Much More Than Capturing a Signature. Get Documents Signed. Anywhere. Any time.

(1)

Much More Than Capturing a Signature

Get Documents Signed.

Anywhere. Any time.

The E-Signature Solution Based on

(2)

Much More Than Capturing a Signature

_{Namirial Group}

Namirial is a Software Company and a Certification Authority, which provides Trust Services like e-signature, registered e-mail, e-invoicing and digital archiving to more than 500.000 customers. Namirial is specialized in Digital Transaction Management (DTM)

Sign it!

Share it!

Store it!

Namirial GmbH



Based in Linz/Ansfelden, Austria



Xyzmo SIGNificant eSignature Platform



We offer signature pads, but we do not produce them ourselves



Founded as Trosoft & Wondernet in 2004/1998



25 employees work on SIGNificant



>200.000 seats run on xyzmo SIGNificant

Namirial Spa



Headquartered in Senigallia, Italy



>40M€ revenue in 2015 with 300 employees



>2.000.000.000 pages digitally archived annually



>80.000 digital certificates issued



Member of the Adobe Approved Trust List (AATL)



Certification & TSA Authority (accred. by AgID)



ISO 9001:2008 (accred. by Bureau Veritas)

(3)

Much More Than Capturing a Signature

Xyzmo SIGNificant E-Signature Platform

• Online integration of − Pen displays or signature pads − Tablets − Smartphones • POS Advertising (on the pen-display)

• Support for terminal services • OFFLINE integration of − mobile Tablets − Smartphones • Complete PDF forms on the go

• Add scans of driver's license, passport, or any other photo

• Without client-side installation on any HTML5 enabled device

- PC, Tablet, Smartphone • Send links to external

signers to trigger a transaction

• Seamless integration into your Web portal

• Single Sign On authentication and PK integration • Batch signing of documents for approval processes

• Send links to internal signers to trigger a transaction

Popular Use Cases

e-Contracting

Customers in the branch or shop Customers directly on-site (mobile) External users to sign on their own device Internal users online in the office

(4)

Much More Than Capturing a Signature

Legal Signature Levels



_{Qualified e-Signature}

• Equivalent to written legal form

• Non reputable

• Requires a personal qualified signing certificate issued to the signer

• Requires certain identity checks from the CA when issuing the certificate to the signer

• Must be stored and used with a secure signature creation device



Advanced e-Signature

• Satisfies certain quality requirements => provides safe proof • Is uniquely linked to the signatory

• Is capable of identifying the signatory

• Is created using electronic signature creation data that the signatory can, with high level of confidence, use under his sole control

• Is linked to the data that which it relates in such manner that any subsequent change of the data is detectable

• Created typically through • Pure biometric signature

(5)

Much More Than Capturing a Signature

eIDAS 910/2014

Qualified Electronic Signature



_{EU regulation that goes into effect by July 1, 2016}

• http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2014.257.01.0073.01.ENG • Overwrites national e-signature laws which do not comply with the EU regulation



Overall summary for qualified e-signatures

• Qualified e-signatures (QES) from one EU country are valid throughout the EU

• QES certificates issued from a Qualified Trust Service Provider (QTSP) are valid in the entire EU

o CAs that want to become a QTSP have to audited by a Conformity Assessment body until July 1, 2017 o Until completion of their assessment accredited national CAs shall be considered as QTSP

• Remote e-signatures (= e-signature creation environment is managed on behalf of the signatory),

may receive the same legal recognition as e-signatures created entirely user-managed

• Generating or managing e-signature creation data on behalf of the signatory – for a qualified

remote e-signature – may only be done by a qualified trust service provider (QTSP)

o Either on QTSP premises (Cloud) or on customer premises (under control of the QTSP)

• QES creation devices require certification by public/private bodies designated by Member States • Issuing the qualified signing certificate to the recipient (= signer) is done after their successful

identification in accordance with national law, using the following ways:

o By the physical presence (face to face)

o Remotely, using electronic identification means a physical presence was ensured (Live Video ID) o By using other ID methods recognized at national level that ensure physical presence (e.g. eID)

(6)

Much More Than Capturing a Signature

Advanced e-signature

Qualified e-signature

• Client-side entirely user managed

• Server-side managed on behalf of the signatory (eIDAS 910/2014)

E-Signature Technologies

Technical & Legal Aspects

• Biometric (forensic verifiable)

• HTML5 (Audit Log)

ID

OTP

OTP

SIGN

_****PIN

Online:

POS:

(7)

Much More Than Capturing a Signature

READABLE WITH EVERY STANDARD PDF READER (e.g. Acrobat Reader X)

Protects document integrity – making changes always visible

Self-Contained & Securely Signed PDF

Digital certificate shows the signatory or the document issuer

Optional: geo-location Displays signing graph and

show document history

Digitale Signatur – PAdES Long Term Validation Profile

Optional: trusted time stamp Certificate is member of the

Adobe Approved Trusted List (AATL)

Information on the validity of the

signature certificate on signing time (OCSP / CRL)

Optional: Encrypted Biometric signature data

Exportable according to ISO/IEC 19794-7:2014

SPEED ACCELERATION PRESSURE ANGLE ANGLE DIFF

(8)

Much More Than Capturing a Signature

Forensic Signature Veriﬁcation

(Offline manual analysis) Real-time verification to ensure _{highest process security (online)}

Verification of Biometric Signature Data

Checking authenticuity manual-offline & atomatic-online

Audit Log – Signed Response stored in PDF and server-side

• Biometric to biometric • Biometric to paper

(9)

Much More Than Capturing a Signature

Verification of HTML5 Signatures

Server-side Audit-Trail to Proof Authenticity

Dedicated logging of how signatory authetnication is done

(10)

Much More Than Capturing a Signature

Integration to existing systems is purely server-side -natural choice for server-based architectures PDF document is only stored in the data-center and not automatically copied to the clients Combines central integration with full offline

Only one back-end integration for multiple channels

• Web Browser: No installation or download is required.

• Mobile Device: Native apps are integrated with and built on the platform.

• Existing Apps: Client-side SDKs (Desktop, iOS, Android) enable a

Advantages of Server-based signing

Mobile Native App/SDK

SIGNificant Server Platform

HTML5 Client with external device support

Kiosk SDK Client Java/.NET Signpad SDK _{SIGNificant Server Platform}

Server run On-Premise in the Cloud SignAnywhere Flow

Document Signing

Pure HTML5 Client

Internet or LAN

Provides secure input (e-signing) and output channels (doc-delivery)

SIGNificant Biometric Server

Real-Time Signature Verification

Internet or LAN

E-Signing Workflow & Reporting

Web Live Ident SIGNificant Identity Server Identity Management & Verifikation

RES² - Remote Digital Signature (HSM)

(11)

Much More Than Capturing a Signature

www.xyzmo.com

Get Documents Signed. Anywhere. Any time. 11

RES² Remote Digital Signature



_{Cloud architecture for high cost efficiency, easy management and fast deployment}

 _{Only the document hash (7-10KB) is exchanged for optimum performance}  SLAs: Availability 99,8% - Response Time: 200ms + network latency



_{On-premise PKCS#1 Sign Environment for customer dedicated HSMs}

 _{Under the control of Namiral Spa for qualified remote e-signatures}  The solution is very expensive and requires specific security procedures

Applications

SWS/SIGNificant

Customer infrastructure Namirial infrastructure

Certificates Enrollment / user identity records CA - TSA SE HSM PKCS#1 Sign Environment Admin functions (key gen, pwd change, …)

High Level Interface

Documents stays in the customer premises, only hashes are sent to SE for signature.

Interface SE also for admin purposes (password changes, keys on/off …)

(12)

Much More Than Capturing a Signature

Biometric Signature Capturing Devices

Chose the category that best fits your use case

+ Very robust (Wacom EMR)

+ Can already show the document

+ High security through on-device encryption

+ Battery free

+ Very cost effective

o Not mobile, but plug’n play − Requires PC screen for

comfortable document reading

− Limited use for POS advertising

− Response time of 2-3 sec (color)

+ In-document signing experience

+ Fast (zero delay as it is a screen)

+ Parallel usage to operator PC

+ Client monitoring with assistance mode

+ Very robust (Wacom EMR)

+ High security through on-device encryption

+ Great for POS advertising

+ Battery free

o Not mobile, but plug’n play − Pen operation only

− More expensive

+ Great when sales and client can work with the same device

+ Simple & familiar touch UI for page browsing and editing

+ In-document signing experience

+ Mobile & offline support

+ High security through native apps with on-device encryption

+ Great for POS advertising

+ Multi-purpose device

− Battery required

− Separate computer to manage

− More difficult to secure

− More expensive

POS with little space POS with eContracting Consulting

+ Lowest common denominator

+ Captures biometrics on every smartphone (iOS, Android, Windows)

+ High security through native app with on-device encryption

+ Allows customers to also sign on their own device

+ Practically zero HW-costs

− Requires PC screen for document reading

− Requires pairing with PC/document

− Response time of 2-3 sec

(13)

(14)

Much More Than Capturing a Signature

_{Why Wacom?}

Active Pen Others Passive Pen Glass Plastic LCD Sensor Sensor LCD

(15)

Much More Than Capturing a Signature

Biometric Signature Quality

Capacitive vs Pen Enabled

Capacitive Displays

Pen enabled

Signature

Pads

Finger

Stylus

Fineline

Stylus

Native Pen Native Pen

Data rate

Fair

Excellent

Resolution

Fair

Good

Excellent

Writing posture

Poor

Good

-Excellent -Excellent

Excellent

Pen friction on

surface

Fair

Good

Fair -

Excellent

Forensically

(16)

Much More Than Capturing a Signature



Lowest False Accept / False Reject Rates (FAR/FRR)

• 3% - Winner of ICDAR contest 2011 for skilled forgeries



_{Real-time result}

• Even before the document gets signed



_{Self learning profiles}

• Updated with each signatures to track gradual shifts over time



_{Versatile threshold factor}

• Easily adjust signature acceptance level to your use case



_{Signed Response}

• Proves that a verification results are authentic and untampered

SIGNificant Biometric Server

Performance of the Real-Time Signature Verification

(17)

Much More Than Capturing a Signature

Poste Italiane

Unicredit Italy

~20.000 installed, 35.000 seats contracted SIGNificant Server with Web Signing Interface (for contracting), for SDP/bank transactions: SIGNificant SDK, Wacom STU-520

Use cases: CRM - contract signing SDP-bank transaction singing

Projects 20.000+ seats project size

SIGNifiacant SDK + SIGNificant Biometric Server + HSM + Wacom DTU-1031

HSM for personal digital signature (QES) Use case: Contract signing

Vodafone

Vodafone (Italy) 2.000 mobile + 4.200 shops SIGNificant Server

iPad SDK / Android SDK, Accenture Tablet App (SDK) WSI with Wacom STU 500 (520)

JobCenter Plus

Department Of Work & Pension UK

HP has purchased more than 22.000 signature stations with real-time verification for this large UK government project