The digitized or Biometric Signature are electronic handwritten signatures we draw on graphic tablets. However, there isn’t a single definition for these signatures in this industry. There are many different usage scenarios, for example card payments (as in Mercadona or El Corte Inglés), receiving online orders from Correos ( State-owned Spanish courier) or any other courier company, signing a car leasing agreement…
The digitized signature is the most basic and ancient version of digital signature. This is the typical paper document signature that is then scanned and collected in a digital document (jpg, pdf, etc.) and easy to forge. Although its security level is very low, it is still used in many business processes.
Biometric signature is any signature of an electronic document in which the signatory’s identity is linked to this document by capturing his biometric data, which can be of many types: iris, locution, fingerprint, etc.
There’s a specific type of biometric signature in which the data linked are those produced when physically signing on a device that can collect aspects of the signature – stroke, pressure, or speed implemented – that all together makes it unique. They are those electronic handwritten signatures we carry out on graphic tablets. There are many use case scenarios, such as in the case of paying by debit or credit card (typically in large commercial areas), receiving parcels and signing car rental contracts, etc.
As this type of signature is the most commonly used, it is generally accepted to identify the biometric signature with the collection of biometric data of the electronic handwritten signature
This type of signature is conducted in specific tablets from manufacturers such as Topaz, Wacom, Symbol, etc., or capacity touch screen tablets as iPads or some Android tablet models.
Legal Aspects of the biometric Signature
The biometric signature operation is not just a capture/scan of the user’s handwritten signature and its further attachment into the document. The data is also captured, generated and stored to ensure that the basic requirements for an advanced electronic signature are successfully met :
- Signatory identification
- Unique link between signatory and data signed
- Detection capability identifying any changes after the signature
- Ensuring that only one signature can generate the signature
In short, the biometric (or digitized) signature of Viafirma ensures that:
- It was the signer who actually signed it.
- That the document signed has not been modified (or if there have been any modifications, which and where are they)
- When did the signature take place
- The signature cannot be reused in other documents
Biometric signature generation in Viafirma
Our solution leverages the platform’s cryptographic capabilities to carry out the necessary operations to fulfill these requirements:
- Biometric signature data (pressures, stroke speed, etc.) is captured so a calligrapher can analyze whether the stored data is consistent with the holder’s handwritten signature.
- This data is NEVER in possession of the service provider (app owner) or the software developer (Viafirma), as they are sensitive data that could allow the forgery signatures. To perform this, Topaz and Wacom devices perform local encryption on the device (only decryptable with software delivered when required by the Court). On iPad, Android tablet devices our Viafirma application encrypts biometric data thanks to a key from a trusted third party, so that we cannot access them.
- Datasets are captured from the document that the user is signing, the signature device, etc.
- An electronic signature is created with all this data with a timestamp from a Trust Service Provider.
- Coded, encrypted and signed results are attached to the signed document (on which the scanned signature is stamped). That is, the result is a PDF that contains the scanned signature related to a validable and decryptable file containing all information provided and included within the PDF file itself. This makes the PDF as the only required file for the entire process.
- We have an application in charge of validating all results and with the involvement of a trusted third party it will allow to recover the signature’s biometric data and its subsequent delivery to an expert, operating within a legal framework in light of a posible rejection of the biometric signature. This application may even detect possible future alterations of the signed document showing the changes made ensuring that all requirements associated with an advanced electronic signature are successfully met.