of operation. It may include an indicator so as to indicate to a user the current operating mode of said device.
Il peut posséder un port numérique pour échanger un document dont la signature est à traiter avec un dispositif informatique. Avantageusement, il est apte au traitement de la signature d'un document échangé avec un dispositif informatique dans un format interprété et contient un interpréteur pour permettre la traduction du document avant son affichage par un convertisseur vidéo. Il peut comprendre en outre un moyen convivial de commande d'affichage d'un document dans un mode de traitement de signature.It can have a digital port for exchanging a document whose signature is to be processed with a computer device. Advantageously, it is suitable for processing the signature of a document exchanged with a computer device in an interpreted format and contains an interpreter to allow the translation of the document before its display by a video converter. It may further comprise a user-friendly means for controlling the display of a document in a signature processing mode.
Dans un mode particulier, il possède un lecteur de cartes de type cartes à puce, ladite carte comportant un interpréteur et/ou une unité cryptographique. On peut prévoir comprend un moyen comme un bouton pour passer du mode transparent au mode de traitement de signature ainsi qu'un moyen d'identification de 1' utilisateur. L'invention repose aussi sur un procédé de réalisation d'une signature numérique caractérisé par les étapes suivantes :In one particular mode, it has a card reader of the smart card type, said card comprising an interpreter and / or a cryptographic unit. Provision may be made for a means such as a button for switching from transparent mode to signature processing mode as well as means for identifying the user. The invention is also based on a method of producing a digital signature characterized by the following steps:
- un document à signer est envoyé d'un dispositif informatique vers un dispositif sécurisé de traitement de signature tel que présenté ci- dessus ; le dispositif de traitement de signature passe d'un mode transparent à un mode de traitement de la signature durant lequel il présente le document à un utilisateur sur un périphérique hors de toute influence du dispositif informatique ; l'utilisateur déclenche la signature du document qui est effectuée au sein de l'unité cryptographique dudit dispositif de traitement de signature ; Il est possible d'ajouter l'étape suivante avant les précédentes : - le dispositif informatique est relié à un périphérique par l'intermédiaire du dispositif de traitement de signature dans un mode transparent ; De plus, le procédé prévoit la transmission du document au dispositif de traitement de signature sous la forme d'un signal numérique dans un format interprété et la transformation du signal par un interpréteur avant d'être présenté à l'utilisateur sur un périphérique de sortie . De même, l'invention repose sur un procédé de vérification de signature numérique caractérisé en ce qu'il comprend les étapes suivantes :- a document to be signed is sent from a computer device to a secure device for signature processing as presented above; the signature processing device switches from a transparent mode to a signature processing mode during which it presents the document to a user on a peripheral device outside the influence of the computing device; the user triggers the signature of the document which is carried out within the cryptographic unit of said signature processing device; It is possible to add the following step before the previous ones: - the computing device is connected to a peripheral by means of the signature processing device in a transparent mode; In addition, the method provides for the transmission of the document to the signature processing device in the form of a digital signal in an interpreted format and the transformation of the signal by an interpreter before being presented to the user on an output device. . Likewise, the invention is based on a digital signature verification method characterized in that it comprises the following steps:
- un document dont la signature est à vérifier ainsi que sa signature sont envoyés d'un dispositif informatique vers un dispositif sécurisé de traitement de signature tel que décrit ci- dessus ; le dispositif de traitement de signature passe d'un mode transparent à un mode de traitement de la signature durant lequel il présente le document à un utilisateur sur un périphérique hors de toute influence du dispositif informatique ; l'unité cryptographique du dispositif de traitement de signature vérifie la signature du document . Dans ce procédé, la transmission du document au dispositif de traitement de signature peut se faire sous la forme d' un signal numérique dans un format interprété et le signal peut être transformé par un interpréteur en vue d' être présenté à l' utilisateur .- A document whose signature is to be verified as well as his signature are sent from a computer device to a secure signature processing device as described above; the signature processing device switches from a transparent mode to a signature processing mode during which it presents the document to a user on a peripheral device outside the influence of the computing device; the cryptographic unit of the signature processing device verifies the signature of the document. In this method, transmission of the document to the signature processing device can be in the form of a digital signal in an interpreted format and the signal can be transformed by an interpreter in order to be presented to the user.
