WO2019077436A1 - A system and method of electronically signing an electronic document or electronic transaction data - Google Patents

A system and method of electronically signing an electronic document or electronic transaction data Download PDF

Info

Publication number
WO2019077436A1
WO2019077436A1 PCT/IB2018/057746 IB2018057746W WO2019077436A1 WO 2019077436 A1 WO2019077436 A1 WO 2019077436A1 IB 2018057746 W IB2018057746 W IB 2018057746W WO 2019077436 A1 WO2019077436 A1 WO 2019077436A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic document
transaction data
data
signatory
document
Prior art date
Application number
PCT/IB2018/057746
Other languages
French (fr)
Inventor
Andrew Keneth Anthony PAPASTEFANOU
Original Assignee
Impression Signatures (Proprietary) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Impression Signatures (Proprietary) Limited filed Critical Impression Signatures (Proprietary) Limited
Priority to ZA2019/01189A priority Critical patent/ZA201901189B/en
Publication of WO2019077436A1 publication Critical patent/WO2019077436A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Definitions

  • the present application relates to a system and method of electronically signing an electronic document or electronic transaction data.
  • a system for electronically signing an electronic document or electronic transaction data including: a non-transitory data-storage device having stored therein identification data identifying a plurality of signatories and for each signatory the identification of an associated mobile communications device; a USSD communication module; and a processor operably coupled to the USSD communication module and the non-transitory data-storage device, the processor programmed to receive an instruction to initiate an electronic document or electronic transaction data signature process including an identification of an electronic document or electronic transaction data and a signatory for the document or electronic transaction data and in response thereto to: transmit a signature confirmation request via the USSD communication module to a mobile communications device associated with the signatory requesting the signatory to either confirm or decline the electronic signing of the electronic document or electronic transaction data and wait for a reply from the mobile communications device; and upon receipt of a USSD reply from the signatory confirming the electronic signing, generating and attaching signature data to the electronic document or electronic transaction data indicating that the document or electronic transaction data has been signed by the sign
  • a method of electronically signing an electronic document or electronic transaction data including: storing in a non-transitory data-storage device identification data identifying a plurality of signatories and for each signatory the identification of an associated mobile communications device; using a processor operably coupled to a USSD communication module and the non-transitory data-storage device, the processor programmed to: receive an instruction to initiate an electronic document or transaction data signature process including an identification of an electronic document or transaction data and a signatory for the document; in response thereto to transmit a signature confirmation request via the USSD communication module to a mobile communications device associated with the signatory requesting the signatory to either confirm or decline the electronic signing of the electronic document or transaction data and wait for a reply from the mobile communications device; and upon receipt of a USSD reply from the signatory confirming the electronic signing, generating and attaching signature data to the electronic document or transaction data indicating that the document or transaction data has been signed by the signatory and storing the signed electronic document or transaction data in the data-stor
  • Figure 1 is a block diagram illustrating a system for electronically signing an electronic document
  • Figure 2 is a block diagram illustrating the server of Figure 1 in more detail
  • Figure 3 shows an example electronic document to be signed
  • Figure 4 shows an example chain of custody certificate which is attached to the electronic document once signed.
  • FIG. 1 the figure shows a server 10 that can be accessed via one or more communications networks 12.
  • the communications networks 12 will include the Internet as well as mobile communication networks depending on the specific implementation.
  • a plurality of users 14 access the server 10 using computers 16 and/or mobile communications devices 18, typically in the form of mobile telephones 18.
  • the computers 16 could be one or more of laptop computers, desktop computers, tablet computers or any other suitable computing device, and that the mobile telephones 18 could be smartphones, feature phones or any cellular telephone with access to a GSM network.
  • the users 14 in this illustrative example will sign electronic documents or transactions data and for the remainder of this description will also therefore be referred to as signatories.
  • the server 10 includes a non-transitory data-storage device 20 having stored therein identification data identifying a plurality of signatories 14 and for each signatory the identification of their associated mobile telephone 18.
  • a USSD communication module 22 is used for USSD communication as will be explained below in more detail.
  • a processor 24 is operably coupled to the USSD communication module 22 and the non-transitory data-storage device 20.
  • the server also includes a signing module which forms part of the processor 24.
