Secure proxy signing device and method of use
First Claim
Patent Images
1. A digital signing device for forming a digital signature of a document using at least one private key stored within the signing device, comprising:
- means for using a plurality of data items supplied to the signing device to derive a document hash and to thereafter authenticate the derived document hash on a condition that first data derived at least in part from one of said data items is the same as second data derived from another of said data items, the derived second data being equal to said another of said data items; and
, means for encrypting the document hash with the at least one stored private key to form the digital signature only if the derived document hash is authenticated; and
a random generator, and the first data is also derived in part from a number stored in the device which was previously generated by the random number generator.
7 Assignments
0 Petitions
Accused Products
Abstract
A digital signature of a document is formed in a digital signing device by using a private key stored in the digital signing device. A number of data items are supplied to the signing device. The signing device uses the data items to derive and authenticate a document hash. The digital signature is only formed if the derived document hash is authenticated.
222 Citations
13 Claims
-
1. A digital signing device for forming a digital signature of a document using at least one private key stored within the signing device, comprising:
-
means for using a plurality of data items supplied to the signing device to derive a document hash and to thereafter authenticate the derived document hash on a condition that first data derived at least in part from one of said data items is the same as second data derived from another of said data items, the derived second data being equal to said another of said data items; and
,means for encrypting the document hash with the at least one stored private key to form the digital signature only if the derived document hash is authenticated; and
a random generator, and the first data is also derived in part from a number stored in the device which was previously generated by the random number generator. - View Dependent Claims (2, 3, 4)
-
-
5. A digital signing device for forming a digital signature of a document using at least one private key stored within the signing device, comprising:
-
means for using a plurality of data items supplied to the signing device to derive a document hash and to thereafter authenticate the derived document hash on a condition that first data derived at least in part from one of said data items is the same as second data derived from another of said data items, the derived second data being equal to said another of said data items; and
,means for encrypting the document hash with the at least one stored private key to form the digital signature only if the derived document hash is authenticated; and
user identifying da stored therein, and the first data is also derived in part from the stored user identifying data. - View Dependent Claims (6)
-
-
7. User apparatus for cooperating with a digital signing device via a network for forming a digital signature on behalf of a user to whom is assigned a private key/public key pair, said user apparatus comprising user interaction means for a user to indicate approval of a document;
- and computation means configured for forming first and second data items to be provided to the digital signing device via the network, said first data item being derived from a hash of the approved document, said second data item being derived from a combination including said hash of the approved document and a random number previously computed by the signing device and sent to the user apparatus via the network, and said digital signing apparatus comprising means for using said first and second data items to derive and authenticate a document hash, and means for encrypting the derived document hash with at least one private key stored in the digital signing device to form the digital signature only if the derived document hash is authenticated.
- View Dependent Claims (8, 9, 10)
-
11. A method of forming a digital signature of a user comprising:
-
receiving in user equipment from a server via a network a document to be approved;
generating a random number in a signing device and supplying the random number to the user equipment;
forming in the user equipment a first data item derived from a hash of the approved document and a second data item derived from a combination including said hash of the approved document and said random number;
authenticating in the signing device a hash of the approved document derived from said first data item if data derived by the signing device from the combination including the derived hash of the approved document and a previously generated random number stored in the signing device equals data derived from said second data item; and
only if the derived document hash is authenticated;
encrypting the derived document hash in the signing device with the private key of the user stored in the signing device to form the digital signature. - View Dependent Claims (12, 13)
-
Specification