SYSTEM AND METHOD FOR HIGH TRUST CLOUD DIGITAL SIGNING
A computer system receives specification of (i) a document that requires a high trust digital signature and (ii) a first signer to apply the high trust digital signature to the document. The computer system sends, to a first device associated with the first signer, a signature request for the document. The computer system sends, to the first device, the document that requires the high trust digital signature. The computer system obtains, from the first device, one or more signer verification elements. The signer verification elements include one or more of: a signer-specific password, a one-time signer authentication code, and a reason for signing the document, the reason being specified by the first signer. The computer system validates the one or more signer verification elements.
This application is a continuation of U.S. patent application Ser. No. 16/632,248, filed Jan. 17, 2020, entitled “System and Method for High Trust Cloud Digital Signing and Workflow Automation in Health Sciences,” which is a National Stage Entry of PCT Application No. PCT/US2014/069138, filed Dec. 8, 2014, entitled “System and Method for High Trust Cloud Digital Signing and Workflow Automation in Health Sciences,” which claims priority to U.S. Provisional Patent Application No. 61/913,829, filed Dec. 9, 2013, entitled “System and Method for High Trust Cloud Digital Signing and Workflow Automation in Health Sciences,” each of which is incorporated by reference herein in its entirety.
This application is related to U.S. patent application Ser. No. 16/820,492, filed on Mar. 16, 2020, entitled “System and Method for High Trust Cloud Digital Signing and Workflow Automation in Health Sciences,” now U.S. Pat. No. 10,999,079, which is incorporated by reference herein in its entirety.
TECHNICAL FIELDThis relates generally to mechanisms for obtaining high trust digital signatures and creating the workflows therefore. In some embodiments, these methods are specifically used for obtaining high trust digital signatures on healthcare or clinical trial regulatory documents, referred to as the health sciences area.
BACKGROUNDPharmaceutical clinical trials (often referred to as “studies” in the pharmaceutical industry) play an important role in drug developments, because clinical trials are used to collect safety and efficacy data of drug candidates (e.g., small molecules, biologics, and combination devices). In some instances, pharmaceutical companies can spend millions to conduct a clinical trial. For instance, the average cost to create a new drug is $5 Billion, taking approximately 10-15 years. As a result of these costs, every day spent in the clinical trial development and testing phase can cost a company over a million dollars per day in lost drug revenues. Safety and efficacy data from clinical trials, and sometimes even communications to and from clinical trial investigators (also called principal investigators) and other documents, need to be recorded accurately and maintained pursuant to government regulations in order for the drug candidates to obtain regulatory approval by government agencies.
Many clinical trial documents require signatures, for example, of clinical trial investigators or patients. Currently, hardcopy documents (e.g., documents printed on paper), rather than softcopy documents (e.g., electronic documents), are frequently used in clinical trials for various reasons (e.g., ease to prove authenticity and integrity). However, tracking and maintaining all regulatory documents throughout clinical trials, some of which may last years, is not an easy task. The cost of completing, signing, acquiring, shipping, and tracking hardcopy documents is significant, and includes costly manual labor and shipping costs. Therefore, in order to reduce the costs inherent in hardcopy paper-based processes, there is a need for a better system and method for obtaining signatures that can be trusted and authenticated on softcopy clinical trial regulatory documents.
SUMMARYA number of embodiments (e.g., of server systems, client systems or devices, and methods of operating such systems or devices) that overcome the limitations and disadvantages described above are presented below. These embodiments provide computer-implemented methods, systems, and graphical user interfaces (GUIs) for obtaining high trust digital signatures on clinical trial regulatory documents.
This invention provides methods and apparatuses, including computer programs and server hardware products for provisioning and applying highly trusted, verifiable digital signatures to electronic documents and images from desktop, mobile or network-connected devices, using a document viewer with the ability to see what you sign, and then to apply digital signatures to these documents, and finally to authenticate signing parties using multi-factor authentication and verification of the signer's credentials from a central, public Certificate Authority (e.g., an ISO 32000 compliant PDF viewer). In one embodiment, documents that require signing are stored on a Document Management Server, and details of how documents should be processed for signing are managed by a workflow manager process, which captures details such as documents to be signed, signing locations, signing parties, due dates, notifications, and required metadata.
As described in more detail below, some embodiments involve a computer-implemented method performed on a high trust signature mobile device having one or more processors and memory storing one or more programs for execution by the one or more processors to perform the method. The method includes receiving, at the high trust signature mobile device, a signature request regarding a document that requires a high trust digital signature. The signature request includes a one-time signer authentication code. The document that requires the high trust digital signature is displayed on the mobile device. A plurality of signer verification elements is obtained. Obtaining plurality of signer verification elements includes obtaining from the signer a signer-specific password. Furthermore, it includes automatically applying the one-time signer authentication code obtained from the signature request. Then the signature request is replied to by providing the plurality of signer verification elements to a server system for verification.
Similarly, some embodiments involve a computer-implemented method performed on a client computer, such as a desktop or tablet having one or more processors and memory storing one or more programs for execution by the one or more processors to perform the method. The method includes receiving a signature request regarding a document that requires a high trust digital signature. The client displays the document that requires the high trust digital signature. Then a plurality of signer verification elements is obtained. Obtaining the plurality of signer verification elements includes obtaining a signer-specific password and obtaining a one-time signer authentication code. The one-time signer authentication code was provided to a high trust signature mobile device distinct from the client computer and thus cannot be automatically obtained and applied. For instance, the signer will likely read it from the high trust signature mobile device and enter it on the client computer. Then the signature request is replied to by providing the plurality of signer verification elements to a server system for verification.
In accordance with some embodiments, a computer-implemented method is performed at a computer system having one or more processors and memory storing one or more programs for execution by the one or more processors to perform the method. The method includes sending to a high trust signature mobile device a signature request regarding a document that requires a high trust digital signature. The signature request includes a one-time signer authentication code. The document that requires the high trust digital signature is also sent to the high trust signature mobile device. Then a plurality of signer verification elements is obtained from the high trust signature mobile device. The plurality of signer verification elements includes a signer-specific password and the one-time signer authentication code sent to the high trust signature mobile device. Then the computer system validates the plurality of signer verification elements.
Similarly, in accordance with some embodiments, a computer-implemented method is performed at a computer system having one or more processors and memory storing one or more programs for execution by the one or more processors to perform the method. The method includes sending to a client computer, such as a desktop or tablet, a signature request regarding a document that requires a high trust digital signature. The method also includes sending to a high trust signature mobile device a one-time signer authentication code. The document that requires the high trust digital signature is sent to the client computer for display. Then a plurality of signer verification elements is obtaining from the client computer. The plurality of signer verification elements include a signer-specific password and the one-time signer authentication code which was sent to the high trust signature mobile device distinct from the client computer since it is the client computer cannot be automatically obtained and applied. Then the computer system validates the plurality of signer verification elements.
In other embodiments a method is performed at a computer system having one or more processors and memory storing one or more programs for execution by the one or more processors to perform the method. A document that requires a high trust digital signature is specified. A signer to apply a high trust digital signature to the document is also specified. A locked version of the document is obtained. Then a location for the high trust digital signature is specified in the locked version of the document. Finally, a signature request is sent to the signer.
Some embodiments provide a method and system to dynamically provision highly trusted “level three” digital certificates, or Digital IDs that are used for signing purposes, to mobile or remote users. In some embodiments, the method used to provision Digital IDs' new prospective signers utilizes multi-factor authentication and storage of the user's Digital ID on a NIST-approved FIPS-140-2 ‘level 3’ HSM (HSM), with identity verification being made through a combination of administrative review of a prospective signer's evidence of identity including: 1) government issued photo ID credentials, 2) email address and 3) cellular phone number; these evidence of identification details may be viewed either real-time through a webcam or on demand by the administrator through files uploaded by the prospective signer. The Digital ID provisioning process enables a direct, secure server-to-server connection from the provisioning key server to a Certificate Authority. Digital IDs, or private keys, are generated and stored in the HSM, which is managed by the signing server. To sign documents, the Digital IDs are accessed by the user through a PIN code selected by the user in a Digital ID provisioning process.
In some embodiments, in order to sign electronic documents with the Digital ID, a method and apparatus is provided for viewing electronic documents in either the PDF or other internet standards-based image formats, and for digitally signing said electronic documents or images directly from a document viewer on desktop, mobile or other web browser-enabled network devices. In some embodiments, on web browser-enabled devices, the document viewer can run in as a web application without a browser plug-in for PDF viewing and signing. The electronic document viewer uses highly trusted Digital IDs to digitally sign documents and images. These Digital IDs can be verified through third-party applications.
In some embodiments, a method is provided for the selection of a digital signature “appearance” by the user during the provisioning process, as well as a method for one-click application of the digital signature on a mobile device. The user's digital signature appearance is created programmatically by entering the user's name, selecting from a variety of preselected script fonts, and presenting it in an image format to the user during the Digital ID provisioning process. Then future signings utilize the user-selected digital signature appearance. In some embodiments, the user can modify the digital signature appearance in the document viewer settings at any time. In some implementations, application of the signature appearance is completed through a “click to sign” button, whereby the signature appearance is applied to a preset location established on an application server by an administrator, or by the user through a drag and drop interface, whereby the signature block is dragged and dropped on the digital document, and resized by the user if needed.
Another feature relates to the process of notification, signing and verification of the user's identity at signing time. The process supports both mobile and desktop users, both of whom have SMS service or the like which is used in the signing event authentication and verification process. In some embodiments, first, both an email and an SMS message are sent to users notifying them that they have a document that needs to be signed. For mobile devices, the user can click on a link in the SMS which will open the document viewer in a browser on the mobile device to display the login screen; the SMS also includes a special one-time unique 6-digit signing ID code which is included in the URL like this: SureEsign.com/login?123456. In some embodiments, the SMS message includes a ‘tiny URL’ which is a coded representation that includes the six-digit authentication code element as well as a pointer link to the URL to view and sign the document. Desktop recipients click on the email link, which will open and display the login screen in a web browser. Under either configuration the users then enter their username/password to log in to the viewer application. Then, the users are presented with a “task summary” dialog box indicating that they have a document that needs to be reviewed and signed. To review and sign a document, the user clicks on the document name or on a dialog box link to launch and view the document in the Doc Viewer. After viewing the document in the Doc Viewer and when ready to sign, users click the Sign icon in the document viewer. After clicking the Sign icon, the signing dialog is presented, which asks the user for a PIN code, a reason for signing, and a one-time unique ID code. Desktop users need to enter the unique ID code that was sent to their mobile phones in the signing dialog. Mobile users do not need to enter a unique ID code, since it was included in the initial SMS message to the signer. The mobile client is able to read the 6-digit signing ID code from the URL. This code is prefilled in the mobile user verification form automatically so the user does not need to fill it in. After completing the information in the dialog box, the user clicks “Sign Now.” Then the validation server confirms the entered information by, for instance, checking against the information stored in the HSM to confirm the PIN and the randomly generated one-time unique ID code. Once the information is validated, the Signing Server utilizes the private key to embed the user's high trust signature into the document.
In accordance with some embodiments, a system is provided that includes one or more processors, memory, and one or more programs stored in the memory. The one or more programs are configured for execution by the one or more processors. The one or more programs include instructions for performing any of the methods described above.
In accordance with some embodiments, a computer-readable storage medium is provided that stores one or more programs configured for execution by one or more processors of a computer system. The one or more programs include instructions for performing any of the methods described above.
For a better understanding of the aforementioned aspects of the invention as well as additional aspects and embodiments thereof, reference should be made to the Description of Embodiments below, in conjunction with the following drawings in which like reference numerals refer to corresponding parts throughout the figures.
Methods and systems for managing and sharing clinical trial regulatory documents are described. Reference will be made to certain embodiments of the invention, examples of which are illustrated in the accompanying drawings. While the invention will be described in conjunction with the embodiments, it will be understood that it is not intended to limit the invention to these particular embodiments alone. On the contrary, the invention is intended to cover alternatives, modifications, and equivalents that are within the spirit and scope of the invention as defined by the appended claims.
Moreover, in the following description, numerous details are set forth to provide a thorough understanding of the present invention. However, it will be apparent to one of ordinary skill in the art that the invention may be practiced without these particular details. In other instances, methods, procedures, components, and networks that are well known to those of ordinary skill in the art are not described in detail to avoid obscuring aspects of the present invention.
It will also be understood that, although the terms first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are used only to distinguish one element from another. For example, a first signer could be termed a second signer and, similarly, a second contact could be termed a first contact without departing from the scope of the present invention. The first signer and the second signer are both Signers, but they are not the same signer.
The terminology used in the description of the embodiments herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the description of the invention and the appended claims, the singular forms “a,” “an,” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will also be understood that the term “and/or” as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
As used herein, the term “if” may be construed to mean “when” or “upon” or “in response to determining” or “in response to detecting,” depending on context. Similarly, the phrase “if it is determined” or “if [a stated condition or event] is detected” may be construed to mean “upon determining,” “in response to determining,” or “upon detecting (the stated condition or event)” or “in response to detecting (the stated condition or event),” depending on the context.
It is first noted that electronic signing is similar to but different from digital signing. Digital signing includes unambiguously identifying the signing party. In contrast, basic electronic signing may allow anyone to sign or make a mark on a digital document with minimal identification. Digital Signers use digital certificates issued by certificate authorities, and typically pass an initial identity vetting process in order to receive their digital signature signing credentials. The identity vetting process provides a high level of trust assurance of the signer's identity. After vetting, a digital credential or signing certificate is issued which can be used to digitally sign documents. Then a third party can verify a signer's identity by examining the signer's digital signature credentials that are published by the Certificate authority. Certificate Authorities offer various levels of trusted identities. Trust levels in Digital IDentities and signing is established by NIST and the US Office of Management and Budget (OMB). A “level 3′ trust certificate, also known as a “high trust” certificate, is one of the highest digital certificate trust levels approved by OMB and NIST. High trust ‘level 3’ certificates are frequently used by government agencies, banking, healthcare, legal and other industry areas where security, identify verification and document integrity in digital content and transaction signing is critically important.
In some embodiments, to provision a new signing certificate, the Certificate Authority conducts an initial vetting of the user's identity and then issues the prospective signer a digital signing certificate, also known as a ‘Digital ID.’ In some embodiments, the Digital ID uses a well-known x.509 Public-key cryptography certificate form which contains the user's private key certificate and a secret PIN code for digitally signing documents. The Digital ID has traditionally been delivered to the user on a secure, US NIST-approved FIPS-140 ‘level 3’ compliant USB device or secure smart card. However, there are disadvantages to providing physical devices, as discussed below.
To digitally sign a document using a physical device, the user inserts the USB device into the PC, launches a signing program, views a document in the viewer and then signs the document (e.g., by dragging a square rectangle where the signature will be placed). The signer can optionally add other images and details to the signature at the time of signing. A signature is completed and applied to a document after the user enters his or her secret PIN code and sometimes a reason for signing. In some embodiments, the user's Digital ID is applied to a document using published cryptographic techniques in ISO standard 32000 for digital signing. The digital signature is embedded in the document, and any change to the document after signing invalidates the document and digital signature. A third party can verify the validity of a document signer's Digital ID credential in the document viewer by simply comparing the signer's digital certificate to a public version of the certificate which is available at the Certificate Authority's web site for validation purposes.
Central to the use of highly trusted Digital IDs is the provisioning and vetting of a new signer, the location where the Digital ID is stored, the method of accessing and applying the Digital ID (ideally from a multitude of devices), the ability of third parties to easily verify signed documents, and the ability to see what you sign. For provisioning of new users or organizations, high trust ‘level 3’ Digital IDs mandate that a Certificate Authority or its representative make both email contact and phone contact with a prospective new signer in what is known as a new subscriber vetting process. For compliance with ‘level 3’ high trust digital certificate policy, both ‘level 3’ certificates, as well as Digital IDs, must be stored in a US NIST-approved FIPS-140 ‘level 3’ compliant HSM device. As such, a Digital ID is most often delivered to the user on a secure, US NIST-approved FIPS-140 ‘level 3’ compliant USB device or secure smart card. The USB hardware device requirement is problematic for mobile users since they often don't have a USB port or smartcard reader, making digital signing impossible for most mobile users who don't have a USB port on their device.
The below described embodiments relate to provisioning and applying highly trusted (e.g., utilizing ‘level 3’ trust certificates), verifiable digital signatures to electronic documents and images from remote client desktops or from mobile and web-enabled devices via a document viewer used across a secure cloud network. Authentication of the signing party is provided through multi-factor authentication options. In some embodiments, signed documents are ISO-32000 PDFs compliant with US OMB ‘level 3’ high trust certificates with encrypted digital signatures, which are verifiable by a third party in any ISO-32000 compliant PDF viewer. The system manages signing events and retrieves documents for signing from external systems. In some embodiments, high trust certificates are stored in a US NIST-certified FIPS-140 ‘level 3’ HSM.
The client computers 102 can be any number of different types of computing devices (e.g., cell phones, personal digital assistants, gaming devices, desktop computers, laptop computers, tablet computers, handheld computers, Internet kiosks, or combinations thereof) that include a web browser running the Document Viewer client used to enable the activities described below. As will be described in detail below, some implementations require that client computers have the ability to send and receive SMS messages, while other implementations do not. Client computer(s) 102 are also referred to herein as client(s). A client 102 includes a user interface (UI) 400 (shown in
The Validation System 108 includes a plurality of servers or components connected to communications network(s) 104. Optionally, the servers are connected to the communications network 104 via a front end server 110 (e.g., a server that conveys (and optionally parses) inbound requests to the appropriate server of the system 108 and that formats responses and/or other information being sent to clients in response to requests). The front end server 110, if present, may be a web server providing web-based access to the Validation System 108. The front end server 110, if present, may also be a router server that routes communications to and from other destinations, such as clients. In some embodiments, the front end server 110 is a third party developer application server, which allows a third party to control the look and feel of the client communications regarding obtaining high trust digital signatures utilizing the other server components of the Validation System 108. In some other embodiments, the third party application server, when present, is separate from the Validation System 108, and communicates with the other components of the Validation System 108.
The Validation System 108 also includes a DocViewer Server 112. The DocViewer Server 112 communicates with clients 102 via the front end server 110 (if present) and Communication Network(s) 104. In some embodiments, the DocViewer Server 112 is a web server that provides document management services using appropriate communication protocols. Alternatively, if the DocViewer Server 112 is used within an intranet or other LAN, it may be an intranet or LAN server. In some embodiments, the DocViewer Server 112 is configured to receive requests for content items to be signed and sends responses including signed items and related details. The signing party or user has a user profile which is stored on the DocViewer Server 112. At the time of signing, pre-enrolled users are authenticated by communicating with the DocViewer Server 112. In some embodiments, the signature requests received by the DocViewer Server 112 include a plurality of signer verification elements provided by the client 102. As will be explained in more detail below, the plurality of signer verification elements include, for example, a signer-specific password, a reason for signing, a signer's biometric information, and/or a one-time-use signer authentication code. The DocViewer Server 112 then communicates with the Signing Server 114, which verifies the verification elements and signs the documents. Then the DocViewer Server 112 provides a copy of the document to the client. In some embodiments, in addition to providing the signed copy of the document to the client, the DocViewer Server 112 also saves a copy of the signed document for future access and viewing. In some embodiments, the DocViewer Server 112 manages document workflow, signing events, signing plans (information on who signs a doc, where a doc is signed, and due dates), as well as signing party/user profile information. In one embodiment, the DocViewer Server 112 includes a document management system to store and manage documents on the DocViewer Server 112.
In some embodiments, the Validation System 108 also includes a Signing Server 114. The Signing Server 114 controls the provision of new high trust (US ‘level 3’) PKI x.509 digital certificates/Digital ID for document signing by a signer through a request from the DocViewer Server 112. In some embodiments, the Signing Server 114 also validates the Digital IDS, manages the Digital IDS (revokes, etc.), and signs the documents. In some embodiments, the Signing Server 114 also has an internal encrypted log for all signing events which can be used for reporting and auditing. In some embodiments, the Signing Server 114 receives the request for applying a high trust digital signature to a document from the DocViewer Server 112, along with the plurality of signer verification elements, and after obtaining validation of the plurality of signer verification elements, the Signing Server 114 embeds the high trust signature into the document.
In some embodiments, the Signing Server 114 verifies one or more of the signer verification elements by communicating with a HSM 116, which stores the high trust certificates, including their private keys. The Signing Server 114 creates a new Digital ID for the signer by creating and storing a private key and a certificate signing request on the HSM 116. In some embodiments, the HSM 116 stores information regarding the signer verification elements including a signer's password and/or a signer's biometric information and communicates with the Signing Server 114 to verify a plurality of the signer verification elements before a high trust signature is applied to a document.
The Signer's credentials are sent to Certificate Authority 118 for generation of a public certificate. The Certificate Authority 118 authenticates the signer's identity and issues a certificate that is chained to the Certificate Authority's root certificate, enabling authentication of a signer from any client application that supports certificate validation. The private key is stored on the HSM 116 for security under the control of both the DocViewer Server 112 and the Signer. In some embodiments, the Signing Server 114 verifies one or more of the signer verification elements by communicating with an external Certificate Authority 118, which issues verifiable digital certificates for users.
The components of the Validation System 108 communicate with each other by internal Communication Buses, or by any other appropriate mechanism or combination of mechanism. In some embodiments, the DocViewer Server 112 communicates with the Signing Server 114 via another server. For example, a Validation System 108 may include a separate server (not shown), and the DocViewer Server 112 may communicate with the Signing Server 114 via the other server. In some embodiments, one or more of the HSM 116 or the Certificate Authority 118 are located in a remote database server and the Validation System 108 has access to the remote database server (e.g., by Communication Network(s) 104).
In some embodiments, fewer and/or additional modules, functions, or databases are included in the Validation System 108. The modules shown in the Validation System 108 in
Notwithstanding the discrete blocks in
The Validation System 108 typically includes one or more processing units (CPUs) 202, one or more network or other communication interfaces 204, Memory 206, and one or more Communication Buses 208 for interconnecting these components. In some embodiments, Communication Buses 208 include circuitry (sometimes called a chipset) that interconnects and controls communications between system components. In some other embodiments, the Validation System 108 includes a user interface 210 (e.g., a user interface having a display device 212 and an input device 214 (e.g., a touch-sensitive screen, a keyboard, a mouse and/or other pointing/selection device).
Memory 206 of the Validation System 108 includes high-speed random access memory, such as DRAM, SRAM, DDR RAM, or other random access solid state memory devices, and may include non-volatile memory, such as one or more magnetic disk storage devices, optical disk storage devices, flash memory devices, or other non-volatile solid state storage devices. Memory 206 may optionally include one or more storage devices remotely located from the CPU(s) 202. Memory 206, or alternately the non-volatile memory device(s) within Memory 206, comprises a computer-readable storage medium. In some embodiments, the computer-readable storage medium includes a non-transitory computer-readable storage medium. In some embodiments, Memory 206 or the computer-readable storage medium of Memory 206 stores the following programs, modules and data structures, or a subset thereof:
-
- An Operating System 216 includes procedures for handling various basic system services and for performing hardware-dependent tasks.
- A Network Communication Module (or instructions) 218 is used for connecting the Validation System 108 to other computers (e.g., clients 102 and Certificate Authority 118) via the one or more Communication Network interfaces 204 and one or more communications networks 104 (
FIG. 1 ), such as the Internet, other wide area networks, local area networks, metropolitan area networks, and so on. - A Front End Server 110 conveys inbound requests to the appropriate server of the system 108 and that server formats responses and/or other information being sent to clients in response to requests.
- A DocView Server 112 processes workflows and associated requests for content items to be signed and sends responses including signed items and related details. The DocViewer Server 112 utilizes a document management application server 290, which stores documents and document view information for access by desktop, web or mobile clients 102. The document management server 290 uses a document database 296 to store documents and document views for retrieval, viewing, and display by the clients 102. The document management server 290 contains shared signer/user profiles 292 and security policies 294. The DocViewer Server 200 has modules including a Digital IDs/certificate module 210, a Signer Verification/Authentication SMS module 220, a user security settings and policies module 240, a PDF creation and signing module 250, a workflow management module 260, and getting/putting documents in the Document Management Server 290.
- A Signing Server 114 provisions new Signers and completes cloud or server-side signing requests. In some embodiments, the Signing Server 114 is connected to the DocViewer Server 112 via a secure VPN network, which enables the Signing Server to be securely placed on a cloud network behind a firewall. In other embodiments it is on an internal network directly connected to the DocViewer Server 200 without a VPN. The Signing Server 114 has modules including a Digital ID provisioning module 230—for supplying new Signer credentials, creating a private key on the HSM 116 and requesting a valid x.509 ID certificate from the Certificate Authority 118; a Doc Signature EncryptionDoc module 232—which uses a supplied hash of the document to be signed (provided by the DocViewer Server) and signs it with the user's private key which is stored in the HSM 116 using ISO 32000 standard PDF x.509 digital signing methods; an Audit Trail/Reporting module 234—which for each signing event, writes a time stamped record of the signer, document signed, IP address of signer and other audit trail details in an encrypted, non-alterable log and provides export and reporting of this log for administrators; and a Certificate Validation/Revocation Module 236 which provides validation of a Signer's Digital ID based upon requests from DocViewer Server 200 and provides revocation of a Signer's Digital ID as needed based on security or other policies.
- A HSM 116 stores the high trust certificates, including their private keys and in some embodiments also stores information regarding the signer verification elements including the signer's biometric information.
One of the benefits some embodiments described herein is that the validation system 108 is cloud based. This allows for a document to be signed with a high trust digital signature from a mobile device or another device that is not necessarily within a local firewall system. This cloud based system allows for documents to be passes outside of individual protected networks and shared between organizations while still maintaining a high level of trust in the applied digital signatures.
The user security settings module 240 provides for the secure collection and storage of user information and user profile preferences such as signature appearance and method of receiving notifications (email, SMS). In accordance with some embodiments, administrators can define the documents and services that users can access, and can define document views that users can access and view. In some embodiments, a variety of settings such as security settings that enable the application to be US FDA compliant for digital signing under US 21 CFR Part 11 are included in this set of application services.
The PDF document signing module 250 provides for digital document signing using iText, a well-known PDF library for manipulating PDF files. This service also provides for the conversion of MS office documents and images to PDF format.
The workflow manager 260 utilizes a workflow wizard that enables predefined business processes to be created. These predefined processes can be modified using the workflow wizard screenshots, which are illustrated in
Each of the above-identified modules and applications corresponds to a set of instructions for performing one or more functions described herein. These modules (i.e., sets of instructions) need not be implemented as separate software programs, procedures, or modules, and thus various subsets of these modules may be combined or otherwise re-arranged in various embodiments. In some embodiments, Memory 206 may store a subset of the modules and data structures identified above. Furthermore, Memory 206 may store additional modules and data structures not described above.
Users who have been approved for issuance of a new Digital ID are then sent an email link with login credentials 304. After receipt of the login credentials, the user clicks on a link to download the application and/or signs-in to the DocViewer client application (desktop or mobile). After the user has successfully signed in with their new login credentials as in step 304, the user is required to provides evidence of their identity such as their government photo ID 306. In one embodiment, the user simply takes a photo of their photo ID from their mobile phone or computer's webcam, and this image is uploaded to the validation system of
After the evidence of the user's identity is uploaded at 306, the user may be required to provide evidence of email and a valid cell phone number 310. In some embodiments, the user can verify these two items in a single user transaction. The proposed high trust signature mobile device (e.g. the user's cell phone) is sent a verification code 312. The user is also mailed a URL with a link to a web page 314. Then the user utilized the URL open a dialog where the user enters a received verification code, as illustrated with respect to 316.
The process continues with
The DocViewer Server 200 then interacts with the user on the DocViewer client 100 to capture the user's preferred Digital ID PIN code 320. In some embodiments, the user also (optionally) selects a signature appearance 322. Then an SMS with a verification code is sent to the user's registered mobile device to verify the user, and the user must enter the verification code to proceed with Digital ID provisioning 324. Once entered the code is verified 326, and the Signing Server 114 makes a connection to the Certificate Authority 118 to issue a new Digital ID to the user 328. The new digital ID is then stored 330 in the HSM 116.
Memory 406 includes high-speed random access memory, such as DRAM, SRAM, DDR RAM or other random access solid state memory devices, and may include non-volatile memory, such as one or more magnetic disk storage devices, optical disk storage devices, flash memory devices, or other non-volatile solid state storage devices. Memory 406 may optionally include one or more storage devices remotely located from the CPU(s) 402. Memory 406, or alternately the non-volatile memory device(s) within memory 406, comprises a computer readable storage medium. In some embodiments, the computer readable storage medium includes a non-transitory computer readable storage medium. In some embodiments, memory 406 or the computer readable storage medium of memory 406 stores the following programs, modules, and data structures, or a subset thereof:
-
- an Operating System 410 that includes procedures for handling various basic system services and for performing hardware dependent tasks;
- a Network Communication Module (or instructions) 412 that is used for connecting client 102 to other systems (e.g., the validation system 108) via the one or more communications Network Interfaces 404 (wired or wireless depending on whether the client is a mobile or desktop device) and one or more communication networks 104 (
FIG. 1 ), such as the Internet, other wide area networks, local area networks, metropolitan area networks, telephone, and SMS networks, and so on; - Applications including a web browser 414;
- A Digital Signature Application 418, which may be a web application or a separate application stored on the client device. The Digital Signature Application 416 may be based on Active X, Java script, Java applet, Ajax, Comet, or any other programming languages and tools. In some embodiments, the Digital Signature Application 416 includes one or more of the following modules, or a subset or superset thereof:
- An Enrollment Module 420 used in provisioning new user accounts including capturing a user specific password/PIN as well as other user information (including a mobile phone number used in some embodiments for receiving onetime signer authentication codes) and confirming;
- A Signature Request Module 422 for receiving and displaying messages from the validation system 108 indicating that a document requires a user's signature;
- An Authentication Code Module 424, for receiving a onetime signer authentication code, and in some embodiments, automatically applying/populating the code in a signing dialog window (e.g., 856,
FIG. 8 ) as one of the plurality of signer verification elements. It is noted that the authentication code module is a used specifically in client devices that are provisioned to be a high trust signature mobile device and thus have the capability to receive SMS messages or the like. - A Document Receiving Module 426 that is used for receiving and displaying electronic documents that require high trust digital signatures;
- A Signer Verification Elements Module 428 for receiving a plurality of signer verification elements such as the user's Digital ID, Verification Code, Reason for Signing, and Onetime Signer Authentication Code (which is automatically received and applied from the Authentication Code Module 424 in certain embodiment). The Signer Verification Elements Module 428 also provides the plurality of signer verification elements as a reply to the signature request. The plurality of signer verification elements are sent to the validation system 108.
- An optional Signature Embedding Module 430, which upon obtaining validation for the plurality of signer verification elements from the validation system embeds a high trust digital signature of the signer into the document (e.g., by and utilizing the signer's private key using ISO 32000 standard PDF x.509 digital signing methods) and provides a copy of the signed document to the validation system 108; and
- An optional Document Storage module 432, which stores a local copy of the signed document (which is encrypted in some embodiments), and optionally also stores a log of each signing event, including a time stamped record of the signer, document signed, IP address of signer and other audit trail details.
It is noted that in some embodiments, programs embedded within the Digital Signature Application 418 format documents and document information for display. In some embodiments, the client 102 displays data received documents and messages from the validation system 108 based on conventional means for exchanging data, without using webpages. For example, a client 102 can display documents received from the validation system 108 without using webpages. In some embodiments, the client 102 receives the documents based on conventional means (e.g., as a non-webpage electronic document, such as a portable document format (PDF) file, or an image file (e.g., a TIFF or JPEG)) and displays at least a portion of the documents and document information as a webpage in the web browser 414. In other embodiments, a client 102 receives documents, messages, and information as webpages, and displays the received webpages using the web browser 414.
In other embodiments the client 102 is a “thin client,” that includes a web browser 414 that executes the Digital Signature Application 418, and the client 102 does not need, nor does it use, a locally installed software application. In other embodiments, the client 102 includes a document management application (not shown) that performs functions analogous to the functions of the Digital Signature Application 418 as an independent application (i.e., operates without the web browser 318). In some cases, the client 102 includes both a web app and a separate application, each of which performs one or more functions or analogous functions of the Digital Signature Application 418 described herein.
The client 102 receives a signature request 502 for an electronic document that requires a high trust digital signature. When the client 102 is a at a high trust signature mobile device, the signature request includes a one-time signer authentication code. When the client 102 is not at high trust signature mobile device, the request does not include the one-time signer authentication code. Instead, the one-time signer authentication code is sent separately to a high trust signature mobile device later in the process, as explained below. In some embodiments, either or both an email signature request and an SMS signature message are sent to the user notifying him or her that he or she has a document that needs to be signed. As such, the received signature request can be either an email or an SMS message.
The client displays the signature request 504 on its graphical user interface notifying the user that he or she has a document that needs to be signed. The notification allows the user to launch the signature process through, for instance a selection of a launch button or a link to the DocViewer Server 112 (e.g.,
In response to a user selection, the signing application is launched and the client displays the document that requires the high trust digital signature 506. In some embodiments, the client 108 sends a request for the document to the Validation System 108 in response to receiving the user selection of the signature request; and after the client 102 receives the document from the Validation System, it then displays the document 506. For instance, in some embodiments, prior to displaying the document, users are prompted to enter their username/password to log in to the viewer application in which to view the document. In some embodiments users are then presented with a ‘task summary’ dialog box 902 indicating that they have a document that needs to be reviewed and signed as illustrated in
In other embodiments, to review and sign a document the user clicks on the document name or on a dialog box link to launch and view the document in the document viewer but is not required to navigate through the signing application windows illustrated in
In other embodiments, a copy of the document is sent from the Validation System 108 to the client 102 without requiring the client to explicitly request it (e.g., it is embedded with the signature request, is sent shortly thereafter, or is pre-fetched when the user hovers over or otherwise indicates that a selection of the signature request is likely). As such, in these embodiments, the lag time between selection of the signature request and display of the document is eliminated or minimized. This may be especially advantageous when the document is large or contains numerous images.
One advantage of displaying the document on the client device is that the signer sees precisely what he is signing. This allows the signer to verify that the document to be signed contains accurate information or is otherwise correct and worthy of receiving the signer's high trust digital signature. After viewing the document in the Doc Viewer and when ready to sign, the user launches the signing process. For instance, in some embodiments, users click the Sign icon in the document viewer.
Then multiple signer verification elements are obtained 508. Obtaining various signer verification elements is illustrated in
In all embodiments, one of the signer verification elements is a one-time signer authentication code (
In some embodiments, the one-time signer authentication code obtained from the signature request is automatically applied 510. This occurs in embodiments where the client 102 is a high trust signature mobile device, capable of receiving SMS messages (or the like) and which is associated with a signer who is pre-enrolled with the validation server system 108. As such, the signature request is included in the one-time signer authentication code. Because the one-time signer authentication code was included in the original signature request it is automatically populated in a field associated with the one-time signer authentication code. For instance, as illustrated in
In other embodiments, the one-time signer authentication code is obtained from the signer inputting it after receiving it from a high trust signature mobile device 512. This occurs in embodiments where the client 102 is not a high trust signature mobile device, and thus did not receive the one-time signer authentication code. In some embodiments, the client is instead a desktop device or other device which does not directly receive SMS messages, and/or is not associated with a signer who is pre-enrolled with the validation server system 108. As such, the signature request received at 502 did not include the one-time signer authentication code. Instead, the one-time signer authentication code was separately sent to the high trust signature mobile device. As will be explained in more detail with respect to
After a plurality of signer verification elements are obtained, the client 102 replies to the signature request by providing them to the Validation System 514. For instance, as illustrated in
In some embodiments, the client then applies the high trust digital signature to the document. In these embodiments, the client obtains validation for the plurality of signer verification elements from the Validation System 516. Then upon obtaining validation, the client embeds the high trust signature into the document 518. For instance, the client may embed the high trust signature into the document by utilizing an encrypted key received from the Validation System 108. In some embodiments, the client then sends a copy of the document with the embedded signature back to the Validation System, which stores a copy of the signed document.
In some embodiments, the Validation System 108 applies the high trust digital signature to the document (e.g., via encrypted key) and then saves it. In these embodiments, the Validation System 108 then sends a copy of the document with the high trust digital signature applied to the client 102.
Then the client 102 displays a copy of the document with the high trust digital signature applied on its display device 520. As such, the signer gets visual confirmation that his or her signature has been applied to the document.
The validation server system 108 sends to a client 102 a signature request regarding a document that requires a high trust digital signature 602. The validation server system 108 also generates and sends a one-time signer authentication code to a high trust signature mobile device 604. The one-time signer authentication code is a randomly generated code associated only with the signer and only for a limited purpose (e.g., to sign a particular document). In some embodiments, when the client 102 is a at a high trust signature mobile device, the signature request includes a one-time signer authentication code. In some embodiments, when the client 102 is not a high trust signature mobile device, the request does not include the one-time signer authentication code. Instead, the one-time signer authentication code is sent separately to the high trust signature mobile device.
It is further noted that in embodiments where the one-time signer authentication code is not included in the signature request, the one-time signer authentication code can be sent at a variety of times 604. In some embodiments, the one-time signer authentication code is sent to the high trust signature mobile device simultaneously with the signature request being sent to a separate client device. In other embodiments, it is sent in response to the user launching a signature application (e.g., by selecting a link or button within the signature request.)
The validation server system 108 sends to a client 102 the document that requires the high trust digital signature 606. As explained with reference to
The validation server system 108 obtains a plurality of signer verification elements from the client. As explained with respect to
The validation server system then validates the plurality of signer verification elements (610). As explained with respect to
In some embodiments, the Validation System then applies the high trust digital signature to the document. In these embodiments, the Validation System obtains validation for the plurality of signer verification elements and upon obtaining validation, the Validation System then embeds the high trust signature into the document 612. Specifically, after the verification elements are validated, the document viewer's PDF creation and sign service 250 is used to embed the user's Digital ID and hash (also known as a digest) into the document. For instance, the high trust signature is embedded into the document by utilizing an encrypted key. In some embodiments, the Digital ID uses an x.509 Public-key cryptography certificate form which contains the user's private key certificate and a secret PIN code/password for digitally signing documents. In some embodiments, a copy of the document with the embedded signature is then sent to the client.
In other embodiments, the client applies the high trust digital signature to the document. In these embodiments, after the Validation System validates for the plurality of signer verification elements, it sends the client a message that the signer has been verified and sends information necessary to embed the high trust signature into the document 614. For instance, the client may embed the high trust signature into the document by utilizing an encrypted key and a hash of the document provided by the Validation System 108. In some embodiments, the client then sends a copy of the document with the embedded signature back to the Validation System.
Finally, the Validation System stores a copy of the signed document 616. A time stamped record of the signer, the document, the IP address of the signer, and other audit trail details are stored in an encrypted, non-alterable log. As such, the log can be provided for export and reporting purposes.
It is noted that in some embodiments, a user/signer is able to digitally sign a document using digital signature, whereby the user can sign a document he has uploaded himself. In other words, it is a mechanism for allowing a user to sign a document without first receiving a signature request. In these embodiments the user may also select a place on document where the signature block will appear. In these embodiments, first, user uploads a document to the validation system 108. Documents and images may be uploaded. When documents are uploaded, they are converted on the validation system 108 to a PDF document. When images are uploaded, they are compressed either locally or on the server and then converted to a PDF document. The user can view the document in the document viewer after uploading. If the user has sufficient privileges (e.g. a signature account with a PIN and an associated high trust mobile device), they can now sign the document. The user clicks ‘Sign’ icon and a signing dialog is presented. In some embodiments, the user is prompted with a dialog to click on the screen where they wish the signature to be placed (analogous to the illustration in
The validation server system 108 specifies a document that requires a high trust digital signature utilizing high trust signature mobile device verification 1002. It is noted that in some embodiments, the specifying and actions taken by the validation server system described below are done based on administrator commands. For instance, the administrator selects the document needing a signature, or the administrator creates a form needing a signature, or creates rules regarding documents needing signatures, and the document is sorted by the validation server system in accordance with the rules.
The validation server system 108 then specifies a signer to apply a high trust digital signature to the document 1004. In some embodiments, a signer can be specified by name (e.g., John Doe) or by position (e.g., Director of Testing for ABC project), or by role (Study Coordinator). In some embodiments, more than one signer is specified. Sometimes the order in which a plurality of Signers sign the document is important, and as such, in some embodiments, a signature order is also specified 1006.
The validation server system 108 then obtains a locked version of the document 1008. In some embodiments, an external content management interface is utilized to get/put documents from/to external systems. In one embodiment, the system uses the published CMIS standard interface to get/put documents. In some embodiments, a locked version of the document is an image version that cannot be altered. For instance, in some embodiments, it is a non-editable pdf.
The validation server system 108 then specifies location for the high trust signature 1010. In some embodiments, more than one signer is specified, and a location is specified for each signer. In some embodiments, the specified location is a specified page within the locked version of the document. In some embodiments, the specified location is a particular location on the specified page. It is noted that, as mentioned above, in some embodiments, the location specified by the validation server system is done according to predefined rules. One exemplary rule is to include a specified location for a signature on a line after the word “signature” within the document.
Then a signature request is sent to the one or more Signers 1012. In embodiments where more than one signer is required, and the order of signatures is also specified, the second signer may not be sent the request until after the first signer has signed the document. As noted in other portions of this application the signature request may be sent by email, SMS, or the like. In some embodiments, the signature request will include a one-time signer authentication code generated by the validation server system as described in detail with respect to
A high trust digital signature is then obtained from at least one signer 1014. Details regarding obtaining high trust digital signatures are provided in
In some embodiments, the validation server system 108 determines that the document was altered after the high trust digital signature was obtained. For instance, a document purported to contain the signature can be compared against the version of the document stored in the encrypted non-alterable log. If the validation server system determines that a document was altered, it marks the altered copy of the document as altered 1018. In some embodiments, marking the altered copy of the document as altered further comprises invalidating the high trust digital signature on the altered copy of the document. As such, the system can provide for a high level of trust in its digital signatures and can detect potential issues or fraud associated with digital signatures by saving copies of the digitally signed document and actively marking altered versions as altered and/or invalidating the digital signatures on the altered versions.
In some embodiments, the methods described herein can be used to specify a second document for signing, either simultaneously with the first document, or in series. In these embodiments, a second document that requires a high trust digital signature utilizing high trust signature mobile device verification is specified at 1002. One or more Signers to apply respective high trust digital signatures to the second document are specified at 1004. A locked version of the second document is obtained at 1008. A location for the one or more high trust digital signatures is specified in the locked version of the second document at (1010). Then a signature request regarding the second document is sent to the one or more Signers at 1012. After at least one high trust digital signature has been obtained at 1014 a copy of the second document is stored at 1016. If the validation server system determines that a copy of the second document was altered after the signature was applied, it marks the altered copy of the second document as altered at 1018.
The foregoing description, for the purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Many modifications and variations are possible in view of the above teachings. The embodiments were chosen and described in order to best explain the principles of the invention and its practical applications, to thereby enable others skilled in the art to best utilize the invention and its various embodiments with various modifications as are suited to the particular use contemplated.
Claims
1. A method, comprising:
- at a computer system having one or more processors and memory storing one or more programs configured for execution by the one or more processors: receiving specification of (i) a document that requires a high trust digital signature and (ii) a first signer to apply the high trust digital signature to the document; sending, to a first device associated with the first signer, a signature request for the document; sending, to the first device, the document that requires the high trust digital signature; obtaining, from the first device, one or more signer verification elements, including one or more of: a signer-specific password; a one-time signer authentication code; a reason for signing the document, the reason being specified by the first signer; and validating the one or more signer verification elements.
2. The method of claim 1, further comprising:
- sending, concurrently with the signature request, the one-time signer authentication code.
3. The method of claim 2, further comprising:
- sending the one-time signer authentication code to a second device associated with the first signer, wherein the second device is distinct from the first device.
4. The method of claim 1, wherein the one-time signer authentication code is a randomly generated code associated only with the first signer.
5. The method of claim 1, wherein the specification of the first signer includes at least one of: a name, a position, or a role.
6. The method of claim 1, further comprising:
- obtaining the high trust digital signature from the first signer; and
- storing a copy of the document with the high trust digital signature embedded.
7. The method of claim 6, further comprising storing the copy of the document with at least one of: a time stamped record of the first signer or an IP address of the first signer.
8. The method of claim 6, wherein the copy of the document is stored as an encrypted, non-alterable log.
9. The method of claim 1, further comprising:
- sending instructions, to the first device, to embed the high trust digital signature at a specific location of the document.
10. The method of claim 1, further comprising after validating the one or more signer verification elements:
- retrieving, from the computer system, the high trust digital signature; and
- embedding the high trust digital signature into the document.
11. The method of claim 1, wherein the one or more signer verification elements further comprise biometric information of the first signer.
12. The method of claim 1, further comprising:
- determining that the document was altered after the high trust digital signature was obtained; and
- in response to the determination that the document was altered: marking the document as altered; and invalidating the high trust digital signature on the altered document.
13. The method of claim 1, wherein:
- the high trust digital signature is a first high trust digital signature; and
- the method further comprises: specifying a second signer to apply a second high trust digital signature to the document; specifying a location for the second high trust digital signature in the document; and sending a signature request to the second signer.
14. The method of claim 13 further comprising:
- specifying an order for applying the first high trust digital signature and the second high trust digital signature to the document.
15. The method of claim 14, wherein:
- the order specifies application of the first high trust digital signature before the second high trust digital signature; and
- the sending the signature request to the second signer is in response to a determination that the first signer has signed the document.
16. A computer system, comprising:
- one or more processors;
- memory; and
- one or more programs stored in the memory, the one or more programs comprising instructions for: receiving specification of (i) a document that requires a high trust digital signature and (ii) a first signer to apply the high trust digital signature to the document; sending, to a first device associated with the first signer, a signature request for the document; sending, to the first device, the document that requires the high trust digital signature; obtaining, from the first device, one or more signer verification elements, including one or more of: a signer-specific password; a one-time signer authentication code; a reason for signing the document, the reason being specified by the first signer; and validating the one or more signer verification elements.
17. The computer system of claim 16, the one or more programs further comprising instructions for:
- sending, concurrently with the signature request, the one-time signer authentication code.
18. The computer system of claim 16, the one or more programs further comprising instructions for:
- obtaining the high trust digital signature from the first signer; and
- storing a copy of the document with the high trust digital signature embedded.
19. The computer system of claim 16, the one or more programs further comprising instructions for:
- after validating the one or more signer verification elements: retrieving, from the computer system, the high trust digital signature; and embedding the high trust digital signature into the document.
20. A non-transitory computer readable storage medium storing one or more programs configured for execution by a computer system having one or more processors and memory, the one or more programs comprising instructions for:
- receiving specification of (i) a document that requires a high trust digital signature and (ii) a first signer to apply the high trust digital signature to the document;
- sending, to a first device associated with the first signer, a signature request for the document;
- sending, to the first device, the document that requires the high trust digital signature;
- obtaining, from the first device, one or more signer verification elements, including one or more of: a signer-specific password; a one-time signer authentication code; a reason for signing the document, the reason being specified by the first signer; and
- validating the one or more signer verification elements.
Type: Application
Filed: Apr 19, 2022
Publication Date: Jul 28, 2022
Inventor: Zachariah Schmidt (Reno, NV)
Application Number: 17/724,414