[go: up one dir, main page]

HK1240360B - Methods for digitally signing an electronic file and authenticating method - Google Patents

Methods for digitally signing an electronic file and authenticating method Download PDF

Info

Publication number
HK1240360B
HK1240360B HK17113706.9A HK17113706A HK1240360B HK 1240360 B HK1240360 B HK 1240360B HK 17113706 A HK17113706 A HK 17113706A HK 1240360 B HK1240360 B HK 1240360B
Authority
HK
Hong Kong
Prior art keywords
server
biometric data
electronic file
generating
hash
Prior art date
Application number
HK17113706.9A
Other languages
Chinese (zh)
Other versions
HK1240360A1 (en
Inventor
巴拉兹.奇克
乔鲍.伦杰尔
安塔尔.罗根
Original Assignee
巴拉兹.奇克
安塔尔.罗根
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 巴拉兹.奇克, 安塔尔.罗根 filed Critical 巴拉兹.奇克
Publication of HK1240360A1 publication Critical patent/HK1240360A1/en
Publication of HK1240360B publication Critical patent/HK1240360B/en

Links

Abstract

The invention is a method for digitally signing an electronic file (48), comprising the steps carried out by a server: - generating a challenge value (50) comprising a projection parameter (52), - transferring the challenge value (50) to a client device through a communications channel, - receiving, through a communications channel, an evidence record (70), the electronic file (48) to be signed, and a user's biometric data (54) from the client device, - generating reduced biometric verification data by applying a projection utilizing the projection parameter (52), - generating a verification evidence record and comparing it against the evidence record (70) sent by the client device, - generating a server certificate, - signing the server certificate applying the server's private signing key, thereby generating a signed server certificate, - generating a digital signature by associating at least the signed server certificate and the hash (49) of the electronic file (48), and - associating the digital signature with the electronic file (48), thereby generating a digitally signed electronic file. The invention is further an authentication method.

Description

Method for digitally signing an electronic document and authentication method
Technical Field
The present invention relates to a method for digitally signing electronic documents and to a biometric (biometric) based authentication method.
Background
There are many different methods for authenticating and signing electronic documents. WO2007/034255 discloses a method in which a centralized digital signature providing system is used to digitally sign an electronic document submitted thereto on behalf of a remote user using a digital signature comprising biometric data of the user. Digital signatures can be associated with a signer by biometric data (e.g., data associated with a handwritten signature), while the invention requires that digital signatures can only be applied to electronic documents in a supervised and authenticated manner. This method has the following disadvantages: the verification of the data sent back by the remote user and the management of the biometric data are not secure enough.
A solution is disclosed in US 6735695B1, in which authentication is performed using only a part of the biometric data, rather than the entire biometric sample. To enhance security, it is therefore required that the complete biometric sample is not transmitted. Random numbers may also be used to select portions of the biometric sample to apply to authentication. A disadvantage of this known solution is that no data reduction (conversion) is performed, so that an unauthorized person can in time capture the complete biometric information by stealing part of the biometric information on the communication line. Another disadvantage of this approach is that the biometric sensor records a complete biometric sample and that the partial biometric information is selected from the complete sample. Recording a complete biometric sample constitutes a significant vulnerability.
US2008/0209227a1 discloses a scheme in which a converted, simplified version of a biometric sample is generated. The reduced biometric data or reduced biometric summary data may contain different characteristic features of the biometric sample, such as linear portions thereof. In US2010/0066493a1, a scheme involving random projective transformation of biometric data is disclosed. These known solutions also have the above-mentioned drawbacks.
Disclosure of Invention
It is an object of the present invention to provide a method for digitally signing and for authenticating which eliminates the disadvantages of the prior art solutions to the greatest possible extent.
The object of the invention is achieved by a method provided according to an embodiment of the invention.
Drawings
The invention will be explained in further detail by means of preferred embodiments shown in the drawings, in which:
figure 1 is a schematic block diagram of a primary information technology device applied in the method according to the invention,
figure 2 is a schematic flow chart of the method according to the invention,
figure 3 is a schematic flow chart of the client steps of a first embodiment of the method according to the invention,
figure 4 is a schematic flow chart of the server-side verification and authentication steps of a first embodiment of the method according to the invention,
figure 5 is a flow chart of another embodiment obtained by modifying the embodiment shown in figure 3,
figure 6 is a server-side flow diagram associated with figure 5 obtained by modifying the embodiment shown in figure 4,
FIG. 7 is a schematic flow chart of encrypting an electronic file by a server, an
Fig. 8 is a schematic flow diagram of generating and signing a server credential record.
Detailed Description
The main information technology equipment and the main components used in the method according to the invention are shown in fig. 1. The method according to the invention is suitable for signing electronic files available or generated on the client device 10 by means of the server 20. The client device 10 may connect to the server 20 through a communication channel 30. Such electronic communication channels 30 may be established, for example, within an electronic communication network 32, such as by applying, for example, a wired and/or wireless Local Area Network (LAN), a global IT network, in particular the internet, as well as a mobile telecommunication network corresponding to the 3G or 4G standard, a GSM network, etc.
The client device 10 may be embodied as any user communication device that includes one or more processors 12, data storage 14, a client communication unit 16, and peripheral devices 18. For example, the client device 10 may be a desktop, laptop or notebook computer, a mobile phone (mobile phone), in particular a smartphone, a tablet computer, or the like.
In the present embodiment, the data store 14 is shown as an integral part of the client device 10, but the data store 14 may also be an external data store, i.e. components referred to herein as data store 14 are intended to include any internal and external data store that the client device 10 is capable of accessing. The data storage 14 may be embodied as any type of electronic, magnetic, optical, or any other data storage device (such as a memory, memory card, hard disk, external disk, etc.). The data storage 14 is preferably applied to store PKI (public key infrastructure) keys, at least public encryption keys 40a of the server corresponding to the server 20. An embodiment is also envisaged in which the server's public encryption key 40a is not stored in the data store 14 but is temporarily available to the client device 10, temporarily downloadable from the internet for the purposes of the encryption process.
The components referred to as the client communication unit 16 are intended to include any hardware and software components (i.e., network cards, network connections, WiFi adapters, antennas, etc.) through which the client device 10 can establish an electronic communication channel 30 with at least the server 20 through which electronic data may be exchanged.
The client device 10 comprises a biometric data acquisition unit 18a and preferably at least one input interface 18b and at least one output interface 18c as part of the client device or as a peripheral device 18 connected to the client device or as other external units (i.e. connected in any way to the client device 10).
For example, the biometric data collection unit 18a may be a digitizing tablet capable of receiving and recording a handwritten signature as biometric data. The digitizer tablet may be equipped with a digital pen, but in certain cases, the user's finger may also serve as a "writing device" that is detected by the digitizer tablet.
For example, biometric data acquisition unit 18a may be implemented as an iris scanner, through which an iris image is received and digital data representing the iris image is stored as biometric data.
The biometric data acquisition unit 18a may also be a fingerprint reader, which is applied to receive a fingerprint and to store digital data representing the fingerprint as biometric data.
In addition to this, the biometric data acquisition unit 18a may be any other type of device suitable for measuring/registering biometric identifiers (e.g. palm vein pattern, DNS) and for recording the resulting data.
An embodiment is also conceivable in which the biometric data acquisition unit 18a simultaneously also serves as the input interface 18 b. For example, in addition to receiving handwritten signatures, the digitizer tablet may also be applied to enter user commands to operate a software program running on the client device 10.
The client device 10 preferably includes at least one screen that serves as an output interface 18 c. In addition, other output interfaces 18c are contemplated, such as a printer or device adapted to write to different digital media (e.g., CD, DVD, floppy disk, memory stick, memory card, etc.).
The at least one input interface 18b may be implemented, for example, as a keyboard, mouse, or other common input device. The output interface 18c may also be an input interface 18b, such as a touch screen. Likewise, a data carrying medium writer device may also be used as the input interface 18b at the same time, as long as it is capable of reading and writing to the medium. The keyboard may be implemented as a virtual keyboard, which may be displayed thereon, for example, in case a touch screen is applied as a screen, and can be applied as the input interface 18 b.
In case of a touch screen application as input interface 18b and output interface 18c, the touch screen may also perform the function of the biometric data acquisition unit 18a, i.e. in certain cases a single peripheral device may perform a triple function.
Server 20 is intended to include other IT devices (such as desktop or laptop computers) capable of functioning as servers. The server 20 also includes one or more processors 22, data storage 24, and a server communication unit 26.
The data storage 24 may be implemented as any type of electronic, magnetic, optical, or any other data storage device. In the present embodiment, the data store 24 is shown as an integral part of the server 20, but the data store 24 may also comprise an external data storage device accessible by the server 20, such as the hardware security module 24' (HSM) shown in fig. 1. The data store 24 is therefore intended to include any internal and external data storage devices (such as internal ROM and RAM, external HSM, other external storage devices, etc.) that the server 20 can access, directly or indirectly.
The server 20 preferably has a Public Key Infrastructure (PKI) key and other signing keys, such as a server's private encryption key 40b corresponding to the server 20 and a server's private signing key 41 and a user's private signing key 42 corresponding to the user, which may be stored in a key database 43 of the data store 24, and particularly preferably in the HSM 24'. The data storage 24 may also preferably store a user database 44, and a biometric database 45 included in the user database 44 or separate from the user database 44, adapted to store a biometric template 45a of the user.
The user's private signing key 42 may also be, for example, a PKI infrastructure-based private encryption key that anyone can apply to decrypt data encrypted with a public encryption key, but other signing algorithms not based on encryption are also known. For example, HMAC (hash-based message authentication code) type algorithms may also be used for signing. These algorithms involve generating a combined hash value using the value of the key and the message itself. The hash has two roles: on the one hand it protects the identity of the message and on the other hand it proves that it can only be generated by the person who owns the key. The main differences compared to pki (rsa) type signature processes are: this process essentially involves one type of key, namely the user's private signing key 42, but not the user's public signing key, and the signing algorithm involves hash generation rather than encryption.
As mentioned above, the components referred to as the server communication unit 26 are intended to include any hardware and software components (i.e., network cards, network connections, WiFi adapters, antennas, etc.) through which the server 20 may establish an electronic communication channel 30 with at least the client device 10 through the server communication unit 26 over which electronic data may be exchanged.
In the following, two embodiments of the method according to the invention will be presented with reference to the exemplary hardware components described above.
Fig. 2 shows an overview flow chart of the method according to the invention. The steps of the method and the documents, data, algorithms and files utilized or generated in the process thereof are shown in more detail in fig. 2-8.
Although the steps have been numbered consecutively for simplicity, it will be apparent to the skilled person that in many cases the order of the steps may be changed, or certain steps may be performed simultaneously, may be combined or subdivided, and further steps may be included between the steps presented herein.
Before the method according to the invention, a communication channel 30 is conveniently established between the client device 10 and the server 20. The communication channel 30 is preferably a secure channel that may be implemented, for example, using SSL, TLS, SNPv3, VPN, HTTPS, FTPS, TelnetS, IMAPS, IPSec, and like protocols, as is well known to those skilled in the art. During the method, the communication channel 30, which is a virtual data channel, may be disconnected and re-established, optionally establishing more than one virtual data channel between the client device 10 and the server 20, but for simplicity these are collectively referred to as communication channels 30.
The provision of the electronic file 48 to be signed can also be considered as a starting point for the method according to the invention. The electronic file 48 may be generated by the client device 10 and thus may be, for example, a document generated on the client device 10 or a picture file taken by a camera of the client device 10 applied as the input interface 18 b. It is also contemplated that the electronic file 48 to be signed by the user of the client device 10 is not generated by the client device 10 itself, but is received by the client device 10 from an external source, such as via email, or that the electronic file 48 is downloaded from the internet or read from a data storage medium (e.g., a CD, DVD, memory stick, etc.) employing a writer/reader device as the input interface 18b, or is received from the server 20 or elsewhere.
In fig. 3, steps 1 to 8 of the first variant/embodiment of the method according to the invention presented in fig. 2 are shown in detail.
As step 1 of the method according to the invention, a challenge value 50 is generated with the server 20. The challenge value 50 includes one or more projection parameters 52 (typically numbers). The challenge value 50 may also optionally contain a timestamp generated by the server 20 itself or by an external timestamp server at the request of the server 20, for example according to the RFC3161 protocol.
In step 2, the challenge value 50 is transmitted by the server 20 to the client device 10 over the communication channel 30.
In step 3, the client device 10 is applied to extract one or more projection parameters 52 from the challenge values 50. This step may of course be performed at any time prior to, or simultaneously with, the use of the projection parameters 52.
In step 4, the biometric data 54 of the user, possibly comprising one or more static or dynamic data items (data sets) recorded on the basis of the physical characteristics of the user, is recorded on the client 10 side with the biometric data acquisition unit 18 a. For example, in the case where a digitizer tablet is applied as the biometric data collection unit 18a, a handwritten signature generated using a digital pen or a finger of a user as a writing device is received and recorded as the biometric data 54. In this case, the biometric data 54 may be, for example, the coordinates of the location where the writing device is pressed against the surface of the tablet, the coordinates of the location where the writing device is lifted from the surface of the tablet, a function of time of the writing device coordinates, a function of time of the writing device velocity, a function of time of the writing device acceleration, a function of time of the writing device pressure, or a combination of more than one such data.
In a preferred embodiment, during the input of the handwritten signature, an image of the signature is displayed on the screen of the client device 10, which is applied as the output device 18c, thereby providing visual feedback to the user. This is particularly efficient in case the biometric data acquisition unit 18a is simultaneously also used as a screen, for example for PDA-s, tablet computers, touch screen handsets and the like.
If the biometric data acquisition unit is implemented as an iris scanner, an iris image is received and digital data representing the iris image is recorded as biometric data 54. In the case where the biometric data acquisition unit is a fingerprint reader, a fingerprint is recorded and digital data representing the fingerprint is stored as biometric data 54.
In step 5, the client device 10 is applied to generate a credential record 70. During this time, client device 10 is applied to generate hash 49 of electronic file 48 using a one-way secure hash algorithm 60a, such as SHA-256, SHA-512, or the like. The hash 49 generated using the hashing algorithm 60a represents such compressed data from which the original electronic file 48 cannot be inferred. A characteristic feature of the hashing algorithm 60a is that modifications to any part of the original electronic file 48 will cause an avalanche effect in the hash 49, whereby the hash becomes completely different. By generating the hash 49 again, it can be checked whether (unauthorized) changes have been made to the electronic file 48 or whether the file has been tampered with. Another important feature of the hashing algorithm 60a is that data files cannot be generated therefrom because the algorithm will generate the same hash 49.
The generation of the credential record 70 also involves generating the simplified biometric data 56 from the biometric data 54 of the user using a projection algorithm that applies the one or more projection parameters 52. According to the present invention, the term "projection" is used to refer to a one-way mathematical mapping or other reduction of data that results in reduced data that cannot be used to recover the original data, while the reduced data can only be generated by a person who owns the original data and knows the projection parameters. Such projection algorithms applying projection (or in other words data reduction) parameters are well known to the person skilled in the art and comprise, for example, projecting the recorded data on a predetermined plane or axis, or processing the data by means of a neural network. In this case, for example, a static signature image (reduced biometric data 56) may be generated from recording dynamic signature data having a handwritten signature recorded as the biometric data 54.
The reduced biometric data 56 is specific to the user but cannot be applied to restore the original biometric data 54. The reduced biometric data 56 is used as a generator thereof, in our example the client device 10, already in possession of the original biometric data 54 and the credentials of the projected parameters 52 transmitted with the challenge values 50.
The client device 10 is then applied to generate the hash 58 of the reduced biometric data 56 using a one-way secure hash algorithm 60b, which may be the same or different from the hash algorithm 60 a.
A credential record 70 is then generated by the client device 10 by associating the challenge value 50, the hash 58 of the simplified biometric data 56, and the hash 49 of the electronic file 48. Any known suitable method may be applied for data correlation, such as a bitwise exclusive-or (XOR) operation that combines the three data such that none of them can be inferred from the result, but verifiability is preserved. As described above, a hash function adapted to generate a hash (credential record 70) by concatenating these three data may also be applied herein.
The credential record 70 may additionally contain other data.
The credential record 70 attests that the electronic file 48 and biometric data 54 originated from a given client device 10. In the event that an external attacker attempts to enter the previously recorded biometric data 54 into the system together with the document to be signed, he cannot generate a credential record 70 corresponding thereto because he does not have the challenge value 50 (the challenge value may optionally also contain a time stamp to prevent tampering). Since challenge value 50 contains a unique parameter generated for each signature event, biometric data 54 cannot be used twice, either unintentionally or intentionally.
Next, in step 6, the credential record 70 is signed, preferably by applying a digital signature algorithm 71 with the client device 10. The signature algorithm 71 may be, for example, PKI-based (e.g., RSA), password-based, one-time password-based, or any other scheme that may be appropriate for a given situation. The signing process produces a signed credential record 72.
In step 7, the biometric data 54 to be signed and/or the electronic file 48 are preferably signed by the client device 10, which may be done applying PKI based encryption using the public encryption key 40a of the server, so that the encrypted biometric data 64 and the encrypted electronic file 68 generated thereby may only be decrypted using the private encryption key 40b of the server stored in the key database 43 of the server 20.
Other methods may of course be applied to encrypt the biometric data 54 and/or the electronic file 48 to be signed. For example, particularly for encrypting large files, it may be convenient to generate a unique symmetric key for each encryption event, which is encrypted with the server's PKI public encryption key 40a and transmitted to the server 20 by the client device 10, and encrypt the file using that key (e.g., using the AES symmetric algorithm). Thus, in a first step, at the server end, the symmetric encryption key must be decrypted using the server's private encryption key 40b, and the encrypted file can then be decrypted using the symmetric key. The advantage of this two-stage encryption process is that symmetric algorithms are much faster than asymmetric encryption algorithms, while the overhead of encrypting data files is small, so even large files can be encrypted quickly.
In step 8, the signed credential record 72, the preferably encrypted biometric data 64 and the preferably encrypted electronic file 68 are transmitted by the client device 10 to the server 20 over the communication channel 30. In addition, one or more items of user data 74 (such as a user identifier, user PIN, etc.) are preferably sent by the client device 10 to the server 20 before, during, or after completion of the above-described method. For example, during generation of the credential record 70, the user data 74 may also be associated with the components listed above. However, the user data 74 may be sent to the server 20 separately from the credential record 70 (preferably encrypted), typically for user identification, which requires at least identifier data based on which the server 20 may find out which user's private signing key 42 to use, for example from keys stored in the key database 43, or specify which user's user data 74 to use to generate a digital signature of data stored in the user database 44, for example (described in detail below), or specify which user's biometric template 45 a-corresponding to a unique biometric sample (template) of a given user-is retrieved from the biometric database 45, for example. Other information available to the server 20 through data communication may also perform the function of a user identifier-serving as user data 74, such as a telephone number (if a smart phone application is used as the client device 10) or a static IP address (in the case of a desktop computer application as the client device 10), etc.
Steps 9-11 of the first variant of the method according to the invention presented in fig. 2 are shown in detail in fig. 4.
In step 9, the server 20 is applied to identify the user of the client device 10 and to define at least one item of user data 74. The latter may be user data 74 sent by the client device 10 or other items of user data 74 retrieved from the user database 44 based on the user data 74 sent by the client device.
The event related to step 9 may be a user authentication during which, for example, the signature of the credential record 72 signed by the client device 10 is verified and the user is thereby authenticated.
However, in a particularly preferred embodiment, authentication is performed based on the biometric data 54. To perform authentication, the encrypted biometric data 64 sent by the client device 10 is first decrypted with the server's private encryption key 40b (or, alternatively, a symmetric key decrypted with the server's private encryption key 40b is used) in step 10. Next, the biometric template 45a corresponding to the user, as specified by the user data 74, is retrieved from the biometric database 45, and the biometric template 45a is then compared with the decrypted biometric data 54 by the server 20 using a suitable software program (e.g., including a neural network-based, projection-based, CRC-based, or other similar algorithm-based software program). For example, the earlier sample signature of a given user is used by a program running on server 20 as biometric template 45a to verify the authenticity of a handwritten signature. In the event that the authentication is successful, i.e., the transmitted biometric data 54 matches one or more biometric templates 45a stored for the given user, then the process continues, otherwise the request to sign the electronic file 48 is denied and the process stops.
An advantage of using the biometric data 54 to perform authentication is that the user does not have to remember any PIN code. Performing authentication using a handwritten signature as the biometric data 54 is particularly preferred because it is the closest to signing paper documents in a customary manner.
Preferably, all of the biometric data 54 transmitted to the server 20 is stored in the biometric database 45 as a respective biometric template 45a corresponding to a given user, while the server 20 also checks whether the currently submitted biometric data 54 is identical to, or partially identical to, the previously stored biometric template 45a, thereby providing protection against repeated submissions of the previous biometric data 54.
In step 11, an authentication credential record 70' is generated with the server 20 (see fig. 4) according to:
the server 20 is configured to generate the simplified biometric verification data 56' from the biometric data 54 obtained from the projection of the application using the projection parameters 52 sent in the challenge values 50 using the same projection algorithm used at the client to generate the simplified biometric data 56. The hash 58 'of the simplified biometric verification data 56' is then generated using the same hash algorithm 60b applied at the client to generate the hash 58 of the simplified biometric data 56.
Next, the server 20 is used to generate the hash 49' of the electronic file 48 using the same hashing algorithm 60a that was used at the client to generate the hash 49 of the electronic file 48.
A verification credential record 70' is then generated by the server 20 by associating the challenge value 50, the hash 58' of the reduced biometric verification data 56' and the hash 49' of the electronic file 48, and the verification credential record 70' is compared with the credential record 70 sent by the client device 10. In case the verification credential record 70' is identical to the credential record 70 transmitted by the client device 10, the digital signature process continues, otherwise the request is denied and the process is stopped.
The corresponding steps of the second variant of the method according to the invention are shown in fig. 5 and 6, which correspond to the modified forms of fig. 3 and 4, respectively.
With regard to protection against theft and reuse of biometric data, it is preferred if the projection parameters submitted together with the challenge values are not applied for subsequent simplification of the recorded biometric, but rather the data recording is simplified according to the simplification corresponding to the parameters. Indeed, if the stored biometric data is accessible, a reduced biometric may be generated for any parameter value from the recorded biometric data. However, in case the parameter values themselves influence the re-encoding process, then the recorded reduced biometric data cannot be used later to generate a reduction corresponding to different parameter values.
In the case of a handwritten signature, an exemplary scheme is where a portion of the parameters comprise text to be handwritten by the signer, and in the case where the same text is never written twice, this ensures that handwritten values corresponding to different parameter values (text) are not generated later using fixed text that was previously recorded.
Implementations of projection parameters and corresponding biometric data reduction can be divided into three main categories. Each of these categories involves a conversion according to parameters (these three categories may also be applied to the first variant of the invention shown in fig. 3 and 4).
1. The biometrics are simplified, wherein the conversion is determined directly from given parameters. Example (c):
projection of the velocity on a straight line in a given direction (signature),
the projection of the acceleration onto a straight line in a given direction (signature),
sampling (signature) with a given value of X, Y, Z,
image information (signature, fingerprint, iris) retrieved from a given location determined by the parameters,
the projection of the feature points on a straight line in a given direction (fingerprint, iris).
2. Biometric reduction, where parameters are used to select an authentication algorithm (or more than one algorithm at the same time). In this case, the authentication result of the biometric data is composed of individual authentication results of a plurality of characteristic features. For example, checking for temporal changes in X and Y directional velocities and angles of tangent vectors; and a final decision is made based on the scores resulting from the respective comparisons. In this case, the simplification parameters only determine the type of simplification to be performed by the recording device. For example, if the parameters indicate that authentication is to be performed using X-direction acceleration and angular variation of the tangent vector, then the two data sequences (simplified biometrics) will be recorded from which the original biometrics cannot be recovered. Example (c):
-a vector of cuts (signature),
-X and Y directional velocities and accelerations (signatures),
pressure (signature).
3. The biometrics are simplified, wherein the conversion is determined indirectly by means of given parameters. For example, schemes implemented using neural networks fall into this category. For example, a neural network applied for authentication may be composed of 3 layers. A given neural network has a fixed structure and the same network, defined by its structure and weights, is always applied to authenticate a given person. A unique neural network is trained for each person to be authenticated, which network can only be used to identify a given person. The parameter values advantageously contain the weights of the first layer of the neural network and optionally other settings. During the enrolment process all second layer input parameters are calculated based on the projected parameters 52 sent by the server, which effectively constitutes a simplified biometric from which the signature cannot be recovered. The authentication module does not have to recalculate the neural network (which is known to the module because it was built during the signature registration process) based on the parameter values, and therefore all the server has to do is to ensure that the first layer defined by the parameters is the same as the first layer of the known neural network, and if so, that the second and third layers will run in the authentication module.
If the network has 5 layers and the submitted parameters contain data for the first two layers, the input for the third layer received from the client will be taken as the reduced biometric and the server will run the third, fourth and fifth layers in the authentication module.
The biometric templates used in the case of the above three categories are as follows.
