The process could be summarized in two main phases:
- Technical phase
- Procedural phase
For the first one, Viafirma guarantees that all the means are available to fulfill the technical requirements that will help to:
- Capture the data linked to the signature, based on ISO/IEC: 19794-7:2014 requirements;
- Offer enough mechanisms to protect the aforementioned data from both parts
There are different ways to protect sensitive information on “how the user signed”, one is encryption based on a RSA public key system, where a public key is encrypted and a private key is decrypted.
Regarding procedural issues, the aim is to guarantee that the person in possession of the public encryption key does not have the private key for its decryption, thus trusting a third party with this key.
By using the private key to decrypt the information it is possible to analyze the information captured during the signing process to be analyzed with the help of tools that will help an expert calligrapher to make a decision. The tools help, but should not produce a verdict, this should be left to the expert.
This video shows how a user signs via iPad using an Appel Pencil which is able to capture different types of pressures.
In our Viafirma Documents verifier guide we briefly explain how to obtain this information when using our solutions in sandbox where we have our decryption key.
For the procedural phase, much will depend on how you decide to proceed with the testing, but it will always be a court decision that determines who and how the information will be reviewed. Viafirma’s role will be helping to identify the above-mentioned elements, Viafirma’s role in this phase is to help identify the elements described above, including the contact with the third party that acted as the keeper of the private key that would enable the decryption.