There exists quite a lot of confusion around the terminology on “digital signatures” or electronic signatures. This presentation concentrates on the aspects of handwritten signatures digitized throughout the signing process - so called “dynamic” signatures (used herein after) which are also sometimes referred to as “biometric” or “on-line” signatures.
In the European Union all laws for electronic signatures are somewhat linked to the European directive 1999/93/EU. EU country laws for electronic signatures and their regulations are an implementation of this directive. This directive does not automatically specify a certain technology. However it defines levels of electronic signatures which are considered as “simple”, “advanced” or “qualified”. There are several ways how dynamic signatures may be used to create electronic signatures:
- The simple embedding of dynamic signature data into a document results in a “simple” electronic signature.
- The definition of “advanced electronic signatures” reflects that the trustworthiness of electronic documents is closely linked to the power of proof for authenticity and integrity in the particular application and workflow. So in addition to the option to verify the dynamic signature, this form of signature requires asymmetric encryption and the option to check that a document has not been tampered with (integrity check, typically via a hash code comparison). One of the products on the market for this kind of approach is trademarked “SignDoc” and manufactured by Softpro. The legal aspects have already been examined and communicated in a legal opinion by Professor Dr. Thomas Hoeren of the Institute for Information-, Telecommunication- and Media Law at the University of Muenster in Westphalia/Germany, and Judge at the Higher Regional Court in Duesseldorf. The quintessence of this extensive opinion sees SignDoc as an "equivalent surrogate to the conventional signing on a paper document", "which fulfils the formal aspects of the written form in an equivalent way". In other words: Such kind of electronic signatures may offer at least the same security as handwritten signatures on paper.
- Only qualified electronic signatures require the usage of digital certificates and trustworthy devices to carry those (usually a smart card). Dynamic signatures may be used in this environment to replace PINs and enhance the usability of this kind of electronic signatures. The German law and regulation on electronic signatures allows this explicitly since mid-2001. Some laws are confusingly influenced by a discriminating terminology. For instance the Austrian law uses the equivalent of a “secure electronic signature” instead of the EU-terminology of a “qualified electronic signature”.
Quite often there is a misunderstanding that potential users need to decide whether to choose biometric or PKI-based electronic signatures. However it is also possible to choose both options at the same time depending on the level of security someone wants to achieve and the willingness to invest.
Broad Array of Use Cases
The idea of trustworthy digitizing of a handwritten signature was not in the minds of those that were responsible for law making in the late 90’s. Up until today still quite a lot of people tend to know little about how to use so-called dynamic (or biometric) signatures in digital processes. However the technology has reached a mature stage and is being used by several customers in banking, insurance, government, education, retail and in the automotive industry. Another aim of this presentation is to provide a brief compilation where this kind of technology is now leaving its marks in various business processes.
Business Value and User Acceptance
The business value of dynamic signatures is obvious: Securing electronic documents with dynamic signatures allows to minimize paper usage and related costs (printing, shipping, scanning, indexing), reducing the loss of time and the potential of errors caused by media breaks as well as speeding up the workflow and achieving a higher level of automation. Besides the financial view on return on investment aspects the social factor of user acceptance and the well-established form of unambiguous authentication with handwritten signatures are still underrated.
Signature Images are not enough
If a signature has to be non-repudiated, the processes of capturing, storing and verifying have to fulfil certain technical and legal requirements. Furthermore, the engine(s) used for signature verification must achieve an acceptable Equal Error Rate (EER).
- A lot of signatures today are taken with a low resolution. One example is the capturing devices that courier services are using. They capture a rather pixilated image of a signature that is usually not applicable for a later verification. Signatures taken on these devices may easily be claimed to be a forgery. Non-repudiation can only be achieved when the biometric characteristics of a signature are captured too, and when this information is securely bound to the signed document. The additional verification of dynamic signals offers a higher level in security. A signature with a similar image like the reference signature may be detected as falsification because differences in their creation characteristics are discovered.
- Nowadays a lot of companies are capturing a signature image and embed it into documents somehow. They do not realize that this image will not allow any further verification process if its authenticity is in doubt. Furthermore this process is not compliant with various e-sign laws throughout the world.
Capturing Reliable Signature Data
In order to understand what is necessary to trust a signature it is important to keep in mind that forensic experts rely on the holistic analysis of signatures, i.e. they look at and take into account the paper features, type of stylus, the ink flow and “visible” pressure. Most forensic experts exposed to the analysis of dynamic signatures tend to forget to apply the same principles. The equivalent holistic approach for dynamic signatures must take into account which device was used for signature capture, the device features (see below) and maybe even the signing environment and the co-relations to the signing process.
Signatures may be digitized during the signing process instead of scanning them from paper using a wide range of instruments: pen pads (with and without LC display), special pens and Tablet PCs. They allow a gradual move from paper-based documentation to electronic forms and straight-through-processing as well as upgrading the quality of signature verification in general.
Softpro has defined a set of quality criteria for capturing signatures with digitizing instruments. A proper comparison of static signature characteristics and dynamic signature signals requires a digitizing instrument that is taking a sufficient amount of time signals. It also has to be able to differentiate between various pressure levels and to provide an appropriate resolution rate. These requirements are also reflected in the standard for the interchange of biometric signature data (ISO/IEC FDIS 19794-7).
The Japanese hardware manufacturer Wacom and the German software specialist Softpro teamed up to provide the market with a best-of-breed solution. Its aim is to fully satisfy forensic experts when asked to analyze the signals captured. This specific Signature LCD tablet named SignPad is first demonstrated to a broad audience in the US at BAI Retail Delivery Show 2007. The tablet has the capability to capture all distinct behavioural characteristics of an individual’s signature - including shape, speed, stroke, pen pressure and timing information. When assessing the products that are on the market today the development partners received the feedback from forensic experts that today’s capturing devices may offer “some sort of interpretation option” but they typically do not fulfil all of the aspects listed below:
- Forensic experts require precise information on the relation of force applied and pressure levels. Manufactures must make available this sort of “pressure curve chart” to vendors of signature verification software and to the forensic experts.
- A reliable capturing device has to record the same pressure levels in all segments of the capturing area with the same precision when the same force is being applied.
- When capturing signatures on different tablets of the same type from the same manufacturer signal data must not exceed a certain tolerance level, otherwise an analysis or verification would have to be adjusted to each device.
- The ergonomics of the writing tablet must reflect the typical signing situation and ideally provide for a “paper-like” surface (which imitates the writing feeling on paper as close as possible).
- The capturing technology must exclude the capturing of unwanted “overspill” information such as signals from a thumb ball that touched the capturing surface while signing.
- In addition, for non-repudiation, security and auditing purposes, the capturing device must provide a unique serial number, a device id number and trustworthy of the communication between device (firmware) and device driver (operating system).
Softpro’s part in the development partnership was to provide this input on the requirements and the appropriate software to capture both static characteristics (images) and dynamic signals of a signature. There exists a product suite to secure electronic documents (SignDoc) in different formats and a software development kit (SignWare) for the integration into third-party applications.
Where Dynamic Signatures are used today
To judge the business and legal relevance of dynamic signatures today it is best to list some of the projects in the various vertical markets that use Softpro’s dynamic signature related products. While signature capturing and verification used to be a typical banking topic it became a truly horizontal application in recent years.
- Finance: IT-Processing Centers of German Savings Banks are offering their customers solutions to embed dynamic signatures securely into electronic documents in an Adobe LiveCycle environment: The first savings banks implemented signature capture at the teller for account openings, standing orders, exemption orders for capital gains, deposits and other banking products. A very large US bank (name can not be disclosed at time of publication of this release), has embarked on a similar approach. The e-Finance-Lab, think tank of the German banking industry, has showcased the feasibility of replacing PIN/TANs with dynamic signatures for online banking at the D/A/CH Security conference in March 2006 in Duesseldorf.
- Insurance: Signing an insurance contract (for liability reasons the focus is on accident, life and health insurance) and documenting the consulting process that is required by EU legislation from July 1st 2007 onwards are triggers for several insurance companies to go paperless with either signature capturing tablets connected to a notebook or a Tablet PC.
- Real Estate: Increasingly popular among real estate agents - especially in the US - is the option of paperless contracting through signing on Tablet PCs.
- Automotive: The house bank of a big German car manufacturer evaluates a pilot for its dealers to sign leasing contracts on-line.
- Health: The Hospital of Ingolstadt is capturing and verifying the signatures of their doctors that fill electronic patient records on Tablet PCs. The National Health Service in the United Kingdom has started a similar project.
- Telecommunication: Signing phone and DSL contracts in the telecom shops is another emerging market.
- Retail: In combination with a major payment solutions provider, pilots are under preparation to capture dynamic signatures at the point of sale. Another project blue print sees loyalty cards users that authenticate themselves with dynamic signatures.
- Education: Paperless signing becomes an issue in this vertical as well. Projects are under way with counties in the US and various universities in the UK and the US as well as usage in training classes in Germany
- Government: The Chambers of Commerce in Saudi Arabia have chosen to authenticate their web portal users by verification of dynamic signatures.
Recommended links for additional information