WIP - Backend workflow

1 Backend Process for Contract Data Processing and Certification
- 1.1 Overview
- 1.2 Step-by-Step Process for Data Handling
  - 1.2.1 1. Data Storage
  - 1.2.2 2. Data Processing
  - 1.2.3 3. Signature Certification
  - 1.2.4 4. Signing Procedure

Backend Process for Contract Data Processing and Certification

Overview

This document outlines the backend processes involved in handling contract data, focusing on the flow of data storage, processing, and signature certification. It includes details about signature methods such as HSM (Hardware Security Module), AATL (Adobe Approved Trust List), and LTV (Long-Term Validation).

Step-by-Step Process for Data Handling

1. Data Storage

Description:
Contract metadata are stored in our database, while contract content is stored as Atlassian issue/page attachments.

Internal Database:
- Content Stored:
  - Contract configuration metadata (e.g., signers' and watchers' PII).
  - Audit logs for all contract interactions and updates.
  - Access keys and signer-specific metadata.
Atlassian Attachments:
- Content Stored:
  - Contract content in HTML format for editing.
  - Generated contract PDFs for final signing processing.

2. Data Processing

Description:
Contract data undergoes formatting and verification steps before being prepared for signature certification.

Steps:
1. Fetch contract metadata from the database (content hash, signer data, attachments).
2. Verify the contract's HTML content for consistency and integrity.
3. Embed signer details (signature, field values) into the contract.
4. Store updated contract HTML content and metadata as attachments.

3. Signature Certification

Description:
Digital signatures are certified using robust and secure methodologies.

Processes:
1. HSM (Hardware Security Module):
  - Manages private key storage for secure signing operations.
  - Ensures the security of private keys by strictly confining them within its hardware boundaries.
2. AATL (Adobe Approved Trust List):
  - Guarantees that signatures use trusted certificate chains validated by Adobe.
  - Ensures compatibility and trust in Adobe Acrobat and related software.
3. LTV (Long-Term Validation):
  - Appends timestamping and validation information to ensure long-term validity of digital signatures.
  - Uses a trusted timestamping authority (e.g., Digicert TSA).

4. Signing Procedure

Detailed Steps:

Receive signature data, including the contract ID, signer ID, and OTP.
Fetch associated metadata (e.g., contract hash, attachment IDs) from the database.
Verify signer credentials and contract signability.
Embed user signature and digital signature into HTML content.
Digitally sign the contract PDF using Google Cloud HSM.
Timestamp the PDF using a trusted timestamping authority.
Append LTV information for future validation.
Notify stakeholders via webhook and email about signing completion.