Verify | Lock accountBlog | Partnerweb | Support

Home > Skip Navigation LinksResource Center > Digital Signature FAQ's


Digital Signature FAQ's

Frequently asked questions about digital and e-signatures

GENERAL

Link to the Technical Support Database

What is the difference between an Electronic Signature and a Digital Signature?

Electronic Signature is a generic, technology-neutral term that refers to the universe of all of the various methods by which one can "sign" an electronic record. Although all electronic signatures are represented digitally (i.e., as a series of ones and zeroes), they can take many forms and can be created by many different technologies. Examples of electronic signatures include: a name typed at the end of an e-mail message by the sender; a digitized image of a handwritten signature that is attached to an electronic document (sometimes created via a biometrics-based technology called signature dynamics; a secret code or PIN to identify the sender to the recipient; a code or "handle" that the sender of a message uses to identify himself; a unique biometrics-based identifier and a digital signature (created through the use of public key cryptography).
Digital Signature is simply a term for one technology-specific type of electronic signature. It involves the use of public key cryptography to "sign" a message, and is perhaps the one type of electronic signature that has generated the most business and technical efforts, as well as legislative responses.

SIGNificant combines the handwritten electronic signature with the PKI digital signature to achieve a binding signature process using the familiar handwritten signature. It also enables electronic signatures based for example on SMS validation for Web transaction.

What is a biometric handwritten signature?

A captured handwritten signature looks identical to a person’s original wet ink signature. But If you use the xyzmo digital signature suite it is much more than just an electronic image. We record the handwritten signature of a person by parameters of pressure, acceleration, speed and rhythm. These parameters are unique to every individual and cannot be easily reproduced by a forger. Once a signature including all the biometric parameters has been embedded into a document it is turned into a signed and sealed PDF. Anyone can verify the signature and content integrity anywhere at any time. Thus unrecognized post-signing manipulations are impossible.

SIGNificant creates a specific personal profile for each individual. The personal profile is a biometric analysis of a person's signatures over time. A person's two signatures can never be the same, but the degree of signature fluctuation is unique per person. SIGNificant detects each individual's unique fluctuation and fine-tunes each personal profile over time.

Can documents signed by SIGNificant be viewed and verified by users who don't have SIGNificant installed?

Yes. Viewing the handwritten signature and verifying the digital signature can be done by any user using the free Acrobat Reader.

What happens if my signature changes over time?

All signatures naturally change over time. SIGNificant recognizes the natural fluctuations in your signature and verifies that it still belongs to you. Because the SIGNificant engine updates the personal profile as each new electronic signature is aded, it detects the natural changes or drift that occurs in each individual's signatures over time.

  • Can the engine support long signatures?
    Yes. There is no limitation on signature length. In fact, long signature creates higher complexity level, making the signature profile more secure.
  • I have two different signatures. How will the engine be able to authenticate me?
    You will have to create two user names and assign each signature to a specific name. This is a database issue, which is solved by the application.
  • Can I change my signature? 
    You may re-enroll anytime with a new signature.
  • Can I install the tablet myself?
    Yes, the tablet installation, demo and client application are very simple to install and come with an automatic setup utility. The installation of a server application, however, requires the knowledge of a system administrator.

What is the difference to fingerprints and retinal recognition?

The act of signing a document, has long been accepted by nearly every culture as one’s recognition and agreement on the contents. Although we never sign exactly the same way twice, the signature adheres within certain boundaries unique to each individual. This is a huge difference to fingerprints or retinal patterns which remain constant over time. The execution of a person’s signature will always be unique and individual at that particular moment for each individual document.

How does the xyzmo Time-Stamping Authority work?

A dedicated document - see below - describes the policy the xyzmo Time-Stamping Authority (TSA) is operated with. This includes operational security, maximum time deviation, availability and the timestamp signing certificates. With this TSA and a appropriate signing software any electronic document or file can be equipped with a timestamp (refer to http://en.wikipedia.org/wiki/Trusted_timestamping). For the creation of a timestamp a hash value of the document is sent to the TSA. Please read the following document for more informations: Please click this link.

SECURITY

  • How can I be sure that my signature is not transferred to an unauthorized document?  

    The biometric database stores the personal profile in an encrypted way. The signature of a person is encrypted immediately when it is captured from the signature pad with the private key of a special certificate. This special certificate is selected by the company using the xyzmo suite and typically stored in a secure environment outside the company (bank safe, external notary...). Thus xyzmo has NO access itself to this certificate. For the encryption of signatures the xyzmo suite just needs the public key of the certificate. Only for decryption and extraction of signatures from a document the private key is required.  Solely people whom the company allows access to this certificate can decrypt the profile with a tool which we provide named PenAnalyst. This tool was developed together with forensic experts and is useful in a case of a legal dispute to proof who signed a special document.

  • What if my signature transmission is traced and resent later? 
    Form a practical standpoint this is impossible. But to provide a 100% correct answer: With a lot of criminal energy, technical in-depth know-ledge about the xyzmo suite, the special customer installation, the used signature pad and unsupervised access to the computer it is theoretically possible to do something like that. Capturing and transmitting alone would be recognized by the biometric engine as fraud as two signatures can never be exactly the same. Therefore in addition the captured data would have to be manipulate in a way that they look like a naturally change over time to the biometric engine. Compared to how easy it is to fake signatures on paper this is an enormous effort.  Common sense on the market is that it is not worth to protect the system against such a theoretical possibility, but if really required please contact us.

LOCALIZATION

  • Can the engine accept signatures in different languages?
    Yes, the SIGNificant engine has been thoroughly tested in several languages. Among them are: English, German, Spanish, Italian, Dutch, French, Hebrew, Japanese and Chinese.
  • Can the SIGNificant engine be localized?
    Due to our vast experience in multi lingual products (we have translated the software to nine languages including right2left, left2right and Asian languages), we provide the possibility to localize all products without having to directly access the source code.

LEGAL 

  • How does SIGNificant comply with electronic and digital signature rules and regulations?  Based on a PKI digital signature infrastructure, SIGNificant electronic signature complies with the prominent legislations and regulations, for both an "electronic signature" and an "advanced electronic signature".
    The law discusses these terms for an advanced electronic signature:
    (a) which is uniquely linked to the signatory,
    (b) which is capable of identifying the signatory,
    (c) which is created using means that the signatory can maintain under his sole control, and
    (d) which is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.     
  • Basics of e-Signature laws in the US: The definition of what qualifies as an electronic signature is wide and is set out in the Uniform Electronic Transactions Act ("UETA"). Many core concepts of UETA are echoed in the U.S. ESign Act of Oct 1, 2000. 46 US states, the District of Columbia, and the US Virgin Islands have enacted UETA. Electronic signature is broader than digital signature, because electronic signature also includes clicking "I agree" f.e. Laws do not elevate electronic signatures, but they cannot be denied just because the are electronic. Studies of Gartner research and law firms show that a reasonable designed digital signature process, supported by solid technology can even reduce risk, relative to traditional paper based processes. Click here to read more.

   

Next Steps

Contact
Email us. Or call us directly at +43 (0) 7229 88060 or
+1 (631) 619 5511

callback


Copyright © 2007-2010 xyzmo Software GmbH
print email favorite
Imprint | Site Map | RSS Feed | Press | Email us