Digitalized signature: our technical solution

A few weeks ago we talked about typical cases of use of digitalized signature, referring to the electronically document stamping of the handwritten signature. We were also discussing some aspects of the Spanish legal background on this modality.

Types of digitalized signature

In this post, we intend to give some hints of the technical solution for the digitalized signature adopted in viafirma platform. It does seem appropriate to explain that this type of signature is a modality of the features included in our platform, such as the electronic signature certificates (both desktop and mobile). In fact, for any viafirma integrator is quite simple to include digitalized signature in his applications, both web and mobile, because this is just another API method.

Let’s have a look to our technical approach:

Devices:

Capture of digitized signature on:

  • Topaz capture devices.
  • iPad Tablets (and iPhone smartphones).
  • Android tablets and smartphones.

Furthermore, it allows the stamping of the signature on different pages (and various signers), whre the user can choose his signature location. The solution is integrated with our digital signatures agenda viafirma inbox, allowing to combine signature approvals and digitized signatures with the certificates-based ones in signing workflows, on both mobile devices and desktop computers.

Prerequisites:

The operation isn’t merely a capture/scan of the user handwritten signature and his subsequent inclusion in the document, but are captured, generated and stored enough data to guarantee the basic principles of an advanced electronic signature.

  • Identification of the signer.
  • Linking uniquely the signer and the signed data.
  • Ability to detect any changes after signing.
  • Ensuring that only the signer can generate that signature.

In short, the digitalized signature of viafirma platform ensures that the signer is who has made the signature, that the signed has not been modified (or if there have been changes, what they are and where they are), what time was the signature performed and that this signature can’t be reused in subsequent documents.

Electronic signature generation

Our solution take advantage of the platform’s cryptographic capabilities to perform the necessary operations to comply these requirements:

  • Capture of signature biometric data (pressure, speed of strokes, etc.) so that, a handwriting expert could analyze whether the stored data is consistent with the handwritten signature of the user.
  • These data are never in possession of the service provider (owner of the application) or software manufacturer (viafirma), since they are sensitive data that would allow the subsequent signatures falsification. To do this, Topaz devices perform local encryption on the device (only decipherable with software that is delivered under injunction). In tablet devices, such as iPad, Android, etc.., our application performs encryption of the biometric data thanks to a trusted third party key, so we can’t access them.
  • It captures another set of data related to the document that the user is signing, the signing device, etc..
  • An electronic signature is performed with all this information, with time-stamping of a Certification Authority.
  • The results encrypted and signed are attached to the signed document (where the scanned signature is stamped). So, the result is a PDF containing the scanned signature related to a validatable and decipherable file containing all information, which is included in the PDF file itself. Thus, the PDF is the only file needed in the process.
  • We have an application that is responsible for validating all results generated, and with the involvement of a trusted third party, it allows the recovery of the signature biometric data and its delivery to an expert, within the framework of a legal action against a possible digitized signature rejection. This application can even detect possible changes in prospectives signed document, showing the changes made, getting thereby ensure the requirements associated with an advanced electronic signature.

The following attached screen below shows the result of the validation of a signed PDF document with digitalized signature:

Firma digitalizada

Updated April 12th 2013 – Nowadays, we capture also anothers electronic evidences that we didn’t before, such as::

    • Geolocation

 

    • More pressure values thanks to the usage of a  Stylus

 

  • Signing Date

So, the verification screen now looks like this:

Verificación de la firma digitalizada

Comments

  1. Hola,

    Han probado agregar la validación por DNIe al cliente web de OpenERP ?

    Para Costa Rica se va a requerir pronto la facturación digital, y para esto solicitan la firma desde un certificado…

    Por favor me escriben si podríamos trabajar en este tema.

    Saludos,
    -Mario

  2. Estamos implantando un sistema de historia clinica para salud ocupacional y nuestro interés es integrar un lector de firma para certificar mediante este sistema procesos de notificación en nuestro sistema (pacientes firmando electrónicamente hojas de la historia clinica).

    Agradezco me orientes para contar con este tipo de tecnologia en Colombia

  3. Estimados, si bien hay mucha bibliografía sobre firma digital, quisiera saber si la misma debe ser consignada (escrita digitalmente ) siempre en una historia clínica, inmediatamente luego de cada evolución del paciente y si la misma es y debe ser visible.

  4. Hola Jose Luis,

    Nosotros no somos expertos en el campo de la medicina, por lo que poco te puedo asesorar sobre la historia clínica, lo que sí te puedo decir es que la firma digital puede sustituir a todos los efectos a la firma manuscrita, esto es, cada vez que el médico necesite firmar de forma tradicional la historia clínica, en lugar de con firma manuscrita podría hacerlo con firma digital.

    La visibilidad de esta o no también depende de distintos factores y de las preferencias del centro médico, aunque no hay ninguna ley que te exija la “visibilidad” (entendiendo como tal el mostrar en un primer vistazo la firma electrónica, que no digitalizada) de ésta.

Leave a Reply