The present invention relates to a digital graphic signature system for use in electronic commerce. The system comprises a document portion, including information relating to the document being executed, and a signature portion. The document portion and the signature portion may be encrypted and merged into a single object readily identifiable to an individual. The terminology xe2x80x9cdigital graphic signaturexe2x80x9d or xe2x80x9cdigigraphic signaturexe2x80x9d is utilized herein to describe the merged object.
The digital graphic signature system of the present invention may be advantageously utilized in electronic transactions, including transactions over the internet and network systems. The digital graphic signature system of the present invention may also be advantageously utilized in conjunction with information banking and virtual wallets.
The present invention also relates to a digital graphic signet that may be utilized to transmit a private communication.
In the physical world, signatures are easily recognized, particularly by their owners. The authenticity of such physical signatures, however, may be difficult to verify.
In contrast, in the digital world, digital signatures are sufficiently verifiable to support non-repudiation, using modern public key crytpgraphic techniques. Such digital signatures however may not be in a form recognizable to humans. Thus a need exists for a digital signature system that permits an individual to visually recognize their own signature. In addition to this problem, there are several other problems that need addressing in the electronic commerce and electronic financial transaction worlds.
A first problem relates to provide information to a consumer regarding the substance of a digital document to be executed. This problem may be phrased as xe2x80x9cHow does a consumer know what he or she is signing when the xe2x80x9cdocumentxe2x80x9d being presented is digital?xe2x80x9d.
An additional problem relates to a consumer associating their digital signature with a digital document. This problem may be phrased as xe2x80x9cHow does a consumer recognize his or her own digital signature that has been associated with a digital document?xe2x80x9d.
For financial institutions, merchants, vendors and/or others engaged in electronic and non-electronic commerce, problems arise when a consumer fails to remember they have executed a transaction. This situation may arise in part due to the length of time between the transaction and the consumer receiving a billing statement that includes the transaction. Many customer service calls are received from consumers requesting additional documentation regarding specific transactions on their billing statements. Often the consumers have good intentions and literally do not remember the transaction. Upon receipt of a document showing the nature of the transaction, and their signature, a consumer will generally be able to remember the transaction, or recognize the transaction as fraudulent. This process, however, is costly for institutions as it involves maintaining a customer service infrastructures, including personnel, document processing and mailing capabilities.
Problems and costs that exist today in the physical world are likely to become worse in the electronic transaction arena. A particular problem with many current technologies is that consumers are not provided with visual feedback of their signature executing a document or agreement. Also the data provided in billing for electronic transactions may not provide sufficient data for a consumer to recall a transaction.
The foregoing problems, and others, are addressed by the systems of the present invention.
The present invention provides a system that allows individuals to recognize their signatures on electronic documents, and provides information relating to the document, that may enable the individual to understand the document being signed and recall their execution of the document at a later date.
According to the present invention, a digital graphic (digigraphic) signature system comprises a graphic formed by combining details relating to the document being executed, and an individual""s signature. The document details and the individual""s signature may be encrypted utilizing conventional techniques to provide enhanced security. The digital graphic signature may be displayed through a user interface for inspection.
Document details that may be incorporated into the digigraphic signature include:
an abstract of the document being executed;
the body of the document being executed;
excerpts from the body of the document being executed; or
an individual""s notes relating to the document being executed.
In general, it is believed advantageous for many purposes to include at least an abstract comprising a digest of what an individual is actually agreeing to by executing the document. The abstract may also include reference information, including but not limited to, the date, the parties involved, transaction reference numbers and the like. Preferably, the abstract is written in plain (non-legal) terms that are readily understandable to even relatively unsophisticated consumers. Generally, the abstract will be reduced to text for purposes of forming the digigraphic signature. However, for certain applications it may be advantageous for the abstract to include graphic or pictorial information.
