Trustworthy Processing of

Biometric Signatures on Tablets and Smartphones

Creating Business Processes with Strong Evidential Weight

Berlin – May 21, 2014

EAB Seminar “Biometrics in Banking – Reality Check 2014”

introduced by Alain Sarraf (SOFTPRO) & Michal Lichner (ANASOFT)

The Signature Professionals – SOFTPRO Group

2

Singapore

SOFTPRO Asia Pacific

Böblingen (Group Headquarters)

SOFTPRO GmbH

SOFTPRO UK

London

Westlake Village,

California

Foundation 1983

Employees ~ 70

Chennai

SOFTPRO Signature Management India

Beirut

Representation

Santiago de Chile

SOFTPRO LATINOAMÉRICA

SOFTPRO North America

Bear,

Delaware

www.sp-l.de/Nscz

Trusted by the World’s leading Financial Institutions

3

* Ranking Source: The Banker: Top 1000 World Banks 2013, Ranking of Banks by Assets end of 2012, published July 2013

12 of the “Top 25 Banks”* are SOFTPRO customers.

SOFTPRO caters for Financial Institutions of all sizes – e. g.:

…and many more

http://sp-l.de/WbiB

Quick Agenda

4

Trend-Reflections: Tablets & Smartphones replacing PCs for many tasks

Roles of handwritten signatures in digital workflows, legal framework

Editing and signing of documents on mobile devices

Integration of E-Signing into individual workflows

We will also cover aspect such as

BYOD – Security – User Acceptance – ROI

In this presentation we cover key topics such as :

IT Security

Cloud Computing

Mobile Computing

Bring Your Own Device (BYOD*)

Enterprise Content Management (ECM)

High-Tech Topics in 2014

5

Topic Ranking “Hightech Trends 2014” by German IT Industry Organization BITKOM

based on industry interviews , published Feb 21, 2014 http://goo.gl/pBOvc

* Side Note: Some legal and IT departments interpret „BYOD“ also as „Bring Your Own

Desaster“ …

2010 – Mar 14: 215 Mio. iPads sold worldwide2)

2014: 18 Mio. Germans >14 are using a tablet3)

Q4/13: More tablets than PCs sold worldwide4)

Tablet Facts 2014

6

Sources:

1) Strategy Analytics 28.04.14 http://goo.gl/IahV3d

2) Quarterly Reports Apple & Extrapolation of SOFTPRO R&D

3) BITKOM Media Release 24.02.14, http://goo.gl/Mklm2f

4) Market Research of IDC 11.09.13, http://goo.gl/v0QOAE

Lenovo Asus Samsung Apple

2.3 2.1

12.8

16.3

sold in Mio. Worldwide 1)

Market

Share

Q1 2014

Q1 2014 65.8 %

28.4 %

5.8 %

Faster processors, larger displays with

higher resolutions, better cameras…

Smartphones and Tablets are

increasingly used for tasks which were

executed with PCs in the past.

Many devices suitable for E-Signing with

robust evidence

Smartphone Facts 2014

7

Source:

1) BITKOM Media Release 14.02.14, http://goo.gl/on0A4w

2010 2011 2012 2013*

10,4

15,9

21,6

26,4

29,6

2014**

* 97% of all mobile phones sold were Smartphones

** estimation as of February 2014

1) Devices sold in Mio. in Germany

Working with Documents on Tablets

Initially tablets were used to view documents. Today many users want to edit & sign docs on their tablet.

Purposes of a Signature

9

Signing a document is about making a

commitment, not just authenticating oneself

A signature establishes validity of a

document to allow the reader to act on it as

a statement of the signer’s intent, and

leaves evidence to that effect afterwards.

Signatures represent a physical

manifestation of consent.

10

Goals for Signing on Tablets & Smartphones

Accelerate Workflow (e.g. from application to contract)

Cut Costs (thanks to reduced paper usage)

Secure Documents (e.g. for archiving)

Perceptions of Signatures today

11

http://www.bbc.com/news/magazine-27311868, BBC News May 7, 2014

There have been calls to phase out signatures from the

banking industry. But have our own personal autographs really

had their day?

BBC’s Jon Kelly answers in his report: “The signature may

have more life in it than the techno-enthusiasts might imagine”

Mike Allen, a forensic document analyst - quoted in this report:

"It's someone making their mark and saying 'I agree with

this.‘“It's not about being safer - the value of it is that it's you."

Perception & Reality about Signature Requirements

12

Image Source: AIIM Industry Watch: Process Revolution – Moving your Business from Paper to Tablet PC, May 2012

Really?

In most cases

E-Signing is a

serious

alternative.

Let’s get specific

13

Q: Is it legal to use SignDoc?

A: Please specify for appropriate investigation where do you intent to use SignDoc for which

purpose(s) based in order to achieve which goal(s).

Legal and evidentiary considerations for processes with Electronic Signatures must include:

Country

Industry

Application

Goals (e.g. Cost Savings?)

Document Lifetime

Perception & Reality about Signature Requirements

Surprising for many:

In many business cases physical signatures on paper (“wet-ink signatures”) are not required

de jure.

For most of the business processes where SignDoc is used today there

exist no regulation which explicitly requires to sign a document at all to do this on paper -

in a “written form”

using physical signatures on paper was the form chosen arbitrarily to have some kind of

proof of intent

Form Free Agreements

EU: Level of Contract Regulation

15

Signature

Requirements

imposed by law

for validity or enforceability

reasons

Qualified Electronic

Signature explicitly

required by law

No Signature

Requirements

are imposed by law

for validity or enforceability

reasons

80 %

15 %

5 %

Source: Prof. Dr. Patrick van Eecke, DLA Piper

Form Free Agreements

Banking: account opening, modification, and deletion, cash deposits and withdrawals,

standing orders, exemption orders for capital gains, loans, mortgage origination and

closing, …

Insurance: Applications, agreements, damage reports …

Telco: Contracts (mobile, DSL, cable etc.), service reports, …

Utilities: Contracts (Power Supply), Applications for Customer Reward Schemes

Retail: Receipts at the point of sale or point of delivery, merchandise return, service

documentation, …

E-Signing: Sample Use Cases

16

Replacement for „Arbitrarily Written Form“ on Paper in Form Free Agreements

More examples http://sp-l.de/ev3h

E-Signing in the EU: From Directive to Regulation

17

Directive 1999/93/EG 13.12.99

Directive on a Community framework for

Electronic Signatures

eIDAS-Regulation 2014

Regulation on Electronic Identification

and Trust Services for electronic

transactions in the Internal Market

April 3, 2014: EU Parliament voted to

pass, regulation takes full legal effect

from July 2016 onwards.

http://goo.gl/r3QTCR

eIDAS-Regulation replacing national E-Sign Laws

18

Electronic Signature Act (Official Gazette 10/02; 2008)

Act on Electronic Signatures (No. 227/2000)

Signature Law & Signature Ordinance (both 2001)

Decrees on E-Signatures (1999)

Act on Electronic Signatures (2001)

Electronic Documents and Legal Acts (Decree-Law No. 290-D/99)

Law on Electronic Signature (No. 455/2001)

Act on Electronic Signatures (No. 215/2002)

Among the 28 country laws and ordinances

to be widely replaced by the European

Regulation are for example ….

Note: The year shown at each act lists when these acts came into force for the first time. Most of these acts were updated last time in either 2012 or 2013.