D'autres caractéristiques et avantages de la présente invention apparaîtront à la lecture de la description suivante d'exemples particuliers de réalisation, donnés à titre illustratifs et non limitatifs, et des dessins annexés dans lesquels :Other characteristics and advantages of the present invention will appear on reading the following description of particular embodiments, given by way of illustration and not limitation, and of the appended drawings in which:
- la figure 1 représente un dispositif de signature électronique de l'art antérieur ;- Figure 1 shows an electronic signature device of the prior art;
- la figure 2 représente un premier mode de réalisation d'un dispositif de signature électronique selon la présente invention ,-- Figure 2 shows a first embodiment of an electronic signature device according to the present invention, -
- la figure 3 représente un second mode de réalisation d'un dispositif de signature électronique selon la présente invention.- Figure 3 shows a second embodiment of an electronic signature device according to the present invention.
Sur ces différentes figures, les mêmes références sont utilisées pour désigner des mêmes éléments. La figure 1 a été décrite ci-dessus. Le principe de l'invention, comme nous allons le voir, consiste à intercaler un dispositif sécurisé de traitement de signature 10 entre un dispositif informatique de stockage de documents (1) , comme un ordinateur, un PDA ou un téléphone par exemple, et un dispositif dit "périphérique" comme un écran, une imprimante,..., dont la fonction est de présenter le contenu des documents à un utilisateur. Dans cette configuration, le dispositif sécurisé 10 contrôle le périphérique dans un mode de traitement de la signature, durant lequel le dispositif de stockage non sécurisé n'intervient pas.In these different figures, the same references are used to designate the same elements. Figure 1 has been described above. The principle of the invention, as we will see, consists in inserting a secure signature processing device 10 between a computer document storage device (1), such as a computer, a PDA or a telephone for example, and a so-called "peripheral" device such as a screen, printer, etc., the function of which is to present the content of documents to a user. In this configuration, the secure device 10 controls the peripheral in a signature processing mode, during which the non-secure storage device does not intervene.
La figure 2 représente un premier mode de réalisation de l'invention dans lequel un dispositif 10 est intercalé entre un PC 1 et un écran 5. Une liaison numérique entre le dispositif 10 et le PC 1 est établie par l'intermédiaire de leurs ports 2 respectifs : cette liaison est par exemple du type USB ou réseau. Le dispositif 10 comprend en outre une entrée 4 et une sortie 4' de type analogiques, en vue d'échanges de signaux analogiques, de type VGA. Il contient aussi un convertisseur analogique/numérique 11 et un convertisseur video 12 dont les fonctions sont décrites ci-dessous. Une unité cryptographique 3 semblable à celle de l'art antérieur traite la signature numérique. Le microcontrôleur de cette unité gère de plus le fonctionnement de l'ensemble du dispositif et notamment, à l'aide d'un s itch 13 et d'un commutateur 16 établit un moyen de sélection d'un mode de fonctionnement parmi deux modes. On prévoit un indicateur (non représenté) , par exemple une LED, pour indiquer à l'utilisateur le mode de fonctionnement en cours sélectionné. Dans un premier mode transparent, le dispositif de signature sécurisé 10 est inactif. L'entrée 4 et sa sortie 4' sont reliées directement entre elles par l'intermédiaire du switch 13 dans une première position et du commutateur en position fermée. Une liaison VGA classique est ainsi établie entre le PC 1 et l'écran 5. Dans un second mode, il permet de traiter la signature de document.FIG. 2 represents a first embodiment of the invention in which a device 10 is inserted between a PC 1 and a screen 5. A digital link between the device 10 and the PC 1 is established via their ports 2 respective: this link is for example of the USB or network type. The device 10 further comprises an input 4 and an output 4 'of analog type, for the purpose of exchanging analog signals, of VGA type. It also contains an analog / digital converter 11 and a video converter 12, the functions of which are described below. A cryptographic unit 3 similar to that of the prior art processes the digital signature. The microcontroller of this unit also manages the operation of the entire device and in particular, using a s itch 13 and a switch 16 establishes a means of selecting an operating mode from two modes. An indicator is provided (not shown), for example an LED, to indicate to the user the currently selected operating mode. In a first transparent mode, the secure signature device 10 is inactive. The input 4 and its output 4 'are connected directly to each other by means of the switch 13 in a first position and of the switch in the closed position. A conventional VGA link is thus established between the PC 1 and the screen 5. In a second mode, it makes it possible to process the document signature.
Pour décrire le premier cas de la réalisation d'une signature, nous considérons un document de petite taille, pouvant se visualiser dans son ensemble dans un même temps sur l'écran 5. Après avoir visualisé le document dans le premier mode transparent décrit ci- dessus, un utilisateur 6 va indiquer son souhait de signer le document en pressant la touche 14 du disposif 10. Le dispositif 10 mémorise alors le signal correspondant puis ouvre le commutateur 16 pour couper le dispositif 10 du PC 1. Le dispositif continue d'afficher l'image correspondante par son convertisseur video 12, qui comprend notamment un processeur et un convertisseur numérique/analogique de manière à gérer un affichage. Après relecture du document, l'utilisateur va signer le document en pressant sur le bouton 15. Avant cette signature, on pourra lui demander de s'identifier par n'importe quel moyen connu (non représenté) comme la saisie d'un PIN code, une saisie de données biométriques... Le document, transformé de sa forme analogique en signal numérique, en format bitmap, par le convertisseur 11 avant d'être communiqué à l'unité cryptographique 3, est signé de manière similaire à l'art antérieur. Le document signé ainsi que le bitmap utilisé sont ensuite retournés au PC 1. Dans le deuxième cas de vérification de la signature, nous considérons le même document précédent, signé, pour lequel l'utilisateur souhaite vérifier la validité de la signature. Le PC contient le document bitmap ainsi que sa signature, terme abusivement employé pour désigner le document haché et signé selon la méthode décrite précédemment. L'utilisateur va signifier son souhait de vérifier la signature du document en pressant la touche 1 . la signature et le document bitmap sont transmis à l'unité cryptographique 3 par la liaison numérique (par l'intermédiaire du port 2) . La signature est vérifiée selon le procédé de l'art antérieur. En parallèle, le document est affiché sur l'écran 5 par l'intermédiaire du convertisseur video 12 puis de sa sortie 4', le switch 13 se trouvant dans la deuxième position. L'utilisateur peut donc visualiser le document qui est signé à l'écran, en étant sûr que ce qu'il lit correspond à ce qui est signé.To describe the first case of making a signature, we consider a small document, which can be viewed as a whole at the same time on screen 5. After viewing the document in the first transparent mode described below above, a user 6 will indicate his wish to sign the document by pressing the key 14 of the device 10. The device 10 then stores the corresponding signal then opens the switch 16 to cut the device 10 of the PC 1. The device continues to display the corresponding image by its video converter 12, which in particular comprises a processor and a digital / analog converter so as to manage a display. After re-reading the document, the user will sign the document by pressing the button 15. Before this signature, we can ask him to identify himself by any known means (not shown) such as entering a PIN code , biometric data capture ... The document, transformed from its analog form into a digital signal, in bitmap format, by the converter 11 before being communicated to the cryptographic unit 3, is signed in a manner similar to art prior. The signed document and the bitmap used are then returned to PC 1. In the second case of signature verification, we consider the same previous document, signed, for which the user wishes to verify the validity of the signature. The PC contains the bitmap document as well as its signature, a term improperly used to designate the hashed and signed document according to the method described above. The user will indicate his wish to verify the signature of the document by pressing the 1 key. the signature and the bitmap document are transmitted to the cryptographic unit 3 by the digital link (via port 2). The signature is verified according to the method of the prior art. In parallel, the document is displayed on the screen 5 via the video converter 12 and then its 4 'output, the switch 13 being in the second position. The user can therefore view the document which is signed on the screen, while being sure that what he reads corresponds to what is signed.
