This guarantee, which is necessary for the legal security of contractual and/or financial operations conducted in a purely electronic form, is expressed by the acronym WYSIWYS, or “What You See Is What You Sign”.
To ensure an integrity control of the generated and displayed files, a document US 2001/049789 proposed during the creation of a work file by a server to associate to this work file an initial digital fingerprint. In addition, the server uses a display processor to generate a display file from which a second digital fingerprint is made. Then the server transmits to a client the work file as well as the two fingerprints so that, on the one hand, the client can check the integrity of the work file and, on the other hand, the client generates with a reliable display processor a display file for which it calculates the fingerprint to compare it with the second fingerprint received from the server and check the conformity of the display file. The disadvantage of such a method is that a reliable display processor is needed at the client level so that it will not be easy to change the work file format. In addition, the entire work file has to be transmitted to the client, which can pose problems if the file is very big.
A publication titled “Robust WYSIWYS: A Method for Ensuring What You See Is What You Sign” by Audun Josang and Bander AlFayyadh [(AISC2008) (CRPPIT Vol. 81 Ljiljana, Brankovic and Mirka Miller, Eds)] proposed to implement a digital camera in order to acquire a digital image from the screen on which the graphic representation of the file to be signed is displayed. The photographed digital image then undergoes a character recognition process which generates a file that is compared to the file to be signed. In case of a positive comparison, a “matching” signal is sent to the user so that he can initiate the electronic signature process. The implementation of such a digital camera renders, in practice, such a procedure unusable for the validation of a large number of transactions or for long documents which are not liable to display on only one screen. In addition, character recognition processings necessarily result in recognition errors which are liable to adversely affect the reliability of such a procedure.
In order to also respond to security needs in terms of electronic signature relating to the effectively signed file, a patent application EP 1 055 989 proposed to implement a reliable display processor integrated in a secure work hardware environment, such as a smart card or a processor and a secure memory or reliable memory different from the computer system processor and memory on which the electronic signature process is implemented. The reliable display processor generates the images of the file to be signed, which then are electronically signed. Such a system allows effectively signing images considered to be accurate of the file to be signed, but has the disadvantage of requiring a reliable display processor implemented in a reliable hardware environment at the client station. Such a system also has the disadvantage of requiring a display processor for each type of file liable to be signed. In addition, the file with effectively a signature is an image file which is not exploitable as such in automated data processing processes.
Therefore, it seems that a real need exists for a new authentic signature method for a work document which is easy to implement at the station of the work document sender as well as at the station of the user who should electronically sign this document. There exists also the need for an authentic signature method which offers to the user a guarantee that his commitment relates effectively to the elements which were displayed on his workstation before the signature process was initiated. There also exists the need for an authentic signature method which allows having the work document certified authentic and signed in a format directly exploitable by an automated data processing system. It also seems that there is a need for an authentic signature method which can be implemented with the work document's various format types in order to be able to keep pace with technical evolutions and the evolutionary needs of the work document formats according to the applications. Moreover, there exists the need to have a signature method which can be implemented from a client station without any special additional hardware device.