Server-based digital signature

US 20050132201A1
Filed: 09/23/2004
Published: 06/16/2005
Est. Priority Date: 09/24/2003
Status: Abandoned Application

First Claim

Patent Images

1. A network server for a computer network system to electronically sign electronic records from one or more computers, the network server comprising:

a processing unit;

a memory;

an electronic signature engine stored in the memory and executable on the processing unit, the electronic signature engine retrieving user signing data, accessing an electronic record, receiving authorization data from a user of a user device to electronically sign the electronic record, and electronically signing the electronic record using the user signing data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Electronic signature functions, such as electronically signing an electronic record, verification of an electronic signature and issuance of keys, may be performed by a server or other central computer. For electronic signing, the server may access a key on a protected database and encryption programs to electronically sign an electronic record. For signature verification, the server may receive the electronic record and electronic signature, determine a key to decrypt the electronic signature, and then determine whether the electronic signature is valid. For issuance of keys, the server may receive a user request to generate keys, may generate the keys, and store the keys in a database which is accessible by the server, but which may not be accessible by the user.

76 Citations

View as Search Results

60 Claims

1. A network server for a computer network system to electronically sign electronic records from one or more computers, the network server comprising:
- a processing unit;
  
  a memory;
  
  an electronic signature engine stored in the memory and executable on the processing unit, the electronic signature engine retrieving user signing data, accessing an electronic record, receiving authorization data from a user of a user device to electronically sign the electronic record, and electronically signing the electronic record using the user signing data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The network server of claim 1, wherein the user signing data is stored in the memory.
  - 3. The network server of claim 2, wherein the user signing data comprise a key.
  - 4. The network server of claim 1, wherein accessing an electronic record comprises generating the electronic record at the network server system.
  - 5. The network server of claim 1, wherein the user device communicates with the network server via a network;
    - and wherein accessing an electronic record comprises receiving the electronic record from the user device via the network.
  - 6. The network server of claim 1, wherein an application device communicates with the network server via a network;
    - and wherein accessing the electronic record comprises receiving the electronic record from an application device.
  - 7. The network server of claim 1, wherein the user device communicates with the network server via a network;
    - and wherein receiving authorization data from a user comprises sending the authorization data from the user device to the network server via the network.
  - 8. The network server of claim 1, wherein an application device communicates with the network server via a network;
    - and wherein receiving authorization data from a user comprises sending the authorization data via the application device to the network server via the network.
  - 9. The network server of claim 1, wherein electronically signing comprises associating data, an electronic sound, a symbol, or a process with the electronic record.
  - 10. The network server of claim 1, wherein electronically signing comprises converting the electronic record into a hash value using a hash function, and encrypting the hash value using the user signing data.
  - 11. The network server of claim 1, wherein the electronic signature engine further receives identification information from the user device;
    - and wherein the electronic signature engine retrieving user signing data is based on the identification information.
  - 12. The network server of claim 11, wherein receiving identification information comprises receiving a user login.
  - 13. The network server of claim 11, wherein receiving identification information comprises receiving user private identification.
  - 14. The network server of claim 13, wherein the user private identification comprises a PIN.
  - 15. The network server of claim 14, wherein receiving identification information from the user device comprises providing a user login;
    - and wherein retrieving user signing data comprises accessing, by the network server, the memory based on the user login to retrieve the user signing data.
  - 16. The network server of claim 11, wherein receiving identification information from the user device comprises receiving user private identification;
    - and wherein the electronic signature engine decrypts the user signing data based on the user private identification.
  - 17. The network server of claim 1, further comprising:
    - a clock;
      
      wherein the electronic signature engine accesses the clock for a time stamp; and
      
      wherein electronically signing the electronic record is based on the time stamp.

18. A central device, in a system with a user device which authorizes electronically signing an electronic record, the central device comprising logic for:
- determining user signing data for a user at the user device;
  
  receiving authorization data from the user of the user device to electronically sign the electronic record; and
  
  electronically signing the electronic record based on the user signing data.
- View Dependent Claims (19, 20)
- - 19. The central device of claim 18, wherein the central device comprises a server;
    - wherein the user device communicates with the server via a network; and
      
      wherein receiving authorization data from the user comprises receiving the authorization data from the user device via the network.
  - 20. The central device of claim 18, wherein the system further comprises an application device;
    - wherein the central device comprises a server;
      
      wherein the application device communicates with the server via a network; and
      
      wherein receiving authorization data from the user comprises receiving the authorization data from the user device via the application device.

21. A network server for a computer network system to verify electronically signed records, the network server comprising:
- a processing unit;
  
  a memory;
  
  an electronic signature engine stored in the memory and executable on the processing unit, the electronic signature engine accessing an electronic record and an electronic signature, receiving authorization data to verify the electronic signature from a user of a user device, and verifying that the electronic record has not been altered since the electronic signature was generated.
- View Dependent Claims (22, 23)
- - 22. The network server of claim 21, wherein the user device communicates with the network server via a network;
    - and wherein receiving authorization data from the user comprises receiving the authorization data from the user device via the network.
  - 23. The network server of claim 21, wherein the electronic signature engine determines a key for the electronic signature, and verifies the electronic signature using the key.

24. A method of electronically signing an electronic record, the method operating in a system comprising a user device and a central device, the method comprising:
- determining, by the central device, user signing data for a user at the user device;
  
  receiving, by the central device, authorization data from a user of the user device to electronically sign the electronic record; and
  
  electronically signing, by the central device, the electronic record based on the user signing data.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 25. The method of claim 24, wherein the user signing data comprises at least one key.
  - 26. The method of claim 24, wherein the central device comprises a server;
    - wherein the user device communicates with the server via a network; and
      
      wherein receiving authorization data from the user comprises receiving the authorization data from the user device via the network.
  - 27. The method of claim 24, wherein the system further comprises an application device;
    - wherein the central device comprises a server;
      
      wherein the application device communicates with the server via a network; and
      
      wherein receiving authorization data from the user comprises receiving the authorization data from the user device via the application device.
  - 28. The method of claim 24, wherein electronically signing comprises associating data, an electronic sound, a symbol, or a process with the electronic record.
  - 29. The method of claim 28, wherein associating comprises attaching the data, electronic sound, symbol or process to the electronic record.
  - 30. The method of claim 24, wherein electronically signing comprises converting the electronic record into a hash value using a hash function, and encrypting the hash value using the user signing data.
  - 31. The method of claim 30, wherein the user signing data comprises a key;
    - and wherein encrypting the hash value comprises digitally signing the electronic record with the key.
  - 32. The method of claim 24, further comprising identifying the user at the user device;
    - and wherein determining user signing data is based on identifying the user.
  - 33. The method of claim 32, wherein identifying the user at the user device comprises receiving a user login.
  - 34. The method of claim 32, wherein identifying the user at the user device comprises providing user private identification.
  - 35. The method of claim 34, wherein the user private identification comprises a PIN.
  - 36. The method of claim 32, wherein identifying a user at a user device comprises receiving a user login;
    - and wherein determining user signing data comprises accessing, by the central device, a memory based on the user login to retrieve the user signing data.
  - 37. The method of claim 32, wherein identifying a user at a user device comprises receiving user private identification;
    - and wherein determining user signing data comprises decrypting the user signing data based on the user private identification.
  - 38. The method of claim 24, wherein the user device communicates with the central device via a network;
    - and further comprising receiving the electronic record at the central device from the user device via the network.
  - 39. The method of claim 24, wherein the system further comprises an application device;
    - wherein the central device comprises a server;
      
      wherein the application device communicates with the server via a network; and
      
      wherein receiving the electronic record comprises receiving the electronic record from the application device via the network.
  - 40. The method of claim 24, further comprising generating the electronic record at the central device.
  - 41. The method of claim 24, wherein the central device comprises a server;
    - and further comprising sending the electronically signed electronic record from the server to the user device.
  - 42. The method of claim 24, further comprising:
    - determining, by the central device, a time stamp; and
      
      wherein electronically signing is based on the time stamp.
  - 43. The method of claim 42, wherein electronically signing comprises converting the electronic record and time stamp into a hash value using a hash function, and encrypting the hash value using the user signing data.
  - 44. The method of claim 42, wherein electronically signing comprises converting the electronic record into a hash value using a hash function, and encrypting the hash value and the time stamp using the user signing data.
  - 45. The method of claim 42, wherein determining a time stamp comprises accessing a clock by the central device.
  - 46. The method of claim 45, wherein the clock is protected from tampering by the user of the user device.
  - 47. The method of claim 24, wherein the user signing data comprises a key;
    - wherein the key has associated with it a certificate comprising a revocation date; and
      
      further comprising;
      
      determining, by the central device, a current time; and
      
      determining whether the key is still valid based on the revocation date for the key and the current time.

48. A method for electronically signing, the method operating in a system comprising an application device, a user device, a server, and a network, the network for the application device, user device, and server to communicate with one another, the method comprising:
- generating an electronic record;
  
  sending the electronic record from the application device to the server;
  
  redirecting the user device from the application device to the server;
  
  identifying a user at the user device to the server;
  
  determining at least one key based on the identification of the user; and
  
  electronically signing, by the server, the electronic record using the key.
- View Dependent Claims (49, 50, 51, 52)
- - 49. The method of claim 48, wherein generating an electronic record comprises generating an electronic record at the application device.
  - 50. The method of claim 48, further comprising, after sending the electronic record from the application device to the server, sending a redirect address from the server to the application device;
    - and wherein redirecting the user device comprises the application device redirecting the user device to the redirect address.
  - 51. The method of claim 48, further comprising, after identifying a user, reviewing the electronic record by the user of the user device and authorizing, by the user, electronically signing of the electronic record.
  - 52. The method of claim 48, further comprising:
    - determining, by the server, a time stamp; and
      
      wherein electronically signing is based on the time stamp.

53. A method for verifying an electronic signature with the steps being performed by the central device, the method comprising:
- receiving an electronic record and an electronic signature from a communication device;
  
  receiving authorization data to verify the electronic signature from the communication device;
  
  determining a key for the electronic signature; and
  
  verifying using the key that the electronic record has not been altered since the electronic signature was generated.
- View Dependent Claims (54, 55, 56)
- - 54. The method of claim 53, wherein the communication device comprises a user device.
  - 55. The method of claim 53, wherein the central device comprises a server.
  - 56. The method of claim 53, wherein verifying comprises:
    - decrypting the electronic signature using the key;
      
      hashing the electronic record; and
      
      comparing the decrypted electronic signature with the hashed electronic record.

57. A method for generating user signing data for an electronic signature by a central device, the method operating in a system comprising a user device, the central device, and a network, the user device and central device communicating via the network, the method comprising:
- identifying a user at the user device;
  
  receiving a request from the user at the user device for user signing data;
  
  generating the user signing data by the central device; and
  
  storing the user signing data in a database based on the identification of the user, the database being accessible by the central device but not being accessible by the user device; and
  
  ending communication between the central device and user device without sending the user signing data to the user device.
- View Dependent Claims (58, 59, 60)
- - 58. The method of claim 57, wherein the user signing data comprises at least one key.
  - 59. The method of claim 57, wherein identifying a user at a user device comprises providing user private identification.
  - 60. The method of claim 59, further comprising encrypting the user signing data based on the user private identification;
    - and wherein storing the user signing data comprises storing the encrypted user signing data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services GmbH (Accenture PLC), Microsoft Corporation
Original Assignee
Accenture Global Services GmbH (Accenture PLC), Microsoft Corporation
Inventors
McDonald, David, Finnegan, Sean, Buxton, Steven, Matles, Robert, Pitman, Andrew J.

Application Number

US10/948,365
Publication Number

US 20050132201A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/645   using a third party

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/68   Special signature format, e...

H04L 63/062   for key distribution, e.g. ...

H04L 63/126   the source of the received ...

H04L 9/3247   involving digital signatures

Server-based digital signature

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

60 Claims

Specification

Solutions

Use Cases

Quick Links

Server-based digital signature

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

60 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links