Generally described, the ability for individuals to communicate, exchange information and make binding agreements in the form of enforceable contracts is an essential aspect of most business transactions. In the typical conventional embodiment, the execution of a contract between two or more parties requires the physical execution of a paper contract by each of the parties involved. If the parties are remote from each other, the contract is typically delivered to each respective party via a delivery service, such as the mail service. Accordingly, the execution of a contract can take some time and the previous signatories can have difficulty determining whether subsequent signatories have properly executed the contract and obtaining copies of the completely executed agreement.
The development of communication technologies has attempted to facilitate the execution of agreements between remote parties. In accordance with one conventional aspect, a first party executes an original contract and transmits a reproduction of the contract, such as through a facsimile device, to a subsequent signatory. The subsequent signatory executes an original signature of the reproduction and can then forward a reproduction to a next signatory for execution. Although the use of electronic reproduction devices, such as facsimile machines, facilitates the execution of agreements in a shorter time frame, this approach can be deficient for a number of reasons. In one aspect, repeated electronic reproductions of agreements and signatures can often degrade the legibility of the agreement. Additionally, similar to above-referenced embodiment, previous signatories can have difficulty determining whether subsequent signatories have properly executed the contract and obtaining copies of the completely executed agreement. Additionally, such technologies require signatures to be applied to non-original copies with non-original signatures on those copies.
The development of computing devices, such as personal computers, and communication networks, such as the Internet, has begun providing individuals with efficient means of transferring information, regardless of the physical location of the individuals. For example, the advent of word processing and communication software applications can allow two individuals to view, modify and transmit textual data, such as contracts, to a number of remote parties with little or no noticeable delay. However, because of the nature in which the data is transmitted over the communication network, the traditional transfer of data between computers is susceptible to unauthorized access of the data, unauthorized substitution of the data during transfer or while stored on computers or communication network components, and possible fraud. Accordingly, the traditional transfer of data between computers is deficient for creating, executing, and transferring legal documents, such as contracts.
One approach to securing documents from unauthorized access involves the use of mathematical encryption algorithms. In accordance with an encryption model, a sender scrambles the contents of an electronic document by applying a mathematical algorithm that can only be unscrambled by an authorized user having possession of an encryption key. In one conventional embodiment, the sender and recipient exchange a common encryption key known only to the sender and the recipient. This approach is generally referred to as a symmetric encryption key format. Although use of symmetric encryption keys can facilitate secure communications, this approach can become deficient because it requires the sender and recipient to securely share the symmetric key prior to establishing communications with one another. Accordingly, a transmission of a document to several parties would potentially require a sender to maintain a number of symmetric encryption keys. Moreover, the repeated use of the same encryption key could potentially allow an unauthorized user to discover the encryption key and compromise the security of the transmission.
In another encryption embodiment, the sender and recipient can exchange public encryption keys while maintaining private keys. This approach is generally referred to as an asymmetric encryption key format. In accordance with this embodiment, all communications directed to a party are encrypted with the party's public key, which can be readily distributed to a number of parties. The public key-encrypted document can only be decrypted by the party's private key, which does not need to be distributed. If the recipient maintains the integrity of the private key, he or she then becomes the only person who can decrypt and view the data.
Although the asymmetric encryption key approach does not require parties to agree upon a symmetric encryption key, this approach still requires the parties to exchange at least a public key, and for each communication to be encrypted according to the specific public keys distributed by each party. Likewise, the divulgence of the private key by the recipient, either on purpose (as a way to disavow the security of the transmission) or because it is unexpectedly acquired by an unauthorized party, could further compromise the security of the transmission.
In still another aspect, encryption can be implemented without requiring additional effort by the individual user. In accordance with this aspect, a user accesses a software application program that can establish encryption protocols between the communication servers on the network. For example, an Internet browser application can utilize encryption protocols such as a secure sockets layer (“SSL”) and transport layer security (“TLS”) for exchanging encryption keys with Internet Web servers. In accordance with these aspects, the end user is not required to initiate the encryption of any documents or the decryption, as it is done after the user submits data and prior to the user viewing the data.
The use of embedded encryption technology facilitates secure communication between two parties over a communication network. However, current implementations can become deficient in attempting to authenticate an identity of a user, such as for executing legally binding agreements. In one aspect, a user may manipulate a user interface, such as a graphical user interface, to click an “I agree” button. Although this approach allows for the recordation of some user intent to be bound, this approach is generally insufficient to establish the identity of the user, whether they expressed an indication to be bound, what exactly was agreed to, does not support agreements among more than two parties, and the electronic record created is not generally provided to all parties for future reference.
Another approach of establishing the identity of, and legally binding, a user involves the appending of a digital signature to an electronic document and encoding the digital signature using asymmetric encryption technology. In this embodiment, the user would append an electronic signature to a digital document and encrypt the digital signature with the user's private key. Upon receipt of the electronically signed document, a recipient could verify the validity of the electronic signature by using the public key of the user to verify the contents. Without the private key, neither the digital signature nor the document could be altered in any manner without allowing all the parties to know it had been altered. However, as previously stated, the use of asymmetric encryption technologies still requires users to exchange public keys and be able to utilize encryption tools. Moreover, many of these approaches utilize third-party companies that must issue digital certificates of authentication to establish the identities of the signatories' public keys. Such digital certificates must be established prior to communications and must also be exchanged between communicating parties.
Based on the above-described deficiencies associated with encryption technology in general, and its application to verifying the identity of and establishing legally binding electronic signatures, there is a need for a system and method for securely transferring and processing the documents, including affixing digital signatures and implementing varied levels of user identification.