TECHNICAL FIELD

The present invention in general relates to a system and method for authenticating and enrolling a user for Digital Signature Certificate (DSC)

BACKGROUND
Now-a-days, as the use of internet has increased, all the commercial sectors use the facilities of e-commerce. Previously, people had to personally travel to various offices and complete their monetary submissions related to their transactions. This would be very time consuming. Unlike now, there are various facilities which enable users to complete their transactions or exchange of data via internet media within a small duration of time. Such phenomenon may be enabled by using one or more electronically configured and authenticated devices such as Digital Signature Certificate etc.
An USB Token is a small piece of electronic equipment that provides a secure storage device, which safe guards the Digital Signature Certificate, (Non-Repudiation). The digital signature is a digital code which is attached to an electronically transmitted document to verify its contents and the sender’s identity.
As per Section 18 of The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on asymmetric cryptosystems. The digital signatures are now accepted at par with handwritten signatures and the electronic documents that have been digitally signed are treated at par with paper documents.
The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users.
Computer network security addresses several problems, namely data secrecy, integrity, authentication and digital signature problems. Data secrecy and integrity are the problems of secret and reliable data communication between two communicating entities. On the other hand, authentication and digital signatures deal with the identity proof among the users of the network. Authentication only allows identity proof to the peer entity, whereas digital signatures allow identity proof to anyone. In many cases, such identity proofs provided may be fake.
Therefore, there is a long standing need for a full proof system and method for authenticating and enrolling an applicant for Digital Signature Certificate (DSC).

SUMMARY

Before the present system and its method of use is described, it is to be understood that this disclosure is not limited to the particular system and its arrangement as described, as there can be multiple possible embodiments which are not expressly illustrated in the present disclosure. It is also to be understood that the terminology used in the description is for the purpose of describing the particular versions or embodiments only, and is not intended to limit the scope of the present application. This summary is not intended to identify essential features of the subject matter nor it is intended for use in detecting or limiting the scope of the proposed subject matter.

In one implementation, a system for authenticating and enrolling a user for Digital Signature Certificate (DSC) is illustrated. The system may comprise a processor and a memory coupled with the processor. The memory may be configured to store all the necessary information of one or more users. The processor may be configured to execute programmed instructions stored in the memory. In one aspect, the processor may execute instructions for detecting the USB token wherein the USB token may be electronically coupled with the processor through the USB port. The USB token may be pre-embedded with a unique ID. The USB token may comprise a processor, capable of creating a digital signature certificate. The processor may execute instructions for identifying the brand of the USB token. The processor may execute instructions for identifying a unique ID pre-embedded in the USB token. Further, based on the unique ID identified or fetched by the processor, the processor may be configured to validate the user by mapping the necessary data of the user stored in the memory or accessed in real time through internet. In one embodiment, the necessary data of the user may comprise unique identification means such as Adhar card details of the user, geolocation of the user, authentication information of the user such as user’s eligibility and like data. The necessary data may not be limited to said data. Further, the processor may execute instructions for checking whether the license of the USB token is available or not. Said checking may be based on the identified unique ID of the USB token. Further, the processor may execute instructions for enrolling a user of the USB token based on the unique ID fetched by the processor. In one embodiment, the user may be enrolled only if the validation result of the user appears to be positive based on the mapping performed by the processor. Said enrolment may be enabled by the variety of software and hardware interfaces. Further, during enrolment of the user, the processor may execute instructions for authenticating the user via unique identification means of the user or via auto populating to the system, a onetime password generated on the system. Although it is mentioned onetime password but may not be limited to said password. Furthermore, the processor may execute instructions for verifying the authentication performed. Further if the verification results performed by the processor are positive or accurate, then the processor of the USB token may execute instructions for creating a valid digital signature certification based on the unique ID of the USB token. Further the processor of the system may execute instructions to fetch the digital signature certification. Further the processor of the system may execute instructions to display the digital signature certification on the display of the system. In one embodiment, while renewal or upgrading the digital signature certification, the system may perform the similar procedure enabling renewal or updating of the digital signature certification by a validated user only.

In another implementation, a method for authenticating and enrolling a user for Digital Signature Certificate (DSC) is illustrated. The method may comprise detecting via processor the USB token wherein the USB token may be electronically coupled with the processor through the USB port. The USB token may be pre-embedded with a unique ID. The method may comprise identifying via processor, the brand of the USB token. The method may further comprise identifying via processor, a unique ID pre-embedded in the USB token. Further, based on the unique ID identified or fetched by the processor, the method may comprise, validating via processor, the user by mapping the necessary data of the user stored in the memory or accessed in real time through internet. Further, the method may comprise checking via processor, whether the license of the USB token is available or not. Said checking may be based on the identified unique ID of the USB token. Further, the method may comprise enrolling via processor, a user of the USB token based on the unique ID fetched by the processor. In one embodiment, the user may be enrolled only if the validation result of the user appears to be positive based on the mapping performed by the processor. Further, during enrolment of the user, the method may comprise authenticating via processor, the user via unique identification means of the user or via auto populating to the system, a onetime password generated on the system. Furthermore, the method may comprise verifying via processor, the authentication performed. Further if the verification results performed by the processor are positive or accurate, then the method may comprise, creating via processor of the USB token, a valid digital signature certification based on the unique ID of the USB token. Further the method may comprise fetching via processor of the system, the digital signature certification. Further the method may comprise, displaying via the processor of the system, the digital signature certification on the display of the system.

BRIEF DESCRIPTION OF THE DRAWINGS
The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to refer like features and components.
Figure 1 illustrates, a system 101 for authenticating and enrolling a user for Digital Signature Certificate (DSC).
Figure 2 illustrates the system 101 and its components.
Figure 3 illustrates a method 300 for authenticating and enrolling a user for Digital Signature Certificate (DSC).

DETAILED DESCRIPTION

Some embodiments of this disclosure, illustrating all its features, will now be discussed in detail. The words "comprising," "having," "containing," and "including," and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items.

It must also be noted that, the singular forms "a," "an," and "the" include plural references unless the context clearly dictates otherwise. Although any methods similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present disclosure, the exemplary methods are now described. The disclosed embodiments are merely exemplary of the disclosure, which may be embodied in various forms.

Various modifications to the embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. However, one of ordinary skill in the art will readily recognize that the present disclosure is not intended to be limited to the embodiments illustrated, but is to be accorded the widest scope consistent with the principles and features described herein.

Referring to figure 1, a network implementation of a system 101 for authenticating and enrolling a user for Digital Signature Certificate (DSC) is illustrated, in accordance with an embodiment of the present subject matter is illustrated. The system 101 for authenticating and enrolling a user for Digital Signature Certificate (DSC) may be provided comprising a display, a keypad, a processor 201, a memory 203 coupled with the processor 201 and a USB token 103 wherein said USB token 103 may be electronically coupled with the processor 201.

Although the present subject matter is explained considering that the system 101 is implemented as on a server, it may be understood that the system may also be implemented in a variety of computing systems, such as a laptop computer, a desktop computer, a notebook, a workstation, a mainframe computer, a server, a network server, a mobile phone and the like. It will be understood that the system may be accessed by multiple users through the keypad and display of the system.
In one implementation, the processor 201 of the system 101 may use different types of networks 102, such as intranet, local area network (LAN), wide area network (WAN), the internet, and the like to fetch and store a necessary data related to a user in the memory 203. The network 102 may either be a dedicated network or a shared network. The shared network represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application Protocol (WAP), and the like, to communicate with one another. Further the network may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, and the like.

Referring to figure 2, the processor 201, a memory 203, a Random-Access Memory (RAM), a network adapter, I/O pins 202, and a UART port may be configured to form a processing unit. In one embodiment, the processor 201 may be electronically coupled with the memory 203, the RAM, the network adapter, a USB port, the I/O pins and the UART port. In one embodiment, the display and the keypad may be electronically coupled with the processor 201 via the I/O pins 202. In one embodiment, the USB port may be configured to provide communication network between the processing unit and the USB token 103.

In one embodiment, the system 101 may comprise at least one processor 201, an input/output (I/O) interface 202, a memory 203, modules 204 and data 214. In one embodiment, the at least one processor 201 may be configured to fetch and execute computer-readable instructions stored in the memory 203.

In one embodiment, the I/O interface 202 may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like. The I/O interface 202 may allow the system 101 to interact with the USB token 103. The I/O interface 202 can facilitate multiple communications within a wide variety of networks and protocol types, including wired networks, for example, LAN, cable, etc., and wireless networks, such as WLAN, cellular, or satellite. The I/O interface may include one or more ports for connecting to another server.

In an implementation, the memory 203 may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and memory cards. The memory 203 may include modules 204 and data 214.

The modules 204 include routines, programs, objects, components, data structures, etc., which perform particular tasks, functions or implement particular abstract data types. In one implementation, the modules 204 may program instructions and other modules. The modules 204 may further comprise modules such as detection module 205, identification module 206, validation module 207, checking module 208, enrolment module 209, authentication module 210, verification module 211, fetching module 212, and displaying module 213. The other modules may include programs or coded instructions that supplement applications and functions of the USB token 103.

In one embodiment, the data 214 may comprise all the necessary data of one or more users. In an exemplary embodiment, the necessary data 214 may comprise data and information of a unique identification means of one or more users, geolocation of the users, authentication information of the users and like data. In one embodiment, said necessary data 214 may be fetched by the processor 201 via internet and stored in the memory 203. The other data may include data generated as a result of the execution of one or more modules.

Now referring to figures 1 and 2, a system 101 and its components for authenticating and enrolling a user for Digital Signature Certificate (DSC) is illustrated. The system 101 may comprise a processor 201 and a memory 204 coupled with the processor 201. The memory 203 may be configured to store all the necessary information of one or more users. The processor 201 may be configured to execute programmed instructions stored in the memory 203. In one aspect, the processor 201 may execute instructions through detecting module 205, for detecting the USB token 103 wherein the USB token 103 may be electronically coupled with the processor 201 through the USB port. The USB token 103 may be pre-embedded with a unique ID. The USB token 103 may comprise a processor, capable of creating a digital signature certificate. The processor 201 may execute instructions through identification module 206, for identifying the brand of the USB token 103. The processor 201 may also execute instructions for identifying a unique ID pre-embedded in the USB token 103. Further, based on the unique ID identified or fetched by the processor 201, the processor 201 may be configured to validate through the validating module 207, the user by mapping the necessary data 214 of the user stored in the memory 203 or accessed in real time through internet. In one embodiment, the necessary data 214 of the user may comprise unique identification means such as Adhar card details of the user, geolocation of the user, authentication information of the user such as user’s eligibility and like data. The necessary data 214 may not be limited to said data. Further, the processor 201 may execute instructions for checking, through the checking module 208, whether the license of the USB token 103 is available or not. Said checking may be based on the identified unique ID of the USB token 103. Further, the processor 201 may execute instructions for enrolling through enrolment module 209, a user of the USB token 103 based on the unique ID fetched by the processor 201. In one embodiment, the user may be enrolled only if the validation result of the user appears to be positive based on the mapping performed by the processor 201. Said enrolment may be enabled by the variety of software and hardware interfaces. Further, during enrolment of the user, the processor may execute instructions for authenticating, through authentication module 210, the user via unique identification means of the user or via auto populating to the system, a onetime password generated on the system. Although it is mentioned onetime password but may not be limited to said password. In an exemplary embodiment, unique identification means may comprise but may not be limited to biometric details or the user, Adhar card details of the user, iris details of the user or like details and information of the user. Furthermore, the processor may execute instructions for verifying, through verification module 211, the authentication performed. Further if the verification results performed by the processor are positive or accurate, then the processor of the USB token may execute instructions for creating a valid digital signature certification based on the unique ID of the USB token. Further the processor 201 of the system 101 may execute instructions to fetch through fetching module 212, the digital signature certification. Further the processor 201 of the system 101 may execute instructions to display, through displaying module 213, the digital signature certification on the display of the system 101. In one exemplary embodiment, the USB token 103 may comprise but may not be limited to a digital signature or like devices and digital signature certification may comprise but may not be limited to a digital signature certificate.
In one embodiment, while renewal or upgrading the digital signature certification, the system 101 may perform the similar procedure enabling renewal or updating of the digital signature certification by a validated user only. Said system may be configured to reduce fake authentication and enrolment of user.

Referring to figure 3, a method 300 for authenticating and enrolling a user for Digital Signature Certificate (DSC) is illustrated. The method at step 301 may comprise detecting via processor 201 the USB token 103 wherein the USB token 103 may be electronically coupled with the processor 201 through the USB port. The USB token 103 may be pre-embedded with a unique ID. The method may at step 302 comprise identifying via processor 201, the brand of the USB token 103. The method at step 303 may further comprise identifying via processor 201, a unique ID pre-embedded in the USB token 103. Further, based on the unique ID identified or fetched by the processor 201, the method at step 304 may comprise, validating via processor 304, the user by mapping the necessary data of the user stored in the memory 203 or accessed in real time through internet. Further, the method at step 305 may comprise checking via processor 201, whether the license of the USB token 103 is available or not. Said checking may be based on the identified unique ID of the USB token 103. Further, the method at step 306, may comprise enrolling via processor 201, a user of the USB token 103 based on the unique ID fetched by the processor. In one embodiment, the user may be enrolled only if the validation result of the user appears to be positive based on the mapping performed by the processor. Further, during enrolment of the user, the method at step 307, may comprise authenticating via processor 201, the user via unique identification means of the user or via auto populating to the system, a onetime password generated on the system. Although it is mentioned onetime password but may not be limited to said password. In an exemplary embodiment, unique identification means may comprise but may not be limited to biometric details or the user, Adhar card details of the user, iris details of the user or like details and information of the user. Furthermore, the method at step 306, may comprise verifying via processor 201, the authentication performed. Further if the verification results performed by the processor 201 are positive or accurate, then the method may comprise, creating via processor of the USB token 103, a valid digital signature certification based on the unique ID of the USB token. Further the method may comprise at step 307, fetching via processor 201 of the system 101, the digital signature certification. Further the method may comprise, displaying via the processor 201 of the system 101, the digital signature certification on the display of the system 101.

The embodiments, examples and alternatives of the preceding paragraphs, the description, including any of their various aspects or respective individual features, may be taken independently or in any combination. Features described in connection with one embodiment are applicable to all embodiments, unless such features are incompatible.

Although implementations for a system and method for authenticating and enrolling a user for Digital Signature Certificate (DSC) have been described in language specific to structural features and/or methods, it is to be understood that the disclosure is not necessarily limited to the specific features or methods described. Rather, the specific features and methods are disclosed as examples of implementations for a system and method authenticating and enrolling a user for Digital Signature Certificate (DSC).

We claim:

1. A system 101 for authenticating and enrolling a user for Digital Signature Certificate, comprising:
a USB interface;
a processor 201; and
a memory 203 coupled with the processor 201, wherein the processor 201 is configured to execute programmed instructions stored in the memory 203 for:
detecting, a USB token 103 wherein the USB token 103 comprises an internal processor and is electronically coupled with the processor 201 through the USB interface, wherein said USB token 103 is pre-embedded with a unique ID and capable of creating a digital signature certificate;
identifying, the brand of the USB token 103;
identifying, the unique ID pre-embedded in the USB token 103;
validating, a user of the USB token 103 by mapping necessary data 214 of the user stored in the memory 203 or accessed in real time through wireless communication connectivity;
checking, availability of license of the USB token 103;
enrolling, the user of the USB token 103 based on the unique ID fetched by the processor 201;
authenticating, the user via unique identification means of the user or via auto populating to the system 101;
verifying, the authentication to prompt the internal processor of USB token 103 to create valid digital signature certification based on the unique ID;
fetching, the digital signature certification; and
displaying, the digital signature certification on a display of the system 101.
2. The system 101 for authenticating and enrolling a user for Digital Signature Certificate of claim 1, wherein said necessary data 214 of the user comprises unique identification means such as Adhar card details of the user, geolocation of the user, authentication information of the user such as user’s eligibility and like data.
3. The system 101 for authenticating and enrolling a user for Digital Signature Certificate of claim 1, wherein said checking is based on the identified unique ID of the USB token 103.
4. The system 101 for authenticating and enrolling a user for Digital Signature Certificate of claim 1, the user is enrolled only if the validation result of the user appears to be positive based on the mapping performed by the processor 201.
5. The system 101 for authenticating and enrolling a user for Digital Signature Certificate of claim 1, wherein if the verification results performed by the processor 201 are positive or accurate, then the internal processor of the USB token 103 executes instructions for creating a valid digital signature certification based on the unique ID of the USB token 103.
6. The system 101 for authenticating and enrolling a user for Digital Signature Certificate of claim 1, wherein the system 101 is implemented in a variety of computing systems, such as a laptop computer, a desktop computer, a notebook, a workstation, a mainframe computer, a server, a network server, a mobile phone and the like.
7. A method 300 for authenticating and enrolling a user for Digital Signature Certificate, comprising:
detecting, via a processor 201, a USB token 103 wherein the USB token 103 comprises an internal processor and is electronically coupled with the processor 201 through the USB interface wherein said USB token 103 is pre-embedded with a unique ID and capable of creating a digital signature certificate;
identifying, via the processor 201, the brand of the USB token 103;
identifying, via the processor 201, the unique ID pre-embedded in the USB token 103;
validating, via the processor 201, a user of the USB token 103 by mapping necessary data 214 of the user stored in the memory 203 or accessed in real time through wireless communication connectivity;
checking, via the processor 201, availability of license of the USB token 103;
enrolling, via the processor 201, the user of the USB token 103 based on the unique ID fetched by the processor 201;
authenticating, via the processor 201, the user via unique identification means of the user or via auto populating to the system 101;
verifying, via the processor 201, the authentication to prompt the internal processor of USB token 103 to create valid digital signature certification based on the unique ID;
fetching, via the processor 201, the digital signature certification; and
displaying, via the processor 201, the digital signature certification on a display of the system.

8. The method 300 for authenticating and enrolling a user for Digital Signature Certificate of claim 7, wherein while renewal or upgrading the digital signature certification, the system 101 may perform the similar procedure enabling renewal or updating of the digital signature certification by a validated user only.
Dated this 7th day of May 2018

Priyank Gupta
Agent for the Applicant
IN/PA- 1454