It is no secret that cybercrime has skyrocketed within the last few years, in fact, cybercrime in the U.S. jumped by 55%. This increased risk drives a greater need for privacy and security, especially within IT companies and departments responsible for digital data and cybersecurity.

ZorroSign can help your IT company or department combat the elevated security risks with our digital transaction platform, built on blockchain architecture, and calibrate your company and customers for success!

Blockchain Architecture For Elevated Security

ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, offering peace of mind for your company’s and customers’ digital transactions, while preventing fraud and ensuring regulatory compliance.

How does this blockchain architecture contribute to ZorroSign being the best platform for IT companies?

Blockchain provides structural layers of protection from cybercrime, like ransomware, malware, or phishing attacks: First, by decentralizing the data set itself (preventing any one breach to access the entire data set); and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.

Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature so defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign is a strong addition to your security stack, and brings the cybersecurity capabilities of blockchain to your company’s and customers’ digital signatures and transactional documentation.

Z-Forensics Token

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token.

This unique digital solution that can:

Prove that the individual who is performing the action to sign the document is who they claim to be (verification);
Apply a digital equivalent of a wet-ink signature to the document (legal intent); and,
Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

Unlike any other digital signature solution, ZorroSign seals all your documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

Your IT company or department gains peace of mind when you Z-Sign!

Cloud Configuration

On top of providing the security that your company and customers need, ZorroSign’s software-as-a-service (SaaS) model can be deployed in various cloud configurations, making it seamless to integrate into your existing platform.

Our multi-chain blockchain platform can be deployed in a public, private, hybrid, or on-premise cloud:

Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
On-premise deployments require your department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes

Your IT company or department can scale and deliver data privacy and security aligned to your existing deployment architecture—as public, private, or hybrid as it may be!

To learn more about how ZorroSign helps IT companies and departments elevate your data privacy and security, please contact us or start your 14-day Free Trial today!

In a digital environment, transactions take place between people and organizations who may not know each other, and likely cannot verify each other’s identities using traditional, physical means.

Yet as the world moves more and more to digital transactions—exchanging real-world assets such as automobiles, financial instruments, goods and services, even real estate, to exchanging digital assets such as cryptocurrencies, in-game purchases, metaverse assets, NFTs, and even more in the years ahead—it becomes critical to verify exactly who signed what and when, with full validation of every transactional document’s authenticity and immutability, to prevent forgery, fraud, or tampering.

CNBC reports that “Sales of real estate in the metaverse topped $500 million last year and could double this year, according to investors and analytics firms.” And transactions in the metaverse were expected to cross $6 billion in 2021, according to India’s Business Standard.

To facilitate commerce in digital realms, ZorroSign is pleased to include the Z-Verify feature in our multichain blockchain platform to protect privacy, secure transactions, and prevent fraud.

Digital Signatures for Digital Transactions

To transact business, commerce, government operations, or individual trade in a digital environment requires legally enforceable digital signatures to prove agreement and intent. There are several technologies supporting digital signatures, but how do such solutions provide legal enforceability?

They must ensure WHO is signing the legal documents via user authentication; plus,
They must ensure WHAT was signed (agreed upon) via immutable document control with full audit trail of changes for document verification; and
They must ensure WHERE, WHEN, and HOW digital signatures were executed in signing ceremonies via metadata captured on digital devices and digital network.

On June 30, 2000, then President Bill Clinton signed the Electronic Signatures in Global and National Commerce Act (E-Sign Act), establishing that electronic signatures have the same legality as traditional signatures on paper, and defined the criteria for legality. The legislation opened the door for digital transactions and digital commerce has boomed in its wake.

Digital Signatures on Blockchain

Since 2000, many technologies have come to market to deliver digital signatures, but when a distributed ledger technology—such as blockchain—is used for digital signatures, transaction parties gain the unique advantages of:

Privacy — with a private, permissioned blockchain such as Hyperledger Fabric, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
Immutability — all blockchain records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
Security — all records are individually encrypted and distributed for better protected from phishing and ransomware attacks

Perhaps most importantly, digital signature platforms that incorporate Identity-as-a-Service (IDaaS) can authenticate users across multiple dimensions, such as what you know (your login password), what you have (your laptop or mobile device), and who you are (biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