For certain transactions, it may be advantageous to include the body of the document being executed, or excerpts from the body of the document being executed, in the digigraphic signature in addition to, or in place of an abstract. The document body, and/or excerpts will generally be reduced to text for purposes of forming the digigraphic signature. However, for certain applications it may be advantageous to include graphic or pictorial information.
As set forth above, document details may further comprise an personal memo area that allows an individual to record information of their own choosing about the document being executed. Preferably, the individual will enter information that will help them remember the transaction in the future. Such information could include, the purpose of the transaction, the nature of the transaction, as well as other details having significance to the individual.
A representation of an individual""s signature may comprise graphical data generated from a graphic of the individual signature. An individual""s signature graphic may be obtained by capturing the pen strokes utilized by an individual to sign their name, for example through the use of a graphics tablet. An individual""s signature graphic may also be obtained by scanning a signature from a physical document. In general, prior to the translation and merging steps described below, an individual""s signature graphic will be similar to the individual""s signature on a physical document.
To produce a digital graphic signature, the document details data and the individual""s signature data are merged. The merging process may include encrypting both sets of data utilizing conventional electronic encryption techniques. Different portions of the document details may be encrypted with public or private keys.
For example, it may be advantageous to encrypt document abstract data with a private key of the individual who is executing the document utilizing convention public key cryptographic techniques. The abstract could then be made accessible to the individual and the other party to the transaction.
The memo text data entered by an individual could be encrypted with a symmetric key known only to the individual. As explained below, this could provide an addition insurance to the individual that the document is not forged and assist them in remembering the transaction.
The document detail data and the individual""s signature data may then be merged, for example utilizing color encoding. In this technique, each data stream is utilized as color values, for example in standard RGB (red, green, blue) color encoding. For example, each byte of an abstract stream may be used to generate blue values, each byte of a memo stream may be utilized to generate green values. A non-changing red value may be used to complete the description. Other color values may also be utilized. For example, CMYK (cyan, magenta, yellow, black) color encoding may be utilized to produce the digital graphic signature with the cyan, magenta, yellow and black color values corresponding to data streams.
The digital graphic signature may be defined as a series of ink strokes using xe2x80x9ccolor-pointsxe2x80x9d, a point defined by relative coordinates with respect to a defined signature area, and a color value. The relative coordinates may comprise x,y coordinates; r,xcex8 coordinates or the like in a two dimensional signature area; or x,y,z coordinates or the like in a three dimensional signature area etc.
Initially, the individual""s signature data may comprise captured strokes of a single color. During the merging process the initial color values are replaced with the encoded cryptotext values. The point positions may be retained to preserve the graphical appearance of the signature.
Differences in the length (byte count) of the signature data and the abstract and/or memo stream data may be handled by a bidirectional padding technique, or similar techniques understood to those of ordinary skill in the art.
If the signature data is longer than either of the abstract or memo data, zero values may be used for the blue and green portions and only the non zero, non changing red value used for the remainder of the signature data. In this way the graphical appearance of the signature is preserved, even when the abstract and/or memo data ends.
If the abstract data and/or the memo data is longer than the signature data, zero point values may be assigned to color-points, while the colors are used to encode the remainder of the messages. The remainder of the message need not assume the graphical representation of the signature data, but may appear as part of the digital graphic signature.
The resulting digital graphic signature may advantageously retain a visual appearance similar to an individual""s physical signature, however will comprise points of red, green and blue color. The relative amounts of red, green and blue points will associate the digital graphic signature with a particular document, as the green and blue points will be generated in response to data specific to a particular document.
As will be understood by those of ordinary skill in the art, different colors, or a different color encoding scheme, may be utilized in a similar fashion to produce a digital graphic signature according to the present invention.
The digigraphic signature may be saved as a data file, for example a *.gif file; *.tiff file; *.pict file; *.jpg file; or the like, and associated and/or stored with data files for the transaction. Preferably, the digigraphic signature is saved in a file type capable of being displayed on a video monitor by popular computer software programs, such as internet browser software, financial transaction software, and/or word processing software.
