Web site

Supported Signatures

Our Solution support:

Electronic Signature using self-signed keys and certificates
Graphometric Dynamic Signature (Advanced Electronic Signature) including in the document graphometric information captured during the signature execution and embedding everything with digital signature.
Digital Signature using a centralized secure CC EAL4+ server that holds private keys signed by accredite Certification Authorities.
Invisible Signature (a digital signature (PDF Document) that is not visible in the document)

To execute an advanced electronic signature nothing else is needed.
To execute a Graphometric signature a Wacom tablet is required to capture all the graphometric information (velocity, rhythm, acceleration, pressure of the pen and the graphic signature itself).
To execute a Digital signature ANDXOR Secure Server KryptoEvolution is required.

The authentication methods to access the secure CCEAL4+ ANDXOR KryptoEvolution can be :

simple password,
secure OTP (one Time Password) with Two factor Authentication
Graphometric Signature

Definitions and more detail on Signatures

"Electronic Signature" means an electronic sound, symbol, or process attached to or logically associated with an electronic document and executed or adopted by a person with the intent to sign the electronic document.

"Digital Signature" means an electronic identifier, created by a computer, that is intended by the party using it to have the same force and effect as the use of a manual signature. The use of a digital signature shall have the same force or effect as a manual signature if it embodies all of the following attributes:

(1) It is unique to the person using it assuring the identification of the signer.
(2) It is capable of verification.
(3) It is under the sole control of the person using it.
(4) It is linked to the signed data in a manner that if the data is changed, then the digital signature is invalidated.
(5) it is possible to identify the entity/company that manages the Advanced Digital Signature

Therefore, an e-signature needs to be connected to the e-"documents" to demonstrate the validity. If the record of the transaction is not kept securely, (and the security has to be demonstrated) the resulting agreement would not be valid and could not be proved.

"Graphometric Signature" means an identifier, created by a computer, that is intended by the party using it to have the same force and effect as the use of a manual signature and will include biometric and visual characteristic of the signature.

Graphometric signature is a biometric modality that uses, for recognition purposes, the anatomic and behavioral characteristics that an individual exhibits when signing his or her name (or other phrase).
Graphometric signature devices should not be confused with electronic signature capture systems that are used to capture a graphic image of the signature and are common in locations where merchants are capturing signatures for transaction authorizations.

Data such as the dynamically captured direction, stroke, pressure, and shape of an individual’s signature can enable handwriting to be a reliable indicator of an individual’s identity (i.e., measurements of the captured data, when compared to those of matching samples, are a reliable biometric for writer identification.)
Most of the features used are dynamic characteristics rather than static and geometric characteristics. Common dynamic characteristics include the velocity, acceleration, timing, pressure, and direction of the signature strokes, all analyzed in the X, Y, and Z directions.
The X and Y position are used to show the changes in velocity in the respective directions while the Z direction is used to indicate changes in pressure with respect to time.

The validation of the Graphometric signature do not require a calligraphic expert because all the signature biometric elements are included and the digital signature will enforce it.
If the Graphometric signature is not bonded with the signed document using Digital Signature, it will have the same problem of the Electronic signature when you need to demonstrate it was used for a specific document and it will not be legally valid.

Using the Digital Signature we create a sealed bond between the document and the signature (Electronic or Biometric). The validation of the seal will prove authenticity, presence in time and integrity of the document and of the signature and related biometric information. We call this sealing process Persistent Security meaning that sealed ininformation are secured because because a digital signature is performed and can be verified by anyone.

The Digital Signature protects the integrity of the entire document. A change to even one bit of the
document content will render the digital signature as invalid. In this way a digitally signed document is even
more secure than a paper-signed document. This leads to better compliance to regulatory requirements and
fraud protection.
A digital signed document can be veriﬁable by anyone using freely available PDF readers (e.g. Adobe® Reader). You
don’t need hand-signature experts to verify if the signature is authentic.

The Digital Signature includes an embedded cryptographic timestamp, so you also get proof of when a
document was signed, i.e. you are not relying just on the system clock time of the signer but an independent
Time Stamp Authority (TSA).
Web2Sign and View2Sign allow single user as well as departments or role-based groups to be set-up (e.g. sales dept., account dept.) such that anyone from these groups can sign a document.
Web2Sign and Web2Sign solutions include a web services API for easy integration into your business applications to
streamline your document signing processes.

Web2Sign and View2Sign digital signatures are not just based images of the signature itself (this is called electronic signature).
When an electronic signature is performed the signature image can be easily cut/pasted from one document to another. Also there is no way to detect the forgery or later edits to electronic signed documents. This is the main reason electronic signature cannot handle disputes and aren't accepted per se as a legal proof.

Web2Sign and View2Sign use qualified digital signatures with unique PKI keys and certificates for each users.
Our centralized KE Server with CC EAL4+ SSCD is used within accredited CA and manages millions of user allowing redundancy and disaster recovery reason configurations.

