|
Signature Pad for Encryption and Data Security
|
Signishell electronic signature pad, essentially being
an enabling technology for trusted communication and authentication,
is based on the most progressive and strict security standards.
Encryption and data security are in the heart of Signishell's
signature verification process, covering these main phases:
Electronic Signature Enrollment and Authentication
Once the user enrolls, a biometric signature file is being created
and kept together with the user details on the Signishell server.
This electronic signature profile is encrypted using
a Triple DES (3DES) cryptosystem. The Signishell server then
creates a pair of asymmetric keys, using an RSA algorithm- a
private key and a public key. The private key is kept on the
Signishell server while the public key is sent to the user as
part of the Electronic Certificate. The Signishell private key
(or any other certificate authority acknowledged by the user)
signs the user Electronic Certificate.
Signing Documents with a Signature Pad
Completed document information is converted into a sequence of numbers in a process
called hashing, generated by an MD5 or SHA1 algorithm. It is
practically impossible to reconstruct a document out of its
hash and the probability of different documents getting the
same hash value is close to zero. When the creator digitally
signs the document using an electronic signature pad,
(pen and tablet), his biometric signature profile is sent along
with the document hash value. After authenticating the user
identity, the hash value is encrypted using the user's private
key. Whenever the hash value is different than the original
signed value, implying the document has been altered, the electronic
signature becomes invalid. The communication channel between
the Signishell server and the client (user) is encrypted using
SSL (Socket Secured Layer) technology based on an RSA protocol.
|
| |
|