In the case of category 1, the biometric database 45 and the biometric template 45a contained therein typically include the biometric samples themselves (e.g., signatures) recorded earlier, as these biometric samples may be applied to calculate all the information needed during the authentication process. The data reduction parameters, such as parameterisation or other selection-determining parameters of the projection lines for each epoch, are different and should also be able to recalculate the reduction map for the samples/signatures contained by the template. A special sub-case of this case may be when applying a limited number of pre-recorded "projections", i.e. reduced biometrics (e.g. projections on 3 predetermined lines), in which case the reference data sequence does not need to be recalculated by the authentication module using the complete set of biometric data (recorded at enrolment), since this data may be calculated in advance during the enrolment process. Thus, even embodiments may be performed in which the authentication module itself does not even know the complete biometric sample.
Thus, in the case of categories 1 and 2, the biometric template for a given person may consist of a sequence of pre-computed simplified data, as these data may be generated at the time of registration of the person.
However, for the class 3 neural network variant, the biometric template of the person consists of the weight values and settings of the neural network specifically trained for the given person. The neural network must be present at the time the parameter values are submitted (since the parameters are made up of the first layer of the network) and, due to the nature of the network, the network cannot be regenerated (trained) again in exactly the same way as before. Thus, the settings of the neural network should be stored in the biometric template.
In summary, it is therefore envisaged that the biometric template may:
-including the complete biometric template recorded during enrollment,
including only some pre-computed data sequences (reduced biometrics), in which case no arbitrary projection can be applied, or
-a combination comprising a complete biometric sample and a pre-computed data sequence.
Of course, during the verification of the biometric identifier, all possible combinations of the above parameters may occur, i.e. the following may occur: as specified by the projection parameters 52 of the challenge values 50, for a given projection of the authentication X-direction acceleration, a value obtained in a given algorithm (e.g. based on pressure) and an input value corresponding to a second layer of the neural network of a given person are required. And then finally provide authentication by combining the authentication of these parts.
Fig. 5 shows a flow chart comprising the steps of a client of a second variant of the invention. By comparing fig. 3 and 5, it can be seen that this second variant of the invention differs from the above-described embodiment in that, in order to enhance security, the complete biometric data is not recorded at the client, but rather the projection parameters 52 carried by the challenge value 50 have determined the way in which the biometric data is recorded, i.e. only the reduced biometric data 56 is recorded at the client instead of the complete biometric. The reduced data may be recorded in different ways. In an exemplary case, it is contemplated that the biometric data acquisition unit 18a stores only the simplified biometric data 56 in its memory and transmits it for further processing, taking into account the projection parameters 52. The following variants are also conceivable: wherein the complete biometric data is temporarily present in the memory of the biometric data acquisition unit 18a, but only a part of the content determined by the projection parameters 52 is recorded and submitted.
In addition, the embodiment according to fig. 5 differs from the embodiment shown in fig. 3 in that only the reduced biometric data 56 are available for submission to the server 20, preferably in encrypted form, i.e. as encrypted reduced biometric data 65, during the course of the method.
The data content of the projection parameters 52 comprised in the challenge values 50 may vary very widely, according to what has been described above in any and all embodiments of the method according to the invention. A case may be envisaged in which the challenge value 50 is constituted by the projection parameters 52 themselves, which consist of only a single parameter. It is also contemplated that challenge value 50 contains additional data other than projection parameters 52 that does not participate in the data reduction process. The projection parameters 52 may be a single parameter or even a set of parameters, as in the case of data processing by a neural network, this is required to input the layer, the weights of the layer and optionally other parameters of the network. In the context of the present application, the projection parameters 52 refer to any of the parameters or parameter sets described above in the broadest possible sense. In this context, the term "projection" does not imply that data reduction can only be performed narrowly by projection, but rather projection parameters 52 refer to any parameter by which data reduction of a biometric sample can be performed. Thus, any type of data reduction parameter or parameter set should be understood in the broadest possible sense for the projection parameters 52.
The processing associated with the server side steps of the second variant of the invention shown in figure 5 is shown in figure 6. By comparing fig. 6 and fig. 4, it can be seen that in this second embodiment, the complete set of biometric data is not received at the server side, but only the encrypted reduced biometric data 65, preferably encrypted. The server's private encryption key 40b is used to decrypt-where encryption is applied-the reduced biometric data 56 from these data, and this reduced biometric data can then be applied to generate a verification credential record 70' or preferably for authentication purposes.
In the process according to fig. 6, the reduced biometric data 56 are available on the server side, and there is no need to generate them with the projection parameters 52. As can be seen, this embodiment of the invention is more secure than the embodiment according to fig. 3 and 4, since here the complete biometric sample is not communicated, even in encrypted form.
In this embodiment, the reduced biometric data 56 may be used for authentication at the server side. The biometric template 45a corresponding to a given user is identified in the biometric template 45a stored in the biometric database 45 using the corresponding user data 74, and the reduced biometric template verification data 56 "is then generated from the given biometric template 45a by the projection parameters 52 carried by the challenge value 50. Thus, authentication may be performed by comparing the simplified biometric data 56 (received from the client in encrypted form and then decrypted) with the simplified biometric template verification data 56 ".
Steps 12-16 of the method according to the invention are shown in detail in fig. 7. In step 12, the server 20 is applied to generate a server certificate 80 by associating at least the hash 49 of said electronic file 48, at least one item of user data 74 and at least signature data 78 relating to the time of signature.
The at least one item of user data 74 may be user data 74 sent by the client device 10 or other data retrieved from the user database 44 based on the user data 74 sent by the client device. The user data 74 applied to generate the server certificate 80 typically includes one or more of the following data items: the name of the user (signer), birth data, place of birth, mother's name, address, identification number, etc.
Signature data 78 is metadata describing the "situation" of a signature event, which typically includes one or more of the following: a date of signing, information on the client device 10, information on the server 20, a name of the signed electronic file 48, and so forth.
In step 13, the server certificate 80 is preferably signed by the server 20 with the server's private signing key 41 to produce a signed server certificate 82, which can then be used to unambiguously assume that the signature originated from the server 20. The server's private signing key 41 may be the same as the server's private encryption key 40b applied during the previous step. However, the signed server certificate 82 may be generated using a different key or a different signing algorithm, including, for example, an HMAC (hash-based message authentication code) type of algorithm.
In step 14 (which may precede steps 12 and 13), the server 20 is operable to generate the visually displayable biometric data 54a from the biometric data 54 (or from the reduced biometric data 56 in the case of the embodiment according to fig. 5 and 6) optionally using a one-way mapping algorithm 84. For example, a static signature image is generated from dynamic data of a recorded handwritten signature. It is also contemplated that the visually displayable biometric data 54a may be generated from other types of biometric data 54, such as fingerprints, palm vein images, iris images, but in the case of these biometric data types, the visually displayable biometric data 54a is not typically generated. Optionally, the mapping algorithm 84 may also be based on a projection algorithm using the projection parameters 52.
In step 15, the server 20 is used to generate a digital signature 85 by associating the signed server certificate 82, the hash 49 of the electronic file 48 and, where available, the visually displayable biometric data 54. During this step, data association is preferably performed by encapsulating the data in a data packet. The digital signature 85 is then associated with the electronic file 48, such as by embedding the electronic signature in the electronic file or by including both in a common standard (e.g., XML) file, thereby producing a digitally signed electronic file 86. Embedding is preferably performed such that the visually displayable biometric data 54a may be viewed as a signature image when the digitally signed electronic file 86 is opened. The digital signature 85 may of course also contain other data.
Preferably, in step 16, the digitally signed electronic file 86 is also signed on behalf of the user by the server 20, for example using the user's private signing key 42, to obtain a double signed electronic file 88. Using the user's public signing key, anyone can ensure that the double signed electronic document 88 is signed with the user private signing key 42 corresponding to a given user (signer).
Step 17 of the method according to the invention is shown in detail in fig. 8.
In step 17, the server 20 is used to generate a server credential record 90 by associating at least the challenge value 50, the biometric data 54 (or, in the embodiment according to fig. 5 and 6, the simplified biometric data 56) and the hash 49 of the electronic file 48 (for example by the bitwise XOR operation described above, or with a hashing algorithm), then to sign said server credential record 90 with the server's private signing key 41, and to store the signed server credential record 92 thus obtained. The condition of the signing event and the data used in its process can be known from the signed server credential record 92 using the server's public signing key 40 a. The server credential record 90 may be used later (even years later) to prove that a given signed transaction with given content did occur. Such proofs may be required, for example, by court litigation. In this case, the complete biometric data 54 may be required, and therefore it is preferred that the complete set of biometric data be included in the server credential record 90, rather than just the reduced biometric data 56, its hash 58, or the visual biometric data 54 a.
The above procedure can be performed in the case of a plurality of signers, but of course, when the biometric data 54 of more than one user is recorded using the biometric data acquisition unit 18a, a corresponding operation is performed on each set of biometric data 54, while on the server side the visible biometric data 54a is generated from all the sets of biometric data 54 and is all included in the digital signature 85.
It will be appreciated from the above discussion that the present invention is contrary to the preferred, simplified general engineering approach. Common engineering wisdom suggests that a common digital signature should be applied to both the biometric data and the original document, thereby "linking" both in a genuine manner. In this case, it can be verified whether a given biometric corresponds to a given document, as long as the biometric and the document are known. However, if a person owns a biometric, he can use the biometric to generate another document by replicating the biometric. The invention makes the conventional scheme safer; to prevent biometrics from being disclosed, biometrics are stored and used in encrypted/simplified form.
In the prior art, the correspondence of a biometric and a document can only be verified by a trusted entity authorized to remove the encryption of the biometric. However, entities that are deemed untrusted may also attempt to authenticate. The solution according to the invention also allows an untrusted entity to verify the authenticity of the document (without decrypting the encrypted biometric).
The solution according to the invention is therefore contrary to the simplification principle by:
the approach is adapted to generate a challenge-based simplified biometric that is included in a credential record signed using both the document and the challenge parameters. The signed credential record and the reduced biometrics can be handed over to any untrusted entity, since they cannot be applied to restore the original biometrics due to the characteristics of the projection algorithm, while the reduced values will be unique for each signature, since the reduced values can only be generated each time using different parameters (i.e. it is not necessary to apply two identical reduced images even in the case of the same biometrics). Since the authenticity of the signed credential record can be verified by the untrusted entity, the entity can ensure that the appropriate biometrics are linked to the given document.
The authentication method according to the present invention further comprises the above steps, wherein any of the above preferred embodiments is applicable to the authentication method. In the course of the authentication method according to the invention:
transmitting the challenge value 50 including the projection parameters 52 from the server 20 to the client device 10 over the communication channel 30,
a biometric data acquisition unit 18a connected to the client device 10 for recording the reduced biometric data 56 applying a projection with the projection parameters 52,
the client device 10 is adapted to transmit the reduced biometric data 56 to the server 20 via the communication channel 30,
the server 20 is used to identify the user of the client device 10,
generating a simplified biometric template verification data 56 "from the biometric template 45a of the user applying the projection comprising the projection parameters 52 and authenticating by comparing the simplified biometric data 56 with the simplified biometric template verification data 56".
In a preferred embodiment, the user is identified based on the reduced biometric data 56.
Since the above steps can be found in fig. 5 and 6, the authentication method is not separately shown. The authentication method is based on a client-server biometric data collection architecture, wherein simplified biometric data is recorded by a biometric data collection unit connected to or incorporated in the client using challenge values sent by the server.
The biometric data acquisition unit may for example be a tablet device or a mobile phone (smartphone) and software running thereon, i.e. the biometric data acquisition unit is built into the client. The server may for example be a central service adapted to identify the user based on the biometric recorded by the device and to grant access to a specific service depending on the result of the identification. The biometrics may for example consist of a handwritten signature on a touch screen, an iris image taken by the camera of the device, a fingerprint recorded by the device (as long as the device has the necessary capabilities), or gesture recognition using the camera of the device. In the case of this embodiment, the simplification is conveniently performed by software running on the tablet.
The biometric data collection device may be a "signature pad" (a digitizing tablet with a pen, which may also have its own display, essentially the same as the tablet device), which is connected to the PC through a USB connector. In this case, the "server" may even be the PC itself, running a software application adapted to utilize the recorded handwritten signature data. In this case, when it is a PC that transmits data to the server via the communication link, a remote server may of course be applied. In this embodiment, most advantageously, the data reduction process is already performed within the "signature panel" device, since in this case the complete biometric is not obtained from a physically closed and protected device.
The biometric data acquisition unit may also be a simple computer mouse connected to a PC. A software application may be applied to record the mouse movements of a user during web browsing. The movement of the mouse/hand can be considered to be biometric data characterizing a given individual. Based on the recorded data, also psychological characteristics of the user may be obtained, which may even be applied to display customized advertisements for that user. Alternatively, a PC-connected camera may be used to record the eye movements of the user (as biometric data). In these examples, data reduction is conveniently performed by a software application running on the PC.
In certain cases, two types of information may be obtained from the signature panel device during a signing event:
simplified biometrics (to be used later by the server for identifying the person),
a static image of the signature (which can be visually copied to the document, but is not suitable for copying the signature biometrics in itself).
This is advantageous because the critical biometric data cannot be obtained from the device, only the reduced set of information required for identification can be obtained, but still a signature image can be generated. In this case, the challenge value will include:
-determining simplified parameters (or parameter sets) required for identifying a person, and
another parameter suitable for reducing the dynamic biometric data to static biometric data (i.e. in fact the time and pressure parameters are deleted from the original data set, the image is drawn from the remaining series of points and preferably converted to a predetermined size).
In this case, the reduced biometrics is an aggregation of two types of reduced information, where the server uses the two parts in two different ways.
The authentication method based on simplified biometrics has the advantage that it allows personal identification by the following entities/services:
entities/services that are not allowed to have complete biometric data due to legal prohibition, or
Entities/services that are not at a security level that allows them to protect the identity of a person; or
An entity/service that is a service provider, not sufficiently trusted by the person to be identified.
The authentication method according to the invention is also suitable for building an anonymous identification system, since biometric data suitable for identity theft are not stored in the client and are not transmitted within the system. In a preferred embodiment, multiple cameras may be installed in stores and hallways in a mall. The camera system may collect simplified facial/body shape/movement information about the individual, only transmitting the simplified information to the server. Based on the reduced information, the server attempts to identify the person. In the event that the person is not recognized, it is identified as a new customer and the corresponding biometric sample (reduced data) is stored with the associated identification number. The system then monitors the person's movements in the mall (which shop he or she enters, at which shop window he or she stops, how much time he or she spends in certain locations, at which restaurant he or she has meals, which products he or she purchases-the latter may be determined using the cash register camera and cash register information), i.e., the system may identify the habits and preferences of the customer. Based on previously identified and identified people's customer preferences, the system is able to display personalized advertisements anywhere (e.g., on a dynamic television wall). The identification/recognition system allows individual stores to present personalized offers for sale to customers as they enter the store.
It will be readily appreciated that other alternatives to the embodiments detailed above may be devised by those skilled in the art, all falling within the scope of protection defined by the appended claims.

Claims (32)

1. A method for digitally signing an electronic document, characterized by performing the following steps by a server:
-generating a challenge value (50) comprising projection parameters (52),
-transmitting the challenge value (50) to a client device (10) over a communication channel (30),
-receiving, from a client device (10) over a communication channel (30), a credential record (70), an electronic file (48) to be signed, and biometric data (54) of a user, the credential record (70) being generated by the client device (10) by associating:
-the challenge value (50),
-a hash (58) of the reduced biometric data (56), the reduced biometric data (56) being generated from the biometric data (54) applying a projection with the projection parameters (52), and
-a hash (49) of the electronic file (48),
-generating simplified biometric verification data (56') from the biometric data (54) applying the projection with the projection parameters (52),
-generating a hash (58') of the reduced biometric authentication data (56'),
-generating a hash (49) of the electronic file (48),
-generating a verification credential record (70') by associating the challenge value (50), the hash (58') of the reduced biometric verification data (56') and the hash (49) of the electronic file (48), and comparing the verification credential record with the credential record (70) sent by the client device (10), and continuing the process of digitally signing only if the verification credential record (70') is identical to the credential record (70) sent by the client device (10),
-identifying a user of the client device (10) and defining at least one item of user data (74),
-generating a server certificate (80) by associating at least a hash (49) of the electronic file (48), the at least one item of user data (74) and at least signature data (78) relating to a time of signature,
-signing the server certificate (80) applying the server's private signing key (41), thereby generating a signed server certificate (82),
-generating a digital signature (85) by associating at least the signed server certificate (82) with the hash (49) of the electronic file (48), and
-associating the digital signature (85) with the electronic file (48), thereby generating a digitally signed electronic file (86).
2. The method of claim 1, wherein the digitally signed electronic file (86) is signed on behalf of the user.
3. The method according to claim 2, characterized in that the signature is performed with a private signature key (42) of the user.
4. Method according to claim 1 or 2, characterized in that visually displayable biometric data (54a) is generated from the biometric data (54) by means of a one-way mapping, wherein the visually displayable biometric data (54a) is also associated with the server certificate (80) and with the hash (49) of the electronic file (48) for generating the digital signature (85).
5. The method according to claim 1 or 2, characterized in that the user is authenticated based on the biometric data (54).
6. The method according to claim 5, characterized in that during authentication, the biometric data (54) is compared with a biometric template (45 a).
7. The method according to claim 1, characterized by receiving a credential record (72) signed by the client device (10) as a credential record (70) and verifying the signature.
8. Method according to claim 1, characterized in that the biometric data (64) encrypted by the client device (10) and/or the electronic file (68) encrypted by the client device are received as biometric data (54) and/or as electronic file (48), and the encrypted biometric data (64) and/or the encrypted electronic file (68) are decrypted before generating the reduced biometric data (56).
9. Method according to claim 8, characterized in that the encrypted biometric data (64) and/or the encrypted electronic file (68) encrypted with the public encryption key (40a) of the server are received and decrypted with the private encryption key (40b) of the server, or the encrypted biometric data (64) and/or the encrypted electronic file encrypted with the public encryption key (40a) of the server are received and the encrypted symmetric key is decrypted with the private encryption key (40b) of the server, whereafter the encrypted biometric data (64) and/or the encrypted electronic file (68) are decrypted with the symmetric key.
10. The method according to claim 1, characterized by generating a server credential record (90) by associating at least the challenge value (50), the biometric data (54) and the hash (49) of the electronic file (48), signing the server credential record (90) with the server's private signing key (41), and storing the resulting signed server credential record (92).
11. The method according to claim 1, characterized in that the biometric data (54) of the user is recorded by a biometric data acquisition unit (18a) and by the client device (10):
generating reduced biometric data (56) from the biometric data (54) applying a projection with the projection parameters (52),
-generating a hash (58) of the reduced biometric data (56),
-generating a hash (49) of the electronic file (48),
-generating a credential record (70) by associating at least the challenge value (50), the hash (58) of the reduced biometric data (56) and the hash (49) of the electronic file (48), and
-transmitting the credential record (70), the electronic file (48) to be signed and the biometric data (54) to the server (20) over the communication channel (30).
12. The method of claim 11, wherein the credential record (70) is signed by the client device (10) and the signature is verified by the server (20).
13. Method according to claim 11 or 12, characterized in that the biometric data (54) and/or the electronic file (48) to be signed are encrypted by the client device (10) before the biometric data (54) and/or the electronic file (48) to be signed are transmitted.
14. The method according to claim 11, characterized in that the biometric data acquisition unit (18a) is a digitizing tablet, through which a handwritten signature is received and recorded as biometric data (54).
15. Method according to claim 14, characterized in that the handwritten signature is recorded as at least one type of biometric data (54) selected from the group of: coordinates of a position of a pressing writing device, coordinates of a position of a lifting from the writing device, a time function of writing device coordinates, a time function of writing device velocity, a time function of writing device acceleration, a time function of writing device pressure.
16. The method according to claim 11, characterized in that the biometric data acquisition unit (18a) is an iris scanner by which iris images are received and digital data representing the iris images are stored as biometric data (54).
17. The method according to claim 11, characterized in that the biometric data acquisition unit (18a) is a fingerprint reader by which a fingerprint is received and digital data representing the fingerprint is stored as biometric data (54).
18. A method for digitally signing an electronic document, characterized by:
-generating, by the server (20), a challenge value (50) comprising the projection parameters (52),
-transmitting the challenge value (50) to a client device (10) by the server (20) via a communication channel (30),
-recording biometric data (54) by means of a biometric data acquisition unit (18a),
generating, by the client device (10), reduced biometric data (56) from the biometric data (54) by applying a projection with the projection parameters (52),
-generating, by the client device (10), a hash (58) of the reduced biometric data (56),
-generating, by the client device (10), a hash (49) of the electronic file (48),
-generating a credential record (70) by the client device (10) by associating at least the challenge value (50), the hash (58) of the reduced biometric data (56) and the hash (49) of the electronic file (48),
-transmitting the credential record (70), the electronic file (48) to be signed and the biometric data (54) to the server (20) by the client device (10) via the communication channel (30),
-generating, by the server (20) application, simplified biometric verification data (56') from the biometric data (54) using projections of projection parameters (52),
-generating, by the server (20), a hash (58') of the reduced biometric authentication data (56'),
-generating, by the server (20), a hash (49) of the electronic file (48),
-generating by the server (20) a verification credential record (70') by associating the challenge value (50), the hash (58') of the reduced biometric verification data (56') and the hash (49) of the electronic file (48) and for comparing this verification credential record with the credential record (70) sent by the client device (10) and continuing the process of digital signing only if the verification credential record (70') is identical to the credential record (70) sent by the client device (10),
-identifying, by the server (20), a user of the client device (10) and defining at least one item of user data (74),
-generating, by the server (20), a server certificate (80) by associating at least a hash (49) of the electronic file (48), the at least one item of user data (74) and at least signature data (78) related to a time of signature,
-signing the server certificate (80) by the server (20) applying the server's private signing key (41) thereby generating a signed server certificate (82),
-generating a digital signature (85) by the server (20) by associating at least the signed server certificate (82) with a hash (49) of the electronic file (48), and
-associating, by the server (20), the digital signature (85) with the electronic file (48), thereby generating a digitally signed electronic file (86).
19. The method of claim 18, wherein the digitally signed electronic file (86) is signed on behalf of the user by the server (20).
20. The method of claim 19, wherein the signing is performed with a private signing key of the user.
21. Method according to claim 18 or 19, characterized in that visually displayable biometric data (54a) is generated by the server (20) from the biometric data (54) by means of a one-way mapping, wherein the visually displayable biometric data (54a) is also associated with the server certificate (80) and with the hash (49) of the electronic file (48) for generating the digital signature (85).
22. The method according to claim 18, characterized in that the user is authenticated by the server (20) on the basis of the biometric data (54), during which authentication the biometric data (54a) is compared with a biometric template (45 a).
23. The method according to claim 18, characterized by generating a server credential record (90) by the server (20) by associating at least the challenge value (50), the biometric data (54) and a hash (49) of the electronic file (48), signing the server credential record (90) with the server's private signing key (41), and storing the resulting signed server credential record (92).
24. The method of claim 18, wherein the credential record is signed by the client device (10) and the signature is verified by the server.
25. Method according to claim 18, characterized in that said biometric data (54) and/or said electronic file (48) are encrypted by said client device (10) before transmitting said biometric data (54) and/or said electronic file (48) generating encrypted biometric data (64) and/or an encrypted electronic file (68), and said encrypted biometric data (64) and/or said encrypted electronic file (68) are decrypted by said server (20).
26. A method for digitally signing an electronic document, characterized by the following steps performed by a server:
-generating a challenge value (50) comprising projection parameters (52),
-transmitting the challenge value (50) to a client device (10) over a communication channel (30),
-receiving, from the client device (10), over a communication channel (30), a credential record (70), the electronic file (48) to be signed and simplified biometric data (56) of the user simplified according to the projection parameters (52), the credential record (70) being generated by the client device (10) by associating:
-the challenge value (50),
-a hash (58) of the reduced biometric data (56), and
-a hash (49) of the electronic file (48),
-generating a hash (58') of the reduced biometric data (56),
-generating a hash (49) of the electronic file (48),
-generating a verification credential record (70') by associating the challenge value (50), the hash (58') of the reduced biometric data (56) and the hash (49) of the electronic file (48) and comparing the verification credential record with a credential record (70) sent by the client device (10) and continuing the process of digitally signing only if the verification credential record (70') is identical to the credential record (70) sent by the client device (10),
-identifying a user of the client device (10) and defining at least one item of user data (74),
-generating a server certificate (80) by associating at least the hash (49) of the electronic file (48), the at least one item of user data (74) and at least signature data (78) relating to a time of signature,
-signing the server certificate (80) applying the server's private signing key (41), thereby generating a signed server certificate (82),
-generating a digital signature (85) by associating at least the signed server certificate (82) with a hash (49) of the electronic file (48), and
-associating the digital signature (85) with the electronic file (48), thereby generating a digitally signed electronic file (86).
27. The method according to claim 26, characterized by authenticating the user based on the simplified biometric data (56), during which authentication the projection comprising the projection parameters (52) is applied to generate simplified biometric template verification data (56 ") from a biometric template (45a) of the user; and comparing the simplified biometric data (56) with the simplified biometric template verification data (56 ").
28. The method according to claim 27, characterized by receiving as the reduced biometric data (56) encrypted reduced biometric data (65) by the client device (10), and decrypting the encrypted reduced biometric data (65) before authentication.
29. The method of claim 26,
-recording simplified biometric data (56) of the user by means of a biometric data acquisition unit (18a),
-generating a hash (58) of the reduced biometric data (56),
-generating a hash (49) of the electronic file (48),
-generating a credential record (70) by associating at least the challenge value (50), the hash (58) of the reduced biometric data (56) and the hash (49) of the electronic file (48), and
-transmitting the credential record (70), the electronic file (48) to be signed and the reduced biometric data (56) to the server (20) over the communication channel (30).
30. Method for digitally signing an electronic document, characterized in that,
-generating, by the server (20), a challenge value (50) comprising the projection parameters (52),
-transmitting the challenge value (50) to a client device (10) by the server (20) via a communication channel (30),
-recording simplified biometric data (56) using projections with the projection parameters (52) by a biometric data acquisition unit (18a) connected to the client device (10),
-generating, by the client device (10), a hash (58) of the reduced biometric data (56),
-generating, by the client device (10), a hash (49) of the electronic file (48),
-generating a credential record (70) by the client device (10) by associating at least the challenge value (50), the hash (58) of the reduced biometric data (56) and the hash (49) of the electronic file (48),
-transmitting the credential record (70), the electronic file (48) to be signed and the reduced biometric data (56) to the server (20) by the client device (10) via the communication channel (30),
-generating, by the server (20), a hash (58') of the reduced biometric data (56),
-generating, by the server (20), the hash (49) of the electronic file (48),
-generating by the server (20) a verification credential record (70') by associating the challenge value (50), the hash (58') of the reduced biometric data (56) and the hash (49) of the electronic file (48), and comparing the verification credential record with the credential record (70) sent by the client device (10), and continuing the process of digitally signing only if the verification credential record (70') is identical to the credential record (70) sent by the client device (10),
-identifying a user of the client device (10) by means of the server (20) and defining at least one item of user data (74),
-generating, by the server (20), a server certificate (80) by associating at least a hash (49) of the electronic file (48), the at least one item of user data (74) and at least signature data (78) related to a time of signature,
-signing the server certificate (80) by the server (20) applying the server's private signing key (41), thereby generating a signed server certificate (82),
-generating, by the server (20), a digital signature (85) by associating at least the signed server certificate (82) with a hash (49) of the electronic file (48), and
-associating, by the server (20), the digital signature (85) with the electronic file (48), thereby generating a digitally signed electronic file (86).
31. The method according to claim 30, characterized by authenticating the user by a server (20) based on the simplified biometric data (56), during which authentication a projection comprising projection parameters (52) is applied to generate simplified biometric template verification data (56 ") from a biometric template (45a) of the user; and comparing the simplified biometric data (56) with the simplified biometric template verification data (56 ").
32. The method according to claim 30, characterized in that the reduced biometric data is encrypted by the client device (10) before transmitting the reduced biometric data (56), thereby generating encrypted reduced biometric data (65) by the server.
HK17113706.9A 2014-08-18 2015-06-15 Methods for digitally signing an electronic file and authenticating method HK1240360B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
HUP1400392 2014-08-18
HUP1500259 2015-05-29

Publications (2)

Publication Number Publication Date
HK1240360A1 HK1240360A1 (en) 2018-05-18
HK1240360B true HK1240360B (en) 2019-07-05

Family

ID=

Similar Documents

Publication Publication Date Title
US11310058B2 (en) Methods for digitally signing an electronic file and authentication method
CN111466097B (en) Server-Assisted Privacy-Preserving Biometric Comparison
CN107251477B (en) System and method for securely managing biometric data
US9384338B2 (en) Architectures for privacy protection of biometric templates
US20180241558A1 (en) 1:n biometric authentication, encryption, signature system
US20160219046A1 (en) System and method for multi-modal biometric identity verification
JP7250960B2 (en) User authentication and signature device using user biometrics, and method thereof
JPWO2007094165A1 (en) Identification system and program, and identification method
WO2012042775A1 (en) Biometric authentication system, communication terminal device, biometric authentication device, and biometric authentication method
US11681787B1 (en) Ownership validation for cryptographic asset contracts using irreversibly transformed identity tokens
US20130088327A1 (en) Template delivery type cancelable biometric authentication system and method therefor
US9280650B2 (en) Authenticate a fingerprint image
WO2021190197A1 (en) Method and apparatus for authenticating biometric payment device, computer device and storage medium
US20190165939A1 (en) Two-step central matching
HK1240360B (en) Methods for digitally signing an electronic file and authenticating method
HK1240360A1 (en) Methods for digitally signing an electronic file and authenticating method
JP5574005B2 (en) Biometric authentication method and system
RU2776258C2 (en) Biometric comparison for privacy protection using server
CN1965279A (en) Architectures for privacy protection of biometric templates
JPH1188322A (en) Digital signature generation method