DESC:FIELD OF INVENTION
The present invention generally relates to digital and electronic signatures and more particularly, the invention relates to system and method to integrate validation providers in digital signatures.
BACKGROUND
In the current era dominated by technology, organizations and businesses have moved away from paper based documentation and embraced the use of electronic documents. Electronic document based official transactions and communications provide multiple benefits including added safety, security and transparency. Authentication of electronic documents has therefore become a crucial aspect for the organizations and businesses. However, electronic documents need to be signed by means of a digital signature.
Digital signature is an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable and cannot be imitated by someone else. The ability to ensure that the original signed message arrived means that the sender cannot easily disclaim it later.
A user can select any digital signature provider from the market to obtain a digital signature certificate (DSC). However, during the application process, before the issuance of a digital signature certificate, the identity and address of the user needs to be authenticated/validated by a third party which may include Certificate Authorities (CAs), Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs). Only after this authentication/validation process is completed, the user is issued with a Digital Signature Certificate (DSC).
Every country may have specific compliance requirements for digital signatures. Each country may have a number of regional CAs, TSPs and QTSPs which meet the regional compliance requirements of that particular country. On the other hand, there are global service providers which integrate the regional service providers in order to provide a comprehensive cross border platform for the user. However, the number of such providers is very low at present.
While the currently existing solutions in the market for digital signatures exist as full service providers, they have certain limitations. To begin with, the existing solutions for do not offer an easy integration of digital signature application and digital signature authentication process to the user. This integration happens at the back end and is not available to the user on the User Interface (UI). In addition to this, the user is not provided with the option or flexibility of adding any CA, TSP or QTSP based on his preference on the fly, who are either conformant to a standard Application Programming Interface (API) or custom API. Furthermore, the existing digital signature providers provide default out-of-the-box integration with only a few select partner CAs, TSPs or QTSPs. This does not meet the requirement of integration with regional CAs, TSPs, or QTSPs required by the user in order to meet the country specific requirements of e-signature compliance.
Therefore, there is a need for an improved solution which is able to overcome the limitations of the existing solutions for digital signature provision and allow/facilitate easy integration of standard or custom API complaint CAs, TSPs, or QTSPs as per the user’s preference.
DEFINITIONS:
The expression “document” used hereinafter in this specification refers to, but is not limited to an electronic document including e-contracts, commercial contracts, customer contracts, vendor contracts, Non-disclosure agreements, etc in a computer readable format.
The expression “user” used hereinafter in this specification refers to, but is not limited to the individual/ natural entity that may be using the digital signature.
The expression “electronic signature” used hereinafter in this specification refers to, but is not limited to the usual signing place location which is present in the document to be signed, wherein the signers’ name, designation and/or dates are tabulated for signing purpose.

The expression “digital signature” refers to a kind of electronic signature, but is distinct. A Digital Signature is more secure and tamper-evident, which encrypts the document and permanently embeds the information in it if a user tries to commit any changes in the document then the digital signature will be invalidated. On the other hand, an Electronic Signature is similar to a digitalized handwritten signature verified with the signer’s identity such as email, corporate ID’s, phone PIN etc.
The expression “Certificate Authority (CA)” used hereinafter in this specification refers to, but is not limited to a trusted third-party charged with validating a user’s identity. The CAs also create the public/private key pair for someone or tie an existing public key from an individual back to themselves. After validating an identity, a CA provides the user with a signed digital certificate. That information can then be used to verify the identity of a person tied to a public key.
The expression “Trust Service Provider (TSP)” used hereinafter in this specification refers to, but is not limited to a person or legal entity providing and preserving digital certificates to create and validate electronic signatures and to authenticate their signatories as well as websites in general.
The expression “Qualified Trust Service Provider (TSP)” used hereinafter in this specification refers to, but is not limited to TSPs who are given a ‘qualified’ status and permission for a supervisory government body to provide qualified digital certificates which can be used to create qualified electronic signatures.
The expression “Cloud Signature Consortium (CSC)” used hereinafter in this specification refers to, but is not limited to a global association of industries, governments and academic organisations, including solution providers, technology firms and Trust Service Providers, all of which have come together to drive the standardisation and interoperability of highly secure and compliant cloud-based digital signatures.
The expression “Application Programming Interface (API)” used hereinafter in this specification refers to, but is not limited to a software intermediary that allows two applications to communicate to each other.

OBJECTS OF THE INVENTION:
The primary object of the present invention is to provide a system and method to integrate validation providers in digital signatures for signing electronic documents.
Yet another object of the present invention is to provide a system and method to integrate any validation providers such as Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs) in digital signatures by the user.
Yet another object of the present invention is to a system and method to integrate validation providers such as Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs) that are regional or country specific in digital signatures.
Yet another object of the present invention is to provide a system and method to integrate validation providers such as Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs) that is UI (user interface) based and that reduces the cost and effort for the user to integrate with any regional validation providers and meet their country specific eSignature compliance.
Yet another object of the present invention is to provide a system and method to integrate validation providers such as Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs) that are confirming to Cloud Signature Consortium (CSC) industry standard API specification or have their own custom remote signing service API and do not confirm to the Cloud Signature Consortium (CSC) API specification.
SUMMARY:
Before the present invention is described, it is to be understood that present invention is not limited to particular methodologies and materials described, as these may vary as per the person skilled in the art. It is also to be understood that the terminology used in the description is for the purpose of describing the particular embodiments only, and is not intended to limit the scope of the present invention.
The embodiment of the present invention describes a system and method to integrate validation providers in digital signatures, wherein the validation providers include Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs), and which are remote cloud based which confirm to the Cloud Signature Consortium industry standard Application Programming Interface (API) specification or the ones which have their own custom remote signing service API and do not confirm to the Cloud Signature Consortium (CSC) industry standard API specification. The method of integration includes no- code based User Interface (UI) driven integration comprising the steps of navigation, addition of validation provider’s API URL, validation of added API URL, addition of additional information about the validation provider, and activation. The system and method that allows integration of any regional validation provider(s) is cost effective and is easy to use.

BRIEF DESCRIPTION OF THE DRAWINGS
A complete understanding of the present invention may be made by reference to the following detailed description which is to be taken in conjugation with the accompanying drawing. The accompanying drawing, which is incorporated into and constitutes a part of the specification, illustrates one or more embodiments of the present invention and, together with the detailed description, it serves to explain the principles and implementations of the invention.
FIG.1 is a screenshot of a digital signature stetting page from admin settings according to an embodiment of the invention;
FIG. 2 illustrates the step where the user opts for add your provider button according to the embodiment of the invention;
FIG. 3 illustrates the step where the user add the API URL for the Trust Service Provider to validate according to the embodiment of the invention;
FIG. 4 illustrates the step where the user add the details for the Trust Service Provider (TSP) such as name, country, purchase website and connection details according to the embodiment of the invention;
FIG. 5 illustrates the step where the user clicks on save and activate button to create Trust Service Provider (TSP) according to the embodiment of the invention; and
FIG. 6 illustrates the step where the user checks the Digital Signature Provider section where the added Trust Service Provider (TSP) shall be reflecting with type of provider as Custom Provider according to the embodiment of the invention.

DETAILED DESCRIPTION OF INVENTION:
Before the present invention is described, it is to be understood that this invention is not limited to particular methodologies described, as these may vary as per the person skilled in the art. It is also to be understood that the terminology used in the description is for the purpose of describing the particular embodiments only, and is not intended to limit the scope of the present invention. Throughout this specification, the word “comprise”, or variations such as “comprises” or “comprising”, will be understood to imply the inclusion of a stated element, integer or step, or group of elements, integers or steps, but not the exclusion of any other element, integer or step, or group of elements, integers or steps. The use of the expression “at least” or “at least one” suggests the use of one or more elements or ingredients or quantities, as the use may be in the embodiment of the invention to achieve one or more of the desired objects or results. Various embodiments of the present invention are described below. It is, however noted that the present invention is not limited to these embodiments, but rather the intention is that modifications those are apparent are also included.
Digital signatures are an electronic signature form used for authentication of the identity of the communicator or an authority signing the document. It ensures authenticity and originality of the content of the communication or the document. Digital Signatures remain unchanged throughout the communication or documentation, they are easily transportable and cannot be imitated by anyone else. A Digital Signature also makes sure that the sender cannot deny the content sent via that signed document.
The digital signature represents the process of encoding a document with encryption and other security methods to prevent tampering. It’s done through a calculated computer process called an algorithm. Adding a digital signature prevents anyone other than the authorized recipient from viewing a document. Digital signatures designate an authorized signee for a specific document, acting as sort of a “fingerprint” for a transaction, guaranteeing the authenticity of the person signing a document.
Digital signatures use a standard, accepted format, called Public Key Infrastructure (PKI), to provide the highest levels of security and universal acceptance. They are a specific signature technology implementation of electronic signature (eSignature). A provider’s algorithm must produce two sets of long numbers called a private key and a public key. The private key encrypts the document and ensures no one else can view the contacts. The public key confirms a match to a private key before decrypting a document.
To protect the integrity of the signature, PKI requires that the keys be created, conducted, and saved in a secure manner, and often requires the services of a reliable Certificate Authority(CA). All Digital signature providers, meet PKI requirements for safe digital signing. Certificate authorities bind the user’s identity to a PKI-based digital certificate which allows the user to apply digital signatures to the document and the cloud-based signing platforms. When a digital signature is employed to a document, a cryptographic operation attaches a digital certificate with the data into one unique fingerprint. The message is signed by the private key of the sender which is only known to him/her; this ensures authentication of the message source. The message and its signature cannot be changed. The Sender and receiver do not have to worry about transit alteration without the private key, the message and its signature can never be altered. The sender of the message cannot refuse having signed a signature if it is valid. A Digital signature distinctively correlates with the corresponding message and renders integrity.
According to an embodiment of the present invention, the validation providers for a digital signature include Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs). These validation providers are regional or country specific and digital signatures have regional or country specific compliance requirements. The present invention provides a system and method to integrate the digital signature with any regional / country specific validation providers selected from CAs, TSPs or QTSPs signing services. This method is user interface driven without any requirement for entering code for onboarding or integrating the required validation providers. This method also helps to reduce the cost and effort for the user to integrate with any regional validation providers CAs/TSPs/QTSPs and meet their country specific eSignature compliance requirements.
According to the embodiment of the present invention, the system include a user communication device, user interface, a set of computer readable instructions which can be provided by the user by means of the said communication interface, a processing unit operably associated with the each of the said communication devices and adapted to execute the said instructions provided by the user and a computer readable memory storage medium capable of storing the said instructions provided by the user.
According to the embodiment of the present invention, the validation providers that include Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs) are of two types. The validation providers that include Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs) are remote cloud based that confirm with the Cloud Signature Consortium (CSC) industry standard API specification. The validation providers that include Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs) are also the ones that have their own custom remote signing service API and do not confirm to the Cloud Signature Consortium (CSC) industry standard API specification.
According to the embodiment of the present invention, the method for integration of the validation providers that include Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs) that confirm with the Cloud Signature Consortium (CSC) industry standard API specification in the digital signature as per the user requirements consist of the steps as follows.
a. In the system, the user/admin user navigates to the digital signature settings.
b. The digital signature settings have a UI (user interface) driven integration method to onboard cloud based regional validation providers that include Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs) remote signing services for adding Cloud based digital signature CAs/TSPs/QTSPs who are conforming to Cloud Signature Consortium (CSC) industry standard API specification.
c. Adding a Cloud Signature Consortium (CSC) standard API compliant validation provider that involves an admin user/user to clicking on Add Your Provider button, and
1. Adding the validation provider’s Cloud Signature Consortium (CSC) API URL, and then click on Validate;
2. On successful validation of the added API, the details of the validation provider are auto-populated on the application screen which includes the validation provider name and API URL.
3. The admin user/user then adds other information in the application screen such as:
• whether the provider is an AES (Advanced eSignature) provider
• whether the provider is a QES (Qualified eSignature) provider that is a member of Adobe approved Trust List
• Countries where provider is a QES (Qualified eSignature) provider
• Purchase webpage for user to buy cloud digital id from the provider
• API Connection details which include user ID and Secret Key
d. After adding the above mentioned details, the admin user clicks on Activate to add the provider to the list of active validation providers-CAs/TSPs/QTSPs.
e. The activated user specific regional validation providers can then be viewed and searched in the list of validation providers by users while reviewing and actioning on the electronic document, wherein the users need to apply their cloud based digital signature at the time of digitally signing the document.
According to the embodiment of the present invention, the method for integration of the validation providers that include Certificate Authorities (CAs) or Trust Service Providers (TSPs) or Qualified Trust Service Providers (QTSPs) that do not confirm with the Cloud Signature Consortium (CSC) industry standard API specification in the digital signature as per the user requirements consist of the steps as follows:
a. Adding a Cloud based digital signature validation provider who has their own custom Remote signing service API and do not confirm to the Cloud Signature Consortium (CSC) API specification, involves the admin user/user to click on the extension module to navigate to the extension module, and from the extension module admin user/user perform the following steps:
1. Click on Create Connector module
2. Add the Custom validation provider- connector API URL
3. Select the connector type as validation provider that are TSP (Trust Service Provider)- Using the connector type as “TSP (Trust Service Provider)”, the system integration layer understands that it is a remote signing service which is activated for users to search, select and use for their cloud digital certificate based signatures.
4. Add the API connection details which include user ID and Secret Key and the authentication method
5. Click on test connection to validate the connection is working with the validation provider(TSP)
6. Go to Map Fields section which shows the fields of the Remote Signing Service interface and fields of the Custom validation provider (TSP) connector
7. Map fields of the Remote Signing Service API with the Custom TSP connector
• If there are any fields which need to be transformed to meet the custom TSP connector API field data type or format, is transformed;
• If there are any validations on any fields required before passing to the custom TSP connector API, the validations are done.
8. The admin user/user can then add other information in the application screen such as
• whether the provider is an AES (Advanced eSignature) provider
• whether the provider is a QES (Qualified eSignature) provider that is a member of Adobe approved Trust List
• Countries where provider is a QES (Qualified eSignature) provider
• Purchase webpage for user to buy cloud digital id from the provider
9. The admin user/user clicks on Activate to add the validation provider to the list of active validation providers that include CAs/TSPs/QTSPs.
10. The activated customer specific regional validation provider (e.g., TSP) can then be viewed and searched in the list of validation providers by users while reviewing and actioning on the electronic document, wherein the users need to apply their digital signature at the place of digitally signing the document.
While considerable emphasis has been placed herein on the specific elements of the preferred embodiment, it will be appreciated that many alterations can be made and that many modifications can be made in preferred embodiment without departing from the principles of the invention. These and other changes in the preferred embodiments of the invention will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be interpreted merely as illustrative of the invention and not as a limitation.
,CLAIMS:We claim,
1. A system and method to integrate validation providers in digital signatures for signing electronic documents comprising of a user communication device, user interface, a set of computer readable instructions which can be provided by the user by means of the said communication interface, a processing unit operably associated with the each of the said communication devices and adapted to execute the said instructions provided by the user and a computer readable memory storage medium capable of storing the said instructions provided by the user
characterized in that,
the validation provides for the digital signature are regional or country specific including at least one selected from Certificate Authorities (CAs), Trust Service Providers (TSPs), Qualified Trust Service Providers (QTSPs) and the digital signature settings have a UI (user interface) driven integration method to onboard the validation providers.
2. The system and method as claimed in claim 1, wherein the said validation providers are of two types:
a. remote cloud based validation providers that confirm with the Cloud Signature Consortium (CSC) industry standard API specification; and
b. remote cloud based validation providers that have their own custom signing remote service API and do not confirm with the Cloud Signature Consortium (CSC) industry standard API specification in the digital signature.

3. The system and method as claimed in claim 1, wherein the method to integrate cloud based validation providers that confirm with Cloud Signature Consortium (CSC) industry standard API specification comprises the steps of:
a. navigating to the digital signature settings in the system by the user admin;
b. selecting a UI (user interface) driven integration method to said onboard cloud based regional validation providers for adding Cloud based digital signature CAs/TSPs/QTSPs that are conforming to Cloud Signature Consortium (CSC) industry standard API specification;
c. adding a Cloud Signature Consortium (CSC) standard API compliant validation provider where an admin user/user has to click on Add Your Provider button, comprising the steps of;
i. adding the validation provider’s Cloud Signature Consortium (CSC) API URL, and then click on Validate;
ii. auto-population of the details of the validation provider on the application screen, includes the validation provider name and API URL. On successful validation of the added API,
iii. adding other information in the application screen including;
- whether the provider an AES (Advanced eSignature) provider
-whether the provider a QES (Qualified eSignature) provider that is a member of Adobe approved Trust List
-Countries where provider is a QES (Qualified eSignature) provider
-Purchase webpage for user to buy cloud digital id from the provider
-API connection details which include user ID and Secret Key;
d. clicking on the Activate to add the provider to the list of active validation providers CAs/TSPs/QTSPs;
e. viewing and searching for the activated user specific regional validation in the list of validation providers, while reviewing and actioning on the electronic document, wherein the users need to apply their cloud based digital signature at the time of digitally signing the document.

4. The system and method as claimed in claim 1, wherein the method for integration of cloud based validation providers that have their own custom remote signing service API and do not confirm with Cloud Signature Consortium (CSC) industry standard API specification comprises the steps of ,
a. adding a Cloud based digital signature validation provider where the admin user/user has to click on the extension module to navigate to the extension module and from the extension module, the user/admin performs the following steps of,
i. clicking on Create Connector module,
ii. adding the Custom validation provider- connector API URL,
iii. selecting the connector type as validation provider that is TSP (Trust Service Provider)- Using the connector type as “TSP (Trust Service Provider)”, the system integration layer understands that it is a remote signing service which is activated for users to search, select and use for their cloud digital certificate based signatures,
iv. add the API connection details which include user ID and Secret Key and the authentication method,
v. clicking on test connection to validate the connection is working with the validation provider(TSP),
vi. clicking on Go to Map Fields section which shows the fields of the Remote Signing Service interface and fields of the Custom validation provider (TSP) connector and maps fields of the Remote Signing Service API with the Custom TSP connector,
b. adding other information in the application screen such as whether the provider is an AES (Advanced eSignature) provider or a QES (Qualified eSignature) provider that is a member of Adobe approved Trust List, countries where provider is a QES (Qualified eSignature) provider, purchase webpage for user to buy cloud digital id from the provider.
5. The system and method as claimed in claim 1, wherein the validation providers are regional or country specific and digital signatures have regional or country specific compliance requirements.

6. The system and method as claimed in claim 1, wherein the said method reduces the cost and effort for the user to integrate with any regional validation providers CAs/TSPs/QTSPs and meet their country specific eSignature compliance requirement.