Before signing users are authenticated using various options from simple username/passwords, to time or event based OTP dual factor authentication. We are also implementing biometric signature for server authentication - a very innovative feature. Because of this we are compliant with EU Qualified Signature specifications – the gold standard for digital signature security.

All our solution from OTP to PKI including certificate and key management as well as signatures are standard and compatible with any instrument for easy verification.

With important documents it’s essential that any digital signatures can be proven to be valid many years into the future (e.g. after the signer has left an organization and/or their signing key has expired). Our Enhanced PDF signatures based on latest ETSI PAdES specifications (ETSI TS 102 778) will allow to perform this task. Such signatures contain embedded secure timestamps to independently prove time of signing and also signer’s status at time of signing.

Web2Sign and View2Sign convert documents to PDF/A (ISO 19005-1:2005) format during the signing process. PDF/A is an open standard so not dependent on any particular software vendor, and with PDF/A all fonts and other dependencies are contained within the document so it can be opened and viewed without any external resources, which may not be available in future. It’s an ideal format for long-term archiving and preservation.

Our existing PKI solutions (CAs, OCSP and Time Stamp Authorities) or other existing on the market are and can be easily integrated and registered and trusted within our system.

We provide a secure cloud-based service, many customer prefer to run an in-house hosted service. We have everything available according to all our customer needs.

How Graphometric Signature and Verification is performed

When the user perform a Graphometric Signature the following information are captured:

the image of the signature,
the position and direction
the pressure (1024 levels)
the time
the curvature
the acceleration

During a Graphometric Signature the important element is not the graphical mage (like during 2D normal ink signature) but the biometric characteristics of the image. Including the time and the pressure, the x,y position the velocity and direction we can have spatial dynamic information not available during a normal ink signature.

In the next picture you can see a normal ink signature in a 2Dimensional space and the same signature in a 3Dimensional space including the time.

In fact "ONLY the the biometric information without the image of the signature" are stored and are useful for matching a future signature. This allow more security and dynamic verification
This is the typical verification process.

All these information will be included in the digital signature creating and Advanced Electronic Signature.

Once the Advanced Electronic Signature using Biometrical information is bonded with the document via a Digital Signature the final final receive the Persistent Security to allow legal verification of authenticity, presence in time and Integrity as well as non repudiation.

Digital Signature vs Electronic Signature in a nutshell

Electronic or Biometric/Graphometric Signature

There is no bonding between document, electronic signature or biometric information.
Electronic Signature include only the image of the signature while the graphometric signature include also the biometric information, but in both cases there is no secure bonding between the signed information (document) and the signature itself allowing forgery of the signature or of the document itself.
Due to the fact the information are in electronic form with no sealed bond any element can be changed and the signed changed document can be «wrongly» judged as valid.

Digital Signature

The signer is recognized / certified by the Certification Authority
The CA release to the signer a secret key and a public key
The user signer uses dual factor Authentication to get the key
The signature is an algorithm that uses the personal secret key
The signature algorithm create a unique bond between the document, the visual signature, the signature information and the timestamp and the secret key.
The verification is performed by anyone using the public key. If you modify anything then the signature verification will fail

LEGAL VALUE Digital Signature is “Legally binding“ modifying document will invalidate signature

AUTHENTICITY “Identification of the signer” Secure RSA signature (Digital Signature) is bonded with the document to allow automatic verification showing the user credentials and validate the user

PRESENCE IN TIME In Digital Signature the “Signed Time Stamping” - Secure time is capture and bonded with signature

FORGED SIGNATURE When a Digital Signature is performed you cannot change visual or digital signature

DOC VERIFICATION “Verify who signed the document” This process is made by anyone using the public key while using electronic signature you need to consult an expert that will give you his judgment.

PRESERVATION “Ability to Verify Authenticity and Presence in Time“ Ability to preserve only document that will be a legal proof in court where you can verify the binding of the signer with the content of the document at a specific point in time.

LEGAL VALUE	Digital Signature is “Legally binding“ modifying document will invalidate signature
AUTHENTICITY	“Identification of the signer” Secure RSA signature (Digital Signature) is bonded with the document to allow automatic verification showing the user credentials and validate the user
PRESENCE IN TIME	In Digital Signature the “Signed Time Stamping” - Secure time is capture and bonded with signature
FORGED SIGNATURE	When a Digital Signature is performed you cannot change visual or digital signature
DOC VERIFICATION	“Verify who signed the document” This process is made by anyone using the public key while using electronic signature you need to consult an expert that will give you his judgment.
PRESERVATION	“Ability to Verify Authenticity and Presence in Time“ Ability to preserve only document that will be a legal proof in court where you can verify the binding of the signer with the content of the document at a specific point in time.