Simple and Secure E-Signature Software

What are the benefits of electronic signatures?
Electronic signatures provide a central building block to enable and establish trust and confidence in digital transactions. Trust in digital transactions is quintessential for digital transformation. E-signatures are also crucial to achieving complete end-to-end digital processes because they eliminate that final, paper-based step.

What is the difference between a digital and an electronic signature?
Digital Signature – is a technical term, describing a method to create an electronic signature based on cryptography. The US Food and Drug Administration FDA defined this under 21 CFR Sec. 11.3: Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.

Electronic Signature – is a legal term defined for example in:

• European Union - under 910/2014 EU Regulation (eIDAS): “data in electronic form which are attached to or logically associated with other electronic data and which are used by the signatory (= natural person) to sign”
• United States - under ESIGN Act 2000: "an electronic sound, symbol, or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record”
• Singapore - under Electronic Transactions Act (ETA) 1998: “any letters, characters, numbers or other symbols in digital form attached to or logically associated with an electronic record, and executed or adopted with the intention of authenticating or approving the electronic record”

eIDAS is an acronym for “electronic Identification and Signature”. The full title is “Regulation on electronic identification and trust services for electronic transactions”. Besides electronic signatures, trust services also include electronic seals, time stamps, electronic delivery services and website authentication.

Definitions of E-Signatures in laws around the world – see links on p 17 of: eBook - Globally Legal: Best Practices for E-Signature Deployment

What is an Advanced Electronic Signature and what is a Qualified Electronic Signature?
Both are legal terms. In Europe they are defined in 910/2014 EU Regulation (eIDAS):

• Advanced Electronic Signatures (AES) are uniquely linked to the signatory. They must be capable of identifying the signatory, created using signature creation data that the signatory can, with a high level of confidence, use under his sole control, linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
• Qualified Electronic Signatures (QES) are Advanced Electronic Signatures ... created by a qualified electronic signature creation device, based on a qualified certificate for electronic signatures ... issued by a qualified trust service provider (QTSP).

What is a Biometric Signature?
Biometrics is "automated recognition of individuals based on their biological and behavioral characteristics" as defined in ISO/IEC 2382 Part 37.

Basically, biometric recognition, or biometrics, belongs on something you are. There are two groups of Biometrics:

• anatomical traits - e.g., fingerprint, iris, face, hand geometry, veins ...
• behavioral traits - e.g., handwritten signatures or the rhythm of typing.

Handwritten signatures can be electronically captured in two ways: either the movement (position – x, y -, velocity and acceleration) of the pen on the pad can be recorded as a function of time, or the signature image itself (x/y coordinates of the pen line on the pad). In either of these "dynamic" or "static" cases, the recorded signal is the result of both the biology (handedness) and the learned and practiced behavior of the individual.

• Signatures have a biological component as signatures from left-handed and right-handed people can often be distinguished.
• Signatures are also a behavior. Celebrities often have one signature for autographs and another for contracts, indicating two different behaviors depending upon context. Signatures can be willfully changed by changing signing behavior.

Handwritten signatures can be used to automatically recognize individuals and meet the definition of a biometric method.

What is required to create Advanced or Qualified Electronic Signatures (AES/QES)?
Per definition under 910/2014 EU Regulation (eIDAS) in addition to Kofax SignDoc the creation of

• Advanced Electronic Signatures (AES) requires digital certificates which may be from a Trusted Service Provider (TSP)
• Qualified Electronic Signatures (QES) requires qualified certificates, provided by a Qualified Trust Service Provider (QTSP)

Certificates may reside:

• remote / server-side - e.g., in a Hardware Security Module (HSM) or a cloud-based service
• or locally / client-side - e.g., on hardware tokens (smart card, USB stick ...) or stored on a user's PC or in an organization’s system as a software certificate

Are wet ink signatures always legally required?
No. Applying a physical signature on paper (also referred to as "wet ink signature" or "actual signature") is not always a legal requirement. In many cases, the necessity for a signature is based on customs and common practice to show evidence of the transaction. In instances where signing on paper is not de jure requirement, an electronic signature can be used instead of applying ink-on-paper.

E-signatures are used in the de facto examples below even though in certain jurisdictions signatures are not necessarily legally required de jure:

• Banking: account opening, modification, and deletion, consumer agreements, cash deposits and withdrawals, standing orders, consultation minutes, broker proxies, exemption orders for capital gains
• Insurance: applications, consultation minutes, damage reports
• Telco: contract application (mobile, DSL, cable, etc.), service reports
• Retail: receipts at the point of sale or point of delivery, merchandise return, service documentation
• Utilities: contract application (power supply), applications for customer reward programs

What types of signatures are supported by SignDoc?
All of them!

For a basic electronic signature it is sufficient to use the SignDoc server-side certificate (as configurable in Signdoc Administration), where all users will use the same certificate.

For an advanced electronic signature it is required to use individual user certificates provided via a digital signing service or owned as a local personal certificate which can be provided on a USB token by a certification authority. Using local personal certificates require installation of the SignDoc device connector.

For a qualified electronic signature it is required to use a certificate which is created by a 3rd party Trusted Service Provider (TSP), which performs user authentication etc. and provides trusted certificates for signing. SignDoc offers a TSP Plugin interface for plugin development to integrate external TSP Providers.”

With SignDoc, you can capture biometric handwritten signatures.

How is SignDoc pricing structured?
Pricing is based on the number of signing packages that can be processed annually.

How is a signing package defined?
A signing package can have one or more documents with one or more signatures.

What are the maintenance and support options for Kofax SignDoc?
Support and maintenance for SignDoc adheres to Kofax standard support pricing. Standard support and 24x7 support are available.

Is an evaluation key available and how long is the evaluation period for SignDoc?
Yes, there are evaluation keys available for customers and partners. The evaluation period is typically 90 days for customers.

What differentiates Kofax SignDoc from other vendors?
SignDoc offers robust e-signature capabilities that meet the needs of a wide range of customers, at prices that make it an excellent value.
SignDoc has been integrated with Kofax TotalAgility (KTA), Kofax PowerPDF, Kofax Robotic Process Automation (RPA), and Kofax Communications Manager (KCM).

• Kofax TotalAgility enables SignDoc to trigger and track signing ceremonies within KTA. It can be deployed as part of a broader workflow automation solution framework or on a stand-alone basis.
• Kofax PowerPDF has a powerful integration with SignDoc, to create, edit, share and sign documents within one application.
• Kofax RPA can trigger a signing process to submit documents with prefilled information for review and signing, eliminating manual steps.
• Kofax Communications Manager harnesses communications that can be turned into full digital transactions by e-signature-enabling business processes and thus eliminating the need for paper and enriching the customer experience.

What languages is the product available in?
Kofax SignDoc is delivered out of the box with support for English, French, German, Dutch, Italian, Portuguese, Spanish, Japanese and Simplified Chinese.
Customers and partners can also incorporate their own localization.

How does SignDoc protect a document’s integrity?
Kofax SignDoc follows security principles for encrypting and hashing for embedding the signature in PDF documents based on recommendations of US National Institute of Standards and Technology (NIST) and German Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railway (Bundesnetzagentur). The German Federal Network Agency is an independent higher federal authority and supervisory body for electronic signature services. Similar agencies exist in all EU countries.

How does Kofax SignDoc provide evidence?
Kofax SignDoc provides evidence in an audit trail. Documents signed with Kofax SignDoc includes a full audit trail. The audit trail clearly indicates who signed what content in the document when. Unlike some other e-signing vendors, there is no need to access a vendor’s or another 3rd party service for validation. Kofax SignDoc has no vendor-lock for auditing.

Can Kofax SignDoc be configured to support compliance with industry-specific privacy and regulatory requirements?
Yes. It can be configured to support compliance with requirements such as the Food and Drug Administration (FDA) 21 CFR Part 11 regulation in the United States.

Can documents e-signed with Kofax SignDoc be used in court?
Yes, and depending on the law, the various types of e-signatures can function as evidence to show a legally binding agreement in a court proceeding. Regulations and acts on e-Signing state that a signature may not be denied legal effect solely because it is in electronic form.

• US: E-SIGN Act 2000 recognizes electronic signatures may be as legally effective as a signature applied in wet ink on paper.
• European Union: 910/2014 EU Regulation Art. 25 § 1 defines: (1) In any legal proceedings - (a) an e-signature incorporated into or logically associated with a particular electronic communication or particular electronic data, and (b) the certification by any person of such a signature shall each be admissible in evidence in relation to any question as to the authenticity of the communication or data or as to the integrity of the communication or data.

In many instances, a strong e-signature process can actually reduce the possibility of getting brought into court by providing strong evidence to rebut any challenges to the e-signature and the underlying document.
The sole view on e-signature regulations, laws and directives doesn’t provide the full perspective to judge the legal compliance of a digital workflow which should include e-signatures. The particular feasibility might be influenced by form requirements which are typically part of civil laws and commercial laws, applicable for particular processes.

Do I require digital certificates to achieve a high level of evidential weight for my e-signed documents?
The concept of Kofax SignDoc is to provide a high level of evidential weight of e-signed documents even where digital certificates are not involved. If not required by law applying digital certificates may be considered as adding an additional layer of trust.

• For in-person signing Kofax recommends pursuing integrating handwritten signatures into digital processes rather than replacing them. If signature biometrics are captured, they provide additional evidential weight and an option for signer authentication.
• Digital certificates have a stronger role in self-service/remote signing scenarios where signing methods like click-to-sign are applied and signer authentication is executed e.g., via provision of access links to portals and/or text messages via SMS. Kofax SignDoc is supporting these scenarios as well.

When was Kofax SignDoc first introduced to the market?
Kofax SignDoc has been in the marketplace since 2003. It became part of the Kofax portfolio with the acquisition of Softpro in September 2014.

What are the certification requirements for the SignDoc?
SignDoc is available to the partner community. For details, please contact your Kofax representative. To learn more about training options, visit https://learn.kofax.com.

Can I evaluate SignDoc?
Yes, certified Kofax partner can request an evaluation license which is valid for one year.