InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Apparatus and Method for Web Form Signature

IP.com Disclosure Number: IPCOM000241131D
Publication Date: 2015-Mar-30
Document File: 4 page(s) / 63K

Publishing Venue

The IP.com Prior Art Database


This invention describes a signature mechanism by extending browsers to detect and sign the user submitted web-based forms automatically, and makes th submitted data non-repudiable.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 60% of the total text.

Page 01 of 4

Apparatus and Method for Web Form Signature

Today's Problems:

     Nowadays, electronic forms is one of the most important kinds of applications in Web. But there is no protogenic signature mechanism in HTML forms, and it limits the usage of HTML forms applications. This disclosure introduce a method for HTML form which can sign the submitted form automaticlly, and the signature can verify who submitted the forms and the content are not tampered.

Prior Arts:

1. Electronically signed HTML forms US 20020178187 A1

Drawback: It can not avoid the hostile falsify on Form itself. Suppose user submits a form with signature, all his submitted data are protected, while the form is possibly modified by the form designer on server side, all user's submitted data will be distorted.

2. Server-side digital signature system

US 20050114670 A1

Drawback: The signature private key is stored on the server, it can be overcome by XSS attack, and not safe for end users

This disclosure describes a signature mechanism by extending browsers to detect and sign the user submitted HTML forms automatically to make the user submitted data non-repudiable. Also, it doesn't require any additional work on the user part.

One implementation defines a new protocol schema, for example, signedhttp and(or) signedhttps. When use these protocol schema, user's certificate(private key) must be imported to browsers in advance. And server must generate a form-uuid for each submitted form.


Page 02 of 4

Figure 1