WO1996025812A1 - A method enabling the authentication of a printout of a data file - Google Patents

A method enabling the authentication of a printout of a data file Download PDF

Info

Publication number
WO1996025812A1
WO1996025812A1 PCT/AU1996/000070 AU9600070W WO9625812A1 WO 1996025812 A1 WO1996025812 A1 WO 1996025812A1 AU 9600070 W AU9600070 W AU 9600070W WO 9625812 A1 WO9625812 A1 WO 9625812A1
Authority
WO
WIPO (PCT)
Prior art keywords
data file
sender
file
recipient
signature
Prior art date
Application number
PCT/AU1996/000070
Other languages
French (fr)
Inventor
John Charles Hughes
Original Assignee
John Charles Hughes
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by John Charles Hughes filed Critical John Charles Hughes
Priority to AU46152/96A priority Critical patent/AU4615296A/en
Publication of WO1996025812A1 publication Critical patent/WO1996025812A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3233Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document of authentication information, e.g. digital signature, watermark
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3271Printing or stamping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3278Transmission

Definitions

  • This invention relates to the computerised transmission of information from one person to another, either by means of a data transmission link between two computers, for example, two modems and a telephone line, whereby the information is read from a data recording medium in the sender's computer and written on to a data recording medium in the recipient's computer, or by the physical delivery from the sender to the recipient of an item of recording medium, for example a floppy disk, magnetic tape, compact disk or other carrier of the kind on which machine readable data may be recorded.
  • a data recording medium in the sender's computer and written on to a data recording medium in the recipient's computer
  • an item of recording medium for example a floppy disk, magnetic tape, compact disk or other carrier of the kind on which machine readable data may be recorded.
  • a data file The totality of the data in any instance, when recorded or transmitted in machine readable form is referred to as a data file hereinafter, irrespective of the mode of recordal or transmission.
  • a data file When a data file is expressed in person readable form, as by a hard copy print out, it is referred to as a document hereinafter.
  • So called checksum validation programs are well known. These programs are routinely used to check, for example, the accuracy with which a data file may have been copied by a computer from one carrier to another (for example, from a disk in one of the computer's "drives" to a second disk in another of the computer's drives). Very briefly stated, such validation programs utilise redundant bits or redundant bytes that are deliberately included or omitted in the data record by the computer's operating system, to enable an algorithm based on summations of the meaningful bits and the redundant bits to arrive at a unique result, depending on the content of the data file and the algorithm used.
  • the result When a checksum validation program is run the result may be expressed as a relatively short string of characters, referred to as a proof code hereinafter. If the proof code derived from one data file is identical to that derived from a second data file, then there is a high probability that the two files are identical. If two different checksum algorithms are used to produce two proof codes for each data file and these are respectively identical, then it is virtually certain that the two data files themselves are identical.
  • DSA Digital Signature Algorithm
  • Each user of the DSA is allocated two keys, each being unique to the user in question and each being a number in binary notation.
  • One key is a private key known only to the user and used by the user when validating a data file by the application of an electronic signature. In the present circumstances the user has the role of a sender and would validate a data file, for the content of which he or she is responsible, prior to the file being transmitted to a recipient or otherwise made available to another party.
  • the private key is, of course, kept secret by the sender.
  • the other key is a public key that corresponds to the private key but is not the same as the private key.
  • the public key is known generally and must be known by the recipient to be the public key of the sender.
  • the DSA uses a hash function to produce a condensed version or
  • the digital signature produced by the DSA differs from a personal hand written signature, which is unique to the person concerned and is unchanged from document to document, in that the digital signature produced in any instance depends on the identity of the signatory, as represented by his or her private key, and the data file content, as represented by the digest. In other words each electronic signature is unique to the sender and the particular data file validated by the sender.
  • the recipient of the transmitted data file uses the same hash function to reproduce the digest and this is input, along with the sender's public key and the digital signature transmitted with the file.
  • the DSA is then able to determine whether or not the three inputs are compatible with the presumptions that the data file is unchanged and that the digital signature could have been generated using the private key corresponding to the inputted public key. If such compatability is proved the DSA outputs a statement to the effect that the file is genuine and was validated by the nominated key holder.
  • both checksum validation and DSA provide a means whereby a sender may validate a data file prior to transmission and a recipient with the necessary knowledge of the validation procedure may verify the accuracy of the received file, and in the case of DSA the identity of the validator.
  • an object of the invention is to provide means for the authentication of a document that is allegedly hard copy printout of a data file following transmission of the data file from a sender to a recipient, in a manner analagous to the authentication of a written letter or like person readable document by the application of the author's signature thereto.
  • the invention consists in a method enabling a sender of a data file to authenticate an alleged printout of the data file produced after transmission of the data file from the sender to a recipient, comprising the steps of generating a signature code that is unique to the sender and the said data file, making an entry comprising at least the signature code and an identifier of the data file in a secure and uneditable register accessible only by the sender, and entering the signature code into the data file before transmitting the file to the recipient.
  • the method of the invention further comprises the step of validating the data file including the signature code before transmission to enable subsequent verification of the transmitted data file and signature code to be effected.
  • validation is effected using either a DSA algorithm or a checksum algorithm, in which event the digital signature or the proof code, as the case may be, generated by the algorithm is preferably included in the register entry.
  • the file identifier in the register entry may be no more than a file name, but preferably it also comprises bibliographic details of the file, or, in important cases, may comprise a complete copy of the file.
  • the invention also consists in computer software embodying a program that causes a computer running under the control of the software to effect the method of the invention.
  • the software is such that it is accessible for use only by an authorised user of the software on the input of a password by the user.
  • the invention also consists in a computer when running or when programmed to run under the control of the program of the software of the invention.
  • the single figure drawing is a flow chart of the operation of a method and computer program according to the invention, and showing possible further processing of the data file by its recipient.
  • SENDER refers to the enclosure in the drawing bearing that word. That enclosure represents a person operating a computer programmed to carry out the method of the invention.
  • the term computer as used herein embraces a programmable data processing device of the kind able to read data from a magnetic or other record carrier, receive data from an inputting keyboard, modem or other data source, store the data temporarily in memory, process the data in accordance with an inputted and stored program, and write the processed data to a magnetic or other data carrier.
  • data processors are known and aquire their specific functionality from the program with which they are loaded for the time being.
  • the present invention in one aspect, consists in a program for controlling such a computer.
  • Each software embodiment of the present invention is characterised in that it will not run except on the input of the name of an authorised user of the particular embodiment (or other overt identifier code for that user) together with a covert identifier code (a data string unique to the sender that has been prior entered in a write only memory of the software).
  • the two identifier codes constitute a password unique to the sender that is recognisable by that embodiment or those embodiments of the invention that the sender is authorised to use.
  • the sender may INPUT THE DATA FILE file to be validated, that is to say the sender may load the file into the computer's internal memory, for example by causing the file to be read from a data carrier by the computer or by typing in the file content using the computer's keyboard, and identify the file to the computer by allocating a FILENAME to it and inputting that filename.
  • the program then causes the computer to generate a SIGNATURE CODE and load bibliographic details of the file into a SECURE REGISTER.
  • Those bibliographic details comprise at least the filename and the signature code, but preferably also include the date and time.
  • the inputted bibliographic details comprise a register entry able to be retrieved as a unified item of data.
  • the computer also ensures that the signature code is written into the data file to become an integral part thereof, as indicated by the CODE ADDED TO FILE enclosure.
  • the signature code will appear on any genuine document that is or is a true copy of a printout of the data file.
  • Each signature code generated by the software is a string of randomly produced letters and/or numerals of predetermined length. The string may be of such a length, for example 16 characters, as to ensure, for practical purposes, that the signature code generated for any one combination of authorised user and data file name is unique. Alternatively, and preferably, a shorter string may be used and the software, having generated a signature code, may compare same with all earlier generated codes for the authorised user concerned and reject any duplicates.
  • the computer having "signed" the data file as aforesaid validates the signed file, utilising either a checksum algorithm or, more preferably a DSA algorithm, as indicated by VALIDATE USING PRIVATE KEY and then adds to the register entry the date and time of validation and preferably still more identifying information such as the file length and either the checksum proof codes or the digital signature.as the case may be, and identity of the validator.
  • a complete copy of the file may also be stored in the SECURE REGISTER, as part of the relevant register entry.
  • the sender may then transmit the signed file to the recipient, either by physical delivery of a record carrier containing the data file or by instructing the computer to TRANSMIT FILE over a communication system to the recipient's address.
  • the recipient may print out a hard copy of the file, to see the identity of the author indicated thereon in conjunction with an alleged unique signature code. This may represent a sufficient presumption of validity for some recipients.
  • the recipient may VERIFY the recieved data using the same validation program as that used by the sender to validate the file. If the validation was effected by means of a checksum algorithm, the recipient may refer back to the author to check whether the proof code(s) match. If the validation was effected by means of a DSA algorithm and the verification result is approval of the data file or if advised that the proofcodes match, there is a high presumption of validity of the file in the hands of therecipient, and he may confidently PRINT OUT documents from it for despatch or sale to others.
  • the person concerned may return details of the signature code on the document to the sender, who may then access the secure register and print out the file having the same signature code as disclosed therein for visual comparison with the doubtful document.
  • the inventive software may permit the original accession requiring the authorised user's password to enable the software to generate a stipulated plurality of signature codes.

Abstract

A method enabling a sender of a data file to authenticate an alleged printout of the data file produced after transmission from the sender to a recipient. Comprising generating a signature code that is unique to the sender and the data file, making an entry comprising at least the signature code and a data file identifier in a secure uneditable register accessible only by the sender, entering the signature code into the data file. The signature code will appear on any printout of the data file. Validating the data file and signature code by using a DSA or checksum algorithm before transmission to the recipient to enable verification of the transmitted data file and signature code. Verification of a doubtful data file is achieved by visual comparison with a printout from the secure register.

Description

A METHOD ENABLING THE AUTHENTICATION OF A PRINTOUT OF
A DATA FILE
TECHNICAL FIELD
This invention relates to the computerised transmission of information from one person to another, either by means of a data transmission link between two computers, for example, two modems and a telephone line, whereby the information is read from a data recording medium in the sender's computer and written on to a data recording medium in the recipient's computer, or by the physical delivery from the sender to the recipient of an item of recording medium, for example a floppy disk, magnetic tape, compact disk or other carrier of the kind on which machine readable data may be recorded.
The totality of the data in any instance, when recorded or transmitted in machine readable form is referred to as a data file hereinafter, irrespective of the mode of recordal or transmission. When a data file is expressed in person readable form, as by a hard copy print out, it is referred to as a document hereinafter.
BACKGROUND ART
It is often important for the recipient of a document to be sure of the identity of the sender or author and/or to be sure that the author has checked and approved the content of the document. Also, it is sometimes important for the author, or other person responsible for the content of a document, to be sure (or be in a position to check) that a document in the hands of a recipient has not been tampered with or improperly altered by a third party either during its transmission to the recipient or by such a party or the recipient following its receipt by the latter.
Thus it is commonplace for the author of a written document to record his identity on the document by personally signing the document. Although forgery is known, and no doubt occurs from time to time, the fact remains that a written document, free of erasures or apparent alterations and bearing a personal and recognisable signature carries with it a strong presumption of authenticity, that is to say, a strong presumption that the message or data embodied in the document is a valid expression of the intended meaning of the person who signed the document. In commercial and every day activities such documents are commonly accepted as genuine, and are processed and acted upon without further ado.
With the development of computer controlled printers and plotters, the practice of computerised transmission of data files as described at the outset is becoming commonplace. Such transmission requires the recipient to have access to suitable equipment able, either to accept transmitted data and write it to a magnetic or other record carrier for later scanning and print out as a hard copy document for personal perusal, or merely to scan and print out, if the transmission was effected by the physical transfer of a record carrier.
Computerised transmission of a data file is quick and convenient, if only because of the compact nature of the carrier when a large amount of data is involved, but it suffers from the disadvantage that the final hard copy document does not carry the same degree of presumed authenticity as does a signed, written document. This is so, not only because most printers under the control of a personal computer are unable to reproduce something as idiosyncratic as a signature but, more importantly, because of the ease with which commonly used magnetic data file recordings, for example, may be altered without the alteration being immediately apparent.
So called checksum validation programs are well known. These programs are routinely used to check, for example, the accuracy with which a data file may have been copied by a computer from one carrier to another (for example, from a disk in one of the computer's "drives" to a second disk in another of the computer's drives). Very briefly stated, such validation programs utilise redundant bits or redundant bytes that are deliberately included or omitted in the data record by the computer's operating system, to enable an algorithm based on summations of the meaningful bits and the redundant bits to arrive at a unique result, depending on the content of the data file and the algorithm used.
When a checksum validation program is run the result may be expressed as a relatively short string of characters, referred to as a proof code hereinafter. If the proof code derived from one data file is identical to that derived from a second data file, then there is a high probability that the two files are identical. If two different checksum algorithms are used to produce two proof codes for each data file and these are respectively identical, then it is virtually certain that the two data files themselves are identical.
Thus if a recipient of a data file were reliably informed of the checksum algorithm used by the sender and the proof code derived from the sender's application of it to validate the data file before transmission, then the recipient could verify the accuracy of the data file as received by applying the algorithm to the received data file.
The so called Digital Signature Algorithm (DSA) is also well known prior art. It has the ability to to generate and verify electronic .signatures..
Each user of the DSA is allocated two keys, each being unique to the user in question and each being a number in binary notation. One key is a private key known only to the user and used by the user when validating a data file by the application of an electronic signature. In the present circumstances the user has the role of a sender and would validate a data file, for the content of which he or she is responsible, prior to the file being transmitted to a recipient or otherwise made available to another party. The private key is, of course, kept secret by the sender. The other key is a public key that corresponds to the private key but is not the same as the private key. The public key is known generally and must be known by the recipient to be the public key of the sender.
The DSA uses a hash function to produce a condensed version or
.digest, of the data file to be validated. That digest is then used as input by the DSA along with the user's private key to generate a digital signature (being a pair of large numbers in binary notation) which is transmitted with the data file to the recipient. Thus the digital signature produced by the DSA differs from a personal hand written signature, which is unique to the person concerned and is unchanged from document to document, in that the digital signature produced in any instance depends on the identity of the signatory, as represented by his or her private key, and the data file content, as represented by the digest. In other words each electronic signature is unique to the sender and the particular data file validated by the sender. The recipient of the transmitted data file then uses the same hash function to reproduce the digest and this is input, along with the sender's public key and the digital signature transmitted with the file. The DSA is then able to determine whether or not the three inputs are compatible with the presumptions that the data file is unchanged and that the digital signature could have been generated using the private key corresponding to the inputted public key. If such compatability is proved the DSA outputs a statement to the effect that the file is genuine and was validated by the nominated key holder.
Thus both checksum validation and DSA provide a means whereby a sender may validate a data file prior to transmission and a recipient with the necessary knowledge of the validation procedure may verify the accuracy of the received file, and in the case of DSA the identity of the validator.
However neither of these known procedures go beyond authenticating the received data file, in particular they provide no guarantee to the recipient of a hard copy printout of a data file that the document is a true version of a validated data file. Also, a sender of a data file to a first recipient has no way of proving, if need be, that a document in the hands of a further recipient has not been derived from the data file that the sender originally validated.
DISCLOSURE OF THE INVENTION
Therefore, an object of the invention is to provide means for the authentication of a document that is allegedly hard copy printout of a data file following transmission of the data file from a sender to a recipient, in a manner analagous to the authentication of a written letter or like person readable document by the application of the author's signature thereto.
The invention consists in a method enabling a sender of a data file to authenticate an alleged printout of the data file produced after transmission of the data file from the sender to a recipient, comprising the steps of generating a signature code that is unique to the sender and the said data file, making an entry comprising at least the signature code and an identifier of the data file in a secure and uneditable register accessible only by the sender, and entering the signature code into the data file before transmitting the file to the recipient.
In preferred embodiments, the method of the invention further comprises the step of validating the data file including the signature code before transmission to enable subsequent verification of the transmitted data file and signature code to be effected. Preferably that validation is effected using either a DSA algorithm or a checksum algorithm, in which event the digital signature or the proof code, as the case may be, generated by the algorithm is preferably included in the register entry. The file identifier in the register entry may be no more than a file name, but preferably it also comprises bibliographic details of the file, or, in important cases, may comprise a complete copy of the file.
The invention also consists in computer software embodying a program that causes a computer running under the control of the software to effect the method of the invention. Preferably the software is such that it is accessible for use only by an authorised user of the software on the input of a password by the user. The invention also consists in a computer when running or when programmed to run under the control of the program of the software of the invention.
BRIEF DESCRIPTION OF THE DRAWINGS
The single figure drawing is a flow chart of the operation of a method and computer program according to the invention, and showing possible further processing of the data file by its recipient.
BEST MODE OF CARRYING OUT THE INVENTION.
The various enclosures in the drawing are identified below by the legend on each rendered in upper case.
Thus, SENDER refers to the enclosure in the drawing bearing that word. That enclosure represents a person operating a computer programmed to carry out the method of the invention. The term computer as used herein embraces a programmable data processing device of the kind able to read data from a magnetic or other record carrier, receive data from an inputting keyboard, modem or other data source, store the data temporarily in memory, process the data in accordance with an inputted and stored program, and write the processed data to a magnetic or other data carrier. Such data processors are known and aquire their specific functionality from the program with which they are loaded for the time being. Thus, as indicated earlier, the present invention, in one aspect, consists in a program for controlling such a computer.
Each software embodiment of the present invention is characterised in that it will not run except on the input of the name of an authorised user of the particular embodiment (or other overt identifier code for that user) together with a covert identifier code (a data string unique to the sender that has been prior entered in a write only memory of the software). The two identifier codes constitute a password unique to the sender that is recognisable by that embodiment or those embodiments of the invention that the sender is authorised to use. After the input of the PASSWORD, thereby gaining access to the program, the sender may INPUT THE DATA FILE file to be validated, that is to say the sender may load the file into the computer's internal memory, for example by causing the file to be read from a data carrier by the computer or by typing in the file content using the computer's keyboard, and identify the file to the computer by allocating a FILENAME to it and inputting that filename.
