Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone

Backend Process for Contract Data Processing and Certification

Overview

This document outlines the backend processes involved in handling contract data, focusing on the flow of data storage, processing, and signature certification. It includes details about signature methods such as HSM (Hardware Security Module), AATL (Adobe Approved Trust List), and LTV (Long-Term Validation).

Swc macro mermaid input
Code Block
sequenceDiagram
    participant Signer
    participant System
    participant InternalDB as Internal Database
    participant AtlassianDBatlassianAPI as Atlassian Database
    participant HSM
    participant AATL
    participant TSA as Timestamping Authority
    participant Stakeholders

    Note over Signer,System: Signing Procedure Begins
    Signer->>System: Provide Signature Data (Contract ID, Signer ID, OTP)
    System->>InternalDB: Fetch Metadata (Contract Hash, Signer Data, Attachments)
    System->>System: Verify Signer Credentials and Contract Signability
    System->>AtlassianDB>>atlassianAPI: Fetch Contract HTML Content
    System->>System: Verify the downloaded HTML's Contenthash forwith Consistencythe andstored Integrityhash
    System->>System: Embed Signer Details (Signatures, Field Values) into HTML
    System->>AtlassianDB>>atlassianAPI: Store Updated Contract Data
    System->>HSM: Digitally Sign Contract PDF using Private Key
    HSM-->>System: Signed PDF
    System->>AATL: Validate Signature with Adobe Trust List
    AATL-->>System: Validation Successful
    System->>TSA: Timestamp the PDF (LTV)
    TSA-->>System: Timestamped PDF
    System->>InternalDB: Store Updated Files and Metadata
    System->>Stakeholders: Notify via Webhook and Email
    Note over Signer,System: Signing Procedure Complete

    Note over System: Data Storage
    System->>InternalDB: Store Contract Configuration Metadata, Audit Logs, Access Keys, Signer Metadata
    System->>AtlassianDB>>atlassianAPI: Store Contract HTML Content, Generated PDFs

    Note over System: Signature Certification
    System->>HSM: Manage Private Key Storage for Secure Signing
    System->>AATL: Ensure Signatures use Trusted Certificate Chains
    System->>TSA: Append Timestamping and Validation Information

Step-by-Step Process for Data Handling

1. Data Storage

Description:
Contract data is metadata are stored in multiple locations to ensure data integrity, accessibility, and compliance with security standardsour database, while contract content is stored as Atlassian issue/page attachments.

  • Internal Database:

    • Content Stored:

      • Contract configuration metadata (e.g., fields, rules, and settingssigners' and watchers' PII).

      • Audit logs for all contract interactions and updates.

      • Access keys and signer-specific metadata.

  • Atlassian DatabaseAttachments:

    • Content Stored:

      • Contract content in HTML format for editing.

      • Generated contract PDFs for final signature signing processing.

...

2. Data Processing

Description:
Contract data undergoes formatting and verification steps before being prepared for signature certification.

  • Steps:

    1. Fetch contract metadata from the database (content hash, signer data, attachments).

    2. Verify the contract's HTML content for consistency and integrity.

    3. Embed signer details (signature, field values) into the contract.

    4. Store updated contract data ( HTML , metadata) back into the systemcontent and metadata as attachments.

...

3. Signature Certification

Description:
Digital signatures are certified using robust and secure methodologies.

  • Processes:

    1. HSM (Hardware Security Module):

      • Manages private key storage for secure signing operations.

      • Ensures that private keys remain protected during signature generationthe security of private keys by strictly confining them within its hardware boundaries.

    2. AATL (Adobe Approved Trust List):

      • Guarantees that signatures use trusted certificate chains validated by Adobe.

      • Ensures compatibility and trust in Adobe Acrobat and related software.

    3. LTV (Long-Term Validation):

      • Appends timestamping and validation information to ensure long-term validity of digital signatures.

      • Uses a trusted timestamping authority (e.g., Digicert TSA).

...

4. Signing Procedure

Detailed Steps:

  1. Receive signature data, including the contract ID, signer ID, and OTP.

  2. Fetch associated metadata (e.g., contract hash, attachment IDs) from the database.

  3. Verify signer credentials and contract signability.

  4. Embed user signature and field values digital signature into HTML content.

  5. Digitally sign the contract PDF using Google Cloud HSM.

  6. Timestamp the PDF using a trusted timestamping authority.

  7. Append LTV information for future validation.Store updated contract files and metadata in the database.

  8. Notify stakeholders via webhook and email about signing completion.