| 主权项 |
1. A computer-implemented method for verifying the authenticity of a digital signature associated with an electronic document, such that a relying party is enabled to rely on the fact that a signing party reliably signed the electronic document, comprising the steps of:
in response to an action from a signing party operating a computer, sending a request from the signing party's computer to a presentation authority computer system to view an unsigned document via the presentation authority computer system; at the presentation authority computer system, in response to receipt of the request from the signing party's computer, retrieving the unsigned document from an unsigned document storage database and creating a presentation copy of the unsigned document in a frameset together with a secure communication application for communications between a signature authority computer system and a certification authority component on the signing party's computer system; at the signing party's computer system, displaying the frameset and associated presentation copy of the unsigned document; in response to an action from the signing party corresponding to the signing of the document, providing a document signing request from the signing party's computer system to the signature authority computer system; at the signature authority computer system, in response to receipt of the document signing request, providing the identifier of the unsigned document to the presentation authority computer system; at the presentation authority computer system, and in response to the receipt of the identifier of the unsigned document, retrieving an unsigned electronic document corresponding to the identifier of the unsigned document and providing the unsigned document to the signature authority computer system; at the signature authority computer system, providing a signature creation request from the signature authority computer system to the secure communication application on the signing party's computer system; via the secure communication application at the signing party's computer system, forwarding the signature creation request to the certification authority component on the signing party's computer system; at the certification authority component, generating a cryptographic key pair including a private key and a public key and opening a user interface on the signing party's computer system requesting input of authentication information from the signing party; at the signing party's computer system, receiving authentication information input from the signing party; in response to the authentication information input from the signing party, at the certification authority component on the signing party's computer, certifying the public key of the pair under a certification authority digital certificate identifying the signing party as subject, and returning the newly generated private key and corresponding digital certificate to the secure communication application at the signing party's computer system; at the secure communication application at the signing party's computer system, transmitting the private key of the generated key pair and digital certificate to the signature authority computer system; at the signature authority computer system, using the received private key and digital certificate to create a digital electronic signature on the unsigned document provided by the presentation authority computer system to create a signed electronic document; at the signature authority computer system, destroying the private key, and transmitting the signed electronic document to the relying party; and storing the signed electronic document in a signed document storage database for access by the relying party. |