The program then causes the computer to generate a SIGNATURE CODE and load bibliographic details of the file into a SECURE REGISTER. Those bibliographic details comprise at least the filename and the signature code, but preferably also include the date and time. The inputted bibliographic details comprise a register entry able to be retrieved as a unified item of data.
The computer also ensures that the signature code is written into the data file to become an integral part thereof, as indicated by the CODE ADDED TO FILE enclosure. This amounts to signing the data file in that the signature code identifies both the authorised user and the particular data file being authenticated and is retrieved with the other data of the file if and when the file is retrieved by name. Furthermore the signature code will appear on any genuine document that is or is a true copy of a printout of the data file. Each signature code generated by the software is a string of randomly produced letters and/or numerals of predetermined length. The string may be of such a length, for example 16 characters, as to ensure, for practical purposes, that the signature code generated for any one combination of authorised user and data file name is unique. Alternatively, and preferably, a shorter string may be used and the software, having generated a signature code, may compare same with all earlier generated codes for the authorised user concerned and reject any duplicates.
According to the preferred embodiment of the method of the invention now being described, the computer having "signed" the data file as aforesaid validates the signed file, utilising either a checksum algorithm or, more preferably a DSA algorithm, as indicated by VALIDATE USING PRIVATE KEY and then adds to the register entry the date and time of validation and preferably still more identifying information such as the file length and either the checksum proof codes or the digital signature.as the case may be, and identity of the validator.
If desired, a complete copy of the file may also be stored in the SECURE REGISTER, as part of the relevant register entry.
A prudent user would probably print out a document from the signed file and retain it in a safe place.
The sender may then transmit the signed file to the recipient, either by physical delivery of a record carrier containing the data file or by instructing the computer to TRANSMIT FILE over a communication system to the recipient's address. Upon computer accessing and recording the signed data file, or upon receipt of the authenticated carrier, the recipient may print out a hard copy of the file, to see the identity of the author indicated thereon in conjunction with an alleged unique signature code. This may represent a sufficient presumption of validity for some recipients.
Otherwise, if desired, the recipient may VERIFY the recieved data using the same validation program as that used by the sender to validate the file. If the validation was effected by means of a checksum algorithm, the recipient may refer back to the author to check whether the proof code(s) match. If the validation was effected by means of a DSA algorithm and the verification result is approval of the data file or if advised that the proofcodes match, there is a high presumption of validity of the file in the hands of therecipient, and he may confidently PRINT OUT documents from it for despatch or sale to others.
In the event that a subsequently produced hard copy document is brought into question, the person concerned may return details of the signature code on the document to the sender, who may then access the secure register and print out the file having the same signature code as disclosed therein for visual comparison with the doubtful document.
It will be realised that as a matter of commercial reality it is sometimes necessary for a person who is ultimately responsible for the content of a data file, to rely on trusted associates, for example employees, to actually produce the file and even "sign" it on his or her behalf. Thus, as a variation, the inventive software may permit the original accession requiring the authorised user's password to enable the software to generate a stipulated plurality of signature codes. INDUSTRIAL APPLICABILITY
To exemplify the industrial application of the invention two possible applications to existing situations are now instanced.
(a) The New South Wales Land Titles Office is currently investigating, with the view of implementing, a system which would require surveyors producing deposited plans to present same as a digital record on a floppy disk. This would enable the Office to reduce its storage space for stocks of such plans, and yet print out a hard copy of any required plan for immediate sale in response to an inquiry for same. Clearly it would be important to the surveyor for him to be able to prove that the record was tampered with, if in a later dispute between two title holders it is found that a printed out plan is inaccurate. Equally, it would be important for him to be able to identify the certifying surveyor of an existing plan if he were to use the print out of an existing plan as a basis for a later plan and it is subsequently found that inaccuracies in the existing plan led him into error. Hitherto, the surveyor producing a hard copy plan was required to sign same and also sign an endorsement on it to the effect that he had checked the plan for errors. The present invention enables an equivalent degree of authentication to be effected in respect of a plotter control program embodied in a floppy disk.
(b) Some Patent Offices now allow patent applications to be submitted as a data file on a floppy disk. Once again it is clearly desirable for the applicant to be able to prove what wording was recorded on the disk as submitted, in the event that during the prosecution of the application some discrepancy appears or if the granted patent when printed shows some discrepancy.

