Electronic Signature Security System

US 20080010218A1
Filed: 12/29/2005
Published: 01/10/2008
Est. Priority Date: 12/30/2004
Status: Active Grant

First Claim

Patent Images

1. :

A method comprising the steps of;

a) receiving transaction data at a first device;

b) capturing a signature at the first device;

c) encrypting the captured signature with the transaction data at the first device; and

d) transmitting the transaction data and encrypted signature from the first device to a second device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the invention enhances the security of electronic signatures during transmission. A peripheral device, which may be located remotely and separate from a host processing system, captures the signature. The peripheral device then binds the signature to the particular transaction record and transmits it to the host processing system. The host processing system validates or confirms the received signature before accepting the transaction. Binding the signature and record data together at the point-of-use reduces the likelihood that someone may be able to hack into the transmission medium, encrypted or not, and obtain the raw signature data. By binding or associating the signature and transaction record data together at the point-of-use, each transaction has a unique key, further foiling attempts at hacking. In various implementations, rather than associating the whole signature with the transaction record data, signature sample points or segments are encrypted with transaction record data.

143 Citations

View as Search Results

24 Claims

1. :
- A method comprising the steps of;
  
  a) receiving transaction data at a first device;
  
  b) capturing a signature at the first device;
  
  c) encrypting the captured signature with the transaction data at the first device; and
  
  d) transmitting the transaction data and encrypted signature from the first device to a second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 24)
- - 2. :
    - The method of claim 1 wherein step (c) includes using a hash of the transaction data to encrypt the captured signature.
  - 3. :
    - The method of claim 1 wherein the transaction data includes price information for a transaction.
  - 4. :
    - The method of claim 1 wherein the transaction data includes identification of goods being transacted.
  - 5. :
    - The method of claim 1 further comprising the additional step of;
      
      receiving a hash of the transaction data at the first device.
  - 6. :
    - The method of claim 1 further comprising the additional step of;
      
      generating a hash of the transaction data at the first device.
  - 7. :
    - The method of claim 6 further comprising the additional steps of;
      
      a) generating a local hash of the transaction data at the second device using the same algorithm used to generate the hash at the first device;
      
      b) decoding the encrypted captured signature at the second device using the local hash of the transaction data; and
      
      c) comparing the captured signature to a stored signature for verification.
  - 8. :
    - The method of claim 1 wherein the step of encrypting the captured signature using the transaction data at the first device includes a) combining the transaction data with a secret key generated at the first device;
      
      b) generating a hash of the combined transaction data and secret key to create a derivative record key at the first device; and
      
      c) encrypting the captured signature by using the derivative record key as a seed to an encryption algorithm in the first device.
  - 9. :
    - The method of claim 8 further comprising the additional step of;
      
      sending the secret key between the first device to the second device at irregular intervals.
  - 10. :
    - The method of claim 9 further comprising the additional steps of;
      
      a) generating a hash of the combined transaction data and secret key to create a derivative record key at the second device; and
      
      b) decoding the encrypted captured signature at the second device using the derivative record key.
  - 11. :
    - The method of claim 10 wherein if the decoding of the encrypted captured signature at the second device fails, searching for the correct derivative record key by modifying the secret key.
  - 12. :
    - The method of claim 1 wherein the encrypted signature is transmitted from the first device to the second device in a plurality of data fragments and this plurality of data fragments are sent in a pseudo-random order.
  - 13. :
    - The method of claim 1 wherein step (d) comprises the additional steps of;
      
      a) dividing the signature data into a plurality of fragments, b) separately encrypting each of the plurality of fragments with the transaction data, c) transmitting the plurality of fragments from the first device to the second device, d) keeping a first count of the plurality of fragments transmitted from the first device, and e) transmitting the first count to the second device.
  - 14. :
    - The method of claim 1 comprising the additional steps of;
      
      a) generating a first derivative record key by taking a hash of the combination of a first clock value with the transaction data, wherein the first clock value is found in the first device;
      
      b) utilizing the first derivative record key to encrypt the captured signature at the first device;
      
      c) generating a second derivative record key by taking a hash of the combination of a second clock value, an offset value, and the transaction data at the second device, wherein the second clock value is found at the second device; and
      
      d) decrypting the encrypted signature with the second derivative record key at the second device.
  - 15. :
    - The method of claim 1 wherein the signature is captured as separate sample points.
  - 16. :
    - The method of claim 15 wherein the sample points are based on at least one of displacement, pressure, or time information of the signature.
  - 17. :
    - The method of claim 1 wherein the signature is encrypted as separate sample points, each sample point being encrypted with a different encryption key.
  - 18. :
    - The method of claim 1 wherein the signature is stored as separate encrypted sample points.
  - 19. :
    - The method of claim 1 wherein the signature is transmitted as separate encrypted sample points.
  - 20. :
    - The method of claim 19 wherein the encrypted sample points are separately decrypted to reconstruct the signature in real-time.
  - 24. :
    - The method of claim 13 wherein step (d) of claim 1 comprises the additional steps of;
      
      a) keeping a second count of the plurality of fragments received by the second device, and b) comparing the first count to the second count to determine if all signature fragments have been received.

21. :
- An authentication device comprising;
  
  a) a signature-capturing device configured to capture a signature information as a plurality of separate signature sample points; and
  
  b) a controller communicatively coupled to the signature-capturing device, the controller configured to receive transaction data, generate a hash of the transaction data, encrypt a signature sample point with the hash of the transaction data, and transmit the encrypted signature sample point.
- View Dependent Claims (22, 23)
- - 22. :
    - The device of claim 21 further comprising;
      
      a) an output device to present the transaction data to a user; and
      
      b) an input device to permit a user to modify the transaction data.
  - 23. :
    - The device of claim 21 wherein encrypting the signature sample point with the hash of the transaction data includes;
      
      a) combining the transaction record with a secret key, b) generating a hash of the combined transaction data and secret key to create a derivative record key, and c) encrypting the signature sample point with the derivative record key as a seed to an encryption algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Topaz Systems Inc
Original Assignee
Topaz Systems Inc
Inventors
Zank, Anthony

Granted Patent

US 7,933,840 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/075
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06Q 20/382   insuring higher security of...

G06Q 20/401   Transaction verification

G06Q 30/06   Buying, selling or leasing ...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/123   received data contents, e.g...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Electronic Signature Security System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

143 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Electronic Signature Security System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links