In the Web e-commerce world, physical handwritten signatures are often considered an unnecessary burden to a process that users expect to be fast, easy, and reliable. An increasing number of businesses are engaged in Web-based e-commerce activities and require the legal signing of contractual documents or records as part of delivering their Web-based services. These types of applications are prevalent in financial services that are affected by the E-Sign law. In this environment, users currently go to the service provider's Web site and are required to download and print documents, physically sign them, and send the signed documents back to the service provider either by Fax or mail. This results in added delays, increased costs, and additional manual processing on the part of the service provider. Web-based service providers or operators of Web sites would prefer to have their customers review and legally sign any required contractual documents or records directly and in real-time on their Web site, where users would only need a Web browser to complete the transaction as quickly as possible.
To understand what “signing” means, one needs to consider the Uniform Commercial Code (UCC) which defines a signature as a mark or symbol of the signer's intention to authenticate a written document. The Electronic signatures in The Global and National Commerce Act (a.k.a. E-Sign law) defines an electronic signature as an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. Therefore, an electronic signature can be represented by one's name that is typed into a Microsoft Word document or by clicking on an “I Agree” button at the end of a series of Web pages, as long as the act of signing is somehow attached to or associated with the contract or record and with the person who is signing.
Either of these methods would be ideal on the Web. However, without security to protect the attachment or the association of the signature to the document or record that it is authenticating, it will not be considered reliable and the contract would not be legally enforceable. This invention provides the equivalent of a legally-enforceable “I Agree” button or a typed name and signing process that is secured through PKI technology or other means without the complexity of issuing digital certificates to each user who needs to sign and then having to manage all these digital certificates.
To date, having a secure electronic signature meant providing each signer with a unique, secure identifier that was used to sign through cryptographic techniques. Such an approach is difficult to implement and use. The present invention separates the “signing” and security into two separate functions and leverages the fact that Web sites using this invention will be able to create and maintain their own unique identifier for the signer where this unique identifier is used by this invention to electronically sign the document. Security is then applied in a unique manner that is optimized for this Web environment.