Claims

1. A method enabling a sender of a data file to authenticate an alleged printout of the data file produced after transmission of the data file from the sender to a recipient, comprising the steps of generating a signature code that is unique to the sender and the said data file, making an entry comprising at least the signature code and an identifier of the data file in a secure and uneditable register accessible only by the sender, and entering the signature code into the data file before transmitting the file to the recipient.
2. A method according to claim 1 further comprising the step of validating the data file inclusive of the signature code before transmitting the file.
3. A method according to claim 2 wherein the step of validating is effected by means of a DSA algorithm utilising a private key and a public key allocated to the sender, which generates a digital signature.
4. A method according to claim 3 wherein said entry also includes a record of the sender's identity and the digital signature.
5. A method according to claim 2 wherein the step of validating is effected by means of a checksum algorithm, which generates a proof code.
6. A method according to claim 5 wherein the said entry also includes the proof code.
7. A method according to claim 1 wherein the file identifier comprises at least a filename.
8. A method according to claim 7 wherein the file identifier further comprises a complete copy of the file.
9. Computer software embodying a program that causes a computer running under the control of the software to effect a method according to any one of the preceding claims.
10. Computer software according to claim 9 that is accessible for use only by an authorised user of the software on the input of a password by the user.
11. A computer when programmed to run under the control of the program embodied in software according to claim 10.
PCT/AU1996/000070 1995-02-17 1996-02-12 A method enabling the authentication of a printout of a data file WO1996025812A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU46152/96A AU4615296A (en) 1995-02-17 1996-02-12 A method enabling the authentication of a printout of a data file

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUPN1235 1995-02-17
AUPN1235A AUPN123595A0 (en) 1995-02-17 1995-02-17 Computer file signature code and validation software

Publications (1)

Publication Number Publication Date
WO1996025812A1 true WO1996025812A1 (en) 1996-08-22

Family

ID=3785592

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU1996/000070 WO1996025812A1 (en) 1995-02-17 1996-02-12 A method enabling the authentication of a printout of a data file

Country Status (2)

Country Link
AU (1) AUPN123595A0 (en)
WO (1) WO1996025812A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2358115A (en) * 1999-09-17 2001-07-11 Ibm Method and system for remote printing of duplication resistent documents
US6385728B1 (en) 1997-11-26 2002-05-07 International Business Machines Corporation System, method, and program for providing will-call certificates for guaranteeing authorization for a printer to retrieve a file directly from a file server upon request from a client in a network computer system environment
WO2004095311A2 (en) * 2003-04-23 2004-11-04 Electronic Data Systems Corporation Checksum-based validation of data blocks in a computer-implemented document
DE10242654B4 (en) * 2001-09-28 2006-08-17 Hewlett-Packard Development Co., L.P., Houston A method of printing a document, printing device and computer readable medium
CN100454274C (en) * 2001-12-05 2009-01-21 佳能株式会社 Safty printing using secrete key after being checked
US7526647B2 (en) * 1999-05-25 2009-04-28 Silverbrook Research Pty Ltd Authorization protocol for network publishing

