METHOD AND SYSTEM FOR SIGNING AND AUTHENTICATING ELECTRONIC DOCUMENTS VIA A SIGNATURE AUTHORITY WHICH MAY ACT IN CONCERT WITH SOFTWARE CONTROLLED BY THE SIGNER

摘要

A system and method for signing and authenticating electronic documents using public key cryptography applied by one or more server computer clusters operated in a trustworthy manner, which may act in cooperation with trusted components controlled and operated by the signer. The system employs a presentation authority for presenting an unsigned copy of an electronic document to a signing party and a signature authority for controlling a process for affixing an electronic signature to the unsigned document to create a signed electronic document. The system provides an applet for a signing party's computer that communicates with the signature authority.

主权项

1. A computer-implemented method for verifying the authenticity of a digitally-generated signature associated with an electronic document, such that a relying party is enabled to rely on the fact that a signing party reliably signed the electronic document, comprising the steps of:
providing an unsigned document storage database tor storing unsigned electronic documents; providing a signed document storage database for storing electronic documents that have been electronically signed by a signing party; providing an Internet computer browser computer program operative on an Internet-connected computer used by a prospective signing party for an electronic document, the browser program operative to execute applets provided from an external source; providing a certification authority for the Internet-connected computer used by the prospective signing party, the certification authority comprising cryptographic hardware protecting a certification authority private key and a corresponding digital certificate; providing a signature authority for coordinating construction of an electronic signature for an unsigned electronic document in conjunction with actions of a signing party to create a signed electronic document; providing a presentation authority for retrieving an unsigned electronic document from the unsigned document storage database and for constructing a new unsigned document as a presentation copy of an original unsigned document, wherein the presentation copy has the same appearance as the original unsigned document, and wherein the presentation copy includes a means for the signing party to send a document signing request to the signature authority; in response to an action from a signing party operating the computer with said browser program, sending a request from the browser program to view an unsigned document to the presentation authority; at the presentation authority, in response to a received request to view an unsigned document, retrieving the unsigned document from the unsigned document storage database and creating a presentation copy of the unsigned document wrapped in a frameset mat also contains an applet for communications between the signature authority and the certification authority on the signing party's computer; at the signing party's browser program, displaying the frameset and associated presentation copy of the unsigned document; in response to an action from the signing party, providing a document signing request from the signing party's computer to the signature authority, the document signing request including an identifier of the unsigned document from which the presentation copy was made and an identifier of the location for placement of the signature within the unsigned document; at the signature authority, in response to receipt of the document signing request, providing the identifier of the unsigned document to the presentation authority; at the presentation authority, and in response to the receipt of the identifier of the unsigned document, retrieving an unsigned electronic document corresponding to the identifier of the unsigned document and providing the unsigned document to the signature authority; at the signature authority, providing a signature creation request from the signature authority to the applet in the frameset on the signing party's computer; via the applet at the signing party's computer, forwarding the signature creation request to the certification authority on the signing party's computer; at the certification authority, generating a key pair and opening a user interface on the signing party's computer requesting input of authentication information from the signing party; at the signing party's computer, receiving authentication information input from the signing party; in response to the authentication information input from the signing party, at the certification authority certifying the public key of the pair under a certification authority digital certificate identifying the signing party as subject, and returning the newly generated private key and corresponding digital certificate to the applet at the signing party's computer; at the applet at the signing party's computer, transmitting the private key and certificate to the signature authority; at the signature authority, using the received private key and certificate to create a digital electronic signature on the unsigned document provided by the presentation authority, in the location specified by the document signing request; and at the signature authority, destroying the private key, and transmitting the signed electronic document to the signed document storage database for access by a relying party.