Graphometric Signature
The oldest way to sign
becomes the most up
to date and the safest one!
The solution
GRAPHOSIGN
OVERVIEW
v2015.01
About Namirial
IT company providing software and services to Institutions, Tax Assistance Centers, Banks,
Fiscal Consultants and Businesses.
•
Certification Authority accredited since 2010, by IT National Center for the Public
Administration and entitled to issue qualified certificates in compliance with European
Directive 1999/93/CE, authentication certificates and time stamping services.
•
Certified E-Mail Provider («PEC» in Italy), since 26/02/2007, accredited by IT National
Center for the Public Administration and authorized to manage certified e-mail accounts
and domains.
•
UNI EN ISO 9001:2008 certified, Namirial obtained its certificate n. 223776, issued by
Bureau Veritas Italia S.p.A.
•
UNI EN ISO 27001:2005 certified, Namirial obtained its certificate n. IND12.2513U, issued
by Bureau Veritas Italia S.p.A.
•
Adobe compliant. Since June 2013 Namirial is present in AATL (Adobe Approved Trust List).
2
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Namirial’s data
Namirial S.p.A. has 9 offices in Italy :
Head quarter:
Sedi operative:
•
•
•
•
•
3
Senigallia (AN)
Ancona (AN)
Azzano Decimo (PN)
Casalnuovo (NA)
Ferrara (FE)
Gallarate (VA)
Modica (RG)
Gazzo Padovano (PD)
Reggio Emilia (RE)
2013 Revenues: 22,00 Mil. €
Employees: 260
More than 55.000 satisfied customers
More than 300.000 certified mailboxes managed
More than 5.100.000 tax declarations handled by our
systems each year
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
ISO 27001:2005 Certificate
According to italian technical standards
outlined in the Prime Minister Decree of 22nd
of February 2013, to provide advanced
electronic
signature
to
Public
Administrations, a company must obtain a
quality
certificate
of
its
information
management security system, in accordance
with ISO/IEC 27001 standards, issued from
an indipendent authorized third party, in
compliance with regulations in force.
On February 2012 Namirial obtained an ISO27001:2005 certificate
(international accreditation), issued from an accredited authority.
4
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
What is a Graphometric Signature?
The oldest way to sign
becomes the most up
to date and the safest one!
Signing with your hand is the oldest and most familiar gesture of all times. It has
overcame age, cultural, technological and behavioural differences. It is a truly global
gesture.
The process of signing a digital document on a tablet with your own hand
allows to eliminate the paper original for all those documents where a signed
paper copy is required by law.
The document is thus born digital and stays digital its whole life. This brings concrete
savings to adopters and lowers the impact on the people who sign documents.
5
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Why adopt Graphometric Signatures?
•
You eliminate paper right from thet start, because the
document is born digital (cost savings)
•
You eliminate data entry and all mistakes that originate from it
(time savings & productivity gains)
•
You eliminiate costs associated with managing the paper
document archives (scanning and warehousing costs)
•
You can completely automate the digital document storage
process (efficiency gains)
•
It’s easier to defend against fraud (legal costs savings)
6
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
What is Graphosign?
Graphosign is Namirial’s certified Graphometric Signature Solution. It is an Advanced
Electronic Signature process, compliant with all Italian and European
regulations, whose main feature lies in having a Certification Authority (C.A.)
and a front-line employee (client services desk, sales personnel…) both attend and
certificate the user’s signature.
This procedure satisfies the requirements of identity recognition as well as integrity
and consistency of the electronic document
7
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Biometric data acquisition
Biometric data acquired and stored during signature execution is:
POSITION
SPEED
TIME
ACCELERATION
PRESSURE
8
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Fraud risk reduction
The process aims to replicate, and where possible strenghten, the paper
workflow, through the use of law compliant tools and by paying special
attention to Privacy issues
Compared to an equivalent paper workflow, the risk of fraud not only does not
increase, but it is easier to deter and detect. This is because the hand signature is rich
in biometric data, the document is unmodifiable and there are certificates (private or
digital signatures) that guarantee the identity of those who sign.
In fact, if a customer denies a signature appended with the Graphosign process, he
will have to prove first that he was not in front of the person who recognized him and
confirmed his identity by digitally signing himself the document.
9
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
A suitable solution for every need
The Graphosign process is adaptable to every type of document you need to be
signed, and to the «risk level» (i.e. the risk of signature denial or operator fraud) you
deem appropriate to accept.
The risk of denial or fraud may not be the same for every document though.
To satisfy all customer needs, 3 different solutions have been developed to encrypt
and strenghten the signature:
•
STRONG – a biometric data encryption certificate strenghtened with a nominal
qualified digital signature for each operator
•
STANDARD – a biometric data protection certificate strenghtened with a private
generic signature certificate on each device (can be nominal or shared between
staff members)
•
LIGHT – just a graphic signature capturing software
10
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Scenario comparison
SCENARIO
HARD COPY
DIGITAL DOCUMENT
A third party
signs in front of
an employee or
operator
A third party signs the hard
copy, after the employee has
identified him
A third party appends his graphometric
signature while the employee identifies
him by appending his own Digital
Signature
The employee
himself signs the
document
The procedure of document
approvial requires a signature
and, if needed, a stamp on
the hard copy
During the approval proceedure the user
itself appends his graphometric signature
and strenghtens it with the qualified one,
also replacing the stamp
If a paper document workflow is legally binding and accepted, the same is
for a Graphosign signed document
11
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Environment: software and certificates
Software Licenses and applications:
- Software Namirial FirmaCerta
- FirmaGrafoCerta™ application enabled for
graphometric signatures
Certificates for biometric data encryption
- Crypting public key is installed on all signing devices to
encrypt data;
- Decrypting private key is stored according to security
procedures and current law;
Qualified Digital Signature certificates (Strong
solution):
-
Smart Card
-
Token USB
-
MicroSD
-
Remote Signing on HSM
ideal for
mobility
Time stamping certificates (optional)
For these to work you need an Internet connection
12
OVERVIEW
Private Signature Certificates (Standard):
- File: it’s a file to install on device
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Environment: Hardware
Fixed Workstation Solutions
Plug&play solution – Thought to be connected to a
terminal, with Windows XP or superior OS. The best
solution for customer service workstations, shops,
etc...
13
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Environment: Hardware
Mobility Solutions
Tablet devices with Windows 7, Windows 8, Android and iOS operating systems, which differ from each other
for techincal specifications and external accessories. They all have in common a display that recognizes and
detects graphometric data (on its own o through a special pen i.e. iPad), needed to append a legally
binding graphometric signature.
14
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Mobility solutions: Windows, Android, iOS
SO
PROS
CONS
NAMIRIAL SOLUTION
Windows 8
• Security against malware has been buffed
• Same policy and profiles management as
for Desktop and Notebook PCs
• Compatible with Windows 7 applications
• Devices can manage secure signature
devices like USB Tokens or MicroSD cards
• Low market share
• Works differently from Windows 7
• Rt version reqyuires development of
dedicated applications just like
Android and iOS
• Works on several devices
• Supports both STRONG and
MEDIUM solutions, with no
need for internet connection
• SDK available for client and web
applications, also for RT version
Android
•
•
•
•
High market share, and growing
Easy to use
Very good user experience, nice UI
Very easy to integrate thanks to intent
sharing
• MEDIUM solution very easy to implement
and with low-costs
• Some vulnerability to malware, unless
MDMs are employed
• No pen available yet for devices
without digitizer (e.g. Tab2 and Tab3)
• No USB or MicroSD slots that can be
employed for signature certificates.
Namirial’s STRONG solution available
only thorugh remote certificate.
• App available on Google Play
• Works wih all devices that have
a digitizer (e.g. Samsung Note)
• Easy integration through intent
sharing
iOs
•
•
•
•
• Biometric data 8pressure) must be
captred through an external pen that
works through BLTE channel
• No USB or MicroSD slots that can be
employed for signature certificates.
Namirial’s STRONG solution available
only thorugh remote certificate.
• App available on App Store
• Complete SDK available with
example code as well
• Already live on many customers
• Affordable and reliable external
pen supplied by WACOM and
certified by Apple
15
High market share
Easy to use
Nice UI
Secure environment
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Fields of application
Financial
Professional
• Insurances
• Banks
• Tax Assistance
Centers and Italian
Pension Office
• Credit Services
• Promoters
• Stock Brockerage
Company and Fund
Managers
16
OVERVIEW
• Labour consultants
• Certification
Authorities and
Control Bodies
• Accountants
• Tax Experts
Business
• Sales forces
• Estate Agents
• Temporary
Agencies
• Travel Agencies
• Car Rental
• Pharmaceutical
Companies
• Multiutilities
• Agencies Network
• Franchising
Network
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Public
Administration and
Healthcare
• Local Health
Authorities
• Control Authorities
and inspective visits
• Analysis
Laboratories
• Hospitals
• Public Offices
Graphological Legal Dispute
In case of a legal dispute over a signature appendend through GraphoSign™, you will go
through the same procedure that regulates hard copy, in front of a judge that will rule whose
signature it is. This implies a graphological exam by a court appointed professional to read and
examine biometric data.
A graphological evaluation doesn’t aim to analyze personality, but just handwriting to define the
characteristics that distinguish person from person: that’s why Namirial chose to partner with
the Italian Association of Graphologists (AGI) with the purpose to help experts use suitable
instruments to practice their profession with new technologies.
• Graphometric Signature
analysis
• Biometric data reading
Forensics
GraphoSign
17
OVERVIEW
• Signature examination with
measurements
• Expertise writing tool
Namirial
Graphological
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Analisys Samples
18
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Namirial’s software developing highlights
• It has developed a proprietary graphometric signature solution from scratch,
without employing any third party components. Being the only source code owner,
we can transparently provide certifications that attest the security of our solution if
needed.
• It has developed an Android application characterized by the possibility of
employing it completely offline and for its ease of integration with other Android
mobile solutions and apps through intent sharing.
• It has developed an iOS application as well as the SDK using an external pen that
captures pressure data, since the iPad natively does not.
• It supplies a standard SDK for Windows (both desktop and Modern UI) to allow
customers to seamlessly integrate our component in their paltforms and
applications.
19
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
Why choose Namirial
• Biometric data encryption happens on a local level (i.e. on the device): there is
no connection to an external server thus no Internet connection is required for the
process to work!
• ISO27001 Certification: the first in Italy, mandatory to become a supplier of this
kind of software to governamental institutions
• Proprietary source code: every customization is possible!
• The operator that attends the signature can be qualified: this way the signature is
strenghtened and fraud risk is lowered
• There is no need to build a signature specimen database (enrollment)
• In case of a legal dispute, Graphosign is the software solutions that offers the most
advanced tools to graphologists to prove a signature’s endorsement
20
OVERVIEW
Copyright © Namirial. All rights reserved. Namirial
and its logo are registered trademarks of Namirial.