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5157726A (en) * 1991-12-19 1992-10-20 Xerox Corporation Document copy authentication
US5388158A (en) * 1992-11-20 1995-02-07 Pitney Bowes Inc. Secure document and method and apparatus for producing and authenticating same
US5432618A (en) * 1991-09-12 1995-07-11 Gemplus Card International Method and device for the certification of messages sent by facsimile transmission
EP0676877A2 (en) * 1994-04-05 1995-10-11 International Business Machines Corporation Method and apparatus for authentication and verification of printed documents using digital signatures and authentication codes

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5432618A (en) * 1991-09-12 1995-07-11 Gemplus Card International Method and device for the certification of messages sent by facsimile transmission
US5157726A (en) * 1991-12-19 1992-10-20 Xerox Corporation Document copy authentication
US5388158A (en) * 1992-11-20 1995-02-07 Pitney Bowes Inc. Secure document and method and apparatus for producing and authenticating same
EP0676877A2 (en) * 1994-04-05 1995-10-11 International Business Machines Corporation Method and apparatus for authentication and verification of printed documents using digital signatures and authentication codes

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6385728B1 (en) 1997-11-26 2002-05-07 International Business Machines Corporation System, method, and program for providing will-call certificates for guaranteeing authorization for a printer to retrieve a file directly from a file server upon request from a client in a network computer system environment
US7526647B2 (en) * 1999-05-25 2009-04-28 Silverbrook Research Pty Ltd Authorization protocol for network publishing
US7877606B2 (en) 1999-05-25 2011-01-25 Silverbrook Research Pty Ltd Method of authorizing network publishing
GB2358115A (en) * 1999-09-17 2001-07-11 Ibm Method and system for remote printing of duplication resistent documents
DE10242654B4 (en) * 2001-09-28 2006-08-17 Hewlett-Packard Development Co., L.P., Houston A method of printing a document, printing device and computer readable medium
US8041952B2 (en) 2001-09-28 2011-10-18 Hewlett-Packard Development Company, L.P. Systems and methods for printing documents containing electronic signatures
CN100454274C (en) * 2001-12-05 2009-01-21 佳能株式会社 Safty printing using secrete key after being checked
WO2004095311A2 (en) * 2003-04-23 2004-11-04 Electronic Data Systems Corporation Checksum-based validation of data blocks in a computer-implemented document
WO2004095311A3 (en) * 2003-04-23 2005-09-15 Electronic Data Syst Corp Checksum-based validation of data blocks in a computer-implemented document
US7246309B2 (en) 2003-04-23 2007-07-17 Electronic Data Systems Corporation Validating one or more data blocks in a computer-implemented document derived from another computer-implemented document

Also Published As

Publication number Publication date
AUPN123595A0 (en) 1995-03-16

Similar Documents

Publication Publication Date Title
US10567173B2 (en) Secure messaging with disposable keys
US7039805B1 (en) Electronic signature method
US5022080A (en) Electronic notary
EP0386867B1 (en) Improved public key/signature cryptosystem with enhanced digital signature certification
US7644280B2 (en) Method and system for linking certificates to signed files
US6658403B1 (en) Apparatus and method for managing electronic original data
US20060271787A1 (en) System and method for validating a hard-copy document against an electronic version
US5872848A (en) Method and apparatus for witnessed authentication of electronic documents
CA2594018C (en) Method and process for creating an electronically signed document
US20080091954A1 (en) Method and system for facilitating printed page authentication, unique code generation and content integrity verification of documents
JP3754565B2 (en) Electronic seal mark authentication system
US8040541B2 (en) Secure document printing
US20040225884A1 (en) Electronic signature system and method
CA2242130A1 (en) Method for parallel approval of documents in a distributed network
EP1171811A1 (en) System and method for document-driven processing of digitally-signed electronic documents
WO2007041462A2 (en) Signature authentication
WO2002025864A1 (en) Identification and contact information
US7581109B2 (en) Delegation of electronic signature by multi-agent cryptography
WO1996025812A1 (en) A method enabling the authentication of a printout of a data file
JPH07182431A (en) Electronic slip processing system with stamping function
Sharma et al. Certificates on Blockchain
KR102625970B1 (en) Confirmation system for original of proof documents
AU2021100429A4 (en) Printed document authentication
KR100760647B1 (en) Authenticated link address service system and method thereof
JPH0981517A (en) System for approving electronic document by copy to and collation with electronic file

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU CA GB JP US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE

WWE Wipo information: entry into national phase

Ref document number: 08687443

Country of ref document: US

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: CA

122 Ep: pct application non-entry in european phase