METHOD AND DEVICE FOR ELECTRONIC SIGNATURE

(19)

(11)

EP 3 700 122 B1

(12)	EUROPEAN PATENT SPECIFICATION

(45)	Mention of the grant of the patent:
	06.09.2023 Bulletin 2023/36

(21)	Application number: 18867546.6

(22)	Date of filing: 23.04.2018

(51)

International Patent Classification (IPC):

H04L 9/00^(2022.01)
H04L 9/08^(2006.01)

H04L 9/32^(2006.01)

(52)	Cooperative Patent Classification (CPC):
	H04L 9/3239; H04L 9/3247; H04L 9/0866; H04L 9/50

(86)	International application number:
	PCT/CN2018/084095

(87)	International publication number:
	WO 2019/076019 (25.04.2019 Gazette 2019/17)

(54)	METHOD AND DEVICE FOR ELECTRONIC SIGNATURE VERFAHREN UND VORRICHTUNG FÜR ELEKTRONISCHE UNTERSCHRIFT PROCÉDÉ ET DISPOSITIF DE SIGNATURE ÉLECTRONIQUE

(84)	Designated Contracting States:
	AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(30)

Priority:

18.10.2017 CN 201710971647

(43)	Date of publication of application:
	26.08.2020 Bulletin 2020/35

(73)	Proprietor: Crosbil Ltd.
	Oxford OX4 4ED (GB)

(72)	Inventors:
	ROSCOE, Andrew William Oxford OX4 4ED (GB) CHEN, Bangdao Shenzhen Guangdong 518000 (CN)

(74)	Representative: Cabinet Laurent & Charras
	Le Contemporain 50 Chemin de la Bruyère 69574 Dardilly Cedex 69574 Dardilly Cedex (FR)

(56)

References cited: :

CN-A- 105 592 098
CN-A- 107 196 966
US-A1- 2017 220 815

CN-A- 106 789 041
US-A1- 2017 005 804
US-A1- 2017 220 815

Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).

Description

TECHNICAL FIELD

[0001] The embodiments of the disclosure relate to the field of electronic signature technologies, and in particular, to a method and apparatus for electronic signature.

BACKGROUND OF THE INVENTION

[0002] With the rapid development in information technology and network technology, information has been increasingly transmitted through networks. In order to ensure the authenticity, validity and integrity of the information transmitted over networks, the transmitted information can be electronically signed. A common and mature implementation of electronic signatures is digital signature technology. The digital signature technology is implemented with key encryption technology. Existing digital signature technologies include asymmetric cryptography, symmetric cryptography, and the like. Asymmetric cryptography is currently widely used. Asymmetric cryptography uses a pair of a public key and a private key, taking advantage of the fact that private keys cannot be cracked in polynomial time. However, developments in quantum computers and Shor's algorithm impose a threat to the unbreakable nature of asymmetric cryptography method.

[0003] Researches have been conducted on signature models and asymmetric cryptography that are not susceptible to quantum computing attacks which however bring little success. Among others, lattice-based cryptography seems promising, but it is still not a mature technology.

[0004] US 2017/005804 is directed to systems and methods for securing and disseminating time sensitive information using a blockchain.

[0005] In the process of key generation, a plurality of keys are generated and a corresponding time of publication is determined for each key. That is, a key is published at the time of publication thereof. This may be problematic if the key has not been used at the time of publication. In this situation, the key has to be published, resulting in a waste of the key. The time of publication herein refers to the time at which the key is to be released. More details can be found in PCT Application No. PCT/CN2017/100685, filed by the same applicant on September 6, 2017.

SUMMARY OF THE INVENTION

[0006] The invention is provided as defined in the independent claims.

[0007] Some preferred embodiments are described in the dependent claims.

[0008] In view of the above technical problems, the disclosure provides a method and apparatus for electronic signature which are capable of efficiently utilizing a key.

[0009] In an aspect of the disclosure, a method for electronic signature is provided. The method can comprise obtaining a hash value of a first key created for a user and a user identifier of the user; generating a key certificate of the first key based on the obtained hash value, the user identifier and a current key; recording the key certificate on a public medium, wherein the public medium is configured to ensure information published thereon being not tampered with; signing a file with the first key and recording a resulting file signature and the file on the public medium; and recording the first key on the public medium only after the file are already on the public medium.

[0010] In some embodiments, the public medium can be a blockchain.

[0011] In some embodiments, the public medium can be a bulletin board operated by a trusted third party.

[0012] In some embodiments, the public medium can be a write-only database. Each data block written into the write-only database can be irrevocable and a consensus can be reached among all users.

[0013] In some embodiments, the number of the file can be one.

[0014] In some embodiments, recording the first key on the public medium only after the file is already on the public medium further can comprise, after the file is already on the public medium, signing a message indicative of the number of the files with the first key and recording a resulting message signature and the message on the public medium, and recording the first key on the public medium.

[0015] In some embodiments, recording the first key on the public medium only after the file is already on the public medium can further comprise, after the file is already on the public medium, signing a message indicative of that the first key is no longer used in signing a file with the first key and recording a resulting message signature and the message on the public medium, and recording the first key on the public medium.

[0016] In some embodiments, the method for electronic signature can further include verifying the key certificate prior to signing a file with the first key.

[0017] In another aspect of the disclosure, an apparatus for electronic signature is provided. The apparatus can comprise a public medium and a processor. The public medium can be configured to ensure that information published thereon is not tampered with. The processor can be configured to obtain a hash value of a first key created for a user and a user identifier of the user; generate a key certificate of the first key based on the obtained hash value, the user identifier, and a current key; record the key certificate on the public medium; sign a file with the first key and record a resulting file signature and the file on the public medium; and record the first key on the public medium only after the file is already on the public medium.

[0018] In some embodiments, the public medium can be a blockchain.

[0019] In some embodiments, the public medium can be a bulletin board operated by a trusted third party.

[0020] In some embodiments, the public medium can be a write-only database. Each data block written into the write-only database can be irrevocable and a consensus can be reached among all users.

[0021] In some embodiments, the number of the file can be one.

[0022] In some embodiments, recording the first key on the public medium only after the file is already on the public medium can further comprises, after the file is already on the public medium, signing a message indicative of the number of the files with the first key and recording a resulting message signature and the message on the public medium; and recording the first key on the public medium.

[0023] In some embodiments, recording the first key on the public medium only after the file is already on the public medium can further comprises, after the file is already on the public medium, signing a message indicative of that the first key is no longer used in signing a file with the first key and recording a resulting message signature and the message on the public medium; and recording the first key on the public medium.

[0024] In some embodiments, the processor can be further configured to verify the key certificate prior to signing a file with the first key.

[0025] In yet another aspect of the disclosure, a machine readable storage medium having a computer program stored thereon is provided. The computer program, when executed by a processor, can perform the method for electronic signature as described hereinabove.

[0026] The technical solution provided in the disclosure can be beneficial over prior in various aspects.

[0027] In an aspect, in the technical solution of the disclosure, a key certificate, which is generated based on the hash value of the first key and the user identifier, the user identifier and the current key, can be recorded on a public medium and the key certificate. The time of publication of the first key is not relevant. The user can sign the file with the first key and record (e.g., publishing) the first key on the public medium only after the signed file is already on the public medium. As a result, a publication of the first key is not limited by a time of publication thereof, so as to avoid a situation where a key (e.g., the first key), which has not been used, has to be published at the time of publication. Therefore, the key can be effectively used, and a waste of keys can be avoided.

[0028] In another aspect, in the technical solution of the disclosure, the number of the file is one. That said, a key can only be used to sign one file, and any other files that are signed with the key can be determined as a fake. Therefore, a situation where a key is thieved due to a hijack in recording the key on the public medium can be avoided. In another technical solution of the disclosure, if the number of files is more than one, a message indicative of the number of signed files or the first key no longer being used for signature can be recorded on the public medium prior to recording the first key on the public medium. Therefore, a situation where the first key is thieved due to a hijack in recording the key on the public medium can be avoided by not accepting a file signed with the first key.

BRIEF DESCRIPTION OF THE DRAWINGS

[0029] The novel features of the invention are set forth in the appended claims. A better understanding of the features and advantages of the present invention will be obtained with reference to the detailed description and drawings, which set out the descriptive embodiments with the principle of the present invention. The drawings are only for the purpose of illustrating the embodiments and should not be construed as limiting the invention. Throughout the drawings, the same elements are denoted by the same reference numerals, in the drawings:

FIG. 1 illustrates a flow chart of a method for electronic signature in accordance with an exemplary embodiment of the disclosure; and

FIG. 2 illustrates a schematic structural diagram of an apparatus for electronic signature in accordance with an exemplary embodiment of the disclosure.

DETAILED DESCRIPTION OF THE INVENTION

[0030] Exemplary embodiments of the disclosure will be described in more detail with reference to the accompanying drawings. While the exemplary embodiments of the disclosure are shown in the drawings, it shall be understood that the invention can be embodied in various forms and not limited by the embodiments set forth herein. Rather, the embodiments are provided so that the disclosure will be more comprehensively understood, and the scope of the disclosure can be fully conveyed to those skilled in the art. Nothing in the following detailed description is intended to suggest that any particular component, feature or process is indispensable to the present invention. Those skilled in the art will appreciate that various features or processes can be substituted or combined with each other without departing from the scope of the disclosure.

[0031] FIG. 1 illustrates a flow chart of a method for electronic signature in accordance with an exemplary embodiment of the disclosure. As shown in FIG. 1, the method for electronic signature can comprise processes S101 to S105.

[0032] In process S101, a hash value of a first key created for a user and a user identifier of the user can be obtained.

[0033] In process S102, a key certificate of the first key can be generated based on the obtained hash value, the user identifier and a current key.

[0034] In process S103, the key certificate can be recorded on a public medium, which public medium can ensure that information published thereon is not tampered with.

[0035] In process S104, a file can be signed with the first key, and a resulting file signature and the file can be recorded on the public medium.

[0036] In process S105, the first key can be recorded on the public medium only after the file is already on the public medium.

[0037] In the method for electronic signature according to an exemplary embodiment of the disclosure, a hash value of the first key and the user identifier can first be obtained, and the key certificate of the first key can then be generated based on the obtained hash value, the user identifier and the current key. The first key herein can refer to any key created for the user by the user himself or a trusted third party. The key can be created in any manner known in the art or in the future. The invention is not limited in this regard. The current key herein can refer to a valid key currently used by the user. The current key can be an initial key signed by a trusted third party or a key created prior to creating the first key. In some instances, the first key is a key k, and the user identifier of the user to which the key k belongs is A, then obtaining the hash value of the key k and the user identifier A can be hash (A, k). The key certificate of the first key can be generated based on hash (A, k), user identifier A and current key k0. In other words, the key certificate of the first key can be obtained by signing the user identifier A and hash (A, k) with the current key k0 (i.e., (A, hash (A, k))). After the key certificate of the first key is recorded on the public medium, the user can sign a file with the first key. After the signed file is recorded on the public medium, the user can record (e.g., publish) the first key on the public medium. Since a generation of the key certificate of the first key does not involve the time of publication of the first key and the first key is recorded on the public medium only after the signed file is already on the public medium, a publication of the first key is not limited by the time of publication thereof. Therefore, a situation where the first key is published at the time of publication even if it is not used can be avoided. This way, the key can be effectively used without a waste.

[0038] In some embodiments, the public medium can be a blockchain. A blockchain is a chained data structure formed by chronologically linking data in a series of blocks. A blockchain is also a distributed ledger on which it is cryptographically guaranteed that data is not tampered with and faked. The blockchain can use encryption techniques (e.g., hashing and signature) and consensus algorithms to establish a trust mechanism, which makes the cost of repudiation, tampering and fraud formidable, ensuring that data cannot be tampered with and faked. It can be appreciated that the blockchain can be implemented in any manner known in the art or in the future, such as Bitcoin, Ethereum, and the like.

[0039] In alternative embodiments, the public medium can be a bulletin board system (BBS) operated by a trusted third party (TTP). In other words, tamper-proofing of the data published on the BBS is guaranteed by the trusted third party. The trusted third party can be an organization which provides maintenance and operation services for various systems. The trusted third party can obtain a credible qualification through legal, administrative and commercial procedures. The trusted third party can be governed by relevant national regulatory bodies. In still alternative embodiments, the public medium can be a write-only database. Any data block written into the write-only database is irrevocable, and a consensus is reached among all users. The write-only database can be a database which allows a data writing. Reaching a consensus can indicate that all users recognize an authenticity of the written data and a state of the data as not being tampered with. It shall be understood that, the public medium can be implemented in any manner known in the art or in the future as long as a tamper-proofing is ensured. The invention is not limited in this respect.

[0040] In some embodiments, the number of the file can be one. That said, a key can only be used to sign one file, and any other files that are signed with the key can be determined as a fake. Therefore, a situation where a key is thieved due to a hijack in recording the key on the public medium can be avoided. In some cases, the public medium can be configured to accept only the first file signed with the key. This way, even if the key k is hijacked by a user B in recording the key k on the public medium and the user B signs a file b with the key k and records it on the public medium, the public medium can refuse to store the file b by checking and confirming that a file signed with the key k already being recorded thereon. For example, a second use of the key k can be prevented by a consensus mechanism in the blockchain.

[0041] In some embodiments, if more than one file is signed with the key k (e.g., the first key), recording the first key on the public medium only after the files are already on the public medium in process S105 can further comprise, after the files are recorded on the public medium, signing a message indicative of the number of the files with the first key and recording the resulting message signature and the message on the public medium, and recording the first key on the public medium.

[0042] As discussed, if the user signs a plurality of files with the key k, the user can sign the message indicative of the number of the files with the key k and record the resulting message signature and the message on public medium after all of the signed files exist on the public medium, and then record key k on the public medium. The message indicative of the number of the files can contain information about how many files have been signed with the key k. For instance, assuming that a user Alice (e.g., the user identifier being A) has signed 23 files with the key k, the message can be "Alice has signed 23 files with hash (A, k)". It will be appreciated by those skilled in the art that, the message indicative of the number of the files can be implemented in any manner known in the art or in the future, as long as the number of files can be indicated. The present invention is not limited in this respect. The public medium such as blockchains and/or bulletin boards can be configured to calculate the number of files thereon that are associated with hash (A, k) and compare the calculated number of files with the number indicated by said message indicative of the number of the files. If the calculated number of files is equal to the number indicated by said message indicative of the number of the files, a record of the key k can be accepted, while any file signed with the key k after the record of the key k can be rejected. This can be achieved by the nature of the blockchain and/or the BBS that data is unchangeable and exists permanently once the data is written and a consensus is reached.

[0043] In alternative embodiments, if more than one file is signed with the key k (e.g., first key), recording the first key on the public medium only after the files are already on the public medium in process S105 can further comprise, after the files are recorded on the public medium, signing a message indicative of that the first key is no longer used in signing a file with the first key and recording the resulting message signature and the message on the public medium, and recording the first key on the public medium. In other words, subsequent to recording all the files signed with the key k on the public medium and prior to recording the key k on the public medium, the key k can be used to sign the message indicative of that the key k is no longer used to sign a file, and the message and the resulting message signature can be recorded on public medium. The message can be, for example, "No more signatures with hash (A, k)". This way, a situation where a key is thieved due to a hijack in recording the key on the public medium can be avoided. The message indicative of that the key k is no longer used in signing the file can be implemented in any manner known in the art or in the future as long as it can indicate that the key k is no longer used. The present invention is not limited in this respect.

[0044] In some embodiments, the method for electronic signature according to an exemplary embodiment of the disclosure can further comprise verifying the key certificate prior signing the file with the first key. The purpose of verifying the key certificate is to prove that the first key is indeed owned by the user. Normally, an initial key of the user can be signed by a trusted third party, such that the initial key can be verified. The key that is subsequently created can be signed by the previously created key. For instance, the nth key can be signed by the n-1th key, and all these signatures can be published on the public medium. After the n-1 th key is published, other users can verify the signature of the nth key, thereby verifying the key certificate of the nth key. As an example, after the current key k0 is published, other users can verify the key certificate of the first key using the current key k0. This way, an identity of the user can be verified.

[0045] FIG. 2 shows a schematic structural diagram of an apparatus for electronic signature in accordance with an exemplary embodiment of the disclosure. As shown in FIG. 2, the apparatus for electronic signature can comprise a public medium 201 and a processor 202. The public medium 201 can be configured to ensure that the information published thereon is not tampered with. The processor 202 can be configured to obtain a hash value of a first key created for the user and a user identifier of the user, generate a key certificate of the first key based on the obtained hash value, the user identifier and the current key, record the key certificate on the public medium 201, which public medium 201 being configured to ensure that information published thereon is not tampered with, sign a file with the first key and record the resulting file signature and the file on the public medium 201, and record the first key on the public medium 201 only after the file is already on the public medium 201.

[0046] As discussed, the apparatus for electronic signature in accordance with exemplary embodiment of the disclosure can first obtain a hash value of the first key and the user identifier, and then generate the key certificate of the first key based on the obtained hash value, the user identifier and the current key. The first key herein can refer to any key created for the user by the user himself or by a trusted third party. The current key can be created in any manner known in the art or in the future. The present invention is not limited in this regard. The current key herein can refer to a valid key currently used by the user. The current key can be an initial key signed by a trusted third party or a key created prior to creating the first key. In some instances, the first key is a key k, and the user identifier of the user to which the key k belongs is A, then obtaining the hash value of the key k and the user identifier A can be hash (A, k). The key certificate of the first key can be generated based on hash (A, k), user identifier A and current key k0. In other words, the key certificate of the first key can be obtained by signing the user identifier A and hash (A, k) with the current key k0. After the key certificate of the first key is recorded on the public medium 201, the user can sign a file with the first key. After the signed file is recorded on the public medium 201, the user can record (e.g., publish) the first key on the public medium 201. Since a generation of the key certificate of the first key does not involve the time of publication of the first key and the first key is recorded on the public medium 201 only after the signed file is already on the public medium 201, a publication of the first key is not limited by the time of publication thereof. Therefore, a situation where the first key is published at the time of publication even if it is not used can be avoided. This way, the key can be effectively used without a waste.

[0047] In some embodiments, the public medium 201 can be a blockchain. A blockchain is a chained data structure formed by chronologically linking data in a series of blocks. A blockchain is also a distributed ledger on which it is cryptographically guaranteed that data is not tampered with and faked. The blockchain can use encryption techniques (e.g., hashing and signature) and consensus algorithms to establish a trust mechanism, which makes the cost of repudiation, tampering and fraud formidable, ensuring that data cannot be tampered with and faked. It can be appreciated that the blockchain can be implemented in any manner known in the art or in the future, such as Bitcoin, Ethereum, and the like.

[0048] In alternative embodiments, the public medium 201 can be a bulletin board system (BBS) operated by a trusted third party (TTP). In other words, tamper-proofing of the data published on the BBS is guaranteed by the trusted third party. The trusted third party can be an organization which provides maintenance and operation services for various systems. The trusted third party can obtain a credible qualification through legal, administrative and commercial procedures. The trusted third party can be governed by relevant national regulatory bodies. In still alternative embodiments, the public medium 201 can be a write-only database. Any data block written into the write-only database is irrevocable, and a consensus is reached among all users. The write-only database can be a database which allows a data writing. Reaching a consensus can indicate that all users recognize an authenticity of the written data and a state of the data as not being tampered with. It shall be understood that, the public medium 201 can be implemented in any manner known in the art or in the future as long as a tamper-proofing is ensured. The invention is not limited in this respect.

