Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Backend Process for Contract Data Processing and Certification

Overview

This document outlines the backend processes involved in handling contract data, focusing on the flow of data storage, processing, and signature certification. It includes details about signature methods such as HSM (Hardware Security Module), AATL (Adobe Approved Trust List), and LTV (Long-Term Validation).

Swc macro mermaid input
Code Block
sequenceDiagram
    participant Signer
    participant System
    participant InternalDB as Internal Database
    participant AtlassianDB as Atlassian Database
    participant HSM
    participant AATL
    participant TSA as Timestamping Authority
    participant Stakeholders

    Note over Signer,System: Signing Procedure Begins
    Signer->>System: Provide Signature Data (Contract ID, Signer ID, OTP)
    System->>InternalDB: Fetch Metadata (Contract Hash, Signer Data, Attachments)
    System->>System: Verify Signer Credentials and Contract Signability
    System->>AtlassianDB: Fetch Contract HTML Content
    System->>System: Verify HTML Content for Consistency and Integrity
    System->>System: Embed Signer Details (Signatures, Field Values) into HTML
    System->>AtlassianDB: Store Updated Contract Data
    System->>HSM: Digitally Sign Contract PDF using Private Key
    HSM-->>System: Signed PDF
    System->>AATL: Validate Signature with Adobe Trust List
    AATL-->>System: Validation Successful
    System->>TSA: Timestamp the PDF (LTV)
    TSA-->>System: Timestamped PDF
    System->>InternalDB: Store Updated Files and Metadata
    System->>Stakeholders: Notify via Webhook and Email
    Note over Signer,System: Signing Procedure Complete

    Note over System: Data Storage
    System->>InternalDB: Store Contract Configuration Metadata, Audit Logs, Access Keys, Signer Metadata
    System->>AtlassianDB: Store Contract HTML Content, Generated PDFs

    Note over System: Signature Certification
    System->>HSM: Manage Private Key Storage for Secure Signing
    System->>AATL: Ensure Signatures use Trusted Certificate Chains
    System->>TSA: Append Timestamping and Validation Information

Step-by-Step Process for Data Handling

1. Data Storage

Description:
Contract data is stored in multiple locations to ensure data integrity, accessibility, and compliance with security standards.

  • Internal Database:

    • Content Stored:

      • Contract configuration metadata (e.g., fields, rules, and settings).

      • Audit logs for all contract interactions and updates.

      • Access keys and signer-specific metadata.

  • Atlassian Database:

    • Content Stored:

      • Contract content in HTML format for editing.

      • Generated contract PDFs for final signature processing.

...

2. Data Processing

Description:
Contract data undergoes formatting and verification steps before being prepared for signature certification.

  • Steps:

    1. Fetch contract metadata from the database (content hash, signer data, attachments).

    2. Verify the contract's HTML content for consistency and integrity.

    3. Embed signer details (signature, field values) into the contract.

    4. Store updated contract data (HTML, metadata) back into the system.

...

3. Signature Certification

Description:
Digital signatures are certified using robust and secure methodologies.

  • Processes:

    1. HSM (Hardware Security Module):

      • Manages private key storage for secure signing operations.

      • Ensures that private keys remain protected during signature generation.

    2. AATL (Adobe Approved Trust List):

      • Guarantees that signatures use trusted certificate chains validated by Adobe.

      • Ensures compatibility and trust in Adobe Acrobat and related software.

    3. LTV (Long-Term Validation):

      • Appends timestamping and validation information to ensure long-term validity of digital signatures.

      • Uses a trusted timestamping authority (e.g., Digicert TSA).

...

4. Signing Procedure

Detailed Steps:

  1. Receive signature data, including the contract ID, signer ID, and OTP.

  2. Fetch associated metadata (e.g., contract hash, attachment IDs) from the database.

  3. Verify signer credentials and contract signability.

  4. Embed signature and field values into HTML content.

  5. Digitally sign the contract PDF using Google Cloud HSM.

  6. Timestamp the PDF using a trusted timestamping authority.

  7. Append LTV information for future validation.

  8. Store updated contract files and metadata in the database.

  9. Notify stakeholders via webhook and email about signing completion.