Skip to main content

Launching the next generation of mobile and multi-platform signature system based on biometric parameters

Periodic Reporting for period 1 - SignSigma (Launching the next generation of mobile and multi-platform signature system based on biometric parameters)

Reporting period: 2014-09-01 to 2014-11-30

Sigma Technologies wants to exploit a very powerful unique biometric technology that can authenticate signatures for first time from any touch-screen (smartphones, tablets) with a performance similar to the complex, intrusive and expensive iris scan technology, which will open a new range of opportunities and markets. Smartphones, tablets and the growing access to mobility will accelerate identification needs, and ease its introduction through various applications like banking, health sector, insurance, digital preservation, etc. This technology will permit to reduce paperwork, reduce costs, save time in operations, and decrease fraud by bio-identity, consequently having a significant impact on the economy.
The SignSigma solution allows to verify the identity of a person by using the dynamic parameters of their biometric signature with an extremely low error ratio for first time merely using a common tablet or smartphone. The technology is not based on the image of the signature but on its dynamic biometric parameters such as pressure, velocity, acceleration. This technology has been recognised as the best technology in the First International Signature Verification Competition. The range of applications is huge, as this disruptive technology creates new markets as it will permit to be identified at any time, and anywhere.
The current innovation business project was submitted and approved on June 2014 as a SME Instrument (SMEI) Phase 1 with a total score of 14.02 (4.61 / 4.64 / 4.77). After the execution of Phase 1, during three months, all the objectives has been achieved as scheduled.
The outputs for each one of the task demonstrate that the SignSigma solution is free to operate. During the execution of this action we have been able to compare our solutions with others. Similarly, we have studied several devices suitable for the SignSigma solution in order to have them as references for further development and commercialization activities. That said our solution still shows to be relevant in the current market with room for development in order to offer a complete set of tools for our customers.
From the legal point of view, we have carried out a depth analysis of the European Legal framework. The old EU Directive (1999) was the starting point for laws in European contrived offering some hints of legality of our solution. The new European directive (enacted on July 2014) gives much more legal power to biometric signatures in Europe as in the US.
"Overview of the Work done
The current report is an overview of the work done during the execution of this phase 1. In the proposal five tasks where defined. Each one of this task served for the preparation of a feasibility study, which is the main output of this phase 1 and also is the starting point to prepare a phase 2 proposal.
During the execution of this phase 1 a platform comparison was made in order to define the best technology to be used for the SignSigma solution. Secondly, the legality of the biometric signature was analyse at a European level and in three European countries. Based on the competition, key market applications were also defined and one market has been selected as main market to position the SignSigma technology. Regarding IPR issues, a patent search was carried out and the design, selection and registration of the SignSigma brand is being conducted at this moment. Lastly, an updated business plan, as well as a detailed work plan for a phase 2 execution has been created.

T1.1 Extensive Platform Comparison
When talking about current technologies used as platforms where to insert the biometric handwritten signature, we should use the generally used term “touchscreen”.
A touchscreen is a visual screening device that is controlled by the user by touching / making graphical gestures on the screen, using for that a special pen or just directly one or several fingers. i.e. it will reflect and capture what we write on it.
Touchscreens are composed by a series of sensors that transform a physical magnitude into an electric signal. Depending on the physical magnitude measured, we can consider different technologies: resistive, capacitive, acoustic, optical, etc. The 5 considered are shown in the table below, vs. the relevant parameters in the market.
In a nutshell, all technologies have different advantages and disadvantages when talking about resolution, responsiveness (processing speed), degradation, consumption, robustness, and cost.
Table 1 shows a comparison between all the technologies mentioned. A dash (-) indicates that the specific parameter is not supported and four stars (****) is the highest rating. In the particular case of pointing devices, one star means that only one kind of pointing device is supported and four stars indicate that all the pointing devices (including bare or gloved fingers) are supported by the specific technology.
From Table 1, it is easy to understand why almost all the existing touchscreen in the market are following one of the 3 last technologies: capacitive (projected mutual, to cover multi-touch), NFI and Bending wave. Resistive touchscreen are not considered basically because they don’t offer multi-touch functionality, key nowadays to support current applications. Optical ones, on the other hand, have shown to be extremely sensitive to dirt, and therefore causing multiple faults and error accesses.