[0049] In some embodiments, the number of the file can be one. That said, a key can only be used to sign one file, and any other files that are signed with the key can be determined as a fake. Therefore, a situation where a key is thieved due to a hijack in recording the key on the public medium can 201 be avoided. In some cases, the public medium 201 can be configured to accept only the first file signed with the key. This way, even if the key k is hijacked by a user B in recording the key k on the public medium 201 and the user B signs a file b with the key k and records it on the public medium201, the public medium 201 can refuse to store the file b by checking and confirming that a file signed with the key k already being recorded thereon. For example, a second use of the key k can be prevented by a consensus mechanism in the blockchain.

[0050] In some embodiments, if more than one file is signed with the key k (e.g., the first key), recording the first key on the public medium 201 only after the files are already on the public medium 201 can further comprise, after the files are recorded on the public medium 201, signing a message indicative of the number of the files with the first key and recording the resulting message signature and the message on the public medium 201, and recording the first key on the public medium 201.

[0051] As discussed, if the user signs a plurality of files with the key k (e.g., the first key), the user can sign the message indicative of the number of the files with the key k and record the resulting message signature and the message on public medium 201 after all of the signed files exist on the public medium 201, and then record key k on the public medium 201. The message indicative of the number of the files can contain information about how many files have been signed with the key k. For instance, assuming that a user Alice (e.g., the user identifier being A) has signed 23 files with the key k, the message can be "Alice has signed 23 files with hash (A, k)". It will be appreciated by those skilled in the art that, the message indicative of the number of the files can be implemented in any manner known in the art or in the future, as long as the number of files can be indicated. The present invention is not limited in this respect. The public medium 201 such as blockchains and/or bulletin boards can be configured to calculate the number of files thereon that are associated with hash (A, k) and compare the calculated number of files with the number indicated by said message indicative of the number of the files. If the calculated number of files is equal to the number indicated by said message indicative of the number of the files, a record of the key k can be accepted, while any file signed with the key k after the record of the key k can be rejected. This can be achieved by the nature of the blockchain and/or the BBS that data is unchangeable and exists permanently once the data is written and a consensus is reached.

[0052] In alternative embodiments, if more than one file is signed with the key k (e.g., first key), recording the first key on the public medium 201 only after the files are already on the public medium 201 can further comprise, after the files are recorded on the public medium 201, signing a message indicative of that the first key is no longer used in signing a file with the first key and recording the resulting message signature and the message on the public medium 201, and recording the first key on the public medium 201. In other words, subsequent to recording all the files signed with the key k on the public medium 201 and prior to recording the key k on the public medium 201, the key k can be used to sign the message indicative of that the key k is no longer used to sign a file, and the message and the resulting message signature can be recorded on public medium 201. The message can be, for example, "No more signatures with hash (A, k)". This way, a situation where a key is thieved due to a hijack in recording the key on the public medium can be avoided. The message indicative of that the key k is no longer used in signing the file can be implemented in any manner known in the art or in the future as long as it can indicate that the key k is no longer used. The present invention is not limited in this respect.

[0053] In some embodiments, the processor 202 can be further configured to verify the key certificate prior signing the file with the first key. The purpose of verifying the key certificate is to prove that the first key is indeed owned by the user. Normally, an initial key of the user can be signed by a trusted third party, such that the initial key can be verified. The key that is subsequently created can be signed by the previously created key. For instance, the nth key can be signed by the n-1 th key, and all these signatures can be published on the public medium 201. After the n-1th key is published, other users can verify the signature of the nth key, thereby verifying the key certificate of the nth key. As an example, after the current key k0 is published, other users can verify the key certificate of the first key using the current key k0. This way, an identity of the user can be verified.

[0054] In summary, with the technical solution of the disclosure, the first key can be recorded on the public medium 201 after all the files signed with the first key already exist on the public medium 201. This way, the user can decide how many files to be signed with a key and create another key when he or she does not want to use the key (e.g., creating a new key). A further key can be created with the new key, and said further can be used, without having to create multiple keys in advance.

[0055] In an aspect of the disclosure, a machine-readable storage medium is further provided. The machine-readable storage medium can have a computer program stored thereon. The computer program, when executed by a processor, can perform the method for electronic signature described in detail hereinabove in the disclosure. In some embodiments, the machine readable storage medium can be a tangible component provided in a digital processing device. In alternative embodiments, the machine readable storage medium can be optionally removable from the digital processing device. In some embodiments, non-limiting example of the machine readable storage medium can include a USB drive, a removable hard disk, a Read-Only Memory (ROM), and a Random Access Memory (RAM). , a Flash Memory, a Programmable Read Only Memory (PROM), an Erasable Programmable Read Only Memory (EPROM), a Solid State Memory, a disk, an optical disk, a cloud computing system or service.

[0056] It shall be understood that the various processes recited in the method embodiments of the disclosure can be performed in a different order and/or in parallel. Moreover, the method embodiments can include additional processes and/or omit an illustrated process. The scope of the invention is not limited in this respect.

[0057] Numerous specific details are set forth in the description provided in the disclosure. However, it shall be understood that embodiments of the disclosure can be practiced without these specific details. Known methods, structures and techniques are not shown in detail in some embodiments so as not to obscure the understanding of the present specification.

[0058] While the exemplary embodiments of the present invention have been shown and described herein, it is understood that numerous variations, changes and substitutions will now occur to those skilled in the art without departing from the present invention. It should be understood that various alternatives to the embodiments of the present invention described herein can be employed in practicing the present invention. It is intended that the following claims define the scope of the invention and methods, structures within the scope of the claims, and their equivalents be covered thereby.

Claims

1. A method for electronic signature, comprising:

obtaining (S 101) a hash value of a first key created for a user and a user identifier of the user, wherein the first key is a key created for the user by the user himself;

generating (S102) a key certificate of the first key based on the obtained hash value, the user identifier and a current key, wherein the current key is a key created prior to creating the first key;

recording (S103) the key certificate on a public medium, wherein the public medium is configured to ensure information published thereon being not tampered with;

verifying the key certificate prior to signing a file with the first key;

signing (S104) a file with the first key and recording a resulting file signature and the file on the public medium; and

recording (S105) the first key on the public medium only after the file is already on the public medium, wherein after the file is already on the public medium, signing a message indicative of the number of the files with the first key and recording a resulting message signature and the message on the public medium and recording the first key on the public medium, wherein the message indicative of the number of the files contains information about how many files have been signed with the first key.

2. The method for electronic signature of claim 1, wherein the public medium is a blockchain.

3. The method for electronic signature of claim 1, wherein the public medium is a bulletin board operated by a trusted third party.

4. The method for electronic signature of claim 1, wherein the public medium is a write-only database, and wherein each data block written into the write-only database is irrevocable, and a consensus is reached among all users.

5. The method for electronic signature of any one of claims 1 to 4, wherein the number of files that may be signed by each key is one.

6. The method for electronic signature of any one of claims 1 to 4, wherein recording the first key on the public medium only after the file is already on the public medium further comprises:

after the file is already on the public medium, signing a message indicative of that the first key is no longer used in signing a file with the first key and recording a resulting message signature and the message on the public medium; and

recording the first key on the public medium.

7. An apparatus for electronic signature, comprising a public medium and a processor, wherein the public medium is configured to ensure information published thereon being not tampered with, and the processor is configured to:

obtain (S101) a hash value of a first key created for a user and a user identifier of the user, wherein the first key is a key created for the user by the user himself;

generate (S102) a key certificate of the first key based on the obtained hash value, the user identifier, and a current key, wherein the current key is a key created prior to creating the first key;

record (S103) the key certificate on the public medium;

verifying the key certificate prior to signing a file with the first key;

sign (S104) a file with the first key and record a resulting file signature and the file on the public medium; and

record (S105) the first key on the public medium only after the file is already on the public medium, wherein after the file is already on the public medium, signing a message indicative of the number of the files with the first key and recording a resulting message signature and the message on the public medium and recording the first key on the public medium, wherein the message indicative of the number of the files contains information about how many files have been signed with the first key.

8. The apparatus for electronic signature of claim 7, wherein the public medium is a blockchain.

9. The apparatus for electronic signature of claim 7, wherein the public medium is a bulletin board operated by a trusted third party.

10. The apparatus for electronic signature of claim 7, wherein the public medium is a write-only database, and wherein each data block written to the write-only database is irrevocable, and a consensus is reached among all users.

11. The apparatus for electronic signature of any one of claims 7 to 10, wherein the number of the file is one.

12. The apparatus for electronic signature of any one of claims 7 to 10, wherein recording the first key on the public medium only after the file is already on the public medium further comprises:

recording the first key on the public medium.

13. A machine readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, performs the method of any one of claims 1 to 6.

Ansprüche

1. Ein Verfahren für elektronische Unterschrift, das umfasst:

Erhalten eines Hash-Werts (SI 01) eines für einen Benutzer erstellten ersten Schlüssels und einer Benutzerkennung des Benutzers, wobei der erste Schlüssel ein vom Benutzer selbst erzeugter Schlüssel ist;

Erzeugen (SI02) eines Schlüsselzertifikats des ersten Schlüssels auf der Grundlage des erhaltenen Hash-Werts, der Benutzerkennung und eines aktuellen Schlüssels, wobei der aktuelle Schlüssel ein Schlüssel ist, der vor der Erzeugung des ersten Schlüssels erzeugt wurde;

Aufzeichnen (SI03) des Schlüsselzertifikats auf einem öffentlichen Medium, wobei das öffentliche Medium dazu konfiguriert ist sicherzustellen, dass die darauf veröffentlichten Informationen nicht manipuliert werden;

Überprüfen des Schlüsselzertifikats vor dem Signieren einer Datei mit dem ersten Schlüssel;

Signieren (SI04) einer Datei mit dem ersten Schlüssel und Aufzeichnen einer resultierenden Dateisignatur und der Datei auf dem öffentlichen Medium, und Aufzeichnen (SI05) des ersten Schlüssels auf dem öffentlichen Medium erst, dabei, nachdem sich die Datei bereits auf dem öffentlichen Medium befindet, Signieren einer Meldung, die die Anzahl der Dateien mit dem ersten Schlüssel angibt, und Aufzeichnen einer sich ergebenden Meldungsunterschrift und der Meldung auf dem öffentlichen Medium und Aufzeichnung des ersten Schlüssels auf dem öffentlichen Medium wobei die Meldung mit Angabe der Anzahl Dateien Informationen darüber enthält, wieviele Dateien mit dem ersten Schlüssel signiert wurden.

