Title of Invention	A SIGNATURE VERIFICATION SYSTEM FOR USE WITH A DOCUMENT WHICH IS TO BEAR A SIGNATURE BY A CUSTOMER AND A METHOD THEREOF
Abstract	(57) Abstract: A system and method are provided for producing verified signatures on documents such as checks and affidavits. Initially, a customer who is to obtain a verified signature, at some point in time, registers with a signatory authority, and-a secret key, having I public and private components, is established uniquely for that customer. When a document requires a verified signature, the customer presents the document anpproof of his/Iier identity, such as a pre programmed computer-interfacable card, to a signature system. Typically, such a system is to be available at an institution, such as an office, bank, or post office, where such services will routinely be used. The system accesses the archive of the private portion of the customer's key, and generates an encoded signature based, in part, ©n the content of the document,Accordingly, when a recipient of the document later wishes to verify the signature, the recipient uses the customer's public key to decode the signature. It is then straightforward to verify the signature against the content of the document. PRICE; THIRTY RUPEES

Title of Invention

A SIGNATURE VERIFICATION SYSTEM FOR USE WITH A DOCUMENT WHICH IS TO BEAR A SIGNATURE BY A CUSTOMER AND A METHOD THEREOF

Abstract

(57) Abstract: A system and method are provided for producing verified signatures on documents such as checks and affidavits. Initially, a customer who is to obtain a verified signature, at some point in time, registers with a signatory authority, and-a secret key, having I public and private components, is established uniquely for that customer. When a document requires a verified signature, the customer presents the document anpproof of his/Iier identity, such as a pre programmed computer-interfacable card, to a signature system. Typically, such a system is to be available at an institution, such as an office, bank, or post office, where such services will routinely be used. The system accesses the archive of the private portion of the customer's key, and generates an encoded signature based, in part, ©n the content of the document,Accordingly, when a recipient of the document later wishes to verify the signature, the recipient uses the customer's public key to decode the signature. It is then straightforward to verify the signature against the content of the document. PRICE; THIRTY RUPEES

Full Text	The invention relates to a signature verification system for use with a document which is to bear a signature by a customer. The invention also provides a signature verification method. In the face of the modem-day revolution In electronic communications, hard-copy communication media, such as hard-copy mail and documents, are alive and well. In fact, a substantial segment of the communication field relies, to this day, on the use of hard-copy documents which bear a human signature, typically that of the originator or sender of the document. One example of such documents is the personal check, written against a party's bank account, and signed by that party. Another example is affidavits, the class of forms or other documents which are required to be signed. Sometimes, affidavits must even be signed under oath, for instance signed while a notary pubHc witnesses the signature. A common category of affidavit-type forms is Internal Revenue Service tax forms. Many types of hard-copy documents require some sort of processing. Typically a sender generates the document to provide a recipient with some sort of information which the recipient requires. In the case of personal checks, for instance, the sender, who makes out the check, wishes to transfer flinds from an account to the recipient. l"'roccNsing by ilie rei ipient iK-nerally involvK:^ e.xLiactini: informaiion from ilic docuineni and taking suitable action based on tlie content of the extracted iniormation. !-'or instance Ihe recipient of a check, a creditor of Ihe sender, extracts the dollar sum from the check and idenlifie;. the sender, so ihat the recipient can credit the .sender for the payment. Processing hard-copy documents can be a complex and iabor-iniensive ta.sk, depending on die lypc of forms and the sort of inforrnaiion the documents bear. Various mechanisms for handling documents, and scanning iliem to extract information for them, have been developed. Because of the sheer volume of checks and other such documents, such automated handling and scanning is a virtual necessity. For instance, banks use automatic handlers and scanners to extract information from checks. To accommodate these systems, checks are printed with machine-readable inks using standardized, machine-recognize able character sets. However, one particular problem, which automatic systems have not handled in a satisfactory manner, is that of verifying signatures. In the case of checks, for instance, a bank wiii typically have on file a sample signature of an account holder. Any check drawn against the account holder's account .should bear the account holder's signature. Ideally, for each check, the bank should verify the signature on the check against the sample signature. Validating a signature, however, is not an easy task, since an individual's handwriting inevitably has certain variations from one sample to another. A human clerk, visually comparing the signamres. might well be able to both (i) recognize an authentic AM9-9a--062 As a pr,-tciic:ii matter, uistitiilions liandiing signed hard-copy documents have sometimes avoided the time and manpower costs by simply refrainint! from routinely comparing signatures. This failure to verify a signature raises the possibility that, for instance, a bank mighl honor a fraudulent check with a non-matching signature, with no one being the wiser until the account holder notices the fraudulent debit from his or her account. Therefore, there is a need for a system and method for verifying signatures which is effective to recognize false signatures, while being efficient enough to avoid the time and manpower costs required for human sugnature verification. Summary of the Invention It is an object of the invention to provide such a system and method for verifying signatures which is effective to recognize false signatures, while being efficient enough to avoid the time and manpower costs required for human sugnature verification. To achieve this and other objectives, there is provided in accordance with the invention a signature verification method for use with a document which is to bear a signature by a customer. The method comprises the following steps: AM9-9S-062 A recipient of the documenl decodes the signature, using the customer's public key, thereby verifying that the customer signed the document because the customer's private key was used. Finally, the recipient verifies the content of the document against the decoded signature, thereby verifying that the signature was made for ihe document. While the invention is primarily disclosed as a method, it will be understood by a person of ordinary skill in the an that an apparatus, such as a conventional data processor, including a CPU, memory, I/O, program storage, a connecting bus, and other appropriate components, could be programmed or otherwise designed to facihtate the practice of the method of ihe invention. Such a processor would include appropriate program means for executing the method of the invention. Also, an article of manufacture, such as a pre-recorded disk or other similar computer program product, for use with a data processing system, could include a storage medium and program means recorded thereon for directing the data processing system to AM9-95'-062 facihtate the practice of the method of the invention. It will be understood that such apparatus and articles of manufacture also fall within the spirit and scope of the invention. Accordingly the present invention provides a signature verification system for use with a document which is to bear a signature by a customer, the system comprising of: means for maintaining a database of keys associated with respective parties, including the customer, who are to make signatures that are to be verified using the signature verification system of the invention, each of the keys including a securely archived private key and a publically available public key: means for generating a digital signature, employing the customer's private key, the signature being based on the content of the document: means for associating the signature with the document: means for decoding the signature based on the customer's public key, thereby verifying that the customer signed the document because the customer's private key was used; and means for verifying the content of the document against the decoded signature, thereby verifying that the signature was made for the document. The invention also provides a signature verification method for use with a hardcopy document which is to bear a signature by a customer, the customer having a secure private key, the customer's private key corresponding with a publicly available public key, the method comprising the steps of generating a digital signature, employing the customer's private key; the signature being based on the content of the hard-copy document, the step of generating employing an existentially unforgeable signature scheme associating the signature with the hard-copy document; decoding the signature based on the customer's public key, thereby verifying that the customer signed the hard-copy document because the customer's private key was used; and verifying the content of the hard-copy document against the decoded signature, thereby verifying that the signature was made for the hard-copy document. With reference to the accompanying drawings : Fig. 1 is a high-level flowchart showing the method of the invention. Fig. 2 is a flowchart showing a more detailed implementation of a step of the flowchart of Fig. 1. Fig. 3 is a flowchart showing a more detailed implementation of a step of the flowchart of fig. 1. Fig. 4 is a block diagram of a system for practicing the method of the invention. In accordance with the invention, a signature is generated for a document, using a secret key. The secret key is preferably implemented as per the well-known public/private key system of RSA Data Security, which is well-knowTi in the field of cryptography. In such a system, a given customer is assigned a unique secret key, having a public key and a private key component. It is a characteristic of the key components that, if either one is used to encrypt a plaintext message, the other decodes the encrypted message. Further, given the public key component with a computer, it is infeasible to generate the private key component. who decrypts the message using the sender's public key knows ihat the messLige must have originated from the sender, because only the sender has Che render's private key. The method of the inveniion takes advantage of the workings of such a scheme, by using the latter characteristic, to establish with certainty that the signature is that of the sender, or of a sender's authorized agent. FiG. i is a high level flowchart of the method of the invention. Separate steps, which form novel and non-obvious aspects of the invention, lake place at different times. The steps shown in FIG, 1 are grouped, based on times at which the steps preferably take place. Initially, step 2 of the method includes establishing and maintaining a secret key, such as the public/private key referred to above, associated with a respective customer, who is to provide a document requiring a signature. Preferably, a database of such keys is established, each customer having a public key, available to any interested party, and a private key, known only to the customer. The private key is archived in a suitably secure way, and the public key is made available to the public. A preferred format for the public key is a two-dimensional code signed with a system key which is maintained by the system, and over which an authorized system administrator has control. AM9-95'-062 auUiority. It is c>;pecied ihai, in typical, preferred implemcniaiions oi" the invention, step 2 takes place as a customer registers for services provided by the invention, possibly before tlie customer has a document for which he/she requires a verified signature. When such a database is in place, a customer provides a document for a signature (step 4). Step 3 of FIG. 1. which collectively incorporaies steps 4. 6, and 8, shows the activities associated with generating the signature. in step 6, a digital signature is generated for the document, using the customer's secret key. Preferably the private key component of the customer's secret key is used. Also, the signature is preferably generated using, as input infornation, data pertaining to the document itself, such as a scanned bit map of the document. Therefore, the signature produced by step 6 is unique lo the customer by virtue of its use of the customer's private key, as well as being unique to the document, by virtue of being based on the content of the document Accordingly, the signature is demonstrably authentic with regard to both the document and the customer. A preferred implementation of step 6, given in FIG. 2, includes producing a two-dimensional encoding of the content of the document, as well as the signature {step 20). The appropriate authority responds with a receipt in the form of a hash of the iriformation AM9-95'-062 presented, .siglied with the private key of the authority (step 22). Accordingly, no further proof of the costomer's identity needs io be shown. Thus, forms can be sent by mail. It IS understood, also, that a signatory auihoriiy, such as a notary public or other suitable official, can also produce a signature as described above. Such a signature would likewise be demonstrably authentic. In accordance with the invention, step 6 may be executed in a fashion which further protects the secrecy of the key. Consider, for instance, an environment in which a customer wanted to sign a check, although eavesdroppers might learn the key, and then be able to use it so sign fraudulent checks. To protect the secrecy of the customer's key, step 6 is preferably executed using a technique which makes eavesdropping difficult or impossible. In a preferred implementation, a customer uses a data carrier, preferably in card form, including an on-board processor and memory, which he or she carries, and utiHzes, in a fashion comparable to an ATM card. A suitable machine, at a bank or post office, is used along with the card (see FIG. 4). One example of a card believed to be suitable for use in accordance with the invention is a card produced by Hexaglot Warenhandeis GmbH, under the trade name "Smartcard by Hexaglot". FIG. 3 gives a more detailed implementation of step 6 of FIG. 1, using the above-described card. Initially, an interface 40 is established between the card 42 carried by the customer and a machine (such as a processor 44) for generating the signature (step 20). Then, the customer established higher identity (step 22), using a suitable procedure such as keying in a secret identification code to a user interface 46. Depending on the type of AM9-99-062 A signature scheme preferably should be used which is existentially unforgeabie. The term "exislentially unforgeabie" is defined, formally, as follows: Where S(m) denotes a signature on a message m, given any polynomial (in the security parameter) number of pairs of messages and signatures the signature scheme S is existentially unforgeabie if, for any message m^^^ which is not an element of the set of messages m, through m^, it is computationally infeasible to At this point, the preparation of the signature is complete. In instances where the signed document is to be forwarded to a recipient, the recipient performs additional steps, in accordance with the invention, at the pater time at which the recipient receives and processes the document. The further activities which take place at that time are shown in FIG. I generally as step 9. Initially, the recipient decodes the signatute using the public component of the sender's secret key (step 10). In typical foreseeable applications of the invention, such as the situation in which the document is a check, the recipient will have access to a database of public components of the secret keys of various customers. Thus, step 10 is implemented by accessing the sender's public key from the database. After the public key is obtained, the signature is decoded. Then, it is a straightforward matter to varify the signature and the content of the document {step 12). It is believed that the invention has applicability in a number of different fields. For instance, the invention could be integrated into a financial software package, such as AM9-9g-062 Such a system could l>e used with a large-scale paynill system for a large corporation, a system for preparing stock dividenl checks, or, in general, for atiy situation in which the preparation of checks causes a significant consumption of time. Also, as an added function of a payroll system in accordance with the invention, an employee can request a machine-readable, digitally signed W2 form, or other form, and request that the form so generated be mailed to the employee's address of record. While the preferred embodiments of the present invention have been illustrated in detail, it should be apparent that modifications and adaptations to those embodiments may occur to one skilled in the art without departing from the scope of the present invention as set forth in the following claims. AM9-95-062 WE CLAIM : 1. A signature verification system for use with a document which is to bear a signature by a customer, the system comprising of means for maintaining a database of keys associated with respective parties, including the customer, who are to make signatures that are to be verified using the signature verification system of the invention, each of the keys including a securely archived private key and a pubiicaily available public key: means for generating a digital signature, employing the customer's private key, the signature being based on the content of the document: means for associating the signature with the document: means for decoding the signature based on the customer's public key, thereby verifying that the customer signed the document because the customer's private key was used; and means for verifying the content of the document against the decoded signature, thereby verifying that the signaOire was made for the document. 2. A signamre verification system as claimed in claim 1, wherein the means for maintaining a database of keys comprises means for generating a key: and means for notarizing the key. 3. A signature verification system as claimed in claim 2, wherein: (i) the means for maintaining a database of keys comprises : means for generating a key pair with a private key and a public key, means for storing the private key in a secure way, and means for outputting the public key as a two-dimensional code: and (ii) the means for notarizing comprises : means for presenting the two-dimensional code and proof of the customer's identity to an authority, the authority having a private key, means for generating a two-dimensional encoding of the key resented, the encoding including a signature of the private key of the authority, and means for presenting the two-dimensional encoding of the key presented, signed with the private key of the authority, as a receipt to the customer. 4. A signature verification system as claimed in claim 3, wherein the means for outputting comprises outputting the public key as a two-dimensional code signed using a predetermined system key. 5. A signature verification system as claimed in claim 1, wherein the means for generating a digital signature comprises means for establishing the customer's identity. 6. A signature verification system as claimed in claim 5, wherein: the means for maintaining a database of keys comprises issuing the customer an identity card programmed with information regarding the customer's identity: and the means for estabhshing the customer's identity comprises : (i) means for estabhshing an interface between the identity card and a signature system having an identity card interface and a user interface, and (ii) user interface means for interactively performing an identification procedure, wherein the user's idenUty is estabhshed based on the programming of the identity card. 7, A signature verification method for use with a hardcopy document which is to bear a signature by a customer, the customer having a secure private key, the customer's private key corresponding with a pubhcly available public key, the method comprising the steps of generating a digital signature, employing the customer's private key; the signature being based on the content of the hard-copy document, the step of generating employing an existentially unforgeable signature scheme associating the signature with the hard-copy document; decoding the signature based on the customer's public key, thereby verifying that the customer signed the hard-copy document because the customer's private key was used; and verifying the content of the hard-copy document against the decoded signature, thereby verifying that the signature was made for the hard-copy document. 8. The method as claimed in claim 7, wherein the step of maintaining a database of keys comprises the steps of: generating a key: and notarizing the key. 9. The method as claimed in claim 8, wherein: (i) the step of maintaining a database of keys comprises the steps, executed for a customer, of: generating a key pair comprising a private key and a public key, storing the private key in a secure way, and outputting the public key as a two-dimensional code; and (ii) the step of notarizing comprises the steps of: presenting the two-dimensional code and proof of the customer's identity to an authority, the authority having a private key, generating a two-dimensional encoding of the key presented, the encoding having a signature of the private key of the authority, and presenting the two-dimensional encoding of the key presented, signed with the private key of the authority, as a receipt to the customer. 10.The method as claimed in claim 8, wherein the step of outputting comprises outputting the public key as a two-dimensional code signed using a predetermined system key. II.The method as claimed in claim 7, wherein the step of generating a digital signature comprises establishing the customer's identity. 12.The method as claimed in claim 11, wherein: the step of maintaining a database of keys comprises issuing the customer an identity card programmed with information regarding the customer's identity; and the step of establishing the customer's identity comprises: (i) estabhshing an interface between the identity card and a signature system having an identity card interface and a user interface, and (ii) the user interactively performing an identification procedure, using the user interface, wherein the user's identity is established based on the programming of the identity card. 13.A signature verification system for use with a document which is to bear a signature by a customer, substantially as hereinabove described and illustrated with, reference to the accompanying drawings. 14.A signature verification method for use with a hardcopy document which is to bear a signature by a customer, substantially as hereinabove described and illustrated with reference to the accompanying drawings.

Full Text

The invention relates to a signature verification system for use with a document which is to bear a signature by a customer. The invention also provides a signature verification method.
In the face of the modem-day revolution In electronic communications, hard-copy communication media, such as hard-copy mail and documents, are alive and well. In fact, a substantial segment of the communication field relies, to this day, on the use of hard-copy documents which bear a human signature, typically that of the originator or sender of the document.
One example of such documents is the personal check, written against a party's bank account, and signed by that party. Another example is affidavits, the class of forms or other documents which are required to be signed. Sometimes, affidavits must even be signed under oath, for instance signed while a notary pubHc witnesses the signature. A common category of affidavit-type forms is Internal Revenue Service tax forms.
Many types of hard-copy documents require some sort of processing. Typically a sender generates the document to provide a recipient with some sort of information which the recipient requires. In the case of personal checks, for instance, the sender, who makes out the check, wishes to transfer flinds from an account to the recipient.

l"'roccNsing by ilie rei ipient iK-nerally involvK:^ e.xLiactini: informaiion from ilic docuineni and taking suitable action based on tlie content of the extracted iniormation. !-'or instance Ihe recipient of a check, a creditor of Ihe sender, extracts the dollar sum from the check and idenlifie;. the sender, so ihat the recipient can credit the .sender for the payment.
Processing hard-copy documents can be a complex and iabor-iniensive ta.sk, depending on die lypc of forms and the sort of inforrnaiion the documents bear. Various mechanisms for handling documents, and scanning iliem to extract information for them, have been developed. Because of the sheer volume of checks and other such documents, such automated handling and scanning is a virtual necessity. For instance, banks use automatic handlers and scanners to extract information from checks. To accommodate these systems, checks are printed with machine-readable inks using standardized, machine-recognize able character sets.
However, one particular problem, which automatic systems have not handled in a satisfactory manner, is that of verifying signatures. In the case of checks, for instance, a bank wiii typically have on file a sample signature of an account holder. Any check drawn against the account holder's account .should bear the account holder's signature. Ideally, for each check, the bank should verify the signature on the check against the sample signature.
Validating a signature, however, is not an easy task, since an individual's handwriting inevitably has certain variations from one sample to another. A human clerk, visually comparing the signamres. might well be able to both (i) recognize an authentic
AM9-9a--062

As a pr,-tciic:ii matter, uistitiilions liandiing signed hard-copy documents have sometimes avoided the time and manpower costs by simply refrainint! from routinely comparing signatures. This failure to verify a signature raises the possibility that, for instance, a bank mighl honor a fraudulent check with a non-matching signature, with no one being the wiser until the account holder notices the fraudulent debit from his or her account.
Therefore, there is a need for a system and method for verifying signatures which is effective to recognize false signatures, while being efficient enough to avoid the time and manpower costs required for human sugnature verification.
Summary of the Invention
It is an object of the invention to provide such a system and method for verifying signatures which is effective to recognize false signatures, while being efficient enough to avoid the time and manpower costs required for human sugnature verification.
To achieve this and other objectives, there is provided in accordance with the invention a signature verification method for use with a document which is to bear a signature by a customer. The method comprises the following steps:
AM9-9S-062

A recipient of the documenl decodes the signature, using the customer's public key, thereby verifying that the customer signed the document because the customer's private key was used.
Finally, the recipient verifies the content of the document against the decoded signature, thereby verifying that the signature was made for ihe document.
While the invention is primarily disclosed as a method, it will be understood by a person of ordinary skill in the an that an apparatus, such as a conventional data processor, including a CPU, memory, I/O, program storage, a connecting bus, and other appropriate components, could be programmed or otherwise designed to facihtate the practice of the method of ihe invention. Such a processor would include appropriate program means for executing the method of the invention.
Also, an article of manufacture, such as a pre-recorded disk or other similar computer program product, for use with a data processing system, could include a storage medium and program means recorded thereon for directing the data processing system to
AM9-95'-062

facihtate the practice of the method of the invention. It will be understood that such apparatus and articles of manufacture also fall within the spirit and scope of the invention.
Accordingly the present invention provides a signature verification system for use with a document which is to bear a signature by a customer, the system comprising of: means for maintaining a database of keys associated with respective parties, including the customer, who are to make signatures that are to be verified using the signature verification system of the invention, each of the keys including a securely archived private key and a publically available public key: means for generating a digital signature, employing the customer's private key, the signature being based on the content of the document: means for associating the signature with the document: means for decoding the signature based on the customer's public key, thereby verifying that the customer signed the document because the customer's private key was used; and means for verifying the content of the document against the decoded signature, thereby verifying that the signature was made for the document.
The invention also provides a signature verification method for use with a hardcopy document which is to bear a signature by a customer, the customer having a secure private key, the customer's private key corresponding with a publicly available public key, the method comprising the steps of generating a digital signature, employing the customer's private key; the signature being based on the content of the hard-copy document, the step of generating employing an existentially unforgeable signature scheme associating the signature with the hard-copy document;

decoding the signature based on the customer's public key, thereby verifying that the customer signed the hard-copy document because the customer's private key was used; and verifying the content of the hard-copy document against the decoded signature, thereby verifying that the signature was made for the hard-copy document.
With reference to the accompanying drawings :
Fig. 1 is a high-level flowchart showing the method of the invention.
Fig. 2 is a flowchart showing a more detailed implementation of a step of the flowchart of Fig. 1.
Fig. 3 is a flowchart showing a more detailed implementation of a step of the flowchart of fig. 1.
Fig. 4 is a block diagram of a system for practicing the method of the invention.
In accordance with the invention, a signature is generated for a document, using a secret key. The secret key is preferably implemented as per the well-known public/private key system of RSA Data Security, which is well-knowTi in the field of cryptography. In such a system, a given customer is assigned a unique secret key, having a public key and a private key component.
It is a characteristic of the key components that, if either one is used to encrypt a plaintext message, the other decodes the encrypted message. Further, given the public key component with a computer, it is infeasible to generate the private key component.

who decrypts the message using the sender's public key knows ihat the messLige must have originated from the sender, because only the sender has Che render's private key.
The method of the inveniion takes advantage of the workings of such a scheme, by using the latter characteristic, to establish with certainty that the signature is that of the sender, or of a sender's authorized agent.
FiG. i is a high level flowchart of the method of the invention. Separate steps, which form novel and non-obvious aspects of the invention, lake place at different times. The steps shown in FIG, 1 are grouped, based on times at which the steps preferably take place.
Initially, step 2 of the method includes establishing and maintaining a secret key, such as the public/private key referred to above, associated with a respective customer, who is to provide a document requiring a signature. Preferably, a database of such keys is established, each customer having a public key, available to any interested party, and a private key, known only to the customer. The private key is archived in a suitably secure way, and the public key is made available to the public.
A preferred format for the public key is a two-dimensional code signed with a system key which is maintained by the system, and over which an authorized system administrator has control.
AM9-95'-062

auUiority.
It is c>;pecied ihai, in typical, preferred implemcniaiions oi" the invention, step 2 takes place as a customer registers for services provided by the invention, possibly before tlie customer has a document for which he/she requires a verified signature.
When such a database is in place, a customer provides a document for a signature (step 4). Step 3 of FIG. 1. which collectively incorporaies steps 4. 6, and 8, shows the activities associated with generating the signature.
in step 6, a digital signature is generated for the document, using the customer's secret key. Preferably the private key component of the customer's secret key is used. Also, the signature is preferably generated using, as input infornation, data pertaining to the document itself, such as a scanned bit map of the document. Therefore, the signature produced by step 6 is unique lo the customer by virtue of its use of the customer's private key, as well as being unique to the document, by virtue of being based on the content of the document Accordingly, the signature is demonstrably authentic with regard to both the document and the customer.
A preferred implementation of step 6, given in FIG. 2, includes producing a two-dimensional encoding of the content of the document, as well as the signature {step 20). The appropriate authority responds with a receipt in the form of a hash of the iriformation
AM9-95'-062

presented, .siglied with the private key of the authority (step 22). Accordingly, no further proof of the costomer's identity needs io be shown. Thus, forms can be sent by mail.
It IS understood, also, that a signatory auihoriiy, such as a notary public or other suitable official, can also produce a signature as described above. Such a signature would likewise be demonstrably authentic.
In accordance with the invention, step 6 may be executed in a fashion which further protects the secrecy of the key. Consider, for instance, an environment in which a customer wanted to sign a check, although eavesdroppers might learn the key, and then be able to use it so sign fraudulent checks. To protect the secrecy of the customer's key, step 6 is preferably executed using a technique which makes eavesdropping difficult or impossible.
In a preferred implementation, a customer uses a data carrier, preferably in card form, including an on-board processor and memory, which he or she carries, and utiHzes, in a fashion comparable to an ATM card. A suitable machine, at a bank or post office, is used along with the card (see FIG. 4). One example of a card believed to be suitable for use in accordance with the invention is a card produced by Hexaglot Warenhandeis GmbH, under the trade name "Smartcard by Hexaglot".
FIG. 3 gives a more detailed implementation of step 6 of FIG. 1, using the above-described card. Initially, an interface 40 is established between the card 42 carried by the customer and a machine (such as a processor 44) for generating the signature (step 20). Then, the customer established higher identity (step 22), using a suitable procedure such as keying in a secret identification code to a user interface 46. Depending on the type of
AM9-99-062

A signature scheme preferably should be used which is existentially unforgeabie. The term "exislentially unforgeabie" is defined, formally, as follows: Where S(m) denotes a signature on a message m, given any polynomial (in the security parameter) number of pairs of messages and signatures

the signature scheme S is existentially unforgeabie if, for any message m^^^ which is not an element of the set of messages m, through m^, it is computationally infeasible to

At this point, the preparation of the signature is complete. In instances where the signed document is to be forwarded to a recipient, the recipient performs additional steps, in accordance with the invention, at the pater time at which the recipient receives and processes the document. The further activities which take place at that time are shown in FIG. I generally as step 9.
Initially, the recipient decodes the signatute using the public component of the sender's secret key (step 10). In typical foreseeable applications of the invention, such as the situation in which the document is a check, the recipient will have access to a database of public components of the secret keys of various customers. Thus, step 10 is implemented by accessing the sender's public key from the database.
After the public key is obtained, the signature is decoded. Then, it is a straightforward matter to varify the signature and the content of the document {step 12).
It is believed that the invention has applicability in a number of different fields. For instance, the invention could be integrated into a financial software package, such as
AM9-9g-062

Such a system could l>e used with a large-scale paynill system for a large corporation, a system for preparing stock dividenl checks, or, in general, for atiy situation in which the preparation of checks causes a significant consumption of time. Also, as an added function of a payroll system in accordance with the invention, an employee can request a machine-readable, digitally signed W2 form, or other form, and request that the form so generated be mailed to the employee's address of record.
While the preferred embodiments of the present invention have been illustrated in detail, it should be apparent that modifications and adaptations to those embodiments may occur to one skilled in the art without departing from the scope of the present invention as set forth in the following claims.
AM9-95-062

WE CLAIM :
1. A signature verification system for use with a document which is to bear a signature by a customer, the system comprising of means for maintaining a database of keys associated with respective parties, including the customer, who are to make signatures that are to be verified using the signature verification system of the invention, each of the keys including a securely archived private key and a pubiicaily available public key: means for generating a digital signature, employing the customer's private key, the signature being based on the content of the document: means for associating the signature with the document: means for decoding the signature based on the customer's public key, thereby verifying that the customer signed the document because the customer's private key was used; and means for verifying the content of the document against the decoded signature, thereby verifying that the signaOire was made for the document.
2. A signamre verification system as claimed in claim 1, wherein the means for maintaining a database of keys comprises means for generating a key: and means for notarizing the key.
3. A signature verification system as claimed in claim 2, wherein:
(i) the means for maintaining a database of keys comprises : means for generating a key pair with a private key and a public

key, means for storing the private key in a secure way, and means for outputting the public key as a two-dimensional code: and
(ii) the means for notarizing comprises : means for presenting the two-dimensional code and proof of the customer's identity to an authority, the authority having a private key, means for generating a two-dimensional encoding of the key resented, the encoding including a signature of the private key of the authority, and means for presenting the two-dimensional encoding of the key presented, signed with the private key of the authority, as a receipt to the customer.
4. A signature verification system as claimed in claim 3, wherein the means for outputting comprises outputting the public key as a two-dimensional code signed using a predetermined system key.
5. A signature verification system as claimed in claim 1, wherein the means for generating a digital signature comprises means for establishing the customer's identity.
6. A signature verification system as claimed in claim 5, wherein: the means for maintaining a database of keys comprises issuing the customer an identity card programmed with information regarding the

customer's identity: and the means for estabhshing the customer's identity comprises :
(i) means for estabhshing an interface between the identity card and a signature system having an identity card interface and a user interface, and
(ii) user interface means for interactively performing an identification procedure, wherein the user's idenUty is estabhshed based on the programming of the identity card.
7, A signature verification method for use with a hardcopy document which is to bear a signature by a customer, the customer having a secure private key, the customer's private key corresponding with a pubhcly available public key, the method comprising the steps of generating a digital signature, employing the customer's private key; the signature being based on the content of the hard-copy document, the step of generating employing an existentially unforgeable signature scheme associating the signature with the hard-copy document; decoding the signature based on the customer's public key, thereby verifying that the customer signed the hard-copy document because the customer's private key was used; and verifying the content of the hard-copy document against the decoded signature, thereby verifying that the signature was made for the hard-copy document.

8. The method as claimed in claim 7, wherein the step of maintaining a database of keys comprises the steps of: generating a key: and notarizing the key.
9. The method as claimed in claim 8, wherein: (i) the step of maintaining a database of keys comprises the steps, executed for a customer, of: generating a key pair comprising a private key and a public key, storing the private key in a secure way, and outputting the public key as a two-dimensional code; and
(ii) the step of notarizing comprises the steps of: presenting the two-dimensional code and proof of the customer's identity to an authority, the authority having a private key, generating a two-dimensional encoding of the key presented, the encoding having a signature of the private key of the authority, and presenting the two-dimensional encoding of the key presented, signed with the private key of the authority, as a receipt to the customer.
10.The method as claimed in claim 8, wherein the step of outputting comprises outputting the public key as a two-dimensional code signed using a predetermined system key.
II.The method as claimed in claim 7, wherein the step of generating a digital signature comprises establishing the customer's identity.
12.The method as claimed in claim 11, wherein: the step of maintaining a database of keys comprises issuing the customer an identity card programmed with information regarding the customer's identity; and

the step of establishing the customer's identity comprises: (i) estabhshing an interface between the identity card and a signature system having an identity card interface and a user interface, and (ii) the user interactively performing an identification procedure, using the user interface, wherein the user's identity is established based on the programming of the identity card.
13.A signature verification system for use with a document which is to bear a signature by a customer, substantially as hereinabove described and illustrated with, reference to the accompanying drawings.
14.A signature verification method for use with a hardcopy document which is to bear a signature by a customer, substantially as hereinabove described and illustrated with reference to the accompanying drawings.

Documents:

2049-mas-1996 abstract.pdf

2049-mas-1996 claims.pdf

2049-mas-1996 correspondence-others.pdf

2049-mas-1996 correspondence-po.pdf

2049-mas-1996 description (complete).pdf

2049-mas-1996 drawings.pdf

2049-mas-1996 form-2.pdf

2049-mas-1996 form-26.pdf

2049-mas-1996 form-4.pdf

2049-mas-1996 form-6.pdf

2049-mas-1996 petition.pdf

« Previous Patent

Next Patent »

Patent Number

228452

Indian Patent Application Number

2049/MAS/1996

PG Journal Number

10/2009

Publication Date

06-Mar-2009

Grant Date

05-Feb-2009

Date of Filing

18-Nov-1996

Name of Patentee

INTERNATIONAL BUSINESS MACHINE CORPORATION

Applicant Address

ARMONK, NEWYORK, NY-10504

Inventors:

#	Inventor's Name	Inventor's Address
1	CYNTHIA DWORK	379 EVERETT AVENUE, PALO ALTO, CA 94301
2	MONI NAOR	5, BEIT ZURI APT. # 5, TEL AVIV, 69122,
3	FLORIAN PESTONI	1861 J NEWBERY APT. 3B, BUENOS AIRES, 1426,

PCT International Classification Number

G06K9/00

PCT International Application Number

N/A

PCT International Filing date

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	08/586,020	1995-12-29	U.S.A.