In addition to the handwritten signature customary today, there is a need, particularly with documents and also with arbitrary data records, for an electronic signature to be possible and legally recognized. In this context, the use of an electronic signature means that a hash value for the data that is to be signed is encrypted and this encrypted form is transmitted to the recipient together with the original data. A hash value is a form of the original data that has been encrypted or transformed by a one-way function. Since the recipient knows from whom the data originates, the recipient can use a key that is assigned to the sender and is known to the recipient to decrypt the encrypted data, and the recipient can transform the original data received using the hash function that is also known to him. The recipient can infer the correctness of the signature from the match between the transformed original data and the decrypted data and, in this manner, can unambiguously associate the data received with the aforementioned sender.
Such a method has been disclosed in WO 97/12460.
To ensure that the signature is extremely difficult to forge, complex algorithms have to be used for encryption. However, on the one hand, this means that the data to be encrypted must be in as compact a format as possible in order to keep the encryption time as short as possible.
On the other hand, however, programs such as those sold under the trademarks WINWORD and EXCELL are used to create the original data in order to obtain as clear and user-friendly a representation as possible. However, such original data files then contain contain a wealth of control characters, which often take up more space than the actual xe2x80x9cuseful dataxe2x80x9d.
Devices or systems for producing electronic signatures, that is to say, in general terms, for encrypting data, usually have a PC which is usually provided with peripheral units such as a screen, a keyboard and a printer.
Data is advantageously encrypted using smart cards which store the encryption algorithm or algorithms and the secret key or keys assigned to the user. This means that each user is able to carry his key and the algorithm or algorithms with him easily so that any PC or other devices, such as fax or telex machines, can be used. There is thus an additional need for a smart card reader which, in present-day systems, is controlled by the operating system of the PC or of another data creation and/or a transmission medium.
Since the data to be encrypted must be in as compact a format as possible, it will thus generally be in a different format, at the time of encryption, than the format shown on the screen. However, this means that the user can never be sure whether the data that is to be encrypted really corresponds to the data currently being displayed on the screen. This is of increased concern as electronic signatures are usefully used on networked PCs in order to be able to send documents signed in this manner directly from the PC to the recipient via the network. However, this provides the possibility that files can be loaded into the PC via the network that allow manipulation of the data which is to be encrypted.
In this way, it is possible that, although a delivery order for a company X is displayed on the screen, files which are unknown to the user and have been loaded into his PC via the network cause a delivery order for the company Y to be transmitted to the smart card reader, whereupon the delivery order is provided with the electronic signature and is then sent to the company Y.
This opportunity for abuse would probably be easy to spot, so that the customer would suffer no actual damage, but this would mean that an electronic signature would be worthless in the legal sense and would not be generally recognized.
It is accordingly an object of the invention to provide a device that can assure that the data to be signed actually corresponds to the data provided by the user.
With the foregoing and other objects in view there is provided, in accordance with the invention, a device for reliably creating electronic signatures that includes a data carrier read/write device, a data generating device, and a display device. The data carrier read/write device is for receiving a portable data carrier storing a user-specific key and an algorithm used to generate an electronic signature. The data generating device is connected to the data carrier read/write device for transmitting data to the data carrier read/write device. The display device is connected to the data generating device to display the data that has been transmitted to the data carrier read/write device. The data carrier read/write device includes an actuating element operatively connected to the data carrier read/write device and operatively connected to the portable data carrier when the portable data carrier is received by the data carrier read/write device. The data carrier read/write device is configured to encrypt the data that has been transmitted to the data carrier read/write device to form the electronic signature only when the actuating element is actuated by a user.
In accordance with an added feature of the invention, the data carrier read/write device is connected between the data generating device and the display device.
In accordance with an additional feature of the invention, the data carrier read/write device is connected in parallel with the display device.
In accordance with a concomitant feature of the invention, the data carrier read/write device is certified by an approved authority.
In most PC systems, it is possible to connect different peripheral units from all possible manufacturers. In order for the PC to be able to communicate with these peripheral units, so-called drivers, for example display screen drivers or printer drivers, need to be installed in the operating system.
These drivers are programs that use a standard format to create a data format that can be read by the appropriate screen or printer. It is therefore customary to provide a PC with the possibility of creating such a standard format from the PC""s own format. Programs are likewise used for this, and these are called front end drivers, whereas the peripheral unit drivers are called back end drivers.
There is currently still no uniform standard format, however, roughly half of all PCs on the market have access to the so-called PostScript format. Most peripheral units can also be driven directly using this PostScript format.
According to the invention, a line between the PC and a displaying peripheral unit, or in parallel with the peripheral unit, is provided with a certified data medium read/write device into which the data to be signed is read and this data can be shown on the displaying peripheral unit, for example a printer or a screen, for the purpose of checking for correctness. The electronic signature is created or the signed data is sent back to the PC only after active confirmation by the user. This ensures that this confirmation procedure cannot be controlled by the PC.
The advantage provided by this device is that the user can check the displaying peripheral unit to see which data has been read into the smart card for signing. Although the representation is not as convenient as in known commercial word processing programs, there is the assurance that the format is the same as the format of the data that has been read into the smart card. In this way there could have been no manipulation by a further program possibly loaded into the PC. Since the data medium read/write device is completely self-sufficient and cannot be driven by the PC, but merely obtains data from the PC, there is no opportunity for abuse. However, a precondition for this is that this data medium read/write device is xe2x80x9ccertifiedxe2x80x9d, that is to say that it must be checked by an approved authority and sealed, for example.
The data medium read/write device advantageously has a button or other actuating element which the user or signer has to press before the signed document or piece of writing is created and/or sent. It is up to the signer, as is also the case with the signature hitherto, whether he wishes to check the correctness of the piece of writing or whether he is simply just signing, for example by pressing a button. In any case, actuating the actuating element signifies a clear expression of intent.
Other features which are considered as characteristic for the invention are set forth in the appended claims.
Although the invention is illustrated and described herein as embodied in a device for reliably creating electronic signatures, it is nevertheless not intended to be limited to the details shown, since various modifications and structural changes may be made therein without departing from the spirit of the invention and within the scope and range of equivalents of the claims.
The construction and method of operation of the invention, however, together with additional objects and advantages thereof will be best understood from the following description of specific embodiments when read in connection with the accompanying drawings.