Thus, in one aspect, a digital graphic signature of the present invention comprises a graphical representation of an individual signature produced from a plurality of points, wherein the plurality of points comprise at least a first set of points corresponding to information particular to a document being executed, and a second set of points corresponding to the individual""s signature.
In another aspect, a digital graphic signature of the present invention comprises a visually recognizable multi-color graphical representation of an individual""s signature capable of being displayed on a video monitor the graphical representation having a unique color scheme corresponding to the document being executed. As used herein the terminology video monitor includes computer video monitors, televisions and the like.
According to the present invention, a digital graphic signature system comprises a digital graphic signature of the present invention and computer software and hardware capable of generating and displaying the digital graphic signature system. The computer hardware may comprise a central processing unit, video monitor display; memory; modem; keyboard; mouse; trackpad; graphics tablet; scanner; printer and/or other generally available computer hardware components. It is generally preferred that the computer hardware include a graphics tablet; electronic pen; touch sensitive screen; mouse; trackball; joy stick; electronic pen; point-of-sale electronic pen apparatus or similar input device for capturing an individual""s signature as xe2x80x9cpen strokesxe2x80x9d. The same input device, or another input device such as a keyboard, is useful for allowing an individual to create a memo data file corresponding to the memo relating to the document being executed.
Computer software useful in systems of the present invention includes encryption software for encrypting data streams and color encoding data streams. Additional software, such as word processing programs, graphics programs, and the like may also be useful, for example, to allow an individual to enter a memo relating to the transaction, and for viewing the digital graphic signature.
The present invention also provides a method for producing a digital graphic signature corresponding to a document executed by an individual, the method comprising:
forming an abstract of the document;
obtaining the individual""s signature;
producing a document abstract data stream from the abstract;
producing a signature data stream from the signature; and
merging the document abstract data stream and the signature data stream into a digital graphic signature.
The method may further comprise:
obtaining memo data from the individual;
producing a document memo data stream; and
merging the document abstract data stream, the document memo data stream and the signature data stream into a digital graphic signature.
In an alternative embodiment, the present invention provides a method for producing a digital graphic signature corresponding to a document executed by an individual, the document method comprising:
selecting details relating to the document;
forming an abstract of the document;
obtaining the individual""s signature;
producing a document details data stream from the details;
producing a document abstract data stream from the abstract;
producing a signature data stream from the signature; and
merging the document details data stream; the document abstract data stream and the signature data stream into a digital graphic signature.
This method may further comprise:
obtaining memo data from the individual;
producing a document memo data stream; and
merging the document details data stream; the document abstract data stream, the document memo data stream and the signature data stream into a digital graphic signature.
The data streams may be obtained and merged utilizing the techniques described above and in greater detail below. In addition, the data streams may be encrypted.
In a further aspect, the present invention provides a method and means for providing a private communication between two parties, for example two parties to a transaction. The present invention provides a functionality referred to herein as a xe2x80x9cdigital graphic signetxe2x80x9d or a xe2x80x9cdigigraphic signetxe2x80x9d. The digital graphic signet may provide additional functionality to the digital graphic signatures of the present invention discussed herein. As will be understood by those of ordinary skill in the art, the digital graphic signet may also be utilized independently.
As discussed herein, the digital graphic signature, systems and methods of the present invention provide increased functionality in comparison with digital signatures and digital certificates alone. They address the consumer perceptual need to feel comfortable with signing a digital document, and to be able to recognize a digital document they have signed, while having assurances that their signature was not forged, and it was not copied from another document.
The signatures, systems and methods of the present invention add a human factor to conventional cytography that makes it recognizable and useful, for example by allowing a memo that assists the signatory in remembering the transaction. Additional benefits are that digital graphic signatures according to the present invention are generally smaller than conventional digital certificates, and therefore may be more desirable for storage purposes and to reduce network traffic loads. They are unique in the digital signature world in that their content may include representing a recognizable graphic of a handwritten signature while also containing digital signature information, using the most appropriate prevailing cryptographic techniques.