T1.2 Legal Framework study
The main output of this has been to perform a legal analysis/validity of the SignSigma technology. In depth legal framework study at European level of digital signature was carried out. Furthermore, three EU countries have been evaluated in-depth. Legal aspects concerning the digital signature at a European level are crucial to determine the best applications.
EU Legal Framework
The European Union is currently finalizing regulation, which will increase the legal value of advanced electronic signatures and remote electronic signing services by offering the possibility to generate a qualified digital signature using a remote signing system. The regulation has been enacted in early July 2014.
The European legislation is predominantly based on Directive 1999/93/EC , which stipulates common obligations for certification service providers and common rules on liability and cooperative mechanisms in order to secure trans-border recognition of signatures and certificates throughout the European Community. The Directive addresses three forms of digital signatures: simple, advanced and qualified digital signature.
The “European Parliament and Council Directive 1999/93/EG about a Framework for Electronic Signatures” supports a broad technological approach to electronic signatures. It became law in the European countries subsequently beginning in the year 2000. Law makers are gradually reflecting “biometric signatures” now. The European directive does not automatically specify a certain technology. It defines levels of electronic signatures which are considered as “simple”, “advanced” or “qualified”.
There are several ways how dynamic signatures may be used to create electronic signatures:
• The simple embedding of dynamic signature data into a document results in a “simple” electronic signature.
• The definition of “advanced electronic signatures” reflects that the trustworthiness of electronic documents is closely linked to the power of proof for authenticity and integrity in the particular application and workflow. The idea of an advanced electronic signature is to provide a proof of intent of a signer and legally binding evidence of a transaction. In addition to the option to authenticate the dynamic signature, this form of signature requires encryption and the option to check that a document has not been tampered with (integrity check, typically via a hash code comparison).
• Article 2 of the directive has the following definitions:
1. “electronic signature” means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication;
2. “advanced electronic signature” means an electronic signature which meets the following requirements:
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using means that the signatory can maintain under his sole control; and
(d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable;
Only “qualified electronic signatures” require the usage of digital certificates and reliable devices to carry those. Dynamic signatures may be used in this environment to replace PINs and enhance the usability of this kind of electronic signatures. The German law and regulation on electronic signatures has allowed this explicitly since mid-2001.
The terminology of an “advanced electronic signature” is not a global term. The United Nations Commission on International Trade Law (UNCITRAL) published a model law which includes terminology recommendations however they are not binding.
Similar requirements as defined in the European directive for “advanced electronic signature” are defined with in a different wording in several countries:
• The Australian Electronic Transactions Act 1999 defines similar requirements for electronic signatures without using a specific signature classification.
• Even within the European Union some laws in some countries are not equivalent to the EU-legislation: The Austrian law uses the equivalent of a “secure electronic signature” instead of the EU-terminology of a “qualified electronic signature” and so does the law in Poland.
• Indonesia: Law No 11 of 2008 regarding Information and Electronic Transactions (Undang-undang Informasi dan Transaksi Elektronik / UU ITE – also called “ETI law”)
• Singapore: §17 of the Electronic Transactions Act 1998 describes the requirements of a ""secure electronic signature"".
• United Arab Emirates: §20 of the Electronic Transactions and Commerce Law No.2/2002 describes the requirements of a ""Protected Electronic Signature"".
New EU Regulation on electronic identification (July 2014)
The Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) adopted by the co-legislators on 23 July 2014 is a milestone to provide a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities. In section 4 of the new regulation more specifically for Electronic signatures the most relevant articles are:
Article 25
Legal effects of electronic signatures
1. An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.
2. A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.
3. A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognised as a qualified electronic signature in all other Member States.
Article 26
Requirements for advanced electronic signatures are the same as the ones mentioned in Article 2 of Directive 1999/93/EC.
An advanced electronic signature shall meet the following requirements:
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
(d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
Article 32
Requirements for the validation of qualified electronic signatures
1. The process for the validation of a qualified electronic signature shall confirm the validity of a qualified electronic signature provided that:
(a) the certificate that supports the signature was, at the time of signing, a qualified certificate for electronic signature complying with Annex I;
(b) the qualified certificate was issued by a qualified trust service provider and was valid at the time of signing;
(c) the signature validation data corresponds to the data provided to the relying party;
(d) the unique set of data representing the signatory in the certificate is correctly provided to the relying party;
(e) the use of any pseudonym is clearly indicated to the relying party if a pseudonym was used at the time of signing;
(f) the electronic signature was created by a qualified electronic signature creation device;
(g) the integrity of the signed data has not been compromised;
(h) the requirements provided for in Article 26 were met at the time of signing.
2. The system used for validating the qualified electronic signature shall provide to the relying party the correct result of the validation process and shall allow the relying party to detect any security relevant issues.
3. The Commission may, by means of implementing acts, establish reference numbers of standards for the validation of qualified electronic signatures. Compliance with the requirements laid down in paragraph 1 shall be presumed where the validation of qualified electronic signatures meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).
Spanish Legal Framework
Based on the applicable legal framework, namely the National Spanish Law 59/2003 there are three types of signatures: simple, advanced and qualified.
The simple electronic signature is the compilation of data in electronic meaning, which joined or associated with other, can be used as a mean of identifying someone’s signature and which serve as a method of authentication.
The advanced electronic signature is the electronic signature that allow identify the person who has sign and also detect any change made afterwards. This signature is associated only to a particular signer and it has been created through any meaning that allow that the person can control exclusively the process. The advanced electronic signature defines a process that does not describe a particular technology, but rather a process that creates an enforceable electronic signature if the signature:
• is uniquely linked to the signatory;
• is capable of identifying the signatory;
• is created using means that the signatory can maintain under their sole control;
• is linked to the data to which it relates in such a manner that any subsequent change in the data is detectable.
The qualified electronic signature is the electronic signature based in a verified certificate and that it has been created through a secure device of signature creation. Due to that, the qualified electronic signature have the same legal validity in electronic files that the manuscript signature in hard copy files. The qualified certificate defines a process which must in particular include specific technology such as:
• an indication that it is issued as a qualified certificate;
• the identification of the certification service provider;
• the name of the signatory;
• provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
• signature-verification data corresponding to signature-creation data under the control of the signatory;
• an indication of the beginning and end of the period of validity of the certificate;
• the identity code of the certificate;
• the advanced electronic signature of the issuing certification service provider.
The only one of the three with a legal validity is the qualified, since is the only one than can be comparable to the handmade one, being the latest the only one with juridical validity. The others (both simple and advanced) cannot be considered equivalents to the handmade one, nevertheless can be used in individual contracts.
German Legal Framework
The German Civil Code (""Bürgerliches Gesetzbuch, BGB"") defines that a written form is required (""Schriftformerfordernis"") for a very few documents such as a
• termination of employment (see section 623 of BGB)
• written reference at termination of employment (see section 630 of BGB)
• life annuity commitment (see section 761 of BGB)
• contract of suretyship (see section 766 of BGB)
• promise to fulfil an obligation (see section 780 of BGB)
• acknowledgement of a debt (see section 781 of BGB)
Documents listed still need to be signed on paper and may not be signed electronically. The German Civil Code served as a template for the regulations of several other civil law jurisdictions.
United Kingdom Legal Framework
Similar requirements outlined in the European directive for “advanced electronic signature” have been also implemented in the United Kingdom. These Regulations may be cited as the Electronic Signatures Regulations 2002 and came into force on 8th March 2002. The United Kingdom Electronic Signatures Regulations 2002, defines that requirements for qualified certificates must contain:
(a) an indication that the certificate is issued as a qualified certificate;
(b) the identification of the certification-service-provider and the State in which it is established;
(c) the name of the signatory or a pseudonym, which shall be identified as such;
(d) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
(e) signature-verification data which correspond to signature-creation data under the control of the signatory;
(f) an indication of the beginning and end of the period of validity of the certificate;
(g) the identity code of the certificate;
(h) the advanced electronic signature of the certification-service-provider issuing it;
(i) limitations on the scope of use of the certificate, if applicable; and
(j) limits on the value of transactions for which the certificate can be used, if applicable.
The United Kingdom is proposing an Electronic Communications Bill (English Bill) that will grant electronic signatures legal admissibility in court for the purpose of establishing the “authenticity” or “integrity” of communications. “Authenticity” refers to whether the
communic"
Sigma Technologies wants to exploit a very powerful unique biometric technology that can authenticate signatures for first time from any touch-screen (smartphones, tablets) with a performance similar to the complex, intrusive and expensive iris scan technology, which will open a new range of opportunities and markets.
The current innovation business project was submitted and approved on June 2014 as a SME Instrument (SMEI) Phase 1 with a total score of 14.02 (4.61 / 4.64 / 4.77). After the execution of Phase 1, during three months, all the objectives has been achieved as scheduled.
The outputs for each one of the task demonstrate that the SignSigma solution is free to operate from the legal and IPR point of view. We have been able to benchmark our solutions with other solutions to offer a starting point regarding the selection of the most suitable devices for SignSigma. That said our solutions still shows to be relevant in the current market with room for development in order to offer a complete set of tools for our customers.
In addition, from the legal point of view, we have carried out a depth analysis of the European Legal framework. The old EU Directive (1999) and the recently updated regulation (July 2014) creates a floor of security for the validity of our solution. Also, during this Phase 1 we have identified a market segment in which SignSigma will be positioned as a lead solution.
Following our corporate identity several logos have been created and a trade mark registration will be on the next steps once we decided for one sample. Regarding the IPR issues the results from the Patent Search Report guarantee the freedom to operate, the commercial viability and the innovation of our complete solution.
In view of the positive results of the execution of this Phase 1. We are now submitting the SMEI Phase 2 in order to reach our goal outlined in the Phase 1 Feasibility Study. After a detailed analysis during Phase 1, SignSigma project will firstly be focused on insurance sector, particularly on the health sector.