Method and system for signing and authenticating electronic documents via a signature authority which may act in concert with software controlled by the signer

摘要

A system and method for signing and authenticating electronic documents using public key cryptography applied by one or more server computer clusters operated in a trustworthy manner, which may act in cooperation with trusted components controlled and operated by the signer. The system employs a presentation authority for presenting an unsigned copy of an electronic document to a signing party and a signature authority for controlling a process for affixing an electronic signature to the unsigned document to create a signed electronic document. The system provides an applet for a signing party's computer that communicates with the signature authority.

主权项

1. A method for verifying the authenticity of a digital electronic signature associated with an electronic document, such that a relying party is enabled to rely on the fact that a signing party reliably signed the electronic document, comprising the steps of:
(a) at a certification authority computer system, generating a digital certification authority certificate certifying a cryptographic key pair of a certification authority private key and a certification authority public key for a signing party, identifying the signing party as subject, and including a policy allowing the signing party to issue a limited-use document signing certificate; (b) at the signing party, storing the certification authority private key and the digital certification authority certificate as a certification authority component for use when issuing the document signing certificate for construction of a digital electronic signature of the signing party for a to be signed electronic document; (c) in response to an action from the signing party corresponding to a signing of the to be signed document, communicating through a network from the signing party's computer system to a signature authority computer system a document signing request for signing the to be signed document; (d) at the signature authority computer system, in response to receipt of the document signing request, obtaining a copy of the to be signed document; (e) at the signature authority computer system, providing a responsive signature creation request from the signature authority computer system to the certification authority component on the signing party's computer system; (f) at the certification authority component on the signing party's computer, certifying a signing public key under the digital certification authority certificate identifying the signing party as subject, and thereby creating a signing digital certificate, and returning as a response to the responsive signature creation request the signing digital certificate to the signature authority computer system; and (g) at the signature authority computer system, using the received signing digital certificate and a corresponding signing private key, creating the digital electronic signature on the to be signed document to create a signed electronic document.