As discussed herein, a digital graphic signature of the present invention may utilize a technique similar to steganography to encode a signatory""s memo in the green color bytes, and the document""s abstract in the blue color bytes, into a graphic representation of their hand written signature.
The technique is not necessarily technically steganography as it is not strictly necessary to hide the fact that there are messages present and encoded into the graphic. Therefore, DigiGraphic signatures do not attempt to hide the content of a communication between two or more parties. The memo is intended only for the signatory""s use, and uses a secret key known only to the signatory. Any third party with the signatory""s public key can verify the signature. Its purpose is for the authentication of the signatory, and to ensure non-repudiable transactions, not for encryption of private communications. It should be understood, however, that it is possible to encrypt a digital graphic signature of the present invention and such embodiments fall within the scope of the present invention. An advantage of embodiments of the present invention is that further encryption may not be necessary.
The terminology digital graphic xe2x80x9csignetxe2x80x9d is borrowed from the ancient notion of a signet ring, which was used to seal a private communication between two parties. The analogy breaks down quickly, however, for in the ancient world, a broken seal indicated that the privacy had been compromised. It could not prevent the privacy from being compromised. According to the present invention a digital graphic signet is an embodiment of a digital graphic signature of the present invention that further includes a confidential communication between two parties. The digital graphic signet utilizes a color value, for example the red color value in a RGB color scheme for the encoding and transmitting of a confidential communication. Further details are set forth below.
A digital graphic signet of the present invention may also be utilized in a method of the present invention by encoding a confidential communication in a data stream.
The digital graphic signature, digital graphic signet, systems and methods of the present invention may be advantageously utilized in electronic transactions, including transactions over the internet and network systems. The digital graphic signature system of the present invention may also be advantageously utilized in conjunction with information banking and virtual wallets such as those described in U.S. patent application Ser. No. 09/190,993 filed Nov. 12, 1998, entitled xe2x80x9cVirtual Wallet System xe2x80x9d; and U.S. patent application Ser. No. 09/190,727 filed Nov. 12 1998, entitled xe2x80x9cInformation Bankingxe2x80x9d and related technologies described in U.S. patent application Ser. No. 09/291,294, filed Apr. 14, 1999, entitled xe2x80x9cSystem and Method for Securely Storing Electronic Dataxe2x80x9d; and U.S. patent application Ser. No. 09/291,295, filed Apr. 14, 1999, entitled xe2x80x9cSystem and Method for Controlling Transmission of Stored Information to Internet Websitesxe2x80x9d. The disclosure of each of these applications is hereby incorporated herein by reference.
The advantages of the digital graphic signature system and method of the present invention include the following.
An individual may visually recognize their own signature.
In previous alternatives, a graphic could be included with the document of the individual""s signature. However, traditional graphics are easily copied and therefore relatively simple to forge. Additionally, there is nothing inherent about a traditional graphic that securely associates the graphic with a document being executed. In contrast, the digital graphic signature created utilizing the present invention is relatively difficult to forge and associated with the document being executed.
An additional advantage is that the digital graphic signature of the present invention may be verified. To verify that the individual was indeed the person who executed the document, the known, public key could be utilized to decrypt the abstract portion of the signature. According to the present invention, this abstract is encoded into the graphic signature. The abstract should match exactly the document abstract that is not encrypted in the document. This demonstrates that the document was signed by the consumer (because they were the only person in possession of the private key that produced the signature) and that the disnature is associated to a specific document due to the abstracts matching.
In addition, the individual may use their secret key to read the memo encoded into the graphic signature. Insofar as the memo is not in the document, and cannot be decrypted by anyone else, unlike the abstract, the memo provides the individual with an additional assurance that the document was not forged. The memo may also assist the individual in remembering the document.
An advantage of a digital graphic signet embodiment of the present invention is that a digital graphic signature may include a confidential communication between two parties.
Further details and advantages of the present invention will become apparent from the following description and the appended figures.