La figure 3 représente un second mode de réalisation de l'invention. Ce mode de réalisation est plus particulièrement adapté aux signatures de documents de taille importante. Le traitement de ces documents pose un premier problème de temps de transfert vers le dispositif de sécurité 10 puisque les données correspondant à des images peuvent être de taille très importante. Ensuite, un deuxième problème se pose lors de la signature de ces documents par le fait qu'une petite partie seulement peut être visualisée à un instant donné sur l'écran 5. Le mode de réalisation précédent est apte au traitement de ces documents par un traitement "écran par écran" : les signaux correspondant à un écran sont envoyés au dispositif 10, présentés sur l'écran 5, signés puis retournés au PC avant de permettre ensuite la signature similaire des données suivantes correspondant à un nouvel écran. Le second mode de réalisation cherche à améliorer la convivialité de ce traitement. Pour cela, le dispositif 10 comprend quelques différences par rapport au dispositif du mode de réalisation précédent. Principalement, il ne possède qu'une seule voie pour permettre l'entrée de données de l'extérieur vers son unité cryptographique 3 par son port 2. Il comprend en outre un interpréteur 17 dont la fonction est de transformer des données numériques issues de l'unité cryptographique 3 dans un format bitmap apte à être affiché sur l'écran 5 par le convertisseur video 12. Dans le premier mode de fonctionnement transparent, le switch 13 se trouve dans une première position qui relie directement les connecteurs 4 et 4' du dispositif 10. Une liaison VGA classique entre l'ordinateur personnel 1 et l'écran 5 est alors réalisée. On ajoute que pour gérer le traitement des signatures, on prévoit un nouveau pilote au sein du PC qui offre les menus de "signature" et de "vérification de signature" à l'utilisateur. Le traitement de la signature est ainsi gérée sur le PC de manière similaire au traitement d'une impression par exemple.FIG. 3 represents a second embodiment of the invention. This embodiment is more particularly suitable for signing large documents. The processing of these documents poses a first problem of transfer time to the security device 10 since the data corresponding to images can be very large. Then, a second problem arises when signing these documents by the fact that only a small part can be viewed at a given instant on the screen 5. The previous embodiment is suitable for processing these documents by a "screen by screen" processing: the signals corresponding to a screen are sent to the device 10, presented on the screen 5, signed and then returned to the PC before then allowing similar signature of the following data corresponding to a new screen. The second embodiment seeks to improve the user-friendliness of this treatment. For this, the device 10 includes some differences compared to the device of the previous embodiment. Mainly, it has only one way to allow data entry from the outside to its cryptographic unit 3 through its port 2. It also includes an interpreter 17 whose function is to transform digital data from the 'cryptographic unit 3 in a bitmap format capable of being displayed on the screen 5 by the video converter 12. In the first transparent operating mode, the switch 13 is in a first position which directly connects the connectors 4 and 4' of the device 10. A conventional VGA link between the personal computer 1 and the screen 5 is then produced. We add that to manage the signature processing, a new driver is planned within the PC which offers the menus of "signature" and "signature verification" to the user. The processing of the signature is thus managed on the PC in a similar way to the processing of a print for example.
Le mode de traitement de la réalisation de signature du dispositif 10 va maintenant être décrit.The method of processing the signature embodiment of the device 10 will now be described.
Dans le premier cas de signature d'un document, l'utilisateur 6 souhaitant signer un document choisit une option "signature" sur son PC. Le pilote de signature va alors transformer le document dans un format numérique prédéterminé, choisi pour son caractère universel ainsi que pour le faible espace mémoire qu'il utilise : par exemple, les formats postscript, PCL, Windows Meta File (WMF) , PDF peuvent convenir, le format bitmap, lui, ne convient pas car il nécessite trop d'espace mémoire. On utilisera le terme "format interprété" pour déterminer cet ensemble de formats possibles possédant les qualités décrites ci- dessus. Ensuite, ce document transformé est envoyé à l'unité cryptographique 3. Par cette transmission numérique, le document entier est transmis au dispositif 10. Grâce au format interprété, cette transmission est rapide. Puis le switch 13 bascule alors dans sa deuxième position et le dispositif 10 prend le contrôle de l'écran 5. Il se trouve alors dans son deuxième mode de fonctionnement dit "mode de traitement de signature". L'affichage du document entier sur l'écran 5 est alors géré par le dispositif 10 par l'intermédiaire de l'interpréteur 17 et du convertisseur video 12. On prévoit des moyens au sein du dispositif 10 (non représentés) pour permettre à l'utilisateur des commandes conviviales de l'affichage comme le défilement du document pour faciliter sa relecture par exemple. Ce mode de réalisation offre cette possibilité par le fait notamment que le dispositif 10 dispose du document entier. L'utilisateur va alors déclencher la signature en pressant sur la touche 15. La réalisation de la signature se déroule alors comme précédemment. Ce mode de réalisation convient à la signature du document dans son ensemble comme à la signature du document par morceaux, page par page par exemple.In the first case of signing a document, the user 6 wishing to sign a document chooses a "signature" option on his PC. The signature driver will then transform the document into a predetermined digital format, chosen for its universal character as well as for the small space memory it uses: for example, postscript, PCL, Windows Meta File (WMF), PDF formats may be suitable, bitmap format is not suitable because it requires too much memory space. The term "interpreted format" will be used to determine this set of possible formats having the qualities described above. Then, this transformed document is sent to the cryptographic unit 3. By this digital transmission, the entire document is transmitted to the device 10. Thanks to the interpreted format, this transmission is rapid. Then the switch 13 then switches to its second position and the device 10 takes control of the screen 5. It is then in its second operating mode called "signature processing mode". The display of the entire document on the screen 5 is then managed by the device 10 via the interpreter 17 and the video converter 12. Means are provided within the device 10 (not shown) to allow the user of user-friendly display commands such as scrolling through the document to facilitate re-reading, for example. This embodiment offers this possibility in particular by the fact that the device 10 has the entire document. The user will then trigger the signature by pressing the key 15. The realization of the signature then proceeds as before. This embodiment is suitable for signing the document as a whole as for signing the document in pieces, page by page for example.
Dans le deuxième cas de vérification de signature, le document est envoyé au dispositif 10 par le pilote de signature de la même façon que pour la signature. De plus, la signature (le document haché signé) correspondante est aussi transmise au dispositif 10. Ce dernier exécute d'une part les calculs habituels de vérification de la signature et affiche d'autre part le contenu du document signé pour vérification par l'utilisateur. Le résultat de la vérification peut être affiché sur l'écran 5 ou être indiqué à l'utilisateur par l'intermédiaire d'un voyant rouge/vert.In the second signature verification case, the document is sent to the device 10 by the signature driver in the same way as for the signature. Of moreover, the corresponding signature (the signed hashed document) is also transmitted to the device 10. The latter performs, on the one hand, the usual calculations for verifying the signature and, on the other hand, displays the content of the signed document for verification by the user. . The result of the verification can be displayed on screen 5 or be indicated to the user by means of a red / green indicator.
Ce second mode de réalisation propose donc une solution conviviale et adaptée au traitement de la signature de grands documents puisqu'elle permet d'une part une visualisation conviviale du document et d' autre part des échanges rapides de données entre le PC et le dispositif. On voit donc que l'invention propose une solution fiable de traitement de la signature, qui garantit à l'utilisateur l'exactitude du contenu du document qu'il manipule et qui est signé. Ce contenu est présenté par l'intermédiaire d'un périphérique tel un écran 5, une imprimante 20 pour une sortie papier ou un haut parleur (non représenté) pour les données sonores... On note que le mode transparent décrit dans les modes de réalisation consiste à intercaler le dispositif entre un ordinateur et un écran, de sorte que les connecteurs 4 et 4' sont des connecteurs pour des signaux "écrans". On peut reproduire le même concept inventif avec toute autre combinaison dispositif informatique et périphérique de sortie.This second embodiment therefore offers a user-friendly solution adapted to the processing of the signature of large documents since it allows on the one hand a user-friendly visualization of the document and on the other hand rapid data exchanges between the PC and the device. It can therefore be seen that the invention provides a reliable solution for processing the signature, which guarantees the user the accuracy of the content of the document which he is handling and which is signed. This content is presented via a peripheral such as a screen 5, a printer 20 for a paper output or a loudspeaker (not shown) for the sound data. It is noted that the transparent mode described in the modes of embodiment consists in interposing the device between a computer and a screen, so that the connectors 4 and 4 ′ are connectors for “screen” signals. The same inventive concept can be reproduced with any other combination of computing device and output device.
La solution ne nécessite pas ou peu de changements sur les PCs et les périphériques, et se base sur un dispositif simple et peu coûteux.The solution requires little or no change to PCs and peripherals, and is based on a simple and inexpensive device.
Enfin, cette solution s'adapte facilement à tout assemblage ordinateur/écran de l'art antérieur, ou à tout autre dispositif similaire. Le document à traiter peut transiter par un PDA, un téléphone...Finally, this solution easily adapts to any computer / screen assembly of the prior art, or to any other similar device. The document to be processed can pass through a PDA, a telephone, etc.
Plusieurs sous-variantes de réalisation peuvent être intéressantes : -l'utilisation d'une carte à puce au sein du dispositif 10 pour remplir certaines fonctions nécessitant une grande sécurité comme le stockage de la clé privée et/ou l'exécution de l'algorithme de signature et/ou le contrôle de l'affichage, en incluant par exemple l'interpréteur, peut apporter de grands avantages, non seulement au niveau de la sécurité mais aussi au niveau de la souplesse d'utilisation ; en effet, par un simple changement de carte, le dispositif peut permettre à plusieurs utilisateurs de signer un ou plusieurs documents (chacun insère sa carte personnelle) , le dispositif peut devenir compatible avec plusieurs PCs qui n'auraient pas opté pour le même pilote de signature (on insère la carte qui contient le bon interpréteur)... -Le dispositif 10 peut être muni d'un programme de test de périphérique, qui adresse à ce dernier des données particulières, pour vérifier qu'il n'a pas un comportement anormal .Several sub-variant embodiments may be of interest: the use of a smart card within the device 10 to fulfill certain functions requiring great security such as the storage of the private key and / or the execution of the algorithm signing and / or checking the display, including for example the interpreter, can bring great benefits, not only in terms of security but also in terms of flexibility of use; indeed, by a simple change of card, the device can allow several users to sign one or more documents (each inserts their personal card), the device can become compatible with several PCs which would not have opted for the same driver signature (insert the card containing the correct interpreter) ... -The device 10 can be provided with a device test program, which sends specific data to the latter, to verify that it does not have a abnormal behavior.
-Le même dispositif peut être facilement adapté aux écrans numériques par l'homme du métier : en effet, dans ce contexte, le dispositif 10 est simplifié puisqu'il n'y a notamment plus besoin de prévoir des convertisseurs analogiques/numériques. Les connecteurs 4 et 4' sont dans ce cas des ports numériques pour "écran numérique".The same device can be easily adapted to digital screens by a person skilled in the art: in fact, in this context, the device 10 is simplified since there is in particular no longer any need to provide analog / digital converters. The connectors 4 and 4 'are in this case digital ports for "digital screen".
-On peut prévoir que l'utilisateur donne son feu vert pour une signature après s'être identifié par la saisie d'un PIN code ou de données biométriques, soit par un capteur sur le dispositif 10 soit par un capteur situé directement sur une carte à puce.-We can provide that the user gives the green light for a signature after identifying himself by entering a PIN code or biometric data, either by a sensor on the device 10 or by a sensor located directly on a smart card.
-Des liaisons filaires ont été utilisées dans les modes de réalisation préférés mais on peut imaginer l'utilisation de cartes sans contact et/ou des appareils communiquant par des moyens sans contact, de type radiofréquence par exemple (bluetooth, 802.11...). -Wired links have been used in the preferred embodiments but one can imagine the use of contactless cards and / or devices communicating by contactless means, of the radio frequency type for example (bluetooth, 802.11 ...).

Claims

R E V E N D I C A T I O N S
1. Procédé de réalisation d'une signature numérique caractérisé en ce qu' il comprend les étapes suivantes : un document à signer est envoyé d'un dispositif informatique (1) vers un dispositif sécurisé de traitement de signature (10) ; - le dispositif de traitement de signature (10) passe d'un mode transparent à un mode de traitement de la signature durant lequel il présente le document à un utilisateur sur un périphérique (5, 20) hors de toute influence du dispositif informatique (1) ; l'utilisateur déclenche la signature du document qui est effectuée au sein de l'unité cryptographique (3) du dispositif de traitement de signature (10) ;1. A method of producing a digital signature characterized in that it comprises the following steps: a document to be signed is sent from a computer device (1) to a secure signature processing device (10); - the signature processing device (10) switches from a transparent mode to a signature processing mode during which it presents the document to a user on a peripheral (5, 20) without any influence from the computing device (1 ); the user triggers the signature of the document which is carried out within the cryptographic unit (3) of the signature processing device (10);
2. Procédé selon la revendication 1 caractérisé en ce que la première étape est précédée de l'étape suivante : le dispositif informatique (1) est relié à un périphérique (5) par l'intermédiaire du dispositif de traitement de signature (10) dans un mode transparent ;2. Method according to claim 1 characterized in that the first step is preceded by the following step: the computer device (1) is connected to a peripheral (5) via the signature processing device (10) in a transparent mode;
3. Procédé selon l'une des revendications 1 ou 2 caractérisé en ce que la transmission du document au dispositif de traitement de signature (10) se fait sous la forme d'un signal numérique dans un format interprété et en ce que le signal est transformé par un interpréteur avant d'être présenté à l'utilisateur.3. Method according to one of claims 1 or 2 characterized in that the transmission of the document to the signature processing device (10) takes place in the form of a digital signal in an interpreted format and in that the signal is transformed by an interpreter before being presented to the user.
4. Procédé de vérification de signature numérique caractérisé en ce qu' il comprend les étapes suivantes : un document dont la signature est à vérifier ainsi que sa signature sont envoyés d'un dispositif informatique (1) vers un dispositif sécurisé de traitement de signature (10) ; - le dispositif de traitement de signature (10) passe d'un mode transparent à un mode de traitement de la signature durant lequel il présente le document à un utilisateur sur un périphérique (5, 20) hors de toute influence du dispositif informatique (1) ; l'unité cryptographique (3) du dispositif de traitement de signature (10) vérifie la signature du document ;4. A digital signature verification method characterized in that it comprises the following steps: a document whose signature is to be verified as well as its signature are sent from a computer device (1) to a secure signature processing device ( 10); - the signature processing device (10) switches from a transparent mode to a signature processing mode during which it presents the document to a user on a peripheral (5, 20) without any influence from the computing device (1 ); the cryptographic unit (3) of the signature processing device (10) verifies the signature of the document;
5. Procédé selon la revendication 4 caractérisé en ce que la transmission du document au dispositif de traitement de signature (10) se fait sous la forme d'un signal numérique dans un format interprété et en ce que le signal est transformé par un interpréteur en vue d' être présenté à l'utilisateur. 5. Method according to claim 4 characterized in that the transmission of the document to the signature processing device (10) takes place in the form of a digital signal in an interpreted format and in that the signal is transformed by an interpreter into to be presented to the user.
PCT/FR2002/003977 2001-11-20 2002-11-20 Method and device for processing digital signatures WO2003044639A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002356250A AU2002356250A1 (en) 2001-11-20 2002-11-20 Method and device for processing digital signatures

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0115327A FR2832522B1 (en) 2001-11-20 2001-11-20 METHOD AND DEVICE FOR PROCESSING DIGITAL SIGNATURES
FR01/15327 2001-11-20

Publications (2)

Publication Number Publication Date
WO2003044639A2 true WO2003044639A2 (en) 2003-05-30
WO2003044639A3 WO2003044639A3 (en) 2004-04-01

Family

ID=8869839

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2002/003977 WO2003044639A2 (en) 2001-11-20 2002-11-20 Method and device for processing digital signatures

Country Status (3)

