The electronic evidence of a digitized handwritten signature allows it to be presented in court supported by a handwriting expert report as it is usual by the traditional application of the considerations due to the handwritten signature in the procedural regulations.
It is not a mere capture of the graphical aspect of the signatory’s handwritten signature and its insertion into an electronic document, but rather sufficient data is captured, generated and stored to guarantee the basic principles of an advanced electronic signature:
- Identification of the signatory.
- Uniquely linking the signatory and the signed data.
- With the possibility of detecting any change after the signature.
- And with the guarantee that only the signer can generate his own signature.
Although there is no canonical way to perform this type of signature, in many cases the procedure is similar to this one:
- A series of biometric data of the signature is captured (pressure, speed of the strokes, …) so that a handwriting expert can analyze whether the stored data correspond to the handwritten signature of the signatory.
- These data are NEVER in possession of the entity for which the signature is managed, since they are very sensitive personal data that could allow the subsequent forgery of the signatures. Therefore, they are encrypted with the help of a public key whose associated private key is held by a Certification Service Provider.
- Another series of data related to the document the user is signing, the signature device, etc. are captured.
- An electronic signature is made in which the signature graph is included and that protects all the information incorporated in the document, with the time stamp of a Certification Authority.
- The information is held by the entity deploying the system or by a trusted third party Digital Trust Service Provider (DTSP).
If in the future it is necessary to prove that the signature is attributable to a person (or that it is not), the application is required to decrypt the data, capture the indubitable signatures and compare them with the controversial one, with the help of the PSCD that holds the private keys.
To ensure that the processes in place comply with best practices and are suitable as evidence, there are certification and audit services for digital signatures such as those of EADTrust (European Agency of Digital Trust).