1. Field of the Invention
The present invention relates to the process of obtaining an electronic signature for a document. More specifically, the present invention relates to a method and an apparatus that enables an application to obtain an electronic signature for a document from a browser.
2. Related Art
As businesses increasingly make use of the Internet to conduct commercial transactions, it is becoming important to be able to electronically sign documents for purposes of transaction authorization and non-repudiation. Existing methods of electronically signing documents, while somewhat effective, present many difficulties when used in commercial transactions.
For example, FIG. 1 illustrates the process of electronically signing a document. The system in FIG. 1 includes a client 102, which hosts a browser 104, and a web server 106, which hosts an application 108. During operation of web server 106, application 108 requests an electronic signature for a document by sending a request 110 to browser 104. Browser 104 then signs the document and returns the signature 112 to application 108. In order to accomplish this signing process, application 108 needs to be aware of the display language, the browser type and version, and the signing mechanism supported by the electronic signature infrastructure associated with the browser instance.
Possible display languages include hypertext markup language (HTML), JAVA services page (JSP), and various graphical user interface languages (GUI), while possible browsers include Internet Explorer, Netscape Navigator, and Opera. (JAVA is a trademark of SUN Microsystems, Inc., Internet Explorer is a trademark of Microsoft, Inc., Netscape Navigator is a trademark of Netscape Communications Corporation, and Opera is a trademark of Opera Software ASA.)
Each browser instance can be associated with an electronic signature infrastructure that supports a proprietary method for signing documents. Note that electronic signature infrastructures can support a number of different signing mechanisms, for example based on: passwords, smart cards, handwriting acquisition, fingerprint analysis, and digital signatures (based on private key/pubic key pairs). Note that, there are many security platforms that support electronic signatures provided by companies such as Verisign, RSA, Entrust, Baltimore, and Identrus.
Thus, there are many combinations of display language, browser type and version, and signing protocol. Hence, if any of these combinations changes, application 108 must be reprogrammed to accommodate the change. This is a time-consuming process, which requires the application developer to be intimately familiar with specific display languages, browser types and signing mechanisms.
Hence, what is needed is a method and an apparatus for obtaining electronic signatures from browsers without the problems described above.