Electronic signature framework with enhanced security
First Claim
1. A computer-implemented electronic signature acquisition method comprising:
- providing a short-term storage resource that is administered by an electronic signature server, and that is configured to store digital assets managed by the electronic signature server;
providing a long-term storage resource that is administered by the electronic signature server;
receiving, from a document originator, a document that is to be distributed to a document recipient as part of an electronic signature workflow that is managed by the electronic signature server, wherein the document includes one or more document terms;
receiving, from the document originator, one or more parameters that define a data retention policy;
receiving, from the document recipient, an indication of assent to the one or more document terms included in the document;
storing an electronically signed version of the document in the short-term storage resource;
generating document audit data characterizing the signed version, wherein the document audit data includes at least one of a document identifier, a signatory identifier, a digital signature and a signature timestamp;
saving the document audit data in the long-term storage;
sending a notification to the document originator and the document recipient indicating that the signed version of the document will be removed from the short-term storage resource at a specified time; and
removing the signed version of the document from the short-term storage resource at the specified time, and in accordance with the data retention policy, wherein after said removing the electronic signature server does not retain a copy of the document.
2 Assignments
0 Petitions
Accused Products
Abstract
Improved document processing workflows provide a secure electronic signature framework by reducing attack vectors that could be used to gain unauthorized access to digital assets. In one embodiment an electronically signed document is removed from an electronic signature server after signed copies of the document are distributed to all signatories. The electronic signature server optionally retains an encrypted copy of the signed document, but does not retain the decryption password. This limits the amount of data retained by the electronic signature server, making it a less attractive target for hackers. However, the electronic signature server still maintains audit data that can be used to identify a signed document and validate an electronic signature. For example, a hash of the document (or other document metadata) can be used to validate the authenticity of an electronically signed document based on a logical association between an electronic signature and the signed document.
-
Citations
7 Claims
-
1. A computer-implemented electronic signature acquisition method comprising:
-
providing a short-term storage resource that is administered by an electronic signature server, and that is configured to store digital assets managed by the electronic signature server; providing a long-term storage resource that is administered by the electronic signature server; receiving, from a document originator, a document that is to be distributed to a document recipient as part of an electronic signature workflow that is managed by the electronic signature server, wherein the document includes one or more document terms; receiving, from the document originator, one or more parameters that define a data retention policy; receiving, from the document recipient, an indication of assent to the one or more document terms included in the document; storing an electronically signed version of the document in the short-term storage resource; generating document audit data characterizing the signed version, wherein the document audit data includes at least one of a document identifier, a signatory identifier, a digital signature and a signature timestamp; saving the document audit data in the long-term storage; sending a notification to the document originator and the document recipient indicating that the signed version of the document will be removed from the short-term storage resource at a specified time; and removing the signed version of the document from the short-term storage resource at the specified time, and in accordance with the data retention policy, wherein after said removing the electronic signature server does not retain a copy of the document. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification