SYSTEM AND METHOD FOR GENERATING A DIGITALLY SIGNED COPY FROM A HARDCOPY DOCUMENT

Technical Field

The present invention relates to digital signatures, namely certified scanning, digitally signing of copies, and hard- copy authentication.

Summary

The present invention relates to digital signatures, namely certified scanning, digitally signing of copies, and hard- copy authentication.

The present invention discloses how to produce a digitally signed digital document from a hardcopy document and with just a scanning or digitizing device, capable of using asymmetric cryptography based on a certificate presented to the device in a compatible media.

The invention creates a digital copy of a physical copy, digitally signed without human intervention further guaranteeing the integrity of the signed information.

All operations for reaching the desired goal take place in the same system. There is no need to upload the digital unsigned document to another system. There is no user intervention at the digital unsigned document version level. Under normal working conditions (i.e. without malicious users), the unsigned document is unreachable within the system.

From start to finish, the digital unsigned copy of the hardcopy document is never presented to the device operator, thus ensuring that under regular circumstances, without hardware and/or software tampering, users are unable to access such document. Even for signing purposes, at most, the hash code is presented to the user. In this case, tampering with the hash code or checksum will result in an invalid signed final document.

The present invention describes a system for generating a digitally signed digital copy from a hardcopy document with authentication and validation which comprises:

digitizer module of analog or hardcopy documents;

data processor module able to compute a checksum or hash code of the analog document;

cryptographic module, able to use asymmetric cryptography to encode the checksum or hash code with the signer private certificate information;

assembling module, able to combine the digitized data with the encoded checksum or hash code, and with the public certificate information, in order to produce a digitally signed digital document;

wherein said modules are interconnected and both modules and interconnections are shielded from outside access.

A preferred embodiment further comprises a communication module, capable of transmitting, transferring or displacing the signed document to a media or system capable of storing digital information.

A preferred embodiment further comprises an input device for private certificate information unlock input and connection, or connections, for smart cards, USB data storage and/or other media capable of holding asymmetric keys .

A preferred embodiment further comprises a display and input device for certificate selection, secret code feedback, error messages, operation status, media selection, maintenance tasks, or combinations thereof.

The present invention also describes a method for generating a digitally signed digital copy from a hardcopy document with authentication and validation comprising the following steps:

digitizing analog or hardcopy documents;

computing a checksum or hash code of the analog document; using asymmetric cryptography to encode the checksum or hash code with the signer private certificate information; combining the digitized data with the encoded checksum or hash code, and with the public certificate information, in order to produce a digitally signed digital document;

wherein said steps are shielded from outside access.

A preferred embodiment further comprises transmitting, transferring or displacing the signed document to a media or system capable of storing digital information.

A preferred embodiment further comprises receiving user input device of private certificate information unlock input through a connection, or connections, to one or more of a smart card, USB data storage and/or other media capable of holding asymmetric keys.

A preferred embodiment further comprises displaying and receiving user input for certificate selection, secret code feedback, error messages, operation status, media selection, maintenance tasks, or combinations thereof.

A preferred embodiment further comprises verifying the integrity and validity of the certificate used for signing the document .

Background

A digital certificate is based on Public Key Infrastructure (Schneier, 1996) . It is composed by a pair of asymmetric keys: a public key and a private key. The public key is available to everyone, while the private key is used only by the certificate's owner.

Using asymmetric key pairs to sign an electronic document is a well known and documented model. The signer uses its private key to sign the document, and everyone may use the signer's public key to validate the document's digital signature. Using such model, any person or system handling the digital document can be assured that its contents have not been altered in any kind of way since it was signed and that the digital document's creator was in fact the holder of the digital certificate. This is an extra security when comparing with traditional hardcopy signed papers, easily forged . REFERENCES

Schneier, B. (1996) . Applied Cryptography. New York: John Wiley & Sons, Inc.

Patents

Document U.S. 6567530, Device and method for authenticating printed documents Certifying and is partly similar, but really focused on analog confrontation of documents sent / received (through digital signatures).

The document US5157726, Document copy authentication refers to authentication Hard-copy - explains how to generate a physical document that embodies the hallmarks of this unique and, in some ways the opposite of what we want to accomplish. In this case there is no available digital version of the document. Also, small imperfections (derived, printing or use of the document) may invalidate valid signatures. With the system we propose, are guaranteed to conform to the original document, provided it has not been tampered with and while it is in digital format .

The document US7007303, Systems and methods for authenticating documents, refers to the area of Document Authentication - explains (among other things) how to generate a physical document from an authenticated digital documents, in some ways the opposite of what we want to accomplish. In this case, the invention explains how to ensure the authenticity of the document on paper, given its original (paper or digital) . In the case of the invention explained here, we propose a mechanism independent of the user assurance of authenticity of electronic documents, compared to its counterpart in the paper.

The document US7268906, Systems and methods for authenticating documents and Verifying, deals with the area of Document Authentication - explains how to authenticate a physical document in the recipient without the original remote document, in a way complementary to our invention, using features embedded in the document copy. In the case of the invention explained here, we propose a mechanism independent of the user assurance of authenticity of electronic documents, compared to its counterpart in the paper .

The document US11/140, 688, System and method for validating the hard-copy document Against an electronic version, versa also the area of hard-copy authentication in a way complementary to our invention. In this case the document is printed information that allows, after the rescan, check the contents of this document is the same as the original. In the case of the proposed invention is the digital document that is guaranteed by a mechanism independent of the user, as identical to the original document .

The document US7, 761.922, Methods and apparatus for acquiring and contemporaneously Certifying content, authenticate the document using information from its own image acquisition device or computer program used for digital authentication and no user and / or author. In the case of the proposed invention, the document is signed with the private key of the equipment operator. Thus, in addition to guaranteeing the authenticity of the document, it will ensure the co-ownership of the equipment operator, in cases of forgery of document pre-scan.

The document U.S. 7,523,315, Method and Process for Creating an Electronically signed document, refers to the creation of visible digital signature, even after printing and subsequent retrieval of information in rescanning. In the case of the proposed invention, the signature is valid provided that the document exists in digital format. After printing, we cannot guarantee the authenticity of the copy (the actual wear and tear of the document will invalidate a valid document in rescanning) . Moreover, if the proposed invention, it requires no special software or hardware, beyond the initial scanning equipment.

The document U.S. 20070016785, System and method for digital signature and authentication, says the capture of a visible signature, inclusion in the digital document and digital signature (digest and private key) . In this case, the signing of the document is personal, but it happens on a digital document. This invention does not suit the purpose of the proposed invention, since the signing of the document scanning and occur at times (and spaces) distinct. The proposed invention provides scanning and digital signing physical documents in a single moment, using a single device and without the possibility of user intervention as the process unfolds.

General description of the invention

The present invention relates to digital signatures, namely certified scanning, digitally signing of copies, and hard ^¬ copy authentication. The presented invention discloses how to produce a digitally signed digital document from a hardcopy document and with just a scanning or digitizing device, capable of using asymmetric cryptography based on a certificate presented to the device in a compatible media.

When a certification party certifies a hardcopy document, the party is required to emit a statement validating the compliance of the copied document with its original version. This is the case when issuing hardcopy versions of the original document. When referring to digitally certified versions, the certification party must digitally sign a scanned version of the original hardcopy document. This process currently requires two different steps: 1) digitally scan the hardcopy document; 2) digitally sign the digital version. These steps require different hardware and software items, usually a scanner, an attached device such as a desktop computer or laptop, and signing software installed in the attached device. In the time gap that mediates the two steps, there is no assurance regarding changes to the digital copy of the original hard copy document. The certification party may in fact change the digital copy before signing it, thus nullifying and invalidating (from the original document point of view) the integrity of the certified document.

The proposed invention claims to reduce this software and hardware paraphernalia to a single hardware device, capable of processing the necessary workflow for creating a digitally signed version of a hardcopy document and deliver it in the designated media. A secondary advantage (when comparing to the process described before) is the assurance of the original document's integrity, since the entire process is hardware based, with no human intervention in workflow .

This invention may be realized in a hardware system resembling a usual scanner with an input keyboard and a media reader/writer . Optional network communication capabilities and/or direct machine communication (like USB, serial ports, parallel ports, etc.) may be considered a better/faster way of obtaining the digital signed version of the original document. This kind of solution may be of great assistance to everyone that requires absolute confidence on the validity of the digital copy documents handled. In the immense pool of potential users, attorneys, public notaries, law agents and military personal may be beneficed with this invention.

Even though the required components for this system are all known (and in use in several commercial applications), they have never been assembled in a way that could potentiate the outcome claimed with this invention.

This invention is composed of a system and method for generating a signed digital copy from a hardcopy document with authentication of digital document and respective signer. A digital data representation of a hardcopy document is recorded by a scanning device, transforming analog information into digital data. The digital data comprising the document may be compressed before proceeding with the signing. A checksum or hash value is calculated using the digital data and optional parameters. The checksum is digitally signed using asymmetric cryptography (such as the Private Key in a smart card certificate) provided by a device operating user. The digital data is combined with the signed checksum (or signed hash) to create a digital version of the hardcopy document (digital document) . The digital document may then be saved in any digital media device compliant with the device's media interfaces that support recording. The digital document is a visually exact replica of the hardcopy document, with evidence of hardcopy authenticity and evidence of hardcopy authentifier (the person who digitized the document and provided the asymmetric cryptography key, thus personally certifying the document) . The validity of the document can be verified by software capable of cross-checking the recalculated checksum or hash of the digital data (with regards to the optional parameters), with the deciphered value of the signed checksum (or signed hash) . The deciphered value is calculated using the asymmetric key pair (public key) for the asymmetric key used to sign the checksum (private key) .

Description of the Figures

The attached figures should not be read as limiting but only as preferred embodiments.

Figure 1: Schematic representation of the invention where:

(101) represents the set of interfaces for data acquisition,

(102) represents the scanning module of the physical document (eg scanner module)

(103) represents the card reader capable of storing and processing, asymmetric keys (eg, contactless smart cards),

(104) represents a keyboard that not only allows to configure different parameters to the level of compression and signature, as well as enter the access code (pin code) typically associated with and required to use the private key,

(105) represents the set of interfaces that can be used for both reading and writing,

(106) represents the module for communication between devices (eg network card, USB module, etc..)

(107) represents the module for reading and writing media devices (eg CD player, flash memory reader, external disk player, media card reader, etc..)

(108) represents the modulus of compression of the scanned document before its signing,

(109) represents the module responsible for calculating the hash of the document, according to the parameters provided by (110),

(110) represents the storage module of the configuration parameters of the process of scanning and document signing, given that the same configuration (key location, type of compression, so signing, local / local output of data, etc..) can be reused between scans,

(111) represents the encryption management module responsible for delivering, to and from the interfaces, the correct requests for keys. The module itself may, depending on the settings, provide the encryption from (112), in the remaining cases, requests for encryption of data (eg in case of using smart cards) will be forwarded to the corresponding module, leaving it to act as a proxy,

(112) represents the encryption module of the hash or checksum, being responsible for the interface between (109) and (111),

(113) represents the module for selecting the output interface. It is responsible for delivering the scanned document and signed to the interface (s) by the operator (114) represents the module for assembly of the final document, which is combined from the scanned document (102), together with optional (108), the encrypted hash and the certificate data from (112),

(115) represents all operations and internal modules of the system, where there is no human intervention,

(116) represents the scanned document, not yet signed,

(117) represents the various possibilities regarding the presentation of digital certificates to the system,

(118) represents the various options for writing the final document ,

(119) represents the specific need of communication between the card reader (smart card) and keyboard for input pin / key to access the private key that enables the digital signing of documents, and

(120) represents a display unit status of operations, maintenance and configuration menus.

Figure 2: Schematic representation of the invention activity flow where:

(201) represents the beginning of the operation of scanning and digitally signing a document,

(202) represents the operation of scanning the document,

(203) represents the verification of the use of compression or no compression of the paper document,

(204) represents the operation of compression of scanned document ,

(205) represents the calculation of the hash of the document prepared (215),

(206) represents the verification of such certificate and keys selected for signing the document. Depending on the certificate and the manner of its presentation, it may not be necessary that the user enters a secret code to access it. This ensures that sensitive information of the user is requested only when and where needed. In cases where, although the user has configured the scan to be done, problems may exist in terms of hardware, such code should not be asked,

(207) represents the request of the user secret code,

(208) represents the secret code entered by the user,

(209) represents the verification of the used certificate type. Depending on the certificate, it may be required that the cipher is made outside the system, such as in smart cards where the encryption is carried out within the card itself,

(210) represents the required processing by the external system to perform encryption of the hash or checksum,

(211) represents the internal operation encryption of the hash or checksum of the document,

(212) represents the information of the digital signature,

(213) represents the construction operation of the signed digital document

(214) represents the write operation of the signed digital document to the interface (s) selected output, and

(215) represents the digital version (compressed or not, depending on the parameters defined in the initial configuration) of the physical document,

(216) represents the verification of the need to digitally sign the document.