2. Verfahren für elektronische Unterschrift nach Anspruch 1, wobei das öffentliche Medium eine Blockchain ist.

3. Verfahren für elektronische Unterschrift nach Anspruch 1, wobei das öffentliche Medium eine Anzeigetafel, betrieben von einem zuverlässigen Drittanbieter ist.

4. Verfahren für elektronische Unterschrift nach Anspruch 1, wobei das öffentliche Medium eine Write- Only- Datenbank ist, und wobei jeder Datenblock, der in die Write- Only- Datenbank geschrieben wird, unwiderruflich ist und darüber Konsens unter allen Benutzern besteht.

5. Verfahren für elektronische Unterschrift nach irgendeinem der Ansprüche 1 bis 4, wobei die Anzahl der Dateien, die von jedem Schlüssel signiert werden können, eins ist.

6. Verfahren für elektronische Unterschrift nach irgendeinem der Ansprüche 1 bis 4, wobei die Aufzeichnung des ersten Schlüssels auf dem öffentlichen Medium erst nachdem sich die Datei bereits auf dem öffentlichen Medium befindet, weiterhin umfasst:

nachdem sich die Datei bereits auf dem öffentlichen Medium befindet, Signieren einer Meldung die anzeigt, das der erste Schlüssel nicht länger zur Signatur einer Datei mit dem ersten Schlüssel verwendet wird und Aufzeichnen einer resultierenden Meldungssignatur und der Meldung auf dem öffentlichen Medium; und

Aufzeichnen des ersten Schlüssels auf dem öffentlichen Medium.

7. Gerät für elektronische Unterschrift, das ein öffentliches Medium und einen Prozessor umfasst wobei das öffentliche Medium dazu konfiguriert ist sicherzustellen, dass die darauf veröffentlichten Informationen nicht manipuliert wurden, und der Prozessor ist dazu konfiguriert:

einen Hash-Wert (SI01) eines für einen Benutzer erstellten ersten Schlüssels und eine Benutzerkennung des Benutzers zu erhalten, wobei der erste Schlüssel ein für den Benutzer vom Benutzer selbst erzeugter Schlüssel ist;

Aufzeichnen (SI03) des Schlüsselzertifikats auf dem öffentlichen Medium, Überprüfen des Schlüsselzertifikats vor dem Signieren einer Datei mit dem ersten Schlüssel;

Signieren (SI04) einer Datei mit dem ersten Schlüssel und Aufzeichnen einer resultierenden Dateisignatur und der Datei auf dem öffentlichen Medium Aufzeichnen (SI05) des ersten Schlüssels auf dem öffentlichen Medium erst, nachdem sich die Datei bereits auf dem öffentlichen Medium befindet, und nachdem sich die Datei auf dem öffentlichen Medium befindet, Signieren einer Meldung, die die Anzahl der Dateien mit dem ersten Schlüssel angibt, und Aufzeichnen einer sich ergebenden Meldungsunterschrift und der Meldung auf dem öffentlichen Medium und Aufzeichnen des ersten Schlüssels auf dem öffentlichen Mediu,m wobei die Meldung mit Angabe der Anzahl Dateien Informationen darüber enthält, wieviele Dateien mit dem ersten Schlüssel signiert wurden.

8. Gerät für elektronische Unterschrift nach Anspruch 7, wobei das öffentliche Medium eine Blockchain ist.

9. Gerät für elektronische Unterschrift nach Anspruch 7, wobei das öffentliche Medium eine Anzeigetafel, betrieben von einem zuverlässigen Drittanbieter, ist.

10. Gerät für elektronische Unterschrift nach Anspruch 7, wobei das öffentliche Medium eine Write- Only- Datenbank ist, und wobei jeder Datenblock, der in die Write- Only- Datenbank geschrieben wird, unwiderruflich ist und darüber Konsens unter allen Benutzern besteht.

11. Gerät für elektronische Unterschrift nach irgendeinem der Ansprüche 7 bis 10, wobei die Zahl der Datei eins ist.

12. Gerät für elektronische Unterschrift nach irgendeinem der Ansprüche 7 bis 10, wobei die Aufzeichnung des ersten Schlüssels auf dem öffentlichen Medium erst nachdem sich die Datei bereits auf dem öffentlichen Medium befindet, weiterhin umfasst:

nachdem sich die Datei bereits auf dem öffentlichen Medium befindet, Signieren einer Meldung die anzeigt, dass der erste Schlüssel nicht länger zur Signatur einer Datei mit dem ersten Schlüssel verwendet wird und Aufzeichnen einer resultierenden Meldungssignatur und der Meldung auf dem öffentlichen Medium; und

Aufzeichnen des ersten Schlüssels auf dem öffentlichen Medium.

13. Ein maschinenlesbares Speichermedium mit einem darauf gespeicherten Computerprogramm, wobei das Computerprogramm, wenn es von einem Prozessor, ausgeführt wird, das Verfahren nach irgendeinem der Ansprüche 1 bis 6 durchführt.

Revendications

1. Procédé de signature électronique, comprenant les étapes consistant à :

obtenir (S101) une valeur de hachage d'une première clé créée pour un utilisateur et un identifiant d'utilisateur de l'utilisateur, dans lequel la première clé est une clé créée pour l'utilisateur par l'utilisateur lui-même ;

générer (S 102) un certificat de clé de la première clé sur la base de la valeur de hachage obtenue, de l'identifiant d'utilisateur et d'une clé actuelle, dans lequel la clé actuelle est une clé créée avant de créer la première clé ;

enregistrer (S 103) le certificat de clé sur un support public, dans lequel le support public est configuré pour s'assurer que des informations publiées sur celui-ci ne sont pas altérées ;

vérifier le certificat de clé avant de signer un fichier avec la première clé ;

signer (S 104) un fichier avec la première clé et enregistrer une signature de fichier résultante et le fichier sur le support public ; et

enregistrer (S 105) la première clé sur le support public uniquement après que le fichier soit déjà sur le support public, dans lequel après que le fichier soit déjà sur le support public, signer un message indiquant le nombre des fichiers avec la première clé et enregistrer une signature de message résultante et le message sur le support public et enregistrer la première clé sur le support public, dans lequel le message indiquant le nombre des fichiers contient des informations sur le nombre de fichiers qui ont été signés avec la première clé.

2. Procédé de signature électronique selon la revendication 1, dans lequel le support public est une chaîne de blocs.

3. Procédé de signature électronique selon la revendication 1, dans lequel le support public est un tableau d'affichage exploité par un tiers de confiance.

4. Procédé de signature électronique selon la revendication 1, dans lequel le support public est une base de données en écriture seule, et dans lequel chaque bloc de données écrit dans la base de données en écriture seule est irrévocable, et un consensus est atteint parmi tous les utilisateurs.

5. Procédé de signature électronique selon l'une quelconque des revendications 1 à 4, dans lequel le nombre de fichiers qui peuvent être signés par chaque clé est un.

6. Procédé de signature électronique selon l'une quelconque des revendications 1 à 4, dans lequel l'enregistrement de la première clé sur le support public uniquement après que le fichier soit déjà sur le support public comprend en outre les étapes consistant à :

une fois que le fichier est déjà sur le support public, signer un message indiquant que la première clé n'est plus utilisée pour signer un fichier avec la première clé et enregistrer une signature de message résultante et le message sur le support public ; et

enregistrer la première clé sur le support public.

7. Appareil de signature électronique, comprenant un support public et un processeur, dans lequel le support public est configuré pour garantir que des informations publiées sur celui-ci ne sont pas altérées, et le processeur est configuré pour :

générer (S 102) un certificat de clé de la première clé sur la base de la valeur de hachage obtenue, de l'identifiant d'utilisateur , et d'une clé actuelle, dans lequel la clé actuelle est une clé créée avant de créer la première clé ;

enregistrer (S 103) le certificat de clé sur le support public ;

vérifier le certificat de clé avant de signer un fichier avec la première clé ;

signer (S 104) un fichier avec la première clé et enregistrer une signature de fichier résultante et le fichier sur le support public ; et

8. Appareil de signature électronique selon la revendication 7, dans lequel le support public est une chaîne de blocs.

9. Appareil de signature électronique selon la revendication 7, dans lequel le support public est un tableau d'affichage exploité par un tiers de confiance.

10. Appareil de signature électronique selon la revendication 7, dans lequel le support public est une base de données en écriture seule, et dans lequel chaque bloc de données écrit dans la base de données en écriture seule est irrévocable, et un consensus est atteint parmi tous les utilisateurs.

11. Appareil de signature électronique selon l'une quelconque des revendications 7 à 10, dans lequel le nombre de fichier est un.

12. Appareil de signature électronique selon l'une quelconque des revendications 7 à 10, dans lequel l'enregistrement de la première clé sur le support public uniquement après que le fichier soit déjà sur le support public comprend en outre les étapes consistant à :

enregistrer la première clé sur le support public.

13. Support de stockage lisible par ordinateur présentant un programme informatique stocké sur celui-ci, dans lequel le programme informatique, lorsqu'il est exécuté par un processeur, effectue le procédé selon l'une quelconque des revendications 1 à 6.

Drawing

Cited references

REFERENCES CITED IN THE DESCRIPTION

This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

Patent documents cited in the description