Article. Electronic Notary Practices. Copyright Topaz Systems Inc. All rights reserved.



Similar documents
How To Choose An Electronic Signature

Article. Robust Signature Capture Using SigPlus Software. Copyright Topaz Systems Inc. All rights reserved.

The Virginia Electronic Notarization Assurance Standard

Chap. 1: Introduction

Electronic Signature Article

Developer s Guide. Revised January 17, Boardwalk, Suite 205, San Marcos, CA (760)

Complying with PCI Data Security

Content Teaching Academy at James Madison University

Understanding Digital Signature And Public Key Infrastructure

Digital Signatures For Engineering Documents

Digital identity: Toward more convenient, more secure online authentication

Minnesota State Colleges and Universities System Guideline Chapter 5 Administration

Advanced Authentication

True Identity solution

By writing to: Cougar Wireless, Attention: Customer Service, 4526 S. Regal St., Suite A, Spokane, WA., 99224

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, BC. From Italy (?).

WHITE PAPER Usher Mobile Identity Platform

ZIMPERIUM, INC. END USER LICENSE TERMS

SolidWorks Enterprise PDM and FDA 21CFR Part 11

Business Issues in the implementation of Digital signatures

Card Account means your Card account that is in relation to your Visa Wallet maintained and operated by Tune Money Sdn Bhd.

CA Technologies Solutions for Criminal Justice Information Security Compliance

Secure Data Exchange Solution

That Point of Sale is a PoS

Cross-Media Electronic Reporting Regulation (CROMERR)

Digital Signature Policy Guidelines. Version 1.1. March Contains corrected links to documents

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

The Impact of 21 CFR Part 11 on Product Development

BUSINESS ONLINE BANKING AGREEMENT

DigitalPersona Pro Enterprise

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

Subject: Computers & Electronic Records. Responsible Party: Part C Coordinator

Secure USB Flash Drive. Biometric & Professional Drives

Adobe PDF for electronic records

Biometric Authentication using Online Signature

COSC 472 Network Security

Implementation of biometrics, issues to be solved

Acceptable Use Policy

Application-Specific Biometric Templates

Electronic Signature Capture with Authentication

M-Shield mobile security technology

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

IoT Security Platform

White Paper. The E-Sign Act. Use and enforceability of identifiers, passwords and personal identification numbers as signatures

Online (Internet) Banking Agreement and Disclosure

The Comprehensive, Yet Concise Guide to Credit Card Processing

ACER ProShield. Table of Contents

Document Management Getting Started Guide

HIPAA Security Training Manual

EDMONTON JOURNAL READER S CHOICE CONTEST

Article. Electronic Signature Forensics. Copyright Topaz Systems Inc. All rights reserved.

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

LET S ENCRYPT SUBSCRIBER AGREEMENT

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

Cathay Business Online Banking

2016 VANCOUVER WELLNESS SHOW CONTEST RULES

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

OFFICIAL RULES. CONTEST NAME Let s Taste Summer (the Contest) 2. CONTEST PERIOD. The Contest will run during the following period ( Contest Period )

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

ELECTRONIC SIGNATURE REQUIREMENTS FOR LENDERS

1.3 Your access to and use of the Site, including your order of Products through the Site, is subject to these terms and conditions.

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

FKCC AUP/LOCAL AUTHORITY

AutoSave. Achieving Part 11 Compliance. A White Paper

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

Information Security Basic Concepts

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

AGREEMENT AND TERMS OF USE

eform Suite for TeleForm Create and Process Intelligent eforms in PDF and HTML

Oracle WebCenter Content

User s Guide [Security Operations]

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

ISLAND WIDE GIVEAWAY 1. ELIGIBILITY. 2. CONTEST PERIOD. 3. HOW TO ENTER.

FRESNO COUNTY EMPLOYEES' RETIREMENT ASSOCIATION INTERNET AND USAGE POLICY

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

Acceptable Use Policy ("AUP")

Credit Card Security

Biometrics and Cyber Security

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

LEGAL UPDATE October 14, 2008 Ashley Strauss-Martin, RANM Legal Hotline and Forms Attorney

Research Information Security Guideline

HP ProtectTools Embedded Security Guide

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

CHAPTER 10: COMPUTER SECURITY AND RISKS

Transcription:

Article Electronic Notary Practices Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal.

Table of Contents Key Features and Benefits of Electronic Notarization Technology... 3 Electronic Notarization A Guide for IT Personnel... 3 Best Practices for a Secure, Reliable Electronic Notary Journal... 3 Keeping Numbered, Sequential Records... 3 Creating Robust Electronic Handwritten Signatures for Encryption and Verification... 4 Using Open-Source Software Tools and Hardware Options... 4 Considering Security... 4 Worst Practices Things to Avoid... 5 Saving Signatures as Images... 5 Not Binding Signatures to the Notarization Date... 5 Relying on Database Encryption and Passwords as Sole Protection of Record Privacy... 5 Having No Independent Signature Validation Capability... 5 2 www.topazsystems.com Back to Top

Key Features and Benefits of Electronic Notarization Technology Electronic Notary Practices The implementation of electronic signatures is saving businesses millions of dollars each year in transaction, processing and storage costs, and improving customer service in the process. Electronic notarization is a business process that also streamlines and speeds the notarization of both paper and electronic documents. This notarization process, being a key legal requirement of many high-value business and consumer transactions, requires the best that today s technology has to offer. A lack of effective electronic notarization technology will limit the benefits and savings of electronic signing, transmission, and storage of these documents. Conversely, the adoption of inadequate electronic notary technology will jeopardize the integrity of the entire process. Electronic Notarization A Guide for IT Personnel Like the traditional paper-based process, electronic notarization must meet a set of technical requirements to be considered valid and binding. In addition to meeting the same practical function of a notary journal, an electronic system must overcome addition technical considerations before it can be reliable and safely used in a business environment. This guide will outline a set of best and worst practices for implementing electronic notarization across a business s process spectrum, using the existing paper method as the benchmark for functionality and security. Best Practices for a Secure, Reliable Electronic Notary Journal Keeping Numbered, Sequential Records A notary s journal is a series of numbered, sequential records of each act a notary performs during the course of their term. In addition to the recorded dates for each numbered entry, the sequential order of their entry serves as an additional measure of integrity since a new entry cannot be slipped in between two previous ones. Also, the binding of a notary book works to ensure that pages cannot be inserted or removed without evidence of the tampering. These standard features of notary technology must carry over into the electronic realm of an e-notarization system to be valid and accepted for use in a given jurisdiction. If electronic records can be simply added-in, removed, or deleted at will, then the integrity of the system in compromised, as are the records themselves. When choosing an e-notary system, make sure that each entry is numbered according to the time of its entry and that entries/pages cannot be inserted or deleted. South Dakota and Oregon have already rejected one early attempt at an electronic notary journal project due to just one of many potential pitfalls in the technology. 3 www.topazsystems.com Back to Top

Creating Robust Electronic Handwritten Signatures for Encryption and Verification Like with a paper notary journal, the signatures attached to an electronic notary record should be capable of independent verification by forensic examiners and encrypted to the notary record in such a way that they are invalidated if any of the data is changed. Each signature should be bound to the record s contents, such as names, dates, ID types, and document copy using cryptography and secure hashing. As an additional privacy concern, signatures should be saved as raw pen events, free from any bitmap or jpeg images that could be stolen and used to commit fraud. Beware of signature products that claim to capture and store biometric information but do not have the software, tools, intellectual property, or training in place so that a forensic document examiner can render an opinion. One company that provides software, IP, and training for forensic document examiners is Topaz Systems, Inc. Using Open-Source Software Tools and Hardware Options Since notary regulations can vary widely between jurisdictions, an electronic notary system should be scalable and customizable enough to meet the demands of differing jurisdictions. For example, California requires a fingerprint on some types of notarized documents, while Oregon might view fingerprint collection as an invasion of privacy. A notary system that requires a fingerprint will not satisfy users in both states, and a system that does not may cause some California records to be incomplete. Therefore, the technology should allow the responsible party to custom-tailor the notary app as required to be optimal in each jurisdiction. The software should also not lock users in a single supported option that may not meet their unique needs. For example, users in a state where fingerprints are not required should not be forced to buy a tablet with an attached fingerprint sensor. Considering Security There is no substitute for an effective security policy which prevents viruses, worms, and data sniffers from residing on a client or server computer. Encryption gimmicks in a signature pad connected to a PC provide a false sense of security if a rogue program or keyboard, printer, screen, memory, or USB data sniffer is also on the PC. Matters can be made worse if overly powerful and unnecessary processors and operating systems are employed in electronic signature devices due to latent bugs and viruses or internal data storage/encryption; as these techniques further jeopardize and remove security monitoring and update capability from the hands of IT personnel. On the other hand, there is value in monitoring and evaluating the integrity of data received from a signature pad, such as the point sampling rate, and detection of unusual timerelated activity in signing which may indicate an attempt to trace or forge a signature (slowsigning effect). This capability is described further in US Patent 6,307,955. 4 www.topazsystems.com Back to Top

Worst Practices Things to Avoid Some of the so-called worst practices listed below are simply antitheses of the best practices listed above but are stated as an explicit reminder of what not to do when creating an e-notary solution. Saving Signatures as Images This is a bad practices because an image can be easily copied, pasted, and viewed, and contains no useful biometric data for signature validation. It bears very similar characteristics to signatures that have been transmitted via a fax machine, which flattens the image and reproduces it without any of the nuances such as pen speed or stroke order that serve as evidence in authentication. Simply stated, a signature image is not a valid electronic signature. For display purposes, images can be generated at will from saved raw signature data but not vice versa. Once a signature is flatted to an image and saved, the original pen events are lost. Not Binding Signatures to the Notarization Date If the signature is not encrypted to the notarization date using a hash algorithm or similar method, this date can be changed fraudulently without any means of detection. Ensure that your system binds signatures to the holistic contents of the notary record, including the date, or tampering will be undetectable Relying on Database Encryption and Passwords as Sole Protection of Record Privacy A notary journal is normally kept in a locked safe or vault when not in use, where it is secure from unauthorized access. The same should be true of an electronic journal. Simply encrypting a database or using password input for access does not provide enough protection for the enclosed records. Consider systems that also require a notary s biometric input, such as fingerprint or valid signature, before the database is open for access. Having No Independent Signature Validation Capability Many signature capture systems offer automated template-based tools for assessing the authenticity of a user s signature. However, this template-based automated validation is not useful when independent authentication of a signature is required as proof of its validity in a legal setting. Requiring users to create signature templates when signing a notarized document may also constitute a violation of their privacy, especially if the security of the templates is compromised. As a result, consider using only signature pads and software that are supported tools which allow expert human examination of an electronic signature independent of a template. 5 www.topazsystems.com Back to Top

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information