Country Link
AU (1) AU2002356250A1 (en)
FR (1) FR2832522B1 (en)
WO (1) WO2003044639A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011121530A1 (en) * 2010-03-31 2011-10-06 International Business Machines Corporation Method, secure device, system and computer program product for digitally signing a document

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0587375A2 (en) * 1992-09-04 1994-03-16 ALGORITHMIC RESEARCH Ltd. Security unit for data processor systems
US6092202A (en) * 1998-05-22 2000-07-18 N*Able Technologies, Inc. Method and system for secure transactions in a computer system
EP1055989A1 (en) * 1999-05-28 2000-11-29 Hewlett-Packard Company System for digitally signing a document
DE19961838A1 (en) * 1999-12-21 2001-07-05 Scm Microsystems Gmbh Method and device for checking a file

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0587375A2 (en) * 1992-09-04 1994-03-16 ALGORITHMIC RESEARCH Ltd. Security unit for data processor systems
US6092202A (en) * 1998-05-22 2000-07-18 N*Able Technologies, Inc. Method and system for secure transactions in a computer system
EP1055989A1 (en) * 1999-05-28 2000-11-29 Hewlett-Packard Company System for digitally signing a document
DE19961838A1 (en) * 1999-12-21 2001-07-05 Scm Microsystems Gmbh Method and device for checking a file

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011121530A1 (en) * 2010-03-31 2011-10-06 International Business Machines Corporation Method, secure device, system and computer program product for digitally signing a document
CN102844763A (en) * 2010-03-31 2012-12-26 国际商业机器公司 Method, secure device, system and computer program product for digitally signing a document
US8959354B2 (en) 2010-03-31 2015-02-17 International Business Machines Corporation Method, secure device, system and computer program product for digitally signing a document

Also Published As

Publication number Publication date
WO2003044639A3 (en) 2004-04-01
FR2832522B1 (en) 2004-04-02
AU2002356250A1 (en) 2003-06-10
FR2832522A1 (en) 2003-05-23

Similar Documents

Publication Publication Date Title
EP0870222B1 (en) Conditional access method and device
US8572695B2 (en) Method for applying a physical seal authorization to documents in electronic workflows
EP1159801B1 (en) Method for verifying a message signature
CA2957774C (en) Process for securing and verifying a document
US20060242693A1 (en) Isolated authentication device and associated methods
EP2211286B1 (en) Method for securing an interface between a user and an application, corresponding system, terminal and computer program
EP1255178B1 (en) Security device for on-line transactions
WO2013021107A9 (en) Method, server and system for authentication of a person
FR2987464A1 (en) DATA ACQUISITION STATION FOR IDENTIFICATION OF A APPLICANT
FR2987152A1 (en) METHOD AND SECURITY DEVICE FOR PERFORMING A TRANSACTION
EP2547036B1 (en) Authentic signing method of a working document
CN104484942A (en) Client interaction terminal and counter transaction method thereof
EP2954449B1 (en) Digitised handwritten signature authentication
WO2003044639A2 (en) Method and device for processing digital signatures
US10701246B2 (en) Image processing apparatus for generating an image based on capturing images of a material and an image processing apparatus that generates color data of a material on a background
EP2005379B1 (en) System for securing electronic transactions over an open network
EP1337982B1 (en) Authenticating method and device
WO2020225292A1 (en) Method for generating an archive code in order to create a fingerprint of a multimedia content
KR20210086035A (en) Method for proving original based on block chain and electronic device using the same
KR20210086031A (en) Method for proving original based on block chain and electronic device using the same
EP3552190B1 (en) Method for securing data input, communication terminal and corresponding program
EP3391265A1 (en) Method for generating a challenge word, electronic device, set value peripheral, and system implementing said method
EP3032450B1 (en) Method for checking the authenticity of a payment terminal and terminal thus secured
FR2913551A1 (en) User authenticating method for use in Internet network, involves authenticating authentication server by token and vice versa for each of web pages requested by user, by executing control script e.g. java script, in computer
Fleisje PDF Digital Signatures: Delving Deep into the State of the State-of-the-Art

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP