Electronic signature method, program and server for implementing the method
First Claim
1. A method for applying an electronic signature from a client station, comprising the steps of:
- /A/ authenticating the client station at a server, thereby establishing an authenticated communication channel between the client station and said server;
/B/ generating a private key/public key pair at the client station;
/C/ sending from the client station to the server, via the authenticated channel, a request for a signature certificate, generated by means of at least the public key;
/D/ sending from the server to the client station, via the authenticated channel, a signature certificate provided in response to said request;
/E/ calculating a cryptographic signature at the client station by means of the private key, then destroying the private key at the client station; and
/F/ formatting the calculated signature with the aid of the signature certificate received by the client station via the authenticated channel.
1 Assignment
0 Petitions
Accused Products
Abstract
In order to apply an electronic signature from a client station having authentication resources at a server, the following steps are carried out: the client station is authenticated at the server, thus establishing an authenticated communication channel; a private key/public key pair is generated at the client station; a signature certificate request generated by means of at least the public key is transmitted from the client station to the server via the authenticated channel; a signature certificate obtained in response to the request is returned via the authenticated channel; this certificate is verified at the client station; an electronic signature is calculated at the client station by means of the private key, after which this private key is destroyed; and the calculated signature is formatted with the aid of the signature certificate received via the authenticated channel.
78 Citations
14 Claims
-
1. A method for applying an electronic signature from a client station, comprising the steps of:
-
/A/ authenticating the client station at a server, thereby establishing an authenticated communication channel between the client station and said server;
/B/ generating a private key/public key pair at the client station;
/C/ sending from the client station to the server, via the authenticated channel, a request for a signature certificate, generated by means of at least the public key;
/D/ sending from the server to the client station, via the authenticated channel, a signature certificate provided in response to said request;
/E/ calculating a cryptographic signature at the client station by means of the private key, then destroying the private key at the client station; and
/F/ formatting the calculated signature with the aid of the signature certificate received by the client station via the authenticated channel. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product, comprising instructions to be executed in a client station having authentication resources with respect to an electronic signature assistance server, said instructions including:
-
instructions for generating a private key/public key pair after the establishment of an authenticated channel between the client station and said server;
instructions for transmitting to the server, via the authenticated channel, a request for a signature certificate generated by means of at least the public key;
instructions for receiving from the server, via the authenticated channel, a signature certificate obtained in response to said request;
instructions for calculating a cryptographic signature by means of the private key, and then for destroying the private key; and
instructions for formatting the calculated signature with the aid of the signature certificate received via the authenticated channel. - View Dependent Claims (9, 10, 11)
-
-
12. Electronic signature assistance server, comprising means of authenticating a client station to establish an authenticated communication channel with said client station, means for obtaining a signature certificate in response to a request received from the client station via the authenticated channel and for transmitting said certificate to the client station via the authenticated channel, and means for downloading to the client station a program written in a mobile code language, including instructions for controlling, at least partially, the execution of the following operations by the client station:
-
generation of a private key/public key pair at the client station after the establishment of the authenticated channel;
transmission to the server, via the authenticated channel, of a request for a signature certificate generated by means of at least the public key;
reception, via the authenticated channel, of the signature certificate transmitted by the server in response to said request;
calculation of a cryptographic signature at the client station by means of the private key, followed by destruction of the private key; and
formatting of the calculated signature with the aid of the signature certificate received via the authenticated channel. - View Dependent Claims (13, 14)
-
Specification