As you start to think about how to turn your old paper-based process into a digital process, keep in mind that you will need a high level of flexibility within your e-signature suite. There are many different use cases, participants in the process, types of devices that you and your clients will want to use during the process, and actions that need to be completed within this last step in completing a contract.

A robust e-signature solution helps you to manage the e-signature process from beginning to end in a complete and totally secure way, and also ensures that all participants can easily access the final signed document. The goal is for the signer to have the best possible user experience when completing a document-based transaction so that she or he would like to do it again, which potentially leads to new business opportunities.

Thus, an e-signature solution needs to do more than just capture a signature; it needs to improve the entire process that comes with it, including processes inside and outside the document itself. Additionally, customers are seeking an omni-channel experience, with the flexibility to start a transaction in one channel and complete it in another one. Consequently, they need to be able to close transactions from anywhere, at any time, on any device.

All these requirements are best fulfilled with a true e-signature platform built to support the relevant business cases end-to-end.

More than just signature capturing

Completing a contract involves not just signing, but potentially also editing, filling out the document itself, or attaching other documents. The more complex this process is, the greater the likelihood is that mistakes will be made, which makes providing proper guidance to the signers highly desirable to avoid expensive process mistakes. Finally, workflow rules for document distribution and completion help to ensure that all participants are automatically involved at the right time so that the sender only has to step in if something goes wrong.

Enable signers to work with documents as if they were paper

In many cases, a document must be edited by the signer before he or she can actually sign it. For example, the signer may need to fill out form fields (such as answers to health questions in an application for a life insurance), add photos at a pre-defined location at a certain size (e.g., as proof for a real-life situation), and attach document scans (e.g., of the signer’s ID) or other attachments. Additionally, you may even want to allow the signer to edit the document without any constraints as if it were a piece of paper. For example, the signer could make annotations (with a typewriter or freehand), or highlight certain areas (with a text marker), which are basic document tools often used when concluding a contract

Guide signers in a document

You must be able to design the optimal user experience and enforce workflow rules within a document in order to eliminate expensive process failures such as missing signatures, data entries, or attachments. Therefore, you will want to add signature fields and other tags to help your signers know precisely what actions you want them to take, where in the document you want them to sign or to add information such as user data or photos, and in what order.

Easy and secure access to the signed document

Once a document is signed you typically need to provide all external signers an easy way to access the signed document. However, a simple e-mail won’t work, because e-mail is not viewed as a secure delivery mechanism.

To overcome this issue, the recipient only gets a download link to the document. To ensure that only the intended recipient downloads the actual document you may define a required client authentication – e.g. via SMS/TAN using the mobile phone number you already got (e.g. from the application form / signed document). This way the recipient does not even need a registered user account, which means he does not need to remember login data such as username and password.

The same process can be also used to safely deliver documents to signers that have been created based on a signed document. An example for this is an insurance policy that has been created based on a signed insurance application form.

Multi-channel and device support

Closing transactions anywhere, at any time, on any device means providing full coverage for the following channels:

  • In-house point-of-sale (POS) in branches, stores, receptions, etc.—e.g., on a POS-PC with a signature screen that is used to display the document to be signed and capture a client’s signature directly on the displayed document.
  • External point-of-sale through independent business partners (such as agencies)—e.g., on a POS-PC with a smartphone, so that the PC displays the document to be signed on its screen and the smartphone is used to capture the client’s handwritten signature.
  • Mobile sales and service delivery (door-to-door agents)—e.g., on a mobile tablet that is used to display the document to be signed and capture a client’s signature directly on the displayed document.
  • Online/remote — e.g. directly on whatever device the client is using, be it a standard PC, tablet, or smartphone.

Given that five years from now, the majority of signature transactions are expected to be closed on mobile devices, your company needs to be fully committed to offering e-signatures on all mobile platforms. That means choosing an e-signature solution that is mobile-ready and enables capturing e-signatures through any browser-based mobile device, and equipping staff, agents, and representatives with e-sign-enabled native apps.

Read more…

This series of posts will help you to understand what a remote online e-signing solution needs to provide. This is post 5/5.

With SIGNificant, xyzmo provides an enterprise e-signature platform that allows you to conveniently send documents for signature or simply sign them yourself online. SIGNificant efficiently provides you with the user interface and tools needed to define an optimal e-signature process and user experience. Whether for HTML5 (placeholder) signatures, biometric signatures, or digital signatures with personal certificates, the platform’s building blocks make it easy to choose the best combination of signing method and signer authentication, regardless of which signature device the recipient uses.

To better illustrate how xyzmo’s SIGNificant can be applied in selected industries for online signing scenarios, the following section outlines a real case study of a customer that implemented SIGNificant for online-signing with its end-to-end business process implemented.


Use case:

  • Digitally sign insurance contracts for mobile phones online in the web browser on any HTML5 device

Deployed products:

  • Signing application: SIGNificant Server with SignAnywhere

End-to-end business process:

  1. The client selects the insurance contract they want to add to their phone online on The Phone House website.
  2. The Phone House backend systems automatically create the insurance contract to be signed and send a link to the contract to be viewed and signed online to the client.
  3. The client opens the insurance contract in a browser that supports HTML5 and signs two signature fields through Type-2-Sign or Draw-2-Sign.
  4. The signed document and the audit trail are safely stored in The Phone House’s archiving system.
  5. The client is informed about the results of the transaction online and can access a copy of the signed insurance contract directly in their web browser session.


This series of posts will help you to understand what a remote online e-signing solution needs to provide. This is post 4/5.

4 Signing methods

First, there is an important difference between methods in which:

  • the captured handwritten signature of a person is forensically identifiable (also known as a “biometric signature”),
  • the embedded signature data in the signature field (e.g., image of handwritten signature graph) is not sufficient to authenticate the signer, making additional authentication methods and audit trails necessary to be legally binding,
  • signatures are used in conjunction with personal digital signing certificates.

Thus, the main question in capturing handwritten signatures is whether the captured signature data is forensically identifiable. One can say that in all scenarios featuring the use of a pen or a stylus and proper implementation of the capturing software, the result will be signatures that are forensically identifiable.

In other scenarios such as signing with a mouse, touchpad or finger—or where the necessary capturing software and/or hardware is not in place—the signature is not forensically identifiable. This second category is what we’ll call an “HTML5 signature.”

Certificate-based signatures, by contrast, require a PKI infrastructure, and while they are a very popular model for e-signing within your own organization (because you can manage the PKI rollout yourself), they can provide only limited penetration in any other scenarios, such as a B2C or B2B contract.

Regardless which of those three signature methods is used, the signed document and its audit trails should always be sealed with a valid digital signature to ensure their validity.

4.1 HTML5 signatures

The big advantage of HTML5 signatures is that they do not require the signer to install anything. They are simply formatted to work on any HTML5-enabled web device. Depending on the authentication method (see Section 3), they also do not require complex sign-up procedures, so they are perfectly suited to online B2C and B2B scenarios.

However, the whole process is fully dependent on the proper authentication of the recipient (see Section 3) and the logging of all user interactions. If this is securely documented in an audit trail, then the HTML5 signature provides reliable evidential weight. Depending on the chosen method it may even fulfill [1] the EU’s advanced electronic signature standard and thus be fully equivalent to a forensically identifiable (biometric) signature, which is described in Section 0.

Furthermore, a proper audit trail that is sufficiently easy to be read and understood by a judge and involved lawyers—and that doesn’t force a judge to go for an expert opinion—places the burden of proof immediately on the signer in most cases, which even offers an advantage over biometric signatures, which are not verified in real time.

The question of how this signature is displayed on the document is more a question of convenience for the signer and isn’t primarily a legal question. Maybe one can argue that if the signer selected or constructed the signature image themself—by, for example, typing the name—it has more legal weight compared with methods where that’s not the case, because it better demonstrates the signatory’s intent to sign the document, but that may be a minor point compared with other proof points.

4.1.1 Click-2-Sign

C2SThis is somewhat the equivalent of the stamp imprint in the old paper world. Proper e-signature software will allow you to define the elements of the stamp imprint. Depending on the use case, you might only want to include the name of the signer, or also the IP-address, geolocation, and other information. You may even want to add a text that states this is an electronic signature and not a real one.




4.1.2 Typing the name (Type-2-Sign)

T2SThis method gives the option of entering the name and using various handwritten fonts to convert the name into a placeholder that looks like a handwritten signature. Users may choose the font and the screen size they prefer.

Similar to the Click-2-Sign, the Type-2-Sign signature also may include additional informatioan in the imprint, like the signer’s name, email, IP address, and signing date & time. All in all, this is simply configurable.




4.1.3 Drawing with a finger, mouse, or stylus (Draw-2-Sign)

D2SThe final method allows signers to draw their signature as they are used to doing on paper. This is similar to methods where you try to capture the real signature, but typically people are not able to draw their signature with a finger and most people definitely cannot do so with a mouse. Also, even if a stylus is used, the signature image is not forensically identifiable as pure web-based solutions cannot capture any reliable biometric data, only an image*. Therefore, the separate authentication step is still necessary.




4.2 Certificate-based personal signatures

Some industries and a number of countries demand certificate-based personal digital signatures. In this case, senders need to be able to require signers to apply digital signatures with third-party signing certificates that are issued to them “personally.”

The process is very similar to the standard process, thus:

  • A new envelope is created and documents are added to the envelope as normal.
  • Recipients are added as normal, but the sender requires to apply a digital certificate for some recipients.
  • Any other authentication options for the recipient are added as normal.
  • The design of the envelope is completed and it is sent as normal.
  • The recipient opens the envelope and adds information in all the required fields as with all other methods. When the signer is ready to complete the signing process, he/she digitally signs the document
  • The signer is asked to review and confirm the information, maybe including the reason for the signature and his/her company details and location.

After these steps, everyone can inspect the digital signature in a popular PDF interface such as Adobe Reader to review the signature and X.509 standard information for the completed PDF.

As with all technology, criminals and fraudsters will try to find ways of circumventing the intended process. For example, in the case of a personal digital certificate, if the device that the real user owns and uses is compromised by hackers or unauthorized access, the possibility of misuse remains.

However, in some countries the highest legal value of a signature—which is deemed to be equivalent to a “wet ink on paper” signature—can only be realized by using such certificate-based signatures. Often they even require the use of approved chip cards and reading devices, which renders this technology quite expensive. This generally applies to the European Union with its so-called Qualified Electronic Signatures (QES). Some member countries even provide an infrastructure to activate the QES function on their national identity cards (e.g., Germany with its nPA; see also Sections 3.6 and 3.7). However, typically, card owners have to activate and pay for this function separately and also require a card reader to use it, which results in low market penetration, which makes its use problematic in B2C scenarios.

4.3 Forensically identifiable signatures (biometric signatures)

rp_Signature_Verification-150x150.pngA forensically identifiable signature is much more than merely a digitized image of a handwritten signature. It requires recording the handwritten signature of a person using all available parameters, such as acceleration and speed—i.e. the writing rhythm. These dynamic parameters are unique to every individual and cannot be reproduced by a forger. That’s why the digitized signature is forensically identifiable (and far more reliable than with the signed image alone).

When someone claims “I didn’t sign that,” a forensic expert can always perform a thorough manual signature verification at any time afterwards, using specialized software to achieve an admissible result in the same way as the expert would with a signature on paper. Thus, the biometric signature fulfills [2] the EU’s advanced electronic signature standard and has been widely adopted as the de-facto industry standard wherever it is applicable.
Some solutions also provide a signature verification that authenticates a signature against a pre-enrolled signature profile database in real time. This allows you to not only secure the execution of certain transactions, but also to provide a ready-to-use audit trail in case of a dispute, thus placing* the burden of proof immediately on the signer.

So, why not use biometric signatures all the time?
The problem is that their reliable capturing requires a real-time environment on the computer, tablet, or smartphone that is used to record their dynamic aspects. This can only be provided by a native local software component or a Java applet/browser-plug-in in a web application, but not with pure HTML5 alone. Additionally, secure encryption is key when capturing biometric signatures, which is again something that can only be provided through a local software component, but not through HTML5, as the capture logic’s source code is always visible to the client and thus can easily be replaced by an unsecure source code through injected JavaScript code.
However, requiring the signer to install a local signature-capturing component is, in many situations, not a practical approach, which is why HTML5 signatures also have a very wide use case. However, wherever possible, or for high-value or high-risk transactions and commitments, it is best to rely on handwritten biometric signatures.

4.3.1 Capturing devices for biometric signatures

On the one hand, there are the traditional signature pads and pen-enabled screens, while on the other, there is a broad selection of smartphones and tablets that have native pen support. In addition, there are special pens that allow very good signature capturing on devices that have no pen support out-of-the-box, such as the iPad or iPhone. Many of these special pens even deliver pressure values, and some promise palm protection, but in many cases the palm protection and data rate are not as good as with native pens. However, if you do not have a native pen, you still can use a capacitive stylus, as discussed below.


stylusSigning with a capacitive stylus gives you the feeling of signing with a pen. There are still a few shortcomings compared with signing with a native pen, which typically results in larger signatures that are written at a slower speed. However—in contrast to signing with a finger—the captured writing rhythm of signatures by an individual with a stylus is still sufficiently unique and similar to a native-pen signature that a forensic analysis (also called graphology) can be applied.



Native pen

native_penNative pens typically provide a signing experience that is, compared with a capacitive stylus, even closer to the act of signing in the paper world.
The reason for this is that native pens provide:

  • A thin pen tip, like your ink-to-paper pen, that enables you to sign with your regular small letters
  • Palm protection so that you can touch the screen while signing without reducing the quality of the captured signature.

Additionally, native pens also provide a better data quality because:

  • They provide a higher data rate, allowing you to capture all aspects of even very fast signatures
  • Many also capture the pressure information of your writing, which—while not mandatory for capturing a biometric signature—adds extra security and evidence as it provides additional signature data that a forensic expert can analyze.


Fineline stylus

finelineA fineline stylus aims to bring the advantages of a native pen to devices that do not provide an out-of-the-box stylus, the most prominent example being the iPad. It is still a capacitive stylus, but one that uses electronic technology to allow usage of fine pen tip, and sometimes also for palm protection and pressure recording. While it will not be as good as with a native pen, the writing experience is certainly better than with an ordinary capacitive pen. Also, pen technology is constantly improving, so we will see increasingly better fineline styluses in the future.


4.3.2 Using a smartphone as a signature pad

SOPIn this sub-section, we focus on the use case with smartphones, since this is a device that is in use by the majority today and thus does not necessitate a special purchase. For a discussion about signature pads and screens, please refer to the white paper “eSigning at the In-house Point of Sale.

This scenario is perfect for those instances in business when you want to capture biometric signatures, but do not want to deploy signature pads or pen displays.

The typical process is as follows:

  • Review documents or complete form fields and add attachments on any computer in a browser—maybe together with a customer, employee, or business partner—and use a smartphone as a signature-capturing device.
  • A native signature capture app turns a smartphone into a signature-capturing device. This app should be available on most iOS, Android, and Windows phones.
  • When the signer is ready to sign a document, a secure communication between the smartphone and the host computer is established using a token (which you may read simply by using the smartphone’s built-in camera using a QR-code reader integrated into the native signature capture app).
  • The signature capture app shows a signature capture dialogue, with the document background providing a visual document mapping.
  • The signature is captured on the smartphone. It’s highly recommended to use smartphones with native pens or a stylus for signing, otherwise you may lose the potential for forensic identification.
  • After the signature is captured, it’s transferred via the secured channel and embedded into the document.

[1] Voithofer, Paul – Gutachterliche Stellungnahme SignAnyhwere [2015]

[2] Voithofer, Paul – Sachverständigengutachten SIGNificant Produkte [2012] &
Caspart, Wolfgang – Graphologisches Gutachten [2012]

… read more next week.

Page 18 of 218« First...10...1617181920...304050...Last »