It is not possible for the signature to be misused in the case of signotec products for signing PDF documents. This is thanks to the biometrics or the dynamic features of the signature. Where signatures are used, the image of the signature is inserted into the document, but this only serves as an optical endorsement. The unique, individual characteristics of the signer’s handwriting are also stored in the document. If an attempt is made to manipulate the signature, the image of the signature can be easily cut and copied, but the biometrics cannot. The biometrics are an essential component of the signature and are stored in the document in a highly encrypted manner. The document and the biometrics are inextricably linked, which means that any manipulation of the document itself or the signature can be reliably detected.
Therefore, two things have to be reliably protected:
- The document and
- the signature
The document must be protected against manipulation and the signature against (identity) theft. If only the image of the signature were to be captured, it would not be possible to reliably prevent the signature from being misused and there would be no legal or evidential security. signotec does not use any proprietary or manufacturer-specific format to create the electronic signature. In fact, signotec complies with the global Adobe PDF-ISO standard. Electronic documents signed using signotec can be checked at any time, anywhere and by anyone without technical input. For example, Adobe Reader can be used to check whether a document has been manipulated.
signotec only uses encryption and hash algorithms that have been classified as secure by the German Federal Network Agency. This list is available in the download section. The mechanisms currently used include Blowfish 448, AES 256, RSA 2048 and SHA 256.
The signotec technology has also been tested by TÜV, the testing and certification organisation. signotec software and hardware complies with the TÜV ‘tested software’ specifications. After conducting a battery of tests during the TÜV inspection, no data could be injected into the transmission paths. Tampering with signed PDF files was picked up immediately and signalled clearly and explicitly. As stated in the test report: “The hardware and software function as a closed system. No security gaps were detected by the tester during testing. The tester was unable to find any obvious saved, unencrypted raw data during the test period.”
To ensure that the signature cannot be tapped into during capture via the signature pad, data transfer between the pad and PC is safeguarded in the case of the signotec Sigma and Omega pads. There are major differences in the driver technologies used here. We strongly urge customers not to use simple Wintab drivers or unencrypted data transfers.
Technical documentation can be provided once a non-disclosure agreement has been concluded.