biocertiX is software that extends the functionality of existing electronic document workflow systems with the ability to provide a handwritten signature on an electronic document using a stylus on Samsung tablets. In addition to the signature image itself, the system records a number of parameters used for authenticity analysis (biometric data).
The system was designed from the outset to ensure a high security level and has successfully passed the rigorous international Common Criteria certification.
The back-end of the biocertiX system (server part) is installed on the customer's infrastructure. The front-end system (mobile application) is installed on Samsung tablets. After integration with the biocertiX back-end, the client's electronic document workflow system sends a document for signature via an API. The mobile app presents this document and allows it to be supplemented with additional information with handwritten electronic signature.
Once the signature is made with the stylus on the mobile app, the biometric data is encrypted and the resulting PDF file is created, which is additionally stamped with a qualified electronic seal and tagged with a qualified timestamp.
BiocertiX has been certified under the Common Criteria (ISO 15408). This means that it meets strict international security standards verified by an accredited national laboratory. It has a number of security features to ensure that the document is integrally linked to the signature, and that the content and biometric data of the signature do not fall into the wrong hands.
Among the numerous security features are:
With the Trusted Third Party service, the private key required to decrypt biometric data is securely stored on the Hardware Security Module (HSM) on which it was generated and which it never leaves.
signaturiX is an electronic signature platform that enables the creation of different types of electronic signatures on a single document, i.e. simple signatures (click-to-sign), simple signatures with SMS, advanced signatures (handwritten signatures with or without biometrics), as well as qualified signatures. Depending on the type of signature, all that is needed to create a signature is a normal computer, a phone or, in the case of a biometric signature, a device with a stylus (e.g. a tablet or signpad).
biocertiX is a solution that includes the ability to create biometric signatures (a separate part of the signaturiX solution) on Samsung mobile devices, additionally secured with Samsung Knox and the Certum by Asseco trust services. Thanks to the partnership of three entities (Samsung, Asseco, Xtension), the biocertiX solution has been internationally certified according to Common Criteria standards. The first security-certified biometric signature solution of its kind was achieved.
The biocertiX mobile app and a suitably prepared Samsung tablet with the Knox security platform are required.
Common Criteria (CC) is an international set of recommendations and specifications developed to evaluate information security products, specifically to ensure that they meet an agreed security standard for government implementations. Once completed, it gives purchasers confidence that the specification, implementation and evaluation process for any certified computer security solution has been carried out in an accurate and standardised manner.
biocertiX allows the user to sign all documents, contracts, consents or statements in PDF format by hand. Before a document is signed, its content is presented to the user, and once the user signs it, the document content becomes inextricably linked to the signature, which is further confirmed by a qualified electronic seal certificate.
Documents signed using biocertiX retain full legal and evidential force.
The written form is one of the three forms of legal transactions contained in the Polish Civil Code. Conclusion of contracts in the written form requires a handwritten signature under the declaration of intent. Signing with biocertiX is sufficient for the written form.
The encrypted biometric data are stored only in the document to be signed (PDF file). To decrypt them, a private key stored in the HSM module at Certum within the Trusted Third Party service is required. The decrypted biometrics can only be accessed by persons authorised by the court in the case, e.g. a forensic expert (graphologist).
The Trusted Third Party service, provided by Certum, provides state authorities with dedicated software, for the purposes and needs of ongoing judicial and administrative proceedings, to decrypt and export biometrics from a document. As part of this service, a key pair related to the encryption of the biometrics collected during the signature is generated and stored.
Online signatures are not verified when they are submitted. The biocertiX system does not store biometric data or have the ability to decrypt it.
From the point of view of the eIDAS regulation, biocertiX is an advanced electronic signature additionally using qualified trust services, i.e:
As a result, biocertiX has almost all the advantages of a qualified signature, while being free of its limitations. There is no need for prior obtaining a certificate or the use of qualified devices.
In terms of the eIDAS (electronic IDentification, Authentication and trust Services) regulation, an electronic signature is 'data in electronic form which are attached to or logically associated with other data in electronic form and which are used by the signatory as a signature'.
There are three types of electronic signatures: