Method and system for signing and authenticating electronic documents via a signature authority which may act in concert with software controlled by the signer

摘要

A system and method for signing and authenticating electronic documents using public key cryptography applied by one or more server computer clusters operated in a trustworthy manner, which may act in cooperation with trusted components controlled and operated by the signer. The system employs a presentation authority for presenting an unsigned copy of an electronic document to a signing party and a signature authority for controlling a process for affixing an electronic signature to the unsigned document to create a signed electronic document. The system provides an applet for a signing party's computer that communicates with the signature authority.

主权项

1. A method of authenticating an electronic document having a digital signing signature for a relying party that receives the digitally signed electronic document to evaluate a risk of relying on the digitally signed electronic document, comprising the steps of:
(a) at a certification authority computer system, a certification authority generating a digital certificate certifying a cryptographic key pair of a private key and a public key for a signature authority; (b) at the signature authority, storing the private key and the digital certificate for use when constructing an electronic signature for indicating execution of a to be signed electronic document as directed from time-to-time to create a digitally signed electronic document; (c) providing an Internet computer browser computer program operative on an Internet-connected signer's computer used by a prospective signing party for directing execution of the to be signed electronic document, said signing party sending a signature creation request to the signature authority specifying the to be signed electronic document; (d) at the signature authority, in response to a receipt of the signature creation request, obtaining a copy of the to be signed electronic document specified in the signature creation request; (e) at the signature authority, creating as an electronic signature a signature data structure that includes an assertion that the signature authority applies its digital signature to the to be signed electronic document for the purpose of certifying that the signing party has legally signed the to be signed document as directed in the signature creation request (f) at the signature authority, retrieving the signature authority's private key and digital certificate; (g) at the signature authority, creating a signature data structure and, with the retrieved private key and digital certificate, creating a digital signing signature covering the signature data structure and the to be signed document and resulting in a digitally signed electronic document; and (h) at a relying party receiving the digitally signed electronic document, relying on the signature data structure, the digital signing signature, and the signature authority digital certificate for verifying the digital signing signature on the signature data structure using the signature authority digital certificate, to evaluate a risk of relying on the digitally signed electronic document.