Method for carrying out secure digital signature and a system therefor

US 7,024,562 B1
Filed: 06/29/2000
Issued: 04/04/2006
Est. Priority Date: 06/29/2000
Status: Active Grant

First Claim

Patent Images

1. A method for carrying out a secure digital signature of a person on a digital data packet(s) sent from a sender being a third party to at least one recipient, said sender and said at least one recipient connected to a data network via network connection means, comprising the steps of:

a) sampling one or more biometric sample(s) of said person and converting said biometric sample(s) to a digital form;

b) storing said biometric sample at a location accessible to the sender;

c) storing, at the sender side, a digital packet(s) that may be altered by the at least one recipient at said sender side;

d) sending a request from the at least one recipient, to the sender, to select the digital data packet(s) to sign;

e) at said sender side, producing a first digital seal from the combination of said digital data packet(s) and a one-time time stamp generated at said sender side using an asymmetric operator with the private key of said sender and optionally with the public key of said at least one recipient;

f) sending said sealed digital data packet(s) to said at least one recipient;

g) at the at least one recipient side, receiving said sealed digital data packet(s) and opening said sealed digital data packet(s) with the sender'"'"'s public key and optionally first with the at least one recipient'"'"'s private key and then with the sender'"'"'s public key;

h) allowing said at least one recipient to sign the opened digital data packet(s) by adding his biometric sample(s), in real-time, to said opened digital data packet(s);

i) at said at least one recipient side, producing a second digital seal from the combination of said signed digital data packet(s) and said one-time time stamp, using said asymmetric operator, with the public key of said sender and optionally with the private key of said at least one recipient;

j) at the sender side, receiving said sealed digital data packet(s) and opening said sealed digital data packet(s) with the sender'"'"'s private key and optionally first with the at least one recipient'"'"'s public key;

k) at the sender'"'"'s side;

k.1) verifying that the signed digital data packet(s) has not been altered after sealing by the at least one recipient;

k.2) comparing the biometric sample(s) attached to said opened digital data packet(s) with the at least one recipient'"'"'s stored biometric sample(s);

k.3) if the signed digital data packet(s) has not been altered after sealing by the at least one recipient and the biometric sample(s) attached to said opened digital data packet(s) and the at least one recipient'"'"'s stored biometric sample(s) are identical, approving the authentication of said digital signature, otherwise denying the authentication of said digital signature; and

iv) providing the option of sending, by said sender, a receipt to all said recipients to confirm the authentication and receipt of said digital packet(s).

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and system for carrying out secure signing of a person on a data packet sent from a sender to a recipient, the sender and the recipient connected to a data network via network connection means. A biometric sample of the person is sampled and converted to a digital form. A first digital seal produced from the combination of the digital data packet and the biometric sample, or from two or more digital seals derived from the digital data packet and the biometric sample. The digital data packet and the biometric sample and the digital seal are sent to the recipient. A second digital seal is produced from the combinations of received digital data packet and the received biometric sample. The first and the second seals are compared and if the first and the second seals are identical, the authentication of the digital signature is approved. Otherwise, the authentication of the digital signature is denied.

Citations

11 Claims

1. A method for carrying out a secure digital signature of a person on a digital data packet(s) sent from a sender being a third party to at least one recipient, said sender and said at least one recipient connected to a data network via network connection means, comprising the steps of:
- a) sampling one or more biometric sample(s) of said person and converting said biometric sample(s) to a digital form;
  
  b) storing said biometric sample at a location accessible to the sender;
  
  c) storing, at the sender side, a digital packet(s) that may be altered by the at least one recipient at said sender side;
  
  d) sending a request from the at least one recipient, to the sender, to select the digital data packet(s) to sign;
  
  e) at said sender side, producing a first digital seal from the combination of said digital data packet(s) and a one-time time stamp generated at said sender side using an asymmetric operator with the private key of said sender and optionally with the public key of said at least one recipient;
  
  f) sending said sealed digital data packet(s) to said at least one recipient;
  
  g) at the at least one recipient side, receiving said sealed digital data packet(s) and opening said sealed digital data packet(s) with the sender'"'"'s public key and optionally first with the at least one recipient'"'"'s private key and then with the sender'"'"'s public key;
  
  h) allowing said at least one recipient to sign the opened digital data packet(s) by adding his biometric sample(s), in real-time, to said opened digital data packet(s);
  
  i) at said at least one recipient side, producing a second digital seal from the combination of said signed digital data packet(s) and said one-time time stamp, using said asymmetric operator, with the public key of said sender and optionally with the private key of said at least one recipient;
  
  j) at the sender side, receiving said sealed digital data packet(s) and opening said sealed digital data packet(s) with the sender'"'"'s private key and optionally first with the at least one recipient'"'"'s public key;
  
  k) at the sender'"'"'s side;
  
  k.1) verifying that the signed digital data packet(s) has not been altered after sealing by the at least one recipient;
  
  k.2) comparing the biometric sample(s) attached to said opened digital data packet(s) with the at least one recipient'"'"'s stored biometric sample(s);
  
  k.3) if the signed digital data packet(s) has not been altered after sealing by the at least one recipient and the biometric sample(s) attached to said opened digital data packet(s) and the at least one recipient'"'"'s stored biometric sample(s) are identical, approving the authentication of said digital signature, otherwise denying the authentication of said digital signature; and
  
  iv) providing the option of sending, by said sender, a receipt to all said recipients to confirm the authentication and receipt of said digital packet(s).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method according to claim 1, comprising the steps of:
    - a) providing a computerized server for managing the signing process, said server being connected to a network via network connection means;
      
      b) providing a database system for storing signed data packet(s), unsigned data packet(s), a list of authorized users, said users'"'"' personal details and biometric templates, said database system accessible by said server;
      
      c) providing one or more client terminal(s) for managing the signing process at the user'"'"'s location, said terminal(s) being coupled with means for carrying out biometric samples, said terminals(s) being connected to said network via network connection means;
      
      d) providing a list of users authorized for carrying out the digital signature, said users list, said users'"'"' personal details and their template(s) being stored in said database system;
      
      e) providing a software component at the client'"'"'s terminal for producing a template of a biometric sample;
      
      f) providing another software component for comparing digital seals;
      
      g) sending a request for carrying out the signature to said server;
      
      At said server'"'"'s location;
      
      h) upon receiving a request for carrying out a digital signature from a client'"'"'s terminal, generating a digital ID associated with said session;
      
      i) sending said digital ID from said server to said client terminal;
      
      At said client'"'"'s location;
      
      j) upon receiving a digital ID from said server, producing a digital package comprised of said digital ID, the personal information and the template and/or the image of a sample of said user;
      
      k) adding a digital seal of said digital package to said digital package;
      
      l) sending said digital package to said server;
      
      m) identifying said user by the personal details comprised in said digital package;
      
      n) authenticating said user'"'"'s signature by comparing said received template with the template of said user which is stored in said database;
      
      o) producing a second digital seal of said received digital package; and
      
      p) upon positive results in said verification and said authentication and said comparison, approving the authentication of said digital signature, otherwise denying the authentication of said digital signature.
  - 3. A method according to claim 1 further comprising the steps of:
    - a) providing means for encrypting and decrypting of data, said means residing on said server and said client(s);
      
      b) encrypting any data to be sent; and
      
      c) decrypting any received data.
  - 4. A method according to claim 2, wherein said digital ID is obtained randomly.
  - 5. A method according to claim 1 wherein said digital seal is derived from a hash function.
  - 6. A method according to claim 1 wherein said encryption-decryption is symmetric/asymmetric.
  - 7. A method according to claim 1 wherein said biometric sample(s) is chosen from fingerprint(s), voice, speech, face, retina, iris, handwritten signature, hand geometry, veins.
  - 8. A method according to claim 1 wherein said data is sent via the Internet and/or via the Intranet and/or via a WAN (Wide Area Network) and/or via a LAN (Local Area Network) and/or via a WAP (Wireless Application Protocol) and/or via the telephone network and/or by FTP (File Transfer Protocol) and/or by e-mail.

9. A system for carrying out secure signing of a person on a digital data packet(s) sent from a sender being a third party to at least one recipient, said sender and said at least one recipient connected to a data network via network connection means, comprising:
- a computerized server for managing the signing process, said server being connected to said data network via said network connection means;
  
  a database system for storing signed data packets, unsigned data packets, a list of authorized users, said users'"'"' personal details and biometric templates, said database system accessible by said server;
  
  a sender'"'"'s terminal for managing the signing process at the sender'"'"'s side, connected to said network via network connection means;
  
  one or more recipient'"'"'s terminals for performing the signing process at the recipient side, said one or more recipient'"'"'s terminals being coupled with means for carrying out a biometric sample(s) of said at least one recipient, and connected to said network via network connection means;
  
  a software component at said sender'"'"'s terminal, which after receiving a request from said at least one recipient to select the digital data packet(s) to sign, produces a first digital seal from the combination of said digital data packet(s), and produces a one-time time stamp using an asymmetric operator, and then sends said sealed digital data packet(s) to said one or more recipient'"'"'s terminals;
  
  a second software component at said one or more recipient'"'"'s terminals for receiving said sealed digital data packet(s), for opening said sealed digital data packet(s), for allowing said at least one recipient to sign the opened digital data packet(s) by adding his biometric sample(s) to said opened digital data packet(s), for producing a second digital seal from the combination of said signed digital data packet(s) and said one-time time stamp, using said asymmetric operator; and
  
  a third software component for verifying that the signed digital data packet(s) has not been altered after sealing by said at least one recipient and comparing the biometric sample(s) attached to said opened digital data packet(s) with the at least one recipient'"'"'s stored biometric sample(s).
- View Dependent Claims (10, 11)
- - 10. A system according to claim 9, further comprising means for encrypting and decrypting of data, said means residing on said server, and said sender'"'"'s terminal, and said one or more recipient'"'"'s terminals.
  - 11. A system according to claim 9, wherein said sender'"'"'s terminal is a computer or a set-top box or a mobile phone and said one or more recipient'"'"'s terminals are any combination of computers, or set-top boxes, or mobile phones.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Optisec Technologies Limited
Original Assignee
Optisec Technologies Limited
Inventors
Flink, Yona, Maroely, Yariv, Gerber, Itzhak
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Gurshman, Grigory

Application Number

US09/606,331
Time in Patent Office

2,105 Days
Field of Search

713/186, 713/176, 318/115, 318/116
US Class Current

713/186
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

Method for carrying out secure digital signature and a system therefor

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method for carrying out secure digital signature and a system therefor

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links