  • the operation of this signing module will be described in more detail below.
  • the processor 24 is programmed to receive an instruction to initiate an electronic document or transaction data signature process including an identification of an electronic document or transaction data and a signatory for the document.
  • the processor 24 may receive the instruction to initiate the signature process via a message transmitted by the signatory over a mobile network using one of SMS, MMS or USSD protocols in which case the identity of the mobile telephone 18 of the signatory 14 is known.
  • the processor 24 may receive the instruction to initiate the signature process via a message transmitted by the signatory 14 over the internet using their computer 16, and in response thereto the processor 24 will access the data-storage device 20 and retrieve an identification of a mobile telephone 18 associated with the signatory 14.
  • a signature confirmation request is transmitted via the USSD communication module 22 to the retrieved mobile communications device 18 requesting the signatory 20 to either confirm or decline the electronic signing of the electronic document or transaction data.
  • a piece of known information is requested, for example "Please provide your date of birth” or "Please provide your policy number” or "Please provide your ID number”. This is known as Knowledge Based Authentication and this data is submitted along with the initial signature request so that it can be compared with the answer given by the user over USSD
  • the user is requested to enter a One Time Passcode submitted over a separate channel from the USSD itself (either via SMS or Email) for example.
  • a piece of secret information is requested, for example "Please select a password” or “Please confirm your password” or "Please provide a pin”. This is known as Credential Selection and this data is submitted along with the initial signature request so that it can be stored for later verification using USSD.
  • the processor 24 waits for a reply via USSD communication module 22 from the signatory 14 using the mobile communications device 18.
  • the user is typically given a fixed time period to respond. For example, the user only has 60 seconds to answer otherwise the transaction is cancelled and they have another opportunity to respond i.e. the signature transaction is not cancelled but the USSD authentication is cancelled but allowed to be retried.
  • the transaction is signed in the negative whereby the user is effectively stating that "This is me but I do not consent or agree with the contents of the document".
  • the processor 24 generates and attaches signature data to the document by appending a Chain of Custody certificate to the electronic document or transaction data to be signed thereby creating a new combined electronic document or transaction data comprised of at least two portions being the electronic document or transaction data to be signed and the Chain of Custody certificate.
  • the processor 24 attaches the original electronic document or transaction data (without the Chain of Custody certificate) as an attachment within the newly combined electronic document or transaction data so that the original document or transaction data (before attaching the chain of custody certificate) can be reviewed. This is important with multiple signatories because now the state of the document or transaction data for each signatory can be reviewed in the audit trail.
  • the processor 24 attaches the hash of the original electronic document or transaction data (without the Chain of Custody certificate) as an entry within the newly combined electronic document or transaction data so that the hash of the original document or transaction data (before attaching the chain of custody certificate) can be compared. This is important with multiple signatories because now the integrity of the document or transaction data for each signatory can be reviewed in the audit trail.
  • the signature data in turn includes audit trail data and contextual signing information data which are inserted into the Chain of Custody certificate portion of the combined electronic document or transaction data.
  • the processor 24 may also further attach a barcode that includes metadata from the Chain of Custody certificate portion so that if the combined document or transaction data is printed the barcode will be printed thus allowing for an audit trail to be reconstructed electronically.
  • This audit trail is implemented by comparing the metadata stored in the barcode with the metadata printed on the page. If someone were to edit/alter the text written on the Chain of Custody certificate, it would no longer match the metadata in the barcode and it can then be ascertained that the audit trail was altered. It is therefore used as a checksum for determining whether the chain of custody certificate has been modified by hand.
  • the signing module additionally further signs the combined document or transaction data with a digital certificate for non-repudiation and to stop the document from being altered further.
  • the processor 24 then passes the combined electronic document or transaction data and chain of custody certificate to the next signatory for signature or back to the original sender to complete the signing transaction.
  • a signature process for a user 14 wishing to sign an electronic document or transaction data is initiated.
  • This initiation could take place in one of a number of ways.
  • the user could be e-mailed an electronic document or transaction data for them to sign.
  • the user 14 will review the electronic document or transaction data using computer 16 and if they agree to sign, in one example, will click on a link in the e-mail.
  • the computer 16 may belong to a third party. It is envisaged in such a scenario that the user 14 will be sitting reviewing a document or transaction data to be signed with the third party and if the user 14 agrees with the contents of the document or transaction data and wishes to sign, the third party will transmit the initiation message to the server 10 using their own computer.
  • the user 14, using mobile telephone 18, could commence a USSD session by dialling a USSD string such as * 123456# which will transmit a message to the server 10 to initiate the signature process.
  • the user 14, using a smart mobile telephone 18 could execute an application on the mobile phone, view and edit the document or transaction data to be signed in the application and then initiate the signing process through the application.
  • the instruction to initiate an electronic document or transaction data signature process will need to include an identification of the electronic document or transaction data to be signed and an identification of the signatory 14.
  • the processor 24 will use the received data to retrieve an identification of the mobile telephone 18 associated with the user to commence a USSD session with the mobile telephone 18 of the identified signatory 14.
  • the processor will already know the identification of the mobile telephoned being used.
  • a USSD message will be transmitted to the user 14 asking them if they agree to sign the document or transaction data or not. ln one example, the user will be requested to reply with a number "1" to accept or a number "9" to decline.
  • the user will respond with an answer to a question or with a one-time passcode.
  • the message could read "Mrs Smith, you have requested to top up your RA to R150,000. Please select 1 to accept or 9 to decline.”
  • the signing module of the processor 24 If the user selects number "1 " in this example, the signing module of the processor 24 generates and attaches the signature data to the electronic document or transaction data indicating that the document or transaction data has been signed by the signatory 14.
  • the signed electronic document or transaction data is stored in the data storage device 20, typically as an embedded pdf document.
  • the processor 24 may also generate a watermark for the new combined electronic document with contextual signing information to indicate that the document was signed electronically.
  • This watermark will be displayed to a user viewing the new combined electronic document on a display thereby indicating to the user that the electronic document has been signed. It will be appreciated that where the system is electronically signing electronic transaction data as opposed to the a document, the signed transaction data will be stored in a database and can be viewed or accessed by a user using an appropriate computing device.
  • Figure 3 shows an example electronic document that requires signature and Figure 4 shows an example Chain of Custody certificate that is generated and attached to the electronic document that is signed.
  • the data included in the Chain of Custody certificate as mentioned above is collectively referred to as the signature data and it includes audit trail data and contextual signing information data.
  • the audit trail data includes the data under the headings:
  • Signature Request ID The unique server ID for the signature request with associated audit trail
  • Timestamp - The date and time that the unique signature request was created on the server
  • Signee Name The name of the signatory requested to sign the document Sender Name - The name of the document originator who requires that the document be signed
  • Request Type - Indicates whether the server process was used or whether the customer process was used (via APIs)
  • Email Subject The subject of the email sent to the signatory informing them that a document is ready for their review and signature
  • Email Sent Timestamp The date and time of the email sent by the server
  • Email Opened Timestamp The date and time indication of when the email is opened by the signatory in their email client
  • Sim Swap Check The outcome of a check to determine the age of the sim card on the specified network in identifying whether a sim card has been cloned or swapped
  • the document also has a barcode which includes the metadata as described above.
  • the Chain of Custody certificate includes the signature data and that the Chain of Custody certificate is electronically attached to the electronic document proving that the electronic document has been signed by the signatory.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A system and method of electronically signing an electronic document or transaction data are provided. The method includes storing in a non- transitory data-storage device identification data identifying a plurality of signatories and for each signatory the identification of an associated mobile communications device. A processor is operably coupled to a USSD communication module and the data-storage device. The processor receives an instruction to initiate an electronic signature process including an identification of an electronic document or transaction data and a signatory. In response thereto, the processor transmits a signature confirmation request via USSD to a mobile communications device associated with the signatory requesting the signatory to either confirm or decline the electronic signing and waits for a reply. Upon receipt of a USSD reply from the signatory confirming the electronic signing, the processor generates and attaches signature data to the electronic document or transaction data.

Description

A SYSTEM AND METHOD OF ELECTRONICALLY SIGNING AN ELECTRONIC DOCUMENT OR ELECTRONIC TRANSACTION DATA
BACKGROUND OF THE INVENTION
The present application relates to a system and method of electronically signing an electronic document or electronic transaction data.
SUMMARY OF THE INVENTION
According to an example embodiment there is provided a system for electronically signing an electronic document or electronic transaction data, the system including: a non-transitory data-storage device having stored therein identification data identifying a plurality of signatories and for each signatory the identification of an associated mobile communications device; a USSD communication module; and a processor operably coupled to the USSD communication module and the non-transitory data-storage device, the processor programmed to receive an instruction to initiate an electronic document or electronic transaction data signature process including an identification of an electronic document or electronic transaction data and a signatory for the document or electronic transaction data and in response thereto to: transmit a signature confirmation request via the USSD communication module to a mobile communications device associated with the signatory requesting the signatory to either confirm or decline the electronic signing of the electronic document or electronic transaction data and wait for a reply from the mobile communications device; and upon receipt of a USSD reply from the signatory confirming the electronic signing, generating and attaching signature data to the electronic document or electronic transaction data indicating that the document or electronic transaction data has been signed by the signatory and storing the signed electronic document or electronic transaction data in the data-storage device.
According to another example embodiment there is provided a method of electronically signing an electronic document or electronic transaction data, the method including: storing in a non-transitory data-storage device identification data identifying a plurality of signatories and for each signatory the identification of an associated mobile communications device; using a processor operably coupled to a USSD communication module and the non-transitory data-storage device, the processor programmed to: receive an instruction to initiate an electronic document or transaction data signature process including an identification of an electronic document or transaction data and a signatory for the document; in response thereto to transmit a signature confirmation request via the USSD communication module to a mobile communications device associated with the signatory requesting the signatory to either confirm or decline the electronic signing of the electronic document or transaction data and wait for a reply from the mobile communications device; and upon receipt of a USSD reply from the signatory confirming the electronic signing, generating and attaching signature data to the electronic document or transaction data indicating that the document or transaction data has been signed by the signatory and storing the signed electronic document or transaction data in the data-storage device.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram illustrating a system for electronically signing an electronic document;
Figure 2 is a block diagram illustrating the server of Figure 1 in more detail;
Figure 3 shows an example electronic document to be signed; and
Figure 4 shows an example chain of custody certificate which is attached to the electronic document once signed.
DESCRIPTION OF EMBODIMENTS
Referring to the accompanying drawings, a system for electronically signing an electronic document or transaction data is illustrated.
Referring to Figure 1 , the figure shows a server 10 that can be accessed via one or more communications networks 12.
The communications networks 12 will include the Internet as well as mobile communication networks depending on the specific implementation. A plurality of users 14 access the server 10 using computers 16 and/or mobile communications devices 18, typically in the form of mobile telephones 18.
It will be appreciated that the computers 16 could be one or more of laptop computers, desktop computers, tablet computers or any other suitable computing device, and that the mobile telephones 18 could be smartphones, feature phones or any cellular telephone with access to a GSM network.
It will also be appreciated that whilst only two users 14 are illustrated, in a real world implementation there will be a large number of users 14.
The users 14 in this illustrative example will sign electronic documents or transactions data and for the remainder of this description will also therefore be referred to as signatories.
In any event, referring to Figure 2, the server 10 includes a non-transitory data-storage device 20 having stored therein identification data identifying a plurality of signatories 14 and for each signatory the identification of their associated mobile telephone 18.
A USSD communication module 22 is used for USSD communication as will be explained below in more detail.
A processor 24 is operably coupled to the USSD communication module 22 and the non-transitory data-storage device 20.
The server also includes a signing module which forms part of the processor 24. The operation of this signing module will be described in more detail below. The processor 24 is programmed to receive an instruction to initiate an electronic document or transaction data signature process including an identification of an electronic document or transaction data and a signatory for the document.
The processor 24 may receive the instruction to initiate the signature process via a message transmitted by the signatory over a mobile network using one of SMS, MMS or USSD protocols in which case the identity of the mobile telephone 18 of the signatory 14 is known.
Alternatively, the processor 24 may receive the instruction to initiate the signature process via a message transmitted by the signatory 14 over the internet using their computer 16, and in response thereto the processor 24 will access the data-storage device 20 and retrieve an identification of a mobile telephone 18 associated with the signatory 14.
In either case, a signature confirmation request is transmitted via the USSD communication module 22 to the retrieved mobile communications device 18 requesting the signatory 20 to either confirm or decline the electronic signing of the electronic document or transaction data.
In another example implementation, a piece of known information is requested, for example "Please provide your date of birth" or "Please provide your policy number" or "Please provide your ID number". This is known as Knowledge Based Authentication and this data is submitted along with the initial signature request so that it can be compared with the answer given by the user over USSD
Alternatively or in addition, the user is requested to enter a One Time Passcode submitted over a separate channel from the USSD itself (either via SMS or Email) for example.
In another example implementation, a piece of secret information is requested, for example "Please select a password" or "Please confirm your password" or "Please provide a pin". This is known as Credential Selection and this data is submitted along with the initial signature request so that it can be stored for later verification using USSD.
In any event, the processor 24 waits for a reply via USSD communication module 22 from the signatory 14 using the mobile communications device 18.
The user is typically given a fixed time period to respond. For example, the user only has 60 seconds to answer otherwise the transaction is cancelled and they have another opportunity to respond i.e. the signature transaction is not cancelled but the USSD authentication is cancelled but allowed to be retried.
On receipt of a USSD reply from the signatory 14 declining the electronic signing, the signature process is either terminated or a negative reply transmitted back.
In this case, the transaction is signed in the negative whereby the user is effectively stating that "This is me but I do not consent or agree with the contents of the document".
It will be appreciated that this provides an authenticated rejection of agreements.
However, on receipt of a USSD reply from the signatory 14 confirming the electronic signing the processor 24 continues with the signing process.
This includes generating and attaching signature data to the electronic document or transaction data indicating that the document or transaction data has been signed by the signatory 14 and storing the signed digital signature in the data-storage device 20. This will be described in more detail below. The processor 24 generates and attaches signature data to the document by appending a Chain of Custody certificate to the electronic document or transaction data to be signed thereby creating a new combined electronic document or transaction data comprised of at least two portions being the electronic document or transaction data to be signed and the Chain of Custody certificate.
The processor 24 attaches the original electronic document or transaction data (without the Chain of Custody certificate) as an attachment within the newly combined electronic document or transaction data so that the original document or transaction data (before attaching the chain of custody certificate) can be reviewed. This is important with multiple signatories because now the state of the document or transaction data for each signatory can be reviewed in the audit trail.
Alternatively, or in addition, the processor 24 attaches the hash of the original electronic document or transaction data (without the Chain of Custody certificate) as an entry within the newly combined electronic document or transaction data so that the hash of the original document or transaction data (before attaching the chain of custody certificate) can be compared. This is important with multiple signatories because now the integrity of the document or transaction data for each signatory can be reviewed in the audit trail.
The signature data in turn includes audit trail data and contextual signing information data which are inserted into the Chain of Custody certificate portion of the combined electronic document or transaction data.
The processor 24 may also further attach a barcode that includes metadata from the Chain of Custody certificate portion so that if the combined document or transaction data is printed the barcode will be printed thus allowing for an audit trail to be reconstructed electronically. This audit trail is implemented by comparing the metadata stored in the barcode with the metadata printed on the page. If someone were to edit/alter the text written on the Chain of Custody certificate, it would no longer match the metadata in the barcode and it can then be ascertained that the audit trail was altered. It is therefore used as a checksum for determining whether the chain of custody certificate has been modified by hand.
The signing module additionally further signs the combined document or transaction data with a digital certificate for non-repudiation and to stop the document from being altered further.
The processor 24 then passes the combined electronic document or transaction data and chain of custody certificate to the next signatory for signature or back to the original sender to complete the signing transaction.
An example implementation of the above methodology will now be described with reference to the accompanying drawings.
A signature process for a user 14 wishing to sign an electronic document or transaction data is initiated.
This initiation could take place in one of a number of ways.
For example, the user could be e-mailed an electronic document or transaction data for them to sign. The user 14 will review the electronic document or transaction data using computer 16 and if they agree to sign, in one example, will click on a link in the e-mail.
This will transmit a message to the server 10, via communications module 26, to initiate the signature process.
In another example embodiment, the computer 16 may belong to a third party. It is envisaged in such a scenario that the user 14 will be sitting reviewing a document or transaction data to be signed with the third party and if the user 14 agrees with the contents of the document or transaction data and wishes to sign, the third party will transmit the initiation message to the server 10 using their own computer.
Alternatively or in addition, the user 14, using mobile telephone 18, could commence a USSD session by dialling a USSD string such as *123456# which will transmit a message to the server 10 to initiate the signature process.
Alternatively or in addition, the user 14, using a smart mobile telephone 18 could execute an application on the mobile phone, view and edit the document or transaction data to be signed in the application and then initiate the signing process through the application.
Thus it will be appreciated that the method in which the server 10 receives the initiation instruction could differ depending on the implementation.
In any event, it will be appreciated that the instruction to initiate an electronic document or transaction data signature process will need to include an identification of the electronic document or transaction data to be signed and an identification of the signatory 14.
The processor 24 will use the received data to retrieve an identification of the mobile telephone 18 associated with the user to commence a USSD session with the mobile telephone 18 of the identified signatory 14.
Obviously, in the event of the user 14 initiating the signature instruction by using their mobile telephone 18 to start a USSD session or executing an app, the processor will already know the identification of the mobile telephoned being used.
In any event, a USSD message will be transmitted to the user 14 asking them if they agree to sign the document or transaction data or not. ln one example, the user will be requested to reply with a number "1" to accept or a number "9" to decline.
Alternatively or in addition, as described above, the user will respond with an answer to a question or with a one-time passcode.
The message could read "Mrs Smith, you have requested to top up your RA to R150,000. Please select 1 to accept or 9 to decline."
This is transmitted back to the server 10 via mobile communication network 12 and the USSD communication module 22.
If the user selects number "9" in this example, the process is ended at that point and the document or transaction data may be signed in the negative as has been described above.
If the user selects number "1 " in this example, the signing module of the processor 24 generates and attaches the signature data to the electronic document or transaction data indicating that the document or transaction data has been signed by the signatory 14.
The signed electronic document or transaction data is stored in the data storage device 20, typically as an embedded Pdf document.
The processor 24 may also generate a watermark for the new combined electronic document with contextual signing information to indicate that the document was signed electronically.
This watermark will be displayed to a user viewing the new combined electronic document on a display thereby indicating to the user that the electronic document has been signed. It will be appreciated that where the system is electronically signing electronic transaction data as opposed to the a document, the signed transaction data will be stored in a database and can be viewed or accessed by a user using an appropriate computing device.
Referring to Figures 3 and 4, Figure 3 shows an example electronic document that requires signature and Figure 4 shows an example Chain of Custody certificate that is generated and attached to the electronic document that is signed.
The data included in the Chain of Custody certificate as mentioned above is collectively referred to as the signature data and it includes audit trail data and contextual signing information data.
In the illustrated example, the audit trail data includes the data under the headings:
Signature Request
Signature Request ID - The unique server ID for the signature request with associated audit trail
Timestamp - The date and time that the unique signature request was created on the server
Signee Name - The name of the signatory requested to sign the document Sender Name - The name of the document originator who requires that the document be signed
Request Type - Indicates whether the server process was used or whether the customer process was used (via APIs)
Request Status - The final status of the completed document
Original Document
Document Name - The name of the document as per the document originator
Document Size - The size in bytes of the document (as sent by the document originator) Email Evidence
Signee Email - The email address of the signatory required to sign the document
Email Subject - The subject of the email sent to the signatory informing them that a document is ready for their review and signature
Email Sent Timestamp - The date and time of the email sent by the server Email Opened Timestamp - The date and time indication of when the email is opened by the signatory in their email client
Web Evidence
Signee IP Address - The IP address of the signatory when they review the document that requires their signature
Request Timestamp - The date and time of when the document review was requested by the signatory
Signee GPS or Location - If allowed by the browser, the GPS location of the signatory otherwise the details of the browser used to review the document for signature
Terms Accepted - The date and time of when the electronic disclosure terms were accepted by the signatory
USSD Evidence
Signee Mobile - The mobile number of the signatory
Sim Swap Check - The outcome of a check to determine the age of the sim card on the specified network in identifying whether a sim card has been cloned or swapped
Challenge Text - The text challenge sent to the mobile device
Response Timestamp - The date of time indicating when the challenge was completed by the signatory on their mobile device
Signee Response - The outcome of the challenge
Attempts - The number of attempts in responding to the challenge
Chain of Custody Generation Attached Document Name - The name of the attachment indicating the original document, embedded within the completed signed document New Document Size - The size of the document including the original electronic document and chain of custody certificate in kilobytes
Attached Timestamp - The date and time that the original document was embedded within the signed document and the chain of custody was added
Digital Certificate
The digital certificate used to verify the signed, hashed checksum of the document - used in non-repudiation and document integrity checks
It will be noted that the document also has a barcode which includes the metadata as described above.
Thus it will be appreciated that the Chain of Custody certificate includes the signature data and that the Chain of Custody certificate is electronically attached to the electronic document proving that the electronic document has been signed by the signatory.
It will also be appreciated that the signatory 14 as effectively electronically signed the document using their mobile phone and USSD technology.

Claims

CLAIMS:
1 . A system for electronically signing an electronic document or transaction data, the system including: a non-transitory data-storage device having stored therein identification data identifying a plurality of signatories and for each signatory the identification of an associated mobile communications device; a USSD communication module; and a processor operably coupled to the USSD communication module and the non-transitory data-storage device, the processor programmed to receive an instruction to initiate an electronic document or transaction data signature process including an identification of an electronic document or transaction data and a signatory for the document or transaction data and in response thereto to: transmit a signature confirmation request, via the USSD communication module to a mobile communications device associated with the signatory, requesting the signatory to either confirm or decline the electronic signing of the electronic document or transaction data and wait for a reply from the mobile communications device; and upon receipt of a USSD reply from the signatory confirming the electronic signing, generating and attaching signature data to the electronic document or transaction data indicating that the document or transaction data has been signed by the signatory and storing the signed electronic document or transaction data in the data-storage device.
2. A system according to claim 1 wherein the processor receives the instruction to initiate the signature process via a message transmitted by the signatory over a mobile network using one of SMS, MMS or USSD protocols.
3. A system according to claim 1 wherein the processor receives the instruction to initiate the signature process via a message transmitted by the signatory over the internet or email.
4. A system according to any preceding claim wherein on receiving an instruction to initiate an electronic document or transaction data signature process, the processor accesses the data-storage device and retrieves an identification of a mobile communications device associated with the signatory.
5. A system according to any one of the preceding claim wherein the processor generates and attaches signature data to the document or transaction data by appending a Chain of Custody certificate to the electronic document or transaction data to be signed thereby creating a new combined electronic document or transaction data comprised of at least two portions being the electronic document or transaction data to be signed and the Chain of Custody certificate;
6. A system according to claim 5 wherein the processor further embeds the original electronic document or transaction data as an attachment in the combined electronic document or transaction data for the purposes of reviewing a complete audit trail associated with the original electronic document or transaction data.
7. A system according to any one of claims 5-6 wherein the processor embeds a hash of the original electronic document or transaction data in the combined electronic document or transaction for the purposes of reviewing a complete audit trail associated with the original electronic document or transaction data.
8. A system according to any one of claims 5-7 wherein the signature data includes audit trail and contextual signing information data which are inserted into the Chain of Custody certificate portion of the combined electronic document or transaction data.
9. A system according to any one of claims 5-8 wherein the processor further attaches a barcode that includes metadata from the Chain of Custody certificate portion so that if the combined document is printed the barcode will be printed thus allowing the audit trail to be reconstructed electronically.
10. A system according to any one of claims 5-9 wherein the processor further signs the combined document or transaction data with a digital certificate
1 1 . A system according to any one of the preceding claims wherein the processor generates a watermark for the new combined electronic document with contextual signing information to indicate that the document was signed electronically.
12. A method of electronically signing an electronic document or transaction data, the method including: storing in a non-transitory data-storage device identification data identifying a plurality of signatories and for each signatory the identification of an associated mobile communications device; using a processor operably coupled to a USSD communication module and the non-transitory data-storage device, the processor programmed to: receive an instruction to initiate an electronic document or transaction data signature process including an identification of an electronic document or transaction data and a signatory for the document or transaction data; in response thereto to transmit a signature confirmation request via the USSD communication module to a mobile communications device associated with the signatory requesting the signatory to either confirm or decline the electronic signing of the electronic document and wait for a reply from the mobile communications device; and upon receipt of a USSD reply from the signatory confirming the electronic signing, generating and attaching signature data to the electronic document indicating that the document has been signed by the signatory and storing the signed electronic document or transaction data in the data-storage device.
13. A method according to claim 12 wherein the processor receives the instruction to initiate the signature process via a message transmitted by the signatory over a mobile network using one of SMS, MMS or USSD protocols.
14. A method according to claim 12 wherein the processor receives the instruction to initiate the signature process via a message transmitted by the signatory over the internet or email.
15. A method according to any one of claims 12-14 wherein on receiving an instruction to initiate an electronic document or transaction data signature process, the processor accesses the data-storage device and retrieves an identification of a mobile communications device associated with the signatory.
16. A method according to any one of claims 12-15 wherein the processor generates and attaches signature data to the document or transaction data by appending a Chain of Custody certificate to the electronic document or transaction data to be signed thereby creating a new combined electronic document or transaction data comprised of at least two portions being the electronic document or transaction data to be signed and the Chain of Custody certificate.
17. A method according to claim 16 wherein the processor further embeds the original electronic document or transaction data as an attachment in the combined electronic document for the purposes of reviewing the complete audit trail associated with the original electronic document.
18. A method according to any one of claims 16 or 17 wherein the processor embeds a hash of the original electronic document or transaction data as an entry in the combined electronic document or transaction for the purposes of reviewing the complete audit trail associated with the original electronic document or transaction.
19. A method according to any one of claims 16-18 wherein the signature data includes audit trail and contextual signing information data which are inserted into the Chain of Custody certificate portion of the combined electronic document.
20. A method according to any one of claims 16-19 wherein the processor further attaches a barcode that includes metadata from the Chain of Custody certificate portion so that if the combine document is printed the barcode will be printed thus allowing the audit trail to be reconstructed electronically.
21 . A method according to any one of claims 16-20 wherein the processor further signs the combined document with a digital certificate.
22. A method according to any one of claims 12-21 wherein the processor generates a watermark for the new combined electronic document with contextual signing information to indicate that the document was signed electronically.
PCT/IB2018/057746 2017-10-19 2018-10-05 A system and method of electronically signing an electronic document or electronic transaction data WO2019077436A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
ZA2019/01189A ZA201901189B (en) 2017-10-19 2019-02-25 A system and method of electronically signing an electronic document or electronic transaction data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA201707118 2017-10-19
ZA2017/07118 2017-10-19

Publications (1)

Publication Number Publication Date
WO2019077436A1 true WO2019077436A1 (en) 2019-04-25

Family

ID=64051621

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/057746 WO2019077436A1 (en) 2017-10-19 2018-10-05 A system and method of electronically signing an electronic document or electronic transaction data

Country Status (2)

Country Link
WO (1) WO2019077436A1 (en)
ZA (1) ZA201901189B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010140876A1 (en) * 2009-06-01 2010-12-09 Bemobile Sdn. Bhd. Method, system and secure server for multi-factor transaction authentication
US20140379585A1 (en) * 2013-06-25 2014-12-25 Aliaslab S.P.A. Electronic signature system for an electronic document using a payment card

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010140876A1 (en) * 2009-06-01 2010-12-09 Bemobile Sdn. Bhd. Method, system and secure server for multi-factor transaction authentication
US20140379585A1 (en) * 2013-06-25 2014-12-25 Aliaslab S.P.A. Electronic signature system for an electronic document using a payment card

Also Published As

Publication number Publication date
ZA201901189B (en) 2020-09-30

Similar Documents

Publication Publication Date Title
US9848328B2 (en) User authentication in a mobile environment
JP5429912B2 (en) Authentication system, authentication server, service providing server, authentication method, and program
US9210146B2 (en) Secure content transfer using dynamically generated optical machine readable codes
CN104392354A (en) Association and retrieval method and system used for public key addresses and user accounts of crypto-currency
CN104320262A (en) User public key address binding, searching and verifying method and system based on crypto currency open account book technology
AU2012286584A1 (en) Call authentication methods and systems
HUE026214T2 (en) A qualified electronic signature system, associated method and mobile phone device for a qualified electronic signature
CN104753675B (en) Information Authentication method, electric paying method, terminal, server and system
US11611551B2 (en) Authenticate a first device based on a push message to a second device
EP2728832A1 (en) Computer-implemented system and method for validating call connections
CN113704580A (en) Information security interaction method and device
CN110719252B (en) Method, system and medium for authorizing a transaction over a communication channel
CN105141586B (en) A kind of method and system verified to user
US11989278B2 (en) Method and system for obtaining consent to perform an operation
CN102255726A (en) Device and method for implementing symmetric key digital signature
WO2019077436A1 (en) A system and method of electronically signing an electronic document or electronic transaction data
WO2015151251A1 (en) Network service providing device, network service providing method, and program
CN105405011A (en) Method, server and system for transaction authentication through mobile terminal
CN104899730B (en) Mobile terminal data processing method, terminal and system
CN110365646B (en) Method and device for associating entity to first server
CN108537050B (en) Service data transfer method and related device
US20220083693A1 (en) Method for certifying transfer and content of a transferred file
CN114157414B (en) Identity certificate generation method, verification method and system for digital currency
KR20190009239A (en) Electronic document transmission server for providing a proof of delivery service through bilateral authentication and electronic document transmission method therefore
US20250037113A1 (en) Method, Wallet Application Terminal, and System for Opening Digital Wallet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18796109

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18796109

Country of ref document: EP

Kind code of ref document: A1