Get Documents Signed. Anywhere. Any time. The E-Signature Solution Based on Open PDF Standards and True Digital Signatures. 1
Namirial Group Namirial is a Software Company and a Certification Authority, which provides Trust Services like e-signature, registered e-mail, e-invoicing and digital archiving to more than 500.000 customers. Namirial is specialized in Digital Transaction Management (DTM) Sign it! Share it! Store it! Namirial Spa Headquartered in Senigallia, Italy >40M revenue in 2015 with 300 employees >2.000.000.000 pages digitally archived annually >80.000 digital certificates issued Member of the Adobe Approved Trust List (AATL) Certification & TSA Authority (accred. by AgID) ISO 9001:2008 (accred. by Bureau Veritas) ISO 27001:2005 (accred. by Bureau Veritas) Namirial GmbH Based in Linz/Ansfelden, Austria Xyzmo SIGNificant esignature Platform We offer signature pads, but we do not produce them ourselves Founded as Trosoft & Wondernet in 2004/1998 25 employees work on SIGNificant >200.000 seats run on xyzmo SIGNificant 2
Much More Than Popular Capturing Use a Signature Cases e-contracting Customers in the branch or shop Customers directly on-site (mobile) External users to sign on their own device Internal users online in the office Online integration of Pen displays or signature pads Tablets Smartphones POS Advertising (on the pen-display) Support for terminal services OFFLINE integration of mobile Tablets Smartphones Complete PDF forms on the go Add scans of driver's license, passport, or any other photo Without client-side installation on any HTML5 enabled device - PC, Tablet, Smartphone Send links to external signers to trigger a transaction Seamless integration into your Web portal Single Sign On authentication and PK integration Batch signing of documents for approval processes Send links to internal signers to trigger a transaction Xyzmo SIGNificant E-Signature Platform Namirial Trust Services 3
Qualified e-signature Equivalent to written legal form Non reputable Legal Signature Levels Requires a personal qualified signing certificate issued to the signer Requires certain identity checks from the CA when issuing the certificate to the signer Must be stored and used with a secure signature creation device Advanced e-signature Satisfies certain quality requirements => provides safe proof Is uniquely linked to the signatory Is capable of identifying the signatory Is created using electronic signature creation data that the signatory can, with high level of confidence, use under his sole control Is linked to the data that which it relates in such manner that any subsequent change of the data is detectable Created typically through Pure biometric signature HTML5 signature using an authentication method that identifies the signer 4
eidas 910/2014 Qualified Electronic Signature EU regulation that goes into effect by July 1, 2016 http://eur-lex.europa.eu/legal-content/en/txt/?uri=uriserv%3aoj.l_.2014.257.01.0073.01.eng Overwrites national e-signature laws which do not comply with the EU regulation Overall summary for qualified e-signatures Qualified e-signatures (QES) from one EU country are valid throughout the EU QES certificates issued from a Qualified Trust Service Provider (QTSP) are valid in the entire EU o CAs that want to become a QTSP have to audited by a Conformity Assessment body until July 1, 2017 o Until completion of their assessment accredited national CAs shall be considered as QTSP Remote e-signatures (= e-signature creation environment is managed on behalf of the signatory), may receive the same legal recognition as e-signatures created entirely user-managed Generating or managing e-signature creation data on behalf of the signatory for a qualified remote e-signature may only be done by a qualified trust service provider (QTSP) o Either on QTSP premises (Cloud) or on customer premises (under control of the QTSP) QES creation devices require certification by public/private bodies designated by Member States Issuing the qualified signing certificate to the recipient (= signer) is done after their successful identification in accordance with national law, using the following ways: o By the physical presence (face to face) o Remotely, using electronic identification means a physical presence was ensured (Live Video ID) o By using other ID methods recognized at national level that ensure physical presence (e.g. eid) 5
Advanced e-signature Biometric (forensic verifiable) E-Signature Technologies Technical & Legal Aspects HTML5 (Audit Log) ID OTP Qualified e-signature Client-side entirely user managed Server-side managed on behalf of the signatory (eidas 910/2014) Online: SIGN PIN **** OTP POS: 6
Self-Contained & Securely Signed PDF Digitale Signatur PAdES Long Term Validation Profile Digital certificate shows the signatory or the document issuer Protects document integrity making changes always visible Certificate is member of the Adobe Approved Trusted List (AATL) Displays signing graph and show document history Information on the validity of the signature certificate on signing time (OCSP / CRL) Optional: trusted time stamp Optional: Encrypted Biometric signature data Optional: geo-location SPEED ACCELERATION PRESSURE ANGLE ANGLE DIFF Exportable according to ISO/IEC 19794-7:2014 READABLE WITH EVERY STANDARD PDF READER (e.g. Acrobat Reader X) 7
Verification of Biometric Signature Data Checking authenticuity manual-offline & atomatic-online Forensic Signature Verification (Offline manual analysis) Real-time verification to ensure highest process security (online) Audit Log Signed Response stored in PDF and server-side Biometric to biometric Biometric to paper 8
Much Verification More Than of Capturing HTML5 a Signatures Server-side Audit-Trail to Proof Authenticity Dedicated logging of how signatory authetnication is done 9
