Much More Than Capturing a Signature. Get Documents Signed. Anywhere. Any time.

19  Download (0)

Full text


Much More Than Capturing a Signature

Get Documents Signed.

Anywhere. Any time.

The E-Signature Solution Based on


Much More Than Capturing a Signature

Namirial Group

Namirial is a Software Company and a Certification Authority, which provides Trust Services like e-signature, registered e-mail, e-invoicing and digital archiving to more than 500.000 customers. Namirial is specialized in Digital Transaction Management (DTM)

Sign it!

Share it!

Store it!

Namirial GmbH

Based in Linz/Ansfelden, Austria

Xyzmo SIGNificant eSignature Platform

We offer signature pads, but we do not produce them ourselves

Founded as Trosoft & Wondernet in 2004/1998

25 employees work on SIGNificant

>200.000 seats run on xyzmo SIGNificant

Namirial Spa

Headquartered in Senigallia, Italy

>40M€ revenue in 2015 with 300 employees

> pages digitally archived annually

>80.000 digital certificates issued

Member of the Adobe Approved Trust List (AATL)

Certification & TSA Authority (accred. by AgID)

ISO 9001:2008 (accred. by Bureau Veritas)


Much More Than Capturing a Signature

Xyzmo SIGNificant E-Signature Platform

• Online integration of − Pen displays or signature pads − Tablets − Smartphones • POS Advertising (on the pen-display)

• Support for terminal services • OFFLINE integration of − mobile Tablets − Smartphones • Complete PDF forms on the go

• Add scans of driver's license, passport, or any other photo

• Without client-side installation on any HTML5 enabled device

- PC, Tablet, Smartphone • Send links to external

signers to trigger a transaction

• Seamless integration into your Web portal

• Single Sign On authentication and PK integration • Batch signing of documents for approval processes

• Send links to internal signers to trigger a transaction

Popular Use Cases


Customers in the branch or shop Customers directly on-site (mobile) External users to sign on their own device Internal users online in the office


Much More Than Capturing a Signature

Legal Signature Levels

Qualified e-Signature

• Equivalent to written legal form

• Non reputable

• Requires a personal qualified signing certificate issued to the signer

• Requires certain identity checks from the CA when issuing the certificate to the signer

• Must be stored and used with a secure signature creation device

Advanced e-Signature

• Satisfies certain quality requirements => provides safe proof • Is uniquely linked to the signatory

• Is capable of identifying the signatory

• Is created using electronic signature creation data that the signatory can, with high level of confidence, use under his sole control

• Is linked to the data that which it relates in such manner that any subsequent change of the data is detectable

• Created typically through • Pure biometric signature


Much More Than Capturing a Signature

eIDAS 910/2014

Qualified Electronic Signature

EU regulation that goes into effect by July 1, 2016

• • Overwrites national e-signature laws which do not comply with the EU regulation

Overall summary for qualified e-signatures

• Qualified e-signatures (QES) from one EU country are valid throughout the EU

• QES certificates issued from a Qualified Trust Service Provider (QTSP) are valid in the entire EU

o CAs that want to become a QTSP have to audited by a Conformity Assessment body until July 1, 2017 o Until completion of their assessment accredited national CAs shall be considered as QTSP

• Remote e-signatures (= e-signature creation environment is managed on behalf of the signatory),

may receive the same legal recognition as e-signatures created entirely user-managed

• Generating or managing e-signature creation data on behalf of the signatory – for a qualified

remote e-signature – may only be done by a qualified trust service provider (QTSP)

o Either on QTSP premises (Cloud) or on customer premises (under control of the QTSP)

• QES creation devices require certification by public/private bodies designated by Member States • Issuing the qualified signing certificate to the recipient (= signer) is done after their successful

identification in accordance with national law, using the following ways:

o By the physical presence (face to face)

o Remotely, using electronic identification means a physical presence was ensured (Live Video ID) o By using other ID methods recognized at national level that ensure physical presence (e.g. eID)


Much More Than Capturing a Signature

Advanced e-signature

Qualified e-signature

Client-side entirely user managed

Server-side managed on behalf of the signatory (eIDAS 910/2014)

E-Signature Technologies

Technical & Legal Aspects

Biometric (forensic verifiable)

HTML5 (Audit Log)





**** PIN




Much More Than Capturing a Signature


Protects document integrity – making changes always visible

Self-Contained & Securely Signed PDF

Digital certificate shows the signatory or the document issuer

Optional: geo-location Displays signing graph and

show document history

Digitale Signatur – PAdES Long Term Validation Profile

Optional: trusted time stamp Certificate is member of the

Adobe Approved Trusted List (AATL)

Information on the validity of the

signature certificate on signing time (OCSP / CRL)

Optional: Encrypted Biometric signature data

Exportable according to ISO/IEC 19794-7:2014



Much More Than Capturing a Signature

Forensic Signature Verification

(Offline manual analysis) Real-time verification to ensure highest process security (online)

Verification of Biometric Signature Data

Checking authenticuity manual-offline & atomatic-online

Audit Log – Signed Response stored in PDF and server-side

• Biometric to biometric • Biometric to paper


Much More Than Capturing a Signature

Verification of HTML5 Signatures

Server-side Audit-Trail to Proof Authenticity

Dedicated logging of how signatory authetnication is done


Much More Than Capturing a Signature

Integration to existing systems is purely server-side -natural choice for server-based architectures PDF document is only stored in the data-center and not automatically copied to the clients Combines central integration with full offline

Only one back-end integration for multiple channels

• Web Browser: No installation or download is required.

• Mobile Device: Native apps are integrated with and built on the platform.

• Existing Apps: Client-side SDKs (Desktop, iOS, Android) enable a

Advantages of Server-based signing

Mobile Native App/SDK

SIGNificant Server Platform

HTML5 Client with external device support

Kiosk SDK Client Java/.NET Signpad SDK SIGNificant Server Platform

Server run On-Premise in the Cloud SignAnywhere Flow

Document Signing

Pure HTML5 Client

Internet or LAN

Provides secure input (e-signing) and output channels (doc-delivery)

SIGNificant Biometric Server

Real-Time Signature Verification

Internet or LAN

E-Signing Workflow & Reporting

Web Live Ident SIGNificant Identity Server Identity Management & Verifikation

RES² - Remote Digital Signature (HSM)


Much More Than Capturing a Signature

Get Documents Signed. Anywhere. Any time. 11

RES² Remote Digital Signature

Cloud architecture for high cost efficiency, easy management and fast deployment

Only the document hash (7-10KB) is exchanged for optimum performance  SLAs: Availability 99,8% - Response Time: 200ms + network latency

On-premise PKCS#1 Sign Environment for customer dedicated HSMs

Under the control of Namiral Spa for qualified remote e-signatures  The solution is very expensive and requires specific security procedures



Customer infrastructure Namirial infrastructure

Certificates Enrollment / user identity records CA - TSA SE HSM PKCS#1 Sign Environment Admin functions (key gen, pwd change, …)

High Level Interface

Documents stays in the customer premises, only hashes are sent to SE for signature.

Interface SE also for admin purposes (password changes, keys on/off …)


Much More Than Capturing a Signature

Biometric Signature Capturing Devices

Chose the category that best fits your use case

+ Very robust (Wacom EMR)

+ Can already show the document

+ High security through on-device encryption

+ Battery free

+ Very cost effective

o Not mobile, but plug’n play − Requires PC screen for

comfortable document reading

− Limited use for POS advertising

− Response time of 2-3 sec (color)

+ In-document signing experience

+ Fast (zero delay as it is a screen)

+ Parallel usage to operator PC

+ Client monitoring with assistance mode

+ Very robust (Wacom EMR)

+ High security through on-device encryption

+ Great for POS advertising

+ Battery free

o Not mobile, but plug’n play − Pen operation only

− More expensive

+ Great when sales and client can work with the same device

+ Simple & familiar touch UI for page browsing and editing

+ In-document signing experience

+ Mobile & offline support

+ High security through native apps with on-device encryption

+ Great for POS advertising

+ Multi-purpose device

− Battery required

− Separate computer to manage

− More difficult to secure

− More expensive

POS with little space POS with eContracting Consulting

+ Lowest common denominator

+ Captures biometrics on every smartphone (iOS, Android, Windows)

+ High security through native app with on-device encryption

+ Allows customers to also sign on their own device

+ Practically zero HW-costs

− Requires PC screen for document reading

− Requires pairing with PC/document

− Response time of 2-3 sec


Much More Than Capturing a Signature

Why Wacom?

Active Pen Others Passive Pen Glass Plastic LCD Sensor Sensor LCD


Much More Than Capturing a Signature

Biometric Signature Quality

Capacitive vs Pen Enabled

Capacitive Displays

Pen enabled







Native Pen Native Pen

Data rate












Writing posture




-Excellent -Excellent


Pen friction on





Fair -





Much More Than Capturing a Signature

Lowest False Accept / False Reject Rates (FAR/FRR)

• 3% - Winner of ICDAR contest 2011 for skilled forgeries

Real-time result

• Even before the document gets signed

Self learning profiles

• Updated with each signatures to track gradual shifts over time

Versatile threshold factor

• Easily adjust signature acceptance level to your use case

Signed Response

• Proves that a verification results are authentic and untampered

SIGNificant Biometric Server

Performance of the Real-Time Signature Verification


Much More Than Capturing a Signature

Poste Italiane

Unicredit Italy

~20.000 installed, 35.000 seats contracted SIGNificant Server with Web Signing Interface (for contracting), for SDP/bank transactions: SIGNificant SDK, Wacom STU-520

Use cases: CRM - contract signing SDP-bank transaction singing

Projects 20.000+ seats project size

SIGNifiacant SDK + SIGNificant Biometric Server + HSM + Wacom DTU-1031

HSM for personal digital signature (QES) Use case: Contract signing


Vodafone (Italy) 2.000 mobile + 4.200 shops SIGNificant Server

iPad SDK / Android SDK, Accenture Tablet App (SDK) WSI with Wacom STU 500 (520)

JobCenter Plus

Department Of Work & Pension UK

HP has purchased more than 22.000 signature stations with real-time verification for this large UK government project

Selected References


12000 mobile sales

SIGNificant Server with iPad App SDK integrated into DVAG sales appication on iOS

Use case: Finanzberatung-Vertrieb

Skoda Auto

Distribution Network CZ/SK

Skoda distribution network in CZ/SK

SIGNificant Server with iPad & Android App SDK & WSI integrated into DMS-CZ/SK and PCI (Portable CheckIn).

Use case: contracts, invoices, service & transfer protocols, custom documents.


Much More Than Capturing a Signature





Health Care / Life Sciences

Other Industries


Much More Than Capturing a Signature

Adrian Dinculescu

Partnerships & Alliances Manager +40 740 435 098




Related subjects :