This application incorporates by reference the following patent applications or publications:
1. U.S. patent application Ser. No. 08/418,190, filed Apr. 7, 1995, naming John Doggett, Frank A. Jaffe et al. and Milton M. Anderson as inventors.
2. U.S. Provisional Patent Application No. 60/033,896, filed Dec. 20, 1996, to Anderson et al.
3. Published PCT Patent Document WO 96/31965, published Oct. 10, 1996, pertaining to International Application No. PCT/US96/04771.
The present invention relates to electronic documents and, more particularly, to electronic documents that are both human readable and computer readable.
Preparation and storage of copies of documents for paper transactions is expensive and time consuming. Completion of such transactions among geographically distant parties has traditionally required conventional transmission mechanisms, such as mail, with inherent delays associated with such mechanisms. Record keeping for such transactions has required significant additional steps, such as keeping a checkbook log for personal checks, keeping copies of prescriptions and medical records, making many duplicates of mortgage applications, and the like.
The digital computer and computer network make it possible to eliminate many of the drawbacks of paper transactions. The digital computer is a powerful data processing tool that allows a user to organize, store and analyze data at volumes and rates that would be impossible by any prior known techniques. The computer network is a similar step forward. By linking together several computers and by providing shared resources and cross-platform communications, engineers have developed the computer network into a tool that provides sufficient processing power to provide improved access to sophisticated applications by users at remote locations and to permit easy transmission of electronic documents between such locations.
One of the most widely accepted and heavily used networks is the Internet. The Internet is a global system of interconnected computer networks formed into a single world wide network, using an agreed-upon protocol. A user, through the Internet, can interactively transmit messages with users in different countries. Similarly, a user in the U.S. connected to files and libraries and other jurisdictions such as Europe and Asia, can download files for personal use. Accordingly, the Internet computer network provides strong communications functions similar to the communications functions provided by ham radio operators. Moreover, the Internet computer network acts like a universal library, providing electronic access to resources and information available from Internet sites throughout the world.
In addition to the inherent inefficiencies of paper transactions, other problems exist. Many of these problems relate to documents that require signatures. In particular, in order for a reader of a paper document to determine that a particular document or part of a document has been signed, the reader must be given access to the entire document; thus, a party who may only need to know that the document has been signed must be given access to the entire document, including any confidential information contained therein. Signatures are used in a wide range of contexts, including financial instruments, contracts, mortgage applications, and medical records and prescriptions, to indicate the agreement, consent or authority of the signer. Transactions that require signatures have traditionally employed conventional means for execution, such as pen and paper. As used herein, xe2x80x9csignaturexe2x80x9d has its broadest source; that is, it means any indication of agreement, consent, certification, acceptance, or other giving of authority, that is associated with a person or entity.
The present invention leverages the power of distributed network computing to overcome many of the inherent inefficiencies of paper transactions.
It is well known that digital computing and computer networks reduce or eliminate many of the inherent inefficiencies in dealing with documents. Word processing programs are used almost universally by individuals and businesses who produce, store and transmit documents. However, documents that require signatures are a special case that present special problems. The signature itself is the first problem, since a signature is traditionally thought of as a manual signature. Protocols for signing electronic documents have been developed, including cryptographic digital signature algorithms, more particularly discussed below.
In addition to the problem of associating a signature with a document, other special problems are likely to exist in cases of documents that require signatures or affect commercial transactions. In particular, special requirements or protocols may apply to the content of such documents. For example, detailed rules exist as to how various actors are required to complete or respond to the information on each part of a paper check or other financial instrument. Similarly, rules exist as to how to complete and process a mortgage loan application. Different parts of medical records are also completed pursuant to protocols that require specific action on the part of medical personnel, insurers, and the like. In each of these cases the logical content of the different parts of the document is important, and a need exists to use the logical structure in the storage, manipulation and transmission of such document so that documents can be sent to known protocols. For example, if a protocol requires that a document bear a date, a logical element of the document should be defined for data information. Moreover, the protocols associated with signed documents are often established over time through custom and usage, so a need exists to permit electronic documents that closely mirror current practice. Also, although most individuals or businesses have computers, certain functions continue to be performed without the aid of a computer, such as viewing a human signature. Thus, it is important that documents that require signatures not only be machine processable, but also human readable.
A group of computer languages has been developed to help users manipulate documents according to logical content. Such languages, known as xe2x80x9cmarkup languages,xe2x80x9d are a powerful tool in processing documents. Markup languages also have other advantages more particularly described below. One of the most important such languages is the Standard Generalized Markup Language (xe2x80x9cSGMLxe2x80x9d). Certain advantages of an embodiment of the present invention may be understood by developing an understanding of SGML.
SGML is defined by the International Organization for Standardization in ISO 8879 (Information processingxe2x80x94Text and office systemsxe2x80x94Standard Generalized Markup Language (SGML), ([Geneva]: ISO, 1986)). SGML is an international standard for the definition of device-independent, system-independent methods of representing texts in electronic form. SGML is an international standard for the description of marked-up electronic text. More particularly, SGML is a meta-language formally describing markup languages. In the present context, the word xe2x80x9cmarkupxe2x80x9d covers all sorts of special markup codes inserted into electronic texts to govern formatting, printing, or other processing. More generally, markup, or encoding, can be defined as any means of making explicit an interpretation of a text.
A markup language is a set of markup conventions used together for encoding texts. A markup language must specify what markup is allowed, what markup is required, how markup is to be distinguished from text, and what the markup means. SGML provides the means for doing the first three; a specific markup language such as that of the present invention fulfills the last function for particular contexts.
Three characteristics of SGML distinguish it from other markup languages: emphasis on descriptive rather than procedural markup; document type definitions; and independence from any one system for representing the script in which a text is written.
A descriptive markup system uses markup codes which simply provide names to categorize parts of a document. Markup codes such as  less than list greater than  simply identify a portion of a document and assert of that portion that xe2x80x9cthe following item is a list,xe2x80x9d etc. By contrast, a procedural markup system defines what processing is to be carried out at particular points in a document, In SGML, the instructions needed to process a document for some particular purpose (for example, to format it) are distinguished from the descriptive markup which occurs within the document. Usually, the instructions are collected outside the document in separate procedures or programs such as that of the present invention.
With descriptive instead of procedural markup the same document can readily be processed by many different pieces of software, each of which can apply different processing instructions to those parts of it which are considered relevant. For example, a content analysis program might disregard entirely the footnotes embedded in an annotated text, while a formatting program might extract and collect them all together for printing at the end of each chapter. Different sorts of processing instructions can be associated with the same parts of the file. For example, one program might extract names of persons and places from a document to create an index or database, while another, operating on text that has been xe2x80x9cmarked upxe2x80x9d in some way, might print names of persons and places in a distinctive typeface.
SGML also provides the notion of a document type, and hence a document type definition (xe2x80x9cDTDxe2x80x9d). Documents are regarded as having types, just as other objects processed by computers. The type of a document is formally defined by its constituent parts and their structure. The definition of a report, for example, might be that it consists of a title and author, followed by an abstract and a sequence of one or more paragraphs. Anything lacking a title, according to this formal definition, would not formally be a report, and neither would a sequence of paragraphs followed by an abstract, whatever other report-like characteristics these might have for the human reader.
If documents are of known types, a special purpose parser can be used to process a document claiming to be of a particular type and check that all the elements required for that document type are indeed present and correctly ordered. More significantly, different documents of the same type can be processed in a uniform way. Programs can be written which take advantage of the knowledge encapsulated in the document structure information, and which can thus behave in a more intelligent fashion.
SGML also ensures that documents encoded according to its provisions are transportable between different hardware and software environments without loss of information. The descriptive markup feature and the document type definition address the transportability requirement at the abstract level. A third feature addresses it at the level of the strings of bytes (characters) of which documents are composed. SGML provides a general purpose mechanism for string substitution; i.e., a machine-independent way of stating that a particular string of characters in the document should be replaced by some other string when the document is processed. This feature counteracts the inability of different computer systems to understand each other""s character sets, or of any one system to provide all the graphic characters needed for a particular application, by providing descriptive mappings for non-portable characters. The strings defined by this string-substitution mechanism are called entities.
The SGML structure for a textual unit is known as an element. Different types of elements are given different names, but SGML provides no way of expressing the meaning of a particular type of element, other than its relationship to other element types. Within a marked up text (a document), each element must be explicitly marked or tagged in some way. The standard provides for a variety of different ways of doing this, the most commonly used being to insert a tag at the beginning of the element (a start-tag) and another at its end (an end-tag). The start- and end-tag pair are used to bracket off the element occurrences within the running text, in rather the same way as different types of parentheses or quotation marks are used in conventional punctuation.
SGML has the ability to use rules stating which elements can be nested within others to simplify markup. Such rules are the first stage in the creation of a formal specification for the structure of an SGML document, or document type definition. SGML is most useful in contexts where documents are seen as raw material to be matched against a pre-defined set of rules. Such rules can include legal rules or known protocols, customs or practices. By making the rules explicit, the designer reduces his or her own burdens in marking up and verifying the electronic text, while also being forced to make explicit an interpretation of the structure and significant particularities of the text being encoded.
A variety of software is available to assist in the tasks of creating, validating and processing SGML documents. At the heart of most such software is an SGML parser: that is, a piece of software which can take a document type definition and generate from it a software system capable of validating any document invoking that DTD. Output from a parser, at its simplest, is just xe2x80x9cyesxe2x80x9d (the document instance is valid) or xe2x80x9cnoxe2x80x9d (it is not). Most parsers will however also produce a new version of the document instance in canonical form (typically with all end-tags supplied and entity references resolved) or formatted according to user specifications. This form can then be used by other pieces of software (loosely or tightly coupled with the parser) to provide additional functions, such as structured editing, formatting and database management.
A structured editor is a kind of intelligent word-processor. It can use information extracted from a processed DTD to prompt the user with information about which elements are required at different points in a document as the document is being created. It can also greatly simplify the task of preparing a document, for example by inserting tags automatically.
A formatter operates on a tagged document instance to produce a printed form of it. Many typographic distinctions, such as the use of particular typefaces or sizes, are intimately related to structural distinctions, and formatters can thus usefully take advantage of descriptive markup. It is also possible to define the tagging structure expected by a formatting program in SGML terms, as a concurrent document structure.
Text-oriented database management systems typically use inverted file indexes to point into documents, or subdivisions of them. A search can be made for an occurrence of some word or word pattern within a document or within a subdivision of one. Meaningful subdivisions of input documents will of course be closely related to the subdivisions specified using descriptive markup. It is thus simple for textual database systems to take advantage of SGML-tagged documents.
Hypertext systems improve on other methods of handling text by supporting associative links within and across documents. Again, the basic building block needed for such systems is also a basic building block of SGML markup: the ability to identify and to link together individual document elements is an inherent a part of the SGML protocol. By tagging links explicitly, rather than using proprietary software, developers of hypertexts can be sure that the resources they create will continue to be useful. To load an SGML document into a hypertext system requires only a processor which can correctly interpret SGML tags. HTTP servers in wide use for network computing are suitable to interpret SGML.
Although markup languages exist in accordance with the SGML standard that permit the user to manipulate documents according to logical content identified by tags within a document, conventional markup languages have not fully addressed the special problems associated with documents involved in signature transactions. A particular need exists for a flexible markup language that permits a document designer to create documents that are designed to comply with legal requirements and other protocols of a wide variety of particular transaction contexts that involve signatures. Also, a need exists for a markup language that permits the design of documents that are machine processable and human readable. A further need exists for electronic documents that can be subdivided or redacted as transmitted in parts, wherein the integrity of the document and the validity of the signature remains.
The benefits of a flexible, powerful markup language may best be understood by reference to a number of specific transaction contexts in which such a language is particularly useful. These transaction contexts relate to embodiments of the invention. One such context is in the area of financial instruments, and particularly electronic funds transfer instruments. These contexts are described merely by way of illustrations and it should be understood that any context in which signed documents are used may benefit from the present invention.
As seen in FIG. 1, in a typical financial transaction 10 a payer 12 transfers funds to a payee 14. Individual payers and payees prefer different payment methods at different times, including cash, checks, credit cards and debit cards. The transfer of funds between the payer 12 and the payee 14 may involve intermediate transactions with one or more banking institutions 16. The banks"" functions include collecting and holding funds deposited by account holders and responding to instructions from the account holders. Checks are an example of financial transactions which invoke these banking institution functions.
FIG. 2 shows a paper check transaction 20, in which a check 22 is transferred from the payer 12 to the payee 14. The check 22 is typically found in a checkbook 24. Each check has several blank spaces (for the date 34, the name of the payee 30, the sum of money to be paid 28, and the signature of the payee 38) to be filled out by the payer 12. As each check is written, the payer 12 keeps a record of the check in a check register 26 which lists check transactions including the sum to be paid 28, the name of the payee 30, the identification number of the check 32, and the date of the transaction 34.
In the body of the check 22, the payer 12 instructs the payer""s bank 36 to pay the stated sum of money 28 to the payee 14. The check 22 identifies the payer""s bank 36, the payer""s account number 40 (using magnetically readable characters) at the payer""s bank, and the payer 23 (usually by printed name and address). After filling in the date 34, the name of the payee 30 and the sum of money 28 as ordered by the payee 14, the payer signs the check 22. A payee typically considers a check authentic and accepts it for payment only if it contains the signature 38 of the payer, the printed identification of the payer 23 and the printed name and logo 42 of the payer""s bank 36, and does not appear to be altered. The check 22 also contains a routing and transit number 25 which indicates the routing of the check to the payer""s bank 36 for presentment.
After the payer 12 presents the completed check 22 to the payee 14 in a financial transaction (such as a sale of goods or services), the payee 14 endorses the check 22 on the back with instruction to deposit the amount 28 with the payee""s bank 46. If the check looks authentic, the payee bank 46 provisionally credits the payee""s account 48 for the amount of money designated on the face of the check 28 pending clearance through the federal reserve system and acceptance and payment by the payer""s bank 36.
The payee""s bank 46 routes the check 22 to the payer""s bank, possibly using the federal reserve bank clearing house 50 or other established clearing arrangement, which uses the routing and transit number 25 to deliver it to the payer""s bank 36, which then verifies the authenticity of the check 22 and (at least for some checks) the signature 38 of the payer 12. If the check 22 is authentic and the payer 12 has sufficient funds in her account 40 to cover the amount of the check 28, the payer""s bank 36 debits the payer""s account 40 and transfers funds to the payee""s bank 46 for the amount designated on the check 28. A complete check transaction 20 thus includes verification steps performed by the payee 14 and the payer""s and payee""s banks 36 and 46.
The banks 36 and 46 send bank statements 52 and 54 to the payer 12 and payee 14, respectively, which reflect events of the transaction 20 pertinent to each of the parties for reconciliation of their accounts with their records.
Processing a paper check requires time as the physical check is routed to the payer, the payee, the payee""s bank, the clearing house and/or the payer""s bank. The same is true of other types of financial transactions involving paper instruments, such as credit card slips generated during a credit card sale. In a credit card transaction, a merchant makes an impression of the customer""s card, which the customer then signs, to function as a receipt for the transaction. The merchant typically obtains a positive acknowledgment or credit authorization from the customer""s credit card company before accepting the credit card slip. This assures that payment will be received.
Several mechanisms for using electronic communication to substitute for paper flow in financial transactions are in use or have been proposed.
Electronic Check Presentment (ECP) is a standard banking channel used to clear checks collected by banks prior to or without routing the physical checks. The Automated Clearing House (ACH) is an electronic funds transfer system used by retail and commercial organizations. The ACH acts as a normal clearing house, receiving a transaction over the network and then splitting and routing the debit and credit portions of the transaction to the payer""s and the payee""s banks. Electronic Data Interchange (EDI) is a similar electronic transactional system, primarily used for the interchange of business documents such as invoices and contracts. With EDI, the funds transfer is frequently transmitted over other financial networks, such as through electronic funds transfer or ACH.
So-called home banking allows a consumer to use a home or personal computer to, e.g., request that the bank pay certain bills.
Electronic funds transfer (EFT), or wire transfer, is used for direct transfer of funds from a payer to a payee, both usually corporations, using a bank""s centralized computer as an intermediary. The EFT system may be used in conjunction with the ACH system described above.
Automatic teller machines (ATM) and point of sale (POS) devices allow an individual to conduct a transaction from a location outside the home. ATMs have remote computer terminals connected to the user""s bank which allow access, directly or indirectly through switching networks, to the user""s account in the central computer of the bank. Similarly, POS devices are remote computer terminals located at a place of business which allow access to an individual""s account information stored in a computer within a network of financial institutions, to permit transfer of funds from the user""s account to the merchant""s account at another bank.
Check imaging, another electronic transaction procedure, involves the scanning of a paper check by a scanner, which digitizes the image of the check pixel by pixel and stores the image electronically in a memory. The image may then be transferred electronically to substitute for or precede the physical delivery of the check, e.g., to truncate the clearing process. The image of the check may be recreated on a computer monitor or on paper for verification by the appropriate banking institutions.
Several systems are currently used to secure electronic financial transactions. For example, IC chip cards, or smart cards, are small devices (containing chips with memories) which are capable of exchanging data with a computer or a terminal and of performing simple data processing functions, and are thus more versatile than a simple credit card. The smart card is portable and may be easily used in POS and ATM environments.
Other embodiments of the invention relate to execution of legal documents, completion of mortgage applications, and transmission of signed medical records.
As seen in FIG. 18, in a typical contract transaction 401 a first signer 410 signs a legal document 483 and delivers the document to a second signer 422. The document may pass through various intermediaries 421, such as a notary, for other actions, such as notarization. Also, the document may be passed on to various third parties 425 who will read the document in order to verify the signature or the contents of the document. A third party 425 could be a judge, arbitrator 423, escrow agent 427, or other party whose action depends on the contents of the document and the signature.
Referring to FIG. 21, a typical contract transaction 481 is depicted in which the first signer 410 signs a document 483. In addition to substantive contract clauses, the document may include the names of the parties 484, the date 486, a signature line 470, a second signature line 472, a notarization line 474 and other features. Once signed by the first signer 410 the document may be transmitted to a second signer 422. The second signer may sign the document with the second signer""s signature 480 at the second signature line 472. The document may then be notarized by a notary 421 with a notarization 482 at the notarization line 474. The document may be transmitted to various third party readers 423. For example, the contract may provide for an escrow of funds with an escrow agent, and the document may need to be transmitted to the escrow agent in order to permit the escrow agent to understand the conditions under which the funds will be released.
In contract transactions such as that depicted in FIG. 21, it is often a condition of the contract that certain information exchanged between the parties be kept confidential. In particular, certain terms of the contract are often required to be kept confidential. However, one or more parties may need to demonstrate to a third party that the contract has been signed as to certain other terms, Often, the third party does not need to know all terms of the contract, only that the contract has been signed as to certain terms. For example, the escrow agent only needs to know the terms of the escrow arrangement, not all of the terms of the business relationship between the parties. Similarly, third parties relying on a statement by one signer that the signer owns certain property only need to see the provisions of the contract that relate to ownership of property. The dilemma is that under known electronic document processing systems, where the signer signs the entire file, such a demonstration requires the disclosure of the entire file. With paper transactions, the confidential information can be blacked out, so that only the relevant information and the signature remains. With an electronic file, such redaction places in question the integrity of the entire document, as well as the validity of the signature. A need has arisen to provide the convenience and flexibility of electronic contracting, along with the security and familiarity of known paper contracting methods.
As with electronic checks, a need also exists for electronic contracts to remain human readable. That is, an individual should be able to read the contract or a portion of the contract on the screen or in a printout and obtain any relevant information that can be obtained through electronic processing. The need for human readability arises from, among other things, the fact that not all readers will have computer systems that are capable of reading the electronic form of the documents.
A mortgage loan application is one type of legal document that may be prepared in accordance with the present invention. Referring to FIG. 19, in typical mortgage transaction 489, a borrower 452 signs a loan application 490. The loan application may be signed at various signature lines. The loan application is then transmitted to a lender in some cases through an intermediary such as a broker 455. The application may then be reviewed and acted upon by various third parties 456, such as mortgage lenders, credit reporting agencies, banking institutions and the like.
Referring to FIG. 22, a typical mortgage loan application transaction 489 is depicted in which the borrower 452 submits a mortgage application 490. The mortgage application 490 may include various information such as the date 491, the names of the parties 493, various signature lines for particular clauses 492, 494, and a signature line 498 for the entire application for the borrower, as well as a signature lines 500, 501 for the lender and for the broker 455. The mortgage application, once signed by the borrower at the signature lines 492, 494 and 498, may be transmitted to the lender 454. The lender may then sign with the lender""s signature 505 at the lender""s signature line 501 and transmit it to the lender. The broker 455 may also sign at the signature line 500. The document may then be sent on to one or more third parties 456 such as a bank for review. Also other parties may need to see the application, such as a credit reporting agency or an appraiser, to verify that the borrower has given permission to reveal information contained in the application or in a credit report. Once the credit reporting agency and other third party has reported to the lender 454, the lender 454 may then approve the loan and provide an approval 508 to the borrower 452.
Mortgage loan transactions raise similar confidentiality concerns as legal contracts. A credit reporting agency may only need to see the part of the application that authorizes a credit report, but known electronic techniques require the signer to sign the entire file; thus, in order to ensure the validity of the signature, the credit reporting agency must receive the entire document. Other third parties may also need to see only part of the application. Accordingly, a need has arisen to provide for transmission of part of a mortgage loan application while ensuring the integrity and validity of the signature, as well as of the information in the part that is transmitted.
A mortgage application needs to be human readable, because various parties who will read part or all of the document, such as credit agencies, appraisers or the like may not have computer systems that are capable of reading electronic documents. Human readability permits the continued application of existing customs and legal rules, increasing the comfort of users with electronic document processing.
Referring to FIG. 20, another type of document that requires signatures and is subject to various legal requirements is a patient""s medical record 520. A first doctor 462 may sign the medical record or part of the medical record and transmit it to a second doctor 464 who may add additional information and signatures to the document. The document may be transferred through or to various intermediaries 467, or third parties 468, such as the patent, other doctors, hospital administrators, insurance companies, guardians, family members and the like.
Referring to FIG. 23, a depiction of a medical record transaction 521 is provided. A first doctor 462 may sign a record 520. The record may include one or more dates 530, 532. The medical record 520 may include various health-related content items such as a diagnosis 522, prescription 524, or an action taken 523, as well as other content items, such as health insurance information 525. The record 520 may include a signature line 528 for the first doctor 462 and a signature line 529 for other items to be signed by a second doctor 464. Once the medical record is signed and completed by a first doctor 462, it may be transmitted to the second doctor 464 for signature 534 by the second doctor 464 at the second doctor""s signature line 529. Once the medical record 520 is signed by one or more doctors, it may be transmitted to an intermediary 467, such as a hospital administration, or to a third party 468 such as an insurance company, a medical records sections of the hospital, a guardian, a family member or the patient. One or more of these parties may be required to take action 537, for example to sign the record, to indicate consent to procedures, to indicate insurance coverage, or for other purposes. These parties may need to rely on the signature of the doctors 462, 464 in order to take action on the medical record.
Medical records are like contracts and loan applications in that they contain confidential information that may need to be read by third parties, such as patient health information, insurance information and the like, but most of the third parties only need access to certain portions of the information. For example, an insurer may need to know the diagnosis, but may be excluded from consideration certain information in the record, such as HIV status. Similarly, a doctor diagnosing a medical condition may not need to know insurance eligibility. Under current electronic document systems, in order for the reader to ensure the integrity of the record and the validity of the signature, the entire file is disclosed. A need exists to be able to transmit portions of a signed medical record while ensuring the integrity of the record and the validity of the signature
Medical records also need to be human readable. Many of the parties who will read the records, such as doctors and nurses may not have immediate access to computer systems for processing the documents. Also, human readability permits parties in the medical field to continue to use customary practices in dealing with such records. Moreover, if documents remain human readable, then existing legal rules for paper records can be applied to electronic records. Medical records also need to be readable in segments. For example, a health insurer may be entitled to know a particular diagnosis or prescription without having knowledge of a patient""s entire medical history.
The invention includes a computer-based method for creating a signed electronic documents.
In one aspect, the invention includes a markup language according to the SGML standard in which document type definitions are created under which electronic documents are divided into blocks that are associated with logical fields that are specific to the type of block. Each of many different types of electronic documents can have a record mapping to a particular environment, such as a legacy environment of a banking network, a hospital""s computer environment for electronic record keeping, a lending institution""s computer environment for processing loan applications, or a court or arbitrator""s computer system. Semantic document type definitions for various electronic document types (including, for example, electronic checks, mortgage applications, medical records, prescriptions, contracts, and the like) can be formed using mapping techniques between the logical content of the document and the block that is defined to include such content. Also, the various document types are preferably defined to satisfy existing customs, protocols and legal rules. For example, in the case where the electronic document is an electronic check, the document type definition for electronic checks can be designed to comply with Regulation E, of the Uniform Commercial Code and other state and federal laws for payment instruments. An example of a document type definition for the electronic check is depicted in FIG. 43. Where the document is a medical record, the document type definition can be designed to comply with health care regulations. When the document is a mortgage loan application, the document can be designed to comply with mortgage lending regulations. Other embodiments can be readily envisioned for other types of documents in other contexts that are legally required to have particular content. Document type definitions in FSML or SGML can thus be applied to legally significant communications, such as performative utterances, in a manner that permits the establishment of rules and protocols for handling content for that type of communication. Thus, a content block for the xe2x80x9cpay to the order ofxe2x80x9d block of a check can be defined, and the associated computer software will treat the content in that block as the identification of the payee of the check. Similar protocols can be established for all types of significant content, including content relevant to business practices and legal rules.
In one embodiment, the invention features a computer-based method in which an electronic instrument is created for effecting a transfer of funds from an account of a payer in a funds-holding institution to a payee, the instrument including an electronic signature of the payer. A digital representation of a verifiable certificate by the institution of the authenticity of the account, the payer, and the public key of the payer is appended to the instrument. This enables a party receiving the instrument, e.g., the payee or a bank, to verify the payer""s signature on the instrument. A similar certificate of authenticity could also be issued in other contexts. For example, a certifying authority could certify that a doctor is properly licensed and authorized to sign a prescription. A certifying authority could certify as to the creditworthiness of a borrower in a transaction. A certifying authority could certify as to the authority of an individual to sign a contract for a given company. These examples are merely illustrative of all transactions in which a certifying entity participates.
Implementations of the invention may also include one or more of the following features. The electronic instrument may include digital representations of the content of the document. In the case of the electronic check, this may include: (a) payment instructions, (b) the identity of the payer, (c) the identity of the payee, and (d) the identity of the funds-holding institution. In the case of medical records, the digital representations may include the identities of the doctor or doctors, the identity of the patient, the identity of the hospital, as the identity of an insurer. In the case of a mortgage application, the identities of borrower, lender, broker, and other parties and relevant third parties may be digitally represented. In the case of a contract, the identities of all parties may be digitally represented. Digital representations of a verifiable signature of a signing party, such as the payer of an electronic check, may also be appended to the electronic document. The electronic document may be delivered electronically to the institution at least in part via a publicly accessible data communication medium. At the receiving party, the signature of the signer and the certificate may be verified in connection with whatever action is required by the receiving party, such as transmitting funds to the payee in the case of the electronic check. In the case of the electronic check, an account number may be included in the electronic instrument. In other embodiments, similar identifying information, such as the patient""s health insurance code number, the number of a given loan application or contract, or the like, may be included. In the electronic check embodiment, the account may be a deposit account or a credit account. The instrument may be an electronic substitute for a check, a traveler""s check, a certified check, a cashier""s check, or a credit card charge slip. In all embodiments, the publicly accessible data communication medium may be unsecured.
Also appended to the electronic document may be digital representations of a verifiable signature of a second signer. The second signer may be the payee of an electronic check, a second or doctor, a mortgage lender, for example. A verifiable certificate by a third party, such as an institution which holds an account of the payee of an electronic check, or a credit institution in the case of a mortgage application, may also be appended, as may be a verifiable certificate by a central authority, such as a banking authority, with respect to the third party, such as the institution which holds the payee""s account in the case of the electronic check.
Delivery of the electronic document may be in part via a private controlled secure communication medium and in part via a publicly accessible data communication medium. The electronic document may be delivered from one third party to another, such as from an institution which holds an account of the payee to the funds-holding institution via an electronic clearing house in the case of an electronic check, from a broker to a lender in the case of a mortgage loan application, or from a hospital to an insurance company in the case of a medical record, for example.
A party reading the signature of the first signer can verify the signature and the certificate of any party certifying the signature. In the case of the electronic check, at the payee, the signature of the payer and the certificate of the institution may be verified. Other signatures and certificates may be verified by other parties to various transactions. Thus, in the case of the electronic check, at the institution holding an account of the payee, the signature of the payer and the certificate of the funds-holding institution may be verified.
The signatures may be generated by public key cryptography. The appending step may be done by a separate signature device from the device which performs the creation of the electronic document.
Digital representations of a proposed transaction and a verifiable signature of the party initiating or proposing a transaction, such as a payee of a check, may be delivered from that party to the other party, such as the payer of an electronic check, at least in part via the publicly accessible communication network.
Information may be automatically transferred from the electronic document to a computer-based data storage, manipulation, access and retrieval system, such as an accounting system that tracks accounts receivable or processes orders. A log or database of information about electronic document transactions may be created,
In general, in another aspect, the invention features an apparatus including a portable token having a memory, a processor, and a port for communication with a computer. The memory contains a private encryption key associated with a party or with another item associated with that party, such as an account in a funds-holding institution, or a health insurance number, and which is usable to append a secure, verifiable signature to an electronic payment document executed in connection with the item, such as a check drafted on an account or a claim against a health insurance policy.
Implementations of the invention may include one or more of the following features. The memory may contain certification information provided by the institution and which is usable to append secure, verifiable certificates to electronic documents to certify a relationship between an owner of the signature and a public key of the owner. A unique identifier may be assigned to each electronic document. The portable token may be a PCMCIA compatible card, smart card or smart disk, which may internally hold a private signature key and a secure memory for the check serial number. The certification information may be given a limited useful life. The memory may also contain certification information provided by a third party authority, such as a central banking authority in the case of an electronic check, and which is usable to append secure, verifiable certificates to electronic documents to certify the authenticity of a party, such as the funds-holding institution in the case of the electronic check. The certification information provided by the third party authority may have a limited useful life. In the electronic check embodiment of the present invention, the central banking authority may be a United States Federal Reserve Bank. The memory may also contain a complete or partial register of electronic documents, or a subset of the information contained in the documents, to which signatures have been appended. The appended signature may be a signature of any party to a transaction, such as a payer who holds the account in the institution, an endorsement signature of a payee, a signature of a doctor or patient, a signature of a borrower, broker or lender, or the signature of a contracting party. The memory may also contain a personal identification number for controlling access to the memory.
In general, in another aspect, the invention features a computer-based method of creating an electronic document. Digital data is formed which represents the identity of each party to the transaction, and other relevant facts to the transaction, such as the amount to be paid in the case of an electronic check, or the amount of medicine in the case of an electronic prescription that is part of a medical record. Then, in a secure hardware token, a digital signature is appended to the data.
In another aspect the invention features having a second signer sign an electronic document and enter information about a transaction in digital form into the secure hardware token and, in the token, append a digital signature to the digital information. In the electronic check embodiment, the invention features a computer-based method of endorsing a payment instrument by entering information included in the payment instrument in digital form into a secure hardware token and, in the token, appending a digital signature to the digital information.
In general, in another aspect, the invention features a computer-based method for regulating the use of account numbers with respect to accounts in a funds-holding institution. Digital account numbers are assigned for use by account holders in creating electronic instruments, the digital account numbers being distinct from non-electronic account numbers used by account holders with respect to non-electronic instruments. At the funds-holding institution, electronic instruments are then accepted from account holders only if the electronic instruments include one of the digital account numbers. In implementations of this feature, each digital account number may be linked with a non-electronic account number, and the two numbers may be linked with a common account in the institution, so that electronic instruments and non-electronic instruments may be drawn against the same account. A similar aspect can be applied to regulating unique identifying numbers to information in a particular mortgage application, contract, medical record, or other electronic document.
In general, in another aspect, the invention features a computer-based method of attaching a document to a related electronic document by forming a cryptographic hash of the document and appending the hash to the electronic document. In particular, the invention includes a method for calculating hashes of blocks of content within the document, appending the hashes to document name tags of the blocks, hashing the appended result, and signing the hash.
In general, in another aspect, the invention features a computer-based method for reducing fraud with respect to transmission of an electronic document, such as deposit of an electronic payment instrument with a funds-holding institution. A key-encrypted signature of a first party, such as a payee in the case of the electronic check, a public key of the party, a routing code of an institution or third party, and a number associated with information of the first party associated with the transaction, such as the number of the payee""s account in the institution in the case of the electronic check, are included with the document, and, at the third party, there is automatic checking of the routing code and the number before accepting the electronic document.
In general, in another aspect, the invention features a computer-based method for reducing fraud associated with an electronic payment document. A cryptographic signature associated with a party to the document is appended to the document or to part of the document. Upon receipt of an electronic document, there is automatic checking of the cryptographic signature against cryptographic signature information of other electronic documents previously received.
Advantages of the invention may include one or more of the following.
The invention provides an all-electronic payments and deposit gathering instrument that can be initiated from a variety of devices, such as a personal computer, screen phone, ATM or payments accounting system. Financial accounts may be rapidly and securely settled between trading partners over open public or proprietary networks, without requiring pre-arrangement, by interconnection with the existing bank clearing and settlement systems infrastructure. The integration of controlled existing banking communication systems with rapidly growing public networks in a secure fashion will allow for implementation and acceptance by banking institutions, industry, and consumers.
The invention addresses the problem of gathering deposits electronically over public networks, since it enables all customers, retail and commercial, to gather, transmit and deposit, e.g., checks, into their accounts without physically going to a bank branch. The invention provides an electronic payment alternative for trading using public data networks to conduct transactions.
The invention to a degree electronically replicates heavily-used and well-understood existing paper check processes to enable it to be readily accepted by the marketplace. By retaining the basic characteristics and flexibility of, e.g., the paper check, the invention may be adopted more rapidly. Due to its similarity to, e.g., paper checks, the invention can be used within the structure of existing laws, regulations, and standard business practices. Similarly, the medical records, loan applications, electronic contracts and other embodiments of the present invention can be used within existing legal and business structures.
A variety of types of payment instruments may be implemented, e.g., certified checks, cashiers"" checks and credit card charge slips, and additional capabilities may be provided, e.g., future dating, limit checks, and multi-currency payments.
The invention may be used in all market segments, from individual consumers to large corporations. It will enable businesses to complete safely and cheaply payments over public networks, to prepare and transmit medical records, to execute and transmit contracts, to complete and process loan applications, and to engage in other transactions that require signatures. Because the contents of the electronic document, or part of the electronic document, may be attached to a party""s remittance information, the instrument will easily integrate with existing or new computer applications, such as accounts receivable systems, claim tracking systems, database applications and the like.
The security of the electronic documents enables open public networks to be linked to private networks, such as financial payments and bank clearing networks, hospital networks, or the like, in a secure fashion. The use of digital signatures, hardware based signing, and certification agents, such as banks, make the electronic documents trusted and secure. They are tamper-resistant due to the use of cryptographic signatures. This will provide greater security and reduced fraud losses for all parties in the transaction process by eliminating most of the common causes of bad transactions, such as bad paper checks, fake prescriptions, and the like. To provide confidentiality, the documents may also be encrypted when sent over public networks.
The use of public-key certificates enables easy electronic authentication by a contracting party such as a payee of a check, and third parties such as the payee""s and payer""s banks. Digital signatures can be validated automatically.
Since the system can be fully automated, and new processing can be done outside of existing applications, such as a standard Demand Deposit Account (DDA), the cost of processing an electronic document will be quite low, and the costs of implementation minimized. To further minimize implementation costs, in the electronic check embodiment, the electronic instruments may be integrated with the existing bank infrastructure, including some of the mechanisms currently used for interbank clearing of checks and electronic payments, such as bilateral arrangements, ACH and ECP.
In all embodiments, parties of all sizes gain substantial benefits. The use of electronic documents will be more cost effective than existing paper documents due to volume efficiencies and the automatic processing capabilities of computers. The use of electronic mail or electronic transmission is less costly than physically transporting paper. In addition to the significantly reduced costs of creating and mailing a document (no check stock, envelopes, stamps, photocopies or incremental labor), the party gains the ability to control the timing of transactions, such as payments, both through future dating of transactions and through the increased reliability and delivery speeds of electronic mail.
The invention addresses the problem of fraud and supports prudent fraud management through integrated fraud prevention measures and distributed liability for fraud. These mechanisms will reduce most of the current causes of fraud, including forgery, alteration, duplication, and fraudulent depositing. In addition, because the electronic check implementation follows the check payment model, the potential liability of the banks for fraudulent transactions will be limited while equitably sharing the responsibilities for the integrity of the system among payer, payee, and banks.
An electronic document may be signed and transmitted from personal financial software and other computing applications, through the use of an open programmatic tool set and application programming interfaces. Electronic instruments capability can be directly integrated into a payer""s application, and does not require that a payer xe2x80x9cgo off-linexe2x80x9d to complete a transaction. This benefit will be available to both consumers, through integrations with packages such as Intuit""s Quicken(trademark), and businesses through integration with existing accounting systems.
Electronic documents of the present invention have the further advantage that a signer can sign and transmit part of the electronic document, and a third party receiver of part of the document can read that part, without being given access to other parts, and verify that the part is part of a document that is subject to a valid, certified signature.
Other advantages and features of the invention will become apparent from the following description and from the claims.
Advantages and features of the invention may be better understood by reference to certain definitions.
The term xe2x80x9cclient,xe2x80x9d as used herein, encompasses any data processing systems suitable for operating a processor according to the invention and for establishing a communication link to an Internet site. An Internet site can be any program running on a data processing platform that connects to the Internet and that receives access requests, whether under HTTP, FTP or any other conventional or proprietary transfer protocol.
The term xe2x80x9capplication program,xe2x80x9d as used herein, encompasses any computer file that contains or manipulates data in a format for being accessed and processed by the processing unit of a computer.
The term xe2x80x9cdisk,xe2x80x9d as used herein, encompasses any memory device that can store computer data and that provides an interface for accessing the stored data.
The term xe2x80x9cnetwork,xe2x80x9d as used herein, encompasses any system comprising a series of computers linked by telecommunications networks and may include the Internet, intranets, or other computer networks.
The term xe2x80x9cbrowser,xe2x80x9d as used herein, encompasses any application program which allows for multimedia presentation of information, including text images, sound and video clips. Typically a browser allows the user to connect by the Internet to different sites on the Internet.
The term xe2x80x9chypertext linkxe2x80x9d as used herein, encompasses any graphical icon, button, highlighted text or other symbol that permits a computer to direct a server to display a page of a site which is associated with the hypertext link.
The term xe2x80x9cURLxe2x80x9d means xe2x80x9cuniform resource locatorxe2x80x9d and the term encompasses the address of a network site that is accessed by clicking or initiating a hypertext link that is associated with the URL.
The term xe2x80x9cHTMLxe2x80x9d means hypertext markup language, which refers to languages for the creation of pages of the type capable of being viewed by a browser.
The term xe2x80x9cFSMLxe2x80x9d means xe2x80x9cFinancial Services Markup Language,xe2x80x9d in accordance with the present invention.
The term xe2x80x9cHTTPxe2x80x9d as used herein, shall encompass the xe2x80x9cHyperText Transfer Protocolxe2x80x9d, which shall mean a protocol under which messages are sent over the Internet from clients to servers in the client/server model of distributed computing.