SIGNificant Server Platform Kiosk SDK Client Java/.NET Signpad SDK SIGNificant Server Platform Document Signing RES² - Remote Digital Signature (HSM) Mobile Native App/SDK Internet or LAN Internet or LAN HTML5 Client with external device support Pure HTML5 Client SignAnywhere Flow E-Signing Workflow & Reporting SIGNificant Biometric Server Real-Time Signature Verification Web Live Ident SIGNificant Identity Server Identity Management & Verifikation Advantages of Server-based signing Integration to existing systems is purely server-side -natural choice for server-based architectures PDF document is only stored in the data-center and not automatically copied to the clients Combines central integration with full offline support in an ios and Android app Server run On-Premise in the Cloud Provides secure input (e-signing) and output channels (doc-delivery) Only one back-end integration for multiple channels Web Browser: No installation or download is required. Mobile Device: Native apps are integrated with and built on the platform. Existing Apps: Client-side SDKs (Desktop, ios, Android) enable a seamless UI integration 10
Much RES² More Remote Than Capturing Digital Signature a Cloud architecture for high cost efficiency, easy management and fast deployment Only the document hash (7-10KB) is exchanged for optimum performance SLAs: Availability 99,8% - Response Time: 200ms + network latency Customer infrastructure Applications High Level Interface Documents stays in the customer premises, only hashes are sent to SE for signature. Namirial infrastructure PKCS#1 Sign Environment Admin functions (key gen, pwd change, ) Certificates Enrollment / user identity records SWS/SIGNificant Interface SE also for admin purposes (password changes, keys on/off ) SE CA - TSA HSM Trusted time stamps On-premise PKCS#1 Sign Environment for customer dedicated HSMs Under the control of Namiral Spa for qualified remote e-signatures The solution is very expensive and requires specific security procedures 11
Biometric Signature Capturing Devices Chose the category that best fits your use case Indirect Sales + Lowest common denominator + Captures biometrics on every smartphone (ios, Android, Windows) + High security through native app with on-device encryption + Allows customers to also sign on their own device + Practically zero HW-costs Requires PC screen for document reading Requires pairing with PC/document Response time of 2-3 sec POS with little space POS with econtracting Consulting + Very robust (Wacom EMR) + Can already show the document + High security through ondevice encryption + Battery free + Very cost effective o Not mobile, but plug n play Requires PC screen for comfortable document reading Limited use for POS advertising Response time of 2-3 sec (color) + In-document signing experience + Fast (zero delay as it is a screen) + Parallel usage to operator PC + Client monitoring with assistance mode + Very robust (Wacom EMR) + High security through on-device encryption + Great for POS advertising + Battery free o Not mobile, but plug n play Pen operation only More expensive + Great when sales and client can work with the same device + Simple & familiar touch UI for page browsing and editing + In-document signing experience + Mobile & offline support + High security through native apps with on-device encryption + Great for POS advertising + Multi-purpose device Battery required Separate computer to manage More difficult to secure More expensive 12
Wacom Signature Pads and Displays 13
Why Wacom? Others Active Pen Passive Pen Glass LCD Sensor Plastic Sensor LCD 14
Much Biometric More Than Capturing Signature a Signature Quality Capacitive vs Pen Enabled Capacitive Displays Pen enabled Signature Pads Finger Stylus Fineline Stylus Native Pen Native Pen Data rate Fair Fair Fair Excellent Excellent Resolution Fair Fair Good Excellent Excellent Writing posture Poor Good Good - Excellent Excellent Excellent Pen friction on surface Fair Good Good Fair - Excellent Excellent Forensically Identifiable No Yes Yes Yes Yes 15
Much SIGNificant More Than Capturing Biometric a Signature Server Lowest False Accept / False Reject Rates (FAR/FRR) 3% - Winner of ICDAR contest 2011 for skilled forgeries Real-time result Even before the document gets signed Self learning profiles Updated with each signatures to track gradual shifts over time Versatile threshold factor Easily adjust signature acceptance level to your use case Signed Response Proves that a verification results are authentic and untampered Trusted by the world s top brands Performance of the Real-Time Signature Verification 16
Much More Than Selected Capturing References a Signature Poste Italiane ~20.000 installed, 35.000 seats contracted SIGNificant Server with Web Signing Interface (for contracting), for SDP/bank transactions: SIGNificant SDK, Wacom STU-520 Use cases: CRM - contract signing SDP-bank transaction singing Unicredit Italy Projects 20.000+ seats project size SIGNifiacant SDK + SIGNificant Biometric Server + HSM + Wacom DTU-1031 HSM for personal digital signature (QES) Use case: Contract signing DVAG / ATLAS 12000 mobile sales SIGNificant Server with ipad App SDK integrated into DVAG sales appication on ios Use case: Finanzberatung-Vertrieb Skoda Auto Distribution Network CZ/SK Skoda distribution network in CZ/SK SIGNificant Server with ipad & Android App SDK & WSI integrated into DMS-CZ/SK and PCI (Portable CheckIn). Use case: contracts, invoices, service & transfer protocols, custom documents. Vodafone Vodafone (Italy) 2.000 mobile + 4.200 shops SIGNificant Server ipad SDK / Android SDK, Accenture Tablet App (SDK) WSI with Wacom STU 500 (520) JobCenter Plus Department Of Work & Pension UK HP has purchased more than 22.000 signature stations with realtime verification for this large UK government project 17
References Finance Utilities Government Health Care / Life Sciences Telecommunication Other Industries 18
Ready to move Forward? Adrian Dinculescu Partnerships & Alliances Manager +40 740 435 098 Adrian.Dinculescu@xyzmo.com 19