E-Signature Terminology by European Commission

‘Electronic Signature' means …

Directive 1999/93/EG

Art. 2 paragraph 1

Regulation eIDAS 2014

Art. 3 paragraph 10

data in electronic form which are

attached to or logically associated with

other electronic data and which are

used by the signatory to sign;

data in electronic form which are

attached to or logically associated

with other electronic data and which

serve as a method of authentication;

E-Signature Terminology by European Commission

‘Advanced Electronic Signature'

means an electronic signature which meets the following requirements:

Directive 1999/93/EG

Art. 2 paragraph 2

Regulation eIDAS 2014

Art. 3 paragraph 11

(a) it is uniquely linked to the signatory;

(b) it is capable of identifying the signatory;

(c) it is created using electronic signature

creation data that the signatory can, with

high level of confidence, use under his

sole control; and

(d) it is linked to the data to which it relates

in such a manner that any subsequent

change of the data is detectable;

(a) it is uniquely linked to the signatory;

(b) it is capable of identifying the signatory;

(c) it is created using means that the

signatory can maintain under his sole

control; and

(d) it is linked to the data to which it relates

in such a manner that any subsequent

change of the data is detectable;

Purpose:

Provision of

Authenticity

&

Integrity

Admissibility

21

Can Electronic Signatures created with SOFTPRO SignDoc be used in Court?

An electronic signature shall not be denied legal effect and admissibility as evidence in

legal proceedings solely on the grounds that it is in an electronic form or that it does not

meet the requirements of the qualified electronic signature.

Admissibility Yes

Directive 1999/93/EG

Art. 5 paragraph 2

Regulation eIDAS 2014

Art. 25 paragraph 1

Persuasive Evidential Weight

22

Holistic Assessment of all Process Steps in a Document Lifecycle required

Access Authentication Document

Presentation

Capturing

additional data

Document

Completion

Signature

Creation

Archiving /

Delivering

take photo on tablet on web portal e.g. insert text,

tick boxes…

Components of Evidential Weight

Signature

Creation

Adding evidential weight

via multiple E-Signing

options

Additional Evidence (Integration via SignDoc SDK)

GPS Coordinates, Time Stamp,

Certificates, ….

Handwritten

Signatures

Image of

Signer

Image

of ID

+

+

+

+

+

+

+ +

+

+

Leverage Cameras

of Tablets

The more precise and differentiated signals of the writing procedure

may be captured the higher the evidential weight of a particular

signature data set

Capturing of as many signals per second as possible – also required

for accurate display of arcs and loops, ideally also capturing of different

levels of writing pressure

Crucial for the reliability of a comparison with a reference signature no

matter if verified

- automatically using software and/or by a forensic expert

- per default always immediately after signing or later, only if necessary

Evidential Weight of Data of

Digitized Handwritten Signatures

24

Spotlight: E-Signing in Spain

25

Full legal support as a means of client consent

Must obtain from client consent to use the system, both required by

Data Privacy laws and two-party agreement laws

Double signature process based on transaction complexity and risk

Not relevant that Biometric Signatures are not a PKI: Solution

robustness provides the proof of the agreement

Technical Audit by 3rd party to certify security level and robustness

Must comply with legal restrictions based on Data Privacy laws

“Firma

Digitalizada”

Source: Main Conclusions of the Legal Report on Firma Digitalizada, Santiago Uriel, Presentation at SOFTRPRO Partner Academy 2013 Prague

Santiago Uriel

CIO CECA

In many cases there is no regulation at all

26

Image Source: Legal Framework of Firma Digitalizada, Santiago Uriel CIO CECA, Presentation at SOFTRPRO Partner Academy 2013 Prague

If there's no legal regulation …

…..there is no need to wait for one.

The Spanish Savings Bank Organization, one of the most successful users of e-Signing in

Europe, did not wait for a law to come (as there wasn't any).

In 2008 they have just started to include E-Signing in their processes.

No Limitation Requirement of written form

Consumer Loans regulated in

Civil Code Art. 492

Case Example of Regulations in Civil Law

27

E-Signing of Loan Contracts on Tablets – Today different situations in the EU

Exception to the rule: If no interest is

imposed on the consumer loan (Zero-Percent-Financing) the contract does not fall under the regulations of a

consumer loan and may be categorized as form free.

Similar legal situation for example in …

What to do if Written Form is still required?

28

! Written Form

Hybrid Solution:

Combination of Paper &

Special Pen with Tablet

Signature Capturing with special „Tablet

Inking Pen“ in parallel: wet ink on paper and

digital ink on tablet.

Suitable in particular for usage where written

form required in some processes only while

most processes are form free

Video http://sp-l.de/9vmi

Form Purposes of Written Form

Features of a written form which should be fulfilled by an electronic method:

Identity

Integrity

Proof

Conclusiveness

Warning Protection

against

Haste

Resistance

against

Manipulation

Non-Repudiation

29

Pen Computing: Evolution from Stationary to Mobile

30

Tablets &

Smartphones

Windows

Tablet PCs

Tablets in connection with

PC / Notebook

Stationary Mobile primary area of use

Display Size & Content to be signed

31

12.2“ 10.1“ 8.0“ 5.7“

Receipts

~ A6

Complex Contracts

A4 / letter size

Smartphone – Alternative to Signature Pads

… applicable for ‚Bring Your Own Device‘ concepts

until December 2013: worldwide > 50 mio. sold devices

GALAXY Note since Nov 2011

GALAXY Note II since Nov 2012

GALAXY Note 3 since Sept 2013

33

First impression counts – also when Signing

Stylus

Digital Ink

Display Surface

Smartphone – Alternative to Signature Pads

34

Connect Smartphone and PC in same network

App Sign2Phone

Rich Client SignDoc Desktop

Browser Client SignDoc Web

or

Integrate E-Signing in existing Workflows

35

Apps for

Signature Platform

36

Key Take Aways

Signatures …

Are a viable biometric for stating consent in contracts

Can be easily incorporated into existing bank processes without disruption

Are subject to only very few legal restrictions for usage in most banking

applications

Legality is becoming clearer and more transparent due to new regulations

May be cheaply captured with a broad array of devices = many capture

possibilities and lower costs

Consumer Credit Specialist of BNP Paribas Personal Finance

Group is saving 1.6 mil paper sheets (20 trees) per year

37

E-Signing on Tablets – Reference Banking

eSign Cetelem is the customer’s application

based on SIGNATUS, a solution provided by

ANASOFT with E-Signing components powered

by SOFTPRO. Retailers and their customers sign

on tablets, like the Samsung Galaxy Note 10.1,

for installment sales in retail.

http://sp-l.de/fTwX

Case Study: Cetelem, BNP Paribas Personal Finance Group

38

Topic: Dematerialization, in two phases ...

Goal: Electronic Clients’ documentation

Solution: DMS Alfresco Enterprise

Goal: Electronic signing of contracts on

points-of-sale

Solution: eSign Cetelem project

Requirements:

• Signing of contract on the reading device

• Maximum safety – personal data, fraud, loss

• POS infrastructure independence

Solution:

• SignDoc SDK + Samsung Galaxy Note =

fully mobile solution

• Samsung SDKs + PKI + custom features = maximum security

• Integration with Cetelem’s environment (Extranet, DMS)

Case Study: Cetelem, BNP Paribas Personal Finance Group

39

+ + + L I V E D E M O + + +

Customer’s View:

• Improved cash flow for POS partners

• Signed contract immediately accessible to Client via Client Zone

• No fraud, no loss of documents, decreased error rate

• Innovation and market leadership

• Solution for POS & for e-commerce (delivered by couriers)

SIGNATUS – the preferred solution for BNP Paribas Personal Finance Group

40

12 000+ contracts 54% time saved

0% issues / errors 100% satisfied customers

Case Study: Cetelem, BNP Paribas Personal Finance Group

41

Additional Information about ANASOFT

www.signatus.anasoft.com

michal.lichner@anasoft.com

Phone +421 2 3223 4111

ANASOFT

Bratislava, Slovakia

Bochum, Germany