Figure 3: Schematic representation of a preferred embodiment of the invention, for scanning and sending by email of the signed documents where: (301) represents the scanning device for digitizing documents ,

(302) represents the smart card reader,

(303) represents the keyboard used for entering the personal code associated with the private key for the management of device settings, and also optionally the introduction of address (es) for destination of the e-mail documents ,

(304) represents the unit of information visualization and user interaction,

(305) represents the use of the e-mail interface for sending signed digital documents

(306) represents the module responsible for calculating the hash of the document,

(307) represents the aggregation module of subscriber data with data from the figure returned by the hash (302), and

(308) represents the module for assembly of the final document, which is combined from the scanned document (301), the encrypted hash and the certificate data from (307)

Detailed Description

Figure 1 shows one exemplary embodiment of a hardcopy certification device 115 implementing the systems and methods necessary for hardcopy certification. As shown in Figure 1, the hardcopy certification device 115 includes input interfaces 111, a display unit 120 and input/output interfaces 105.

Figure 3 shows another exemplary embodiment of a hardcopy document, tailored to a specific application: a standalone machine capable of emailing digitally signed versions of hardcopy documents. In this case, most of the general purpose, multiple use complexity of 115 is removed. This embodiment keeps the main functionalities of scan 301, calculate hash 306, hash sign using an asymmetric key pair reader 302, 307, 303, 304, final document assembler 308 and the designated SMTP output 305.

The scanning modules 102 and 301 can be any one of a number of different sources, as long as they can be attached to the certification device, thus ensuring data integrity. A scanner, a digital copier and a facsimile device suitable for generating electronic image data are just a few examples. 102 and 301 modules can be any known or future developed sources capable of providing a digital version of a hardcopy document, as long as it can be attached or be part of the hardcopy certification device. In fact, each of the illustrated modules (or a combination of those) can be replaced by existing, known or future developed modules (or combination of modules), as long as the replacement version retains equivalent capabilities to perform the designated task .

In both embodiments, the crucial goal is to eliminate the user interaction at most, so that users can be assured that the digital pre-signed version of the original hardcopy document has not been compromised in any way. To ensure the process, all operations are executed in the same device and, after scanning, users can only access the final version of the document after the signing phase. This ensures that the signed document is in fact a digital replica of the original document. By digitally signing a document, the person that digitized the hardcopy document (the machine operator) is also responsible for the hardcopy information, since our invention guarantees the original's compliance thereafter.

Even when dealing with tampered versions of this invention, and following Figure 2, showing the workflow for digitize and sign a hard copy document using the Figure 1 embodiment, there would be a few steps where malicious users could alter data: 215, 205, 212, 213 and 214. The step 215 requires an in-depth research; all others will lead to an invalid signature on the final document, thus invalidating the compliance with the original document. Nevertheless, this approach is better than all current approaches, where by default all users (malicious or not) have access to the digital version of the document prior to signing it. With this approach, in order to modify the digital version, and considering that during the entire process the digital unsigned copy of the hardcopy document is never presented to the device operator, the digitizing device would have to be disassembled, and it's hardware modified by the malicious user in order to enable on the fly digital modification.

A preferred embodiment decribes a certification scanner - more and more companies and public services are using digital documents. So that paper documents may come into the flow management of digital documents, these have to be scanned, and preferably digitally signed. This invention accomplishes this set of tasks at once, ensuring document integrity. Nothing prevents the present invention from scanning unsigned documents, so preferably this invention will not be a second scanner, but will preferably be integrated into existing scanners. This scanner has the same outputs and inputs that of the traditional equipments, a smart card reader and a keypad / keyboard for entering settings and pin to access the user's certificate.

Certified mail is another preferred embodiment in companies and institutions where mail is centrally handled, where it is scanned and emailed to their recipients. This device ensures, in a single step, the integrity of data sent and the identity of those who placed the information in the system, since this person is the recognized signer. Moreover, the actual e-mail message can also be digitally signed .

Another preferred embodiment is a specific application for military, security forces and intelligence networks, and secret services, as e.g. the case of document exchange within the EU or NATO. In both cases, where there are documents that must be addressed within these communities there is also the need to digitize physical documents. Given the degree of confidentiality of documents, it is of interest to ensure the fidelity of the fully digital document in respect of the physical document and the person who is responsible for its communication. The invention presented allows a precise answer to this point ensuring the compliance of information and even the identity of the sender. Ensuring the identity of the sender is information that usually exists only in the origin and which is not visible to the receiver end. Furthermore, this invention being prepared to make interfacing with multiple devices and protocols for writing the digital document signed, one can connect it with cipher machines (already existing in the communication network of these communities) of digital information for secure communication of information.

Another preferred embodiment has the specific application in the public administration, enhancing the scanning and authentication of documents on paper, whether for delivery