Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Stylus signature - Static and dynamic biometric signature

            Modified on Tue, 11 Jun at 11:25 AM


            What is a biometric signature

            Biometric signature is one variant of electronic signature, legally classified at the basic/other level.


            In a controlled signing environment, such as the Signi application, users attach their biometric signature to the document. Biometric signatures are widely utilized today for their simplicity and security, commonly found in banks, service providers, and Signi.

            The advantage of biometric signatures lies in their broad applicability and low barrier to use. Almost anyone can sign using this method, unlike qualified signatures, for example. However, they have lower evidentiary value compared to qualified signatures, which are restricted due to their organizational, technical, and financial complexity.


            Biometric signature in Signi

            Biometric signature is the default signing method in Signi due to its ease of use - all you need to sign is a computer or a smartphone.


            In the Signi environment, you are prompted to create your handwritten signature on a touch screen (tablet, phone), where not only the curve of your signature is captured but also the speed of your finger or stylus movement, as well as the pressure applied. What is generated through this process is your dynamic biometric signature. We can think of it as a unique sample of "you" that shouldn't be replicable by anyone else. This captured sample of "you" is then attached as your basic electronic signature to the document.



            Safety

            Biometric signature (BS) is a compromise between ease of use or usability in the general population and evidentiality. It is commonly used even by large corporations. How does Signi enhance its security?

            The crucial point is that the BS signature process takes place exclusively within the controlled environment of Signi. This means that certain requirements imposed on higher levels of electronic signatures can be guaranteed, such as:

            • Timestamping - Document signatures are recorded along with a timestamp that the signer cannot influence. A timestamp provided by an independent certification authority operated according to the requirements of eIDAS is added to the final document.

            • Non-separation of the signature from the document - At the moment of closing the document, its content is fixed including the signatures in the document. The timestamp includes both the content of the document and the signatures, meaning that any attempt to remove or alter the signature can be easily identified.

            • Immutability, integrity of the document - Any intervention in the resulting document can be easily identified thanks to the embedded timestamp.

            • Identification of the signer - Two-factor authentication via email and SMS.


            More on the topic can be found in Ensuring document integrity and the use of time stamps, Electronic Archive, Electronic Seals.


            In comparison to a signature on a paper document, there is also a significant audit trail available for a closed document. This includes data on the times of changes, devices used, their IP addresses, verified emails and phone numbers, and other details. The audit trail is significantly broader than with paper documents and in case of a dispute, it's a significant source of additional information not available with paper documents. For more information, see Access to the Control Sheet - Audit Trail.


            Biometric signatures can also be combined with various methods and levels of Remote Identification, where a person is first verified before signing, for example, by a liveliness test, selfie, uploading documents, sending a micro-payment, etc.


            How to disable, enable or prioritize this method of signing?

            Various signing methods can be set as default, optional, or alternatively completely disabled in the Workspace Settings.



            Static and dynamic biometric signature

            What is the difference between static and dynamic biometric signatures?

            Static biometric signature (SBS) contains a graphical representation of the signature, best likened to stamping a document with the signer's signature. It is the default form of biometric signature in Signi.com.

            • With SBS, there is no processing of biometric, and therefore sensitive data in terms of GDPR (it does not involve processing biometrics for identification purposes according to Article 9/1 GDPR).

            • It is worth reminding here that a crucial part of signing is the "process," or procedure, which includes the identification of signers, the use of verified means, and automated control over the correct sequence of actions leading to the actual signature, with these characteristics being stored in Signi.com and forming the real basis for verifying the authenticity of the signature. This can be likened to a situation where a document is placed on letterhead paper and signed in an appropriate place under the supervision of witnesses, and the document is then signed by Signi.com as such a witness at the end.

            In a dynamic biometric signature (DBP), other characteristics of the signature are captured and stored, in particular the dynamics (i.e. the mathematical representation of changes in pen position and possibly pressure over time). These characteristics are embedded in the document in encrypted form, together with the static biometric signature (bitmap), and offer more detail for assessing the authenticity of the signature. Such a signature can be likened to a kind of "video" that documents not only the signature but also the process of how the signature was made. DBP can optionally be enabled at the workspace level in Signi. 

            • DBP is considered sensitive data by the Data Protection Authority (special category of personal data according to Article 9/1). This imposes specific obligations on the customer (in its role as data controller), in particular, it is obliged to carry out an assessment of the lawfulness of the use of DBP (i.e. whether such processing is necessary, to what extent and in what manner, and should also take into account the need to defend such processing to the DPO), inform the signatories accordingly and resolve the legal basis.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0