A few weeks ago we talked about typical use case of digitized signatures, referring to the electronically document stamping of the handwritten signature. We were also discussing some aspects of the Spanish legal background on this modality.
In this post, we intend to give some hints of the technical solution for the digitized signature from Viafirma Platform. It does seem appropriate to explain that this type of signature is a modality of the features included in our platform, such as the electronic signature certificates (both desktop and mobile). In fact, for any Viafirma integrator is quite simple to include digitized signature in his applications, both web and mobile, because this is just another API method.
Let’s have a look to our technical approach:
Devices
Capture of digitized signature on:
- Topaz capture devices.
- iPad Tablets (and iPhone smartphones).
- Android tablets and smartphones.
Furthermore, it allows the stamping of the signature on different pages (and various signers), whre the user can choose his signature location. The solution is integrated with our digital signatures agenda, Viafirma Inbox, allowing to combine signature approvals and digitized signatures with the certificates-based ones in signing workflows, on both mobile devices and desktop computers.
Prerequisites
The operation isn’t merely a capture/scan of the user handwritten signature and his subsequent inclusion in the document, but are captured, generated and stored enough data to guarantee the basic principles of an advanced electronic signature.
- Identification of the signer.
- Linking uniquely the signer and the signed data.
- Ability to detect any changes after signing.
- Ensuring that only the signer can generate that signature.
In short, the digitized signature of viafirma platform ensures that the signer is who has made the signature, that the signed has not been modified (or if there have been changes, what they are and where they are), what time was the signature performed and that this signature can’t be reused in subsequent documents.
Electronic signature generation
Our solution take advantage of the platform’s cryptographic capabilities to perform the necessary operations to comply these requirements:
- Capture of signature biometric data (pressure, speed of strokes, etc.) so that, a handwriting expert could analyze whether the stored data is consistent with the handwritten signature of the user.
- These data are never in possession of the service provider (owner of the application) or software manufacturer (viafirma), since they are sensitive data that would allow the subsequent signatures falsification. To do this, Topaz devices perform local encryption on the device (only decipherable with software that is delivered under injunction). In tablet devices, such as iPad, Android, etc.., our application performs encryption of the biometric data thanks to a trusted third party key, so we can’t access them.
- It captures another set of data related to the document that the user is signing, the signing device, etc..
- An electronic signature is performed with all this information, with time-stamping of a Certification Authority.
- The results encrypted and signed are attached to the signed document (where the scanned signature is stamped). So, the result is a PDF containing the scanned signature related to a validatable and decipherable file containing all information, which is included in the PDF file itself. Thus, the PDF is the only file needed in the process.
- We have an application that is responsible for validating all results generated, and with the involvement of a trusted third party, it allows the recovery of the signature biometric data and its delivery to an expert, within the framework of a legal action against a possible digitized signature rejection. This application can even detect possible changes in prospectives signed document, showing the changes made, getting thereby ensure the requirements associated with an advanced electronic signature.
The following attached screen below shows the result of the validation of a signed PDF document with digitized signature:
Updated April 12th 2013 – Nowadays, we capture also another electronic evidences that we didn’t before, such as:
- Geolocation
- More pressure values thanks to the usage of a Stylus
- Signing Date
So, the verification screen now looks like this: