Duress signatures
First Claim
1. A computer-implemented method, comprising:
- under the control of one or more computer systems configured with executable instructions,receiving a signature of a signatory, wherein the signatory is associated with a first set of credential data and a second set of credential data, wherein the first set of credential data is associated with a first duress level, and wherein the second set of credential data is associated with a second duress level;
receiving a document identifier for identifying a document, the document identifier derived based at least in part from document contents;
obtaining an identity verification identifier for identifying an identity verification token, wherein the identity verification token is registered with an identity registrar and authorized by the identity registrar to generate signatures, and wherein the identity verification identifier comprises a first private key corresponding to a first public key and a second private key corresponding to a second public key;
generating a first signature based at least in part on the document identifier, the first set of credential data, and the identity verification identifier, wherein the first signature is based at least in part on encrypting the document identifier using the first private key;
determining that the generated first signature is not a match to the received signature of the signatory;
generating a second signature based at least in part on the document identifier, the second set of credential data, and the identity verification identifier, wherein the second signature is based at least in part on encrypting the document identifier using the second private key;
determining that the generated second signature is a match to the received signature of the signatory; and
performing an action in accordance with the second duress level, wherein the action is one or more of hiding information associated with a first account, displaying information associated with a second account, notifying security personnel of a security incident indicated by the second duress level, sending a message indicating an occurrence of the second duress level, indicating the occurrence of the second duress level in a data store, or repudiating transactions associated with the document.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for generating a signature for a document using credentials indicating an unsanctioned signing event. The system and method includes receiving a request to generate a signature of a signatory for a document, wherein the request includes a received set of credential data for a signatory, obtaining a token identifier for at least one computing device, and determining if the received set of credential data matches credentials indicating the unsanctioned signing event. The system and method further includes receiving the signature of the signatory, the document identifier, and the token identifier, and determining based at least in part on the signature, document identifier, and the token identifier, whether the received signature is associated with the unsanctioned signing event.
91 Citations
20 Claims
-
1. A computer-implemented method, comprising:
under the control of one or more computer systems configured with executable instructions, receiving a signature of a signatory, wherein the signatory is associated with a first set of credential data and a second set of credential data, wherein the first set of credential data is associated with a first duress level, and wherein the second set of credential data is associated with a second duress level; receiving a document identifier for identifying a document, the document identifier derived based at least in part from document contents; obtaining an identity verification identifier for identifying an identity verification token, wherein the identity verification token is registered with an identity registrar and authorized by the identity registrar to generate signatures, and wherein the identity verification identifier comprises a first private key corresponding to a first public key and a second private key corresponding to a second public key; generating a first signature based at least in part on the document identifier, the first set of credential data, and the identity verification identifier, wherein the first signature is based at least in part on encrypting the document identifier using the first private key; determining that the generated first signature is not a match to the received signature of the signatory; generating a second signature based at least in part on the document identifier, the second set of credential data, and the identity verification identifier, wherein the second signature is based at least in part on encrypting the document identifier using the second private key; determining that the generated second signature is a match to the received signature of the signatory; and performing an action in accordance with the second duress level, wherein the action is one or more of hiding information associated with a first account, displaying information associated with a second account, notifying security personnel of a security incident indicated by the second duress level, sending a message indicating an occurrence of the second duress level, indicating the occurrence of the second duress level in a data store, or repudiating transactions associated with the document. - View Dependent Claims (2, 3)
-
4. A system, comprising:
at least one computing device that implements one or more services, wherein the one or more services; receive, from a signatory, a request to generate a signature for a document, wherein the signatory is associated with multiple sets of credentials, wherein a first set of credentials is associated with a first duress level, and wherein a second set of credentials is associated with a second duress level; obtain a document identifier for the document, the document identifier derived based at least in part from document contents; obtain a token identifier for the at least one computing device, wherein the token identifier is registered with an identity registrar and authorized by the identity registrar to generate signatures, and wherein the token identifier comprises a first private key corresponding to a first public key and a second private key corresponding to a second public key; generate a first signature based at least in part on the document identifier, the first set of credentials, and the identity verification identifier, wherein the first signature is based at least in part on encrypting the document identifier using the first private key; determine that the generated first signature is not a match to the received signature of the signatory; generate a second signature based at least in part on the document identifier, the second set of credentials, and the identity verification identifier, wherein the second signature is based at least in part on encrypting the document identifier using the second private key; determine that the generated second signature is a match to the received signature of the signatory; and perform an action in accordance with a duress level associated with the second set of credentials, wherein the action is one or more of hiding information associated with a first account, displaying information associated with a second account, notifying security personnel of a security incident indicated by the duress level, sending a message indicating an occurrence of the duress level, indicating the occurrence of the duress level in a data store, or repudiating transactions associated with the document. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least:
-
receive a signature of a signatory, wherein the signatory is associated with a plurality of sets of credential data, wherein each set of credential data is associated with a corresponding duress level of a plurality of duress levels; receive a document identifier for identifying a document, the document identifier derived based at least in part from document contents; obtain a token identifier for identifying a token, wherein the token is authorized by a service provider to generate signatures and comprises a set of private keys of a public-private key scheme; generate a first signature, using the token, wherein the signature is based at least in part on encrypting the document identifier using a first private key of the set of private keys; determine, based at least in part on the signature, the document identifier, the token identifier, and a public key from a set of public keys corresponding to the set of private keys of the public-private key scheme; determine that the generated first signature is not a match to the received signature of the signatory; generate a second signature based at least in part on the document identifier, the second set of credential data, and the identity verification identifier, wherein the second signature is based at least in part on encrypting the document identifier using the second private key; determine that the generated second signature is a match to the received signature of the signatory and that the signature received is associated with a duress level of the plurality of duress levels, wherein the duress level indicates an occurrence of an event that is; a duress event, or a signing event that exceeded a signing authority of the signatory; and perform an action as a result of the event determined to have occurred. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification