v2015.01
The solutionGRAPHOSIGNOVERVIEW
The oldest way to sign becomes the most up to date and the safest one!
Graphometric Signature
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
About Namirial
2
IT company providing software and services to Institutions, Tax Assistance Centers, Banks, Fiscal Consultants and Businesses.
• Certification Authority accredited since 2010, by IT National Center for the Public Administration and entitled to issue qualified certificates in compliance with European Directive 1999/93/CE, authentication certificates and time stamping services.
• Certified E-Mail Provider («PEC» in Italy), since 26/02/2007, accredited by IT National Center for the Public Administration and authorized to manage certified e-mail accounts and domains.
• UNI EN ISO 9001:2008 certified, Namirial obtained its certificate n. 223776, issued by Bureau Veritas Italia S.p.A.
• UNI EN ISO 27001:2005 certified, Namirial obtained its certificate n. IND12.2513U, issued by Bureau Veritas Italia S.p.A.
• Adobe compliant. Since June 2013 Namirial is present in AATL (Adobe Approved Trust List).
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Namirial’s data
3
• 2013 Revenues: 22,00 Mil. €• Employees: 260• More than 55.000 satisfied customers• More than 300.000 certified mailboxes managed• More than 5.100.000 tax declarations handled by our
systems each year
Namirial S.p.A. has 9 offices in Italy :Head quarter: Senigallia (AN)Sedi operative: Ancona (AN)
Azzano Decimo (PN)Casalnuovo (NA)Ferrara (FE)Gallarate (VA)
Modica (RG)Gazzo Padovano (PD)Reggio Emilia (RE)
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
According to italian technical standards outlined in the Prime Minister Decree of 22nd of February 2013, to provide advanced electronic signature to Public Administrations, a company must obtain a quality certificate of its information management security system, in accordance with ISO/IEC 27001 standards, issued from an indipendent authorized third party, in compliance with regulations in force.
ISO 27001:2005 Certificate
On February 2012 Namirial obtained an ISO27001:2005 certificate (international accreditation), issued from an
accredited authority.
4
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Signing with your hand is the oldest and most familiar gesture of all times. It has overcame age, cultural, technological and behavioural differences. It is a truly global gesture.
The process of signing a digital document on a tablet with your own hand allows to eliminate the paper original for all those documents where a signed paper copy is required by law.
The document is thus born digital and stays digital its whole life. This brings concrete savings to adopters and lowers the impact on the people who sign documents.
What is a Graphometric Signature?
5
The oldest way to sign becomes the most up to date and the safest one!
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Why adopt Graphometric Signatures?
6
• You eliminate paper right from thet start, because the document is born digital (cost savings)
• You eliminate data entry and all mistakes that originate from it (time savings & productivity gains)
• You eliminiate costs associated with managing the paper document archives (scanning and warehousing costs)
• You can completely automate the digital document storage process (efficiency gains)
• It’s easier to defend against fraud (legal costs savings)
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Graphosign is Namirial’s certified Graphometric Signature Solution. It is an Advanced Electronic Signature process, compliant with all Italian and European regulations, whose main feature lies in having a Certification Authority (C.A.) and a front-line employee (client services desk, sales personnel…) both attend and certificate the user’s signature.
This procedure satisfies the requirements of identity recognition as well as integrity and consistency of the electronic document
What is Graphosign?
7
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Biometric data acquisition
8
Biometric data acquired and stored during signature execution is:
POSITION
TIME
PRESSURE
SPEED
ACCELERATION
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Fraud risk reduction
Compared to an equivalent paper workflow, the risk of fraud not only does not increase, but it is easier to deter and detect. This is because the hand signature is rich in biometric data, the document is unmodifiable and there are certificates (private or digital signatures) that guarantee the identity of those who sign.
In fact, if a customer denies a signature appended with the Graphosign process, he will have to prove first that he was not in front of the person who recognized him and confirmed his identity by digitally signing himself the document.
The process aims to replicate, and where possible strenghten, the paper workflow, through the use of law compliant tools and
by paying special attention to Privacy issues
9
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
The Graphosign process is adaptable to every type of document you need to be signed, and to the «risk level» (i.e. the risk of signature denial or operator fraud) you deem appropriate to accept.The risk of denial or fraud may not be the same for every document though.
To satisfy all customer needs, 3 different solutions have been developed to encrypt and strenghten the signature:
• STRONG – a biometric data encryption certificate strenghtened with a nominal qualified digital signature for each operator
• STANDARD – a biometric data protection certificate strenghtened with a private generic signature certificate on each device (can be nominal or shared between staff members)
• LIGHT – just a graphic signature capturing software
A suitable solution for every need
10
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Scenario comparison
11
If a paper document workflow is legally binding and accepted, the same is for a Graphosign signed document
SCENARIO HARD COPY DIGITAL DOCUMENT
A third party signs in front
of an employee or
operator
A third party signs the hard copy, after the
employee has identified him
A third party appends his graphometric signature while the
employee identifies him by appending his own Digital Signature
The employee himself signs the document
The procedure of document approvial
requires a signature and, if needed, a stamp on the
hard copy
During the approval proceedure the user itself appends his graphometric signature and strenghtens it with the
qualified one, also replacing the stamp
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Environment: software and certificates
12
Software Licenses and applications:- Software Namirial FirmaCerta - FirmaGrafoCerta™ application enabled
for graphometric signatures
Certificates for biometric data encryption- Crypting public key is installed on all signing devices
to encrypt data;- Decrypting private key is stored according to security
procedures and current law;
For these to work you need an Internet connection
Time stamping certificates (optional)
Private Signature Certificates (Standard):- File: it’s a file to install on device
Qualified Digital Signature certificates (Strong solution):
- Smart Card
- Token USB
- MicroSD
- Remote Signing on HSM
ideal for
mobility
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Environment: Hardware
13
Fixed Workstation SolutionsPlug&play solution – Thought to be connected to a terminal, with Windows XP or superior OS. The best solution for customer service workstations, shops, etc...
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Environment: Hardware
14
Mobility SolutionsTablet devices with Windows 7, Windows 8, Android and iOS operating systems, which differ from each other for techincal specifications and external accessories. They all have in common a display that recognizes and detects graphometric data (on its own o through a special pen i.e. iPad), needed to append a legally binding graphometric signature.
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Mobility solutions: Windows, Android, iOS
15
SO PROS CONS NAMIRIAL SOLUTION
Windows 8 • Security against malware has been buffed• Same policy and profiles management
as for Desktop and Notebook PCs• Compatible with Windows 7
applications• Devices can manage secure signature
devices like USB Tokens or MicroSD cards
• Low market share• Works differently from Windows 7• Rt version reqyuires
development of dedicated applications just like Android and iOS
• Works on several devices• Supports both STRONG and
MEDIUM solutions, with no need for internet connection• SDK available for client and
web applications, also for RT version
Android • High market share, and growing• Easy to use• Very good user experience, nice UI• Very easy to integrate thanks to
intent sharing• MEDIUM solution very easy to
implement and with low-costs
• Some vulnerability to malware, unless MDMs are employed• No pen available yet for devices
without digitizer (e.g. Tab2 and Tab3)• No USB or MicroSD slots that can
be employed for signature certificates. Namirial’s STRONG solution available only thorugh remote certificate.
• App available on Google Play• Works wih all devices that
have a digitizer (e.g. Samsung Note)• Easy integration through
intent sharing
iOs • High market share• Easy to use• Nice UI• Secure environment
• Biometric data 8pressure) must be captred through an external pen that works through BLTE channel• No USB or MicroSD slots that can
be employed for signature certificates. Namirial’s STRONG solution available only thorugh remote certificate.
• App available on App Store• Complete SDK available
with example code as well• Already live on many
customers• Affordable and reliable
external pen supplied by WACOM and certified by Apple
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Fields of application
16
Financial
• Insurances• Banks
• Tax Assistance Centers and
Italian Pension Office
• Credit Services
• Promoters• Stock Brockerage
Company and Fund
Managers
Professional
• Labour consultants
• Certification Authorities and Control
Bodies• Accountants• Tax Experts
Business
• Sales forces• Estate Agents
• Temporary Agencies
• Travel Agencies
• Car Rental• Pharmaceutica
l Companies• Multiutilities
• Agencies Network
• Franchising Network
Public Administration
and Healthcare
• Local Health Authorities
• Control Authorities
and inspective visits
• Analysis Laboratories
• Hospitals• Public Offices
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
In case of a legal dispute over a signature appendend through GraphoSign™, you will go through the same procedure that regulates hard copy, in front of a judge that will rule whose signature it is. This implies a graphological exam by a court appointed professional to read and examine biometric data.A graphological evaluation doesn’t aim to analyze personality, but just handwriting to define the characteristics that distinguish person from person: that’s why Namirial chose to partner with the Italian Association of Graphologists (AGI) with the purpose to help experts use suitable instruments to practice their profession with new technologies.
Graphological Legal Dispute
• Graphometric Signature analysis• Biometric data reading
Forensics GraphoSign
• Signature examination with measurements• Expertise writing tool
Namirial Graphological
17
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Analisys Samples
18
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
• It has developed a proprietary graphometric signature solution from scratch, without employing any third party components. Being the only source code owner, we can transparently provide certifications that attest the security of our solution if needed.
• It has developed an Android application characterized by the possibility of employing it completely offline and for its ease of integration with other Android mobile solutions and apps through intent sharing.
• It has developed an iOS application as well as the SDK using an external pen that captures pressure data, since the iPad natively does not.
• It supplies a standard SDK for Windows (both desktop and Modern UI) to allow customers to seamlessly integrate our component in their paltforms and applications.
Namirial’s software developing highlights
19
Copyright © Namirial. All rights reserved. Namirial and its logo are registered trademarks of Namirial.OVERVIEW
Why choose Namirial
20
• Biometric data encryption happens on a local level (i.e. on the device): there is no connection to an external server thus no Internet connection is required for the process to work!
• ISO27001 Certification: the first in Italy, mandatory to become a supplier of this kind of software to governamental institutions
• Proprietary source code: every customization is possible!
• The operator that attends the signature can be qualified: this way the signature is strenghtened and fraud risk is lowered
• There is no need to build a signature specimen database (enrollment)
• In case of a legal dispute, Graphosign is the software solutions that offers the most advanced tools to graphologists to prove a signature’s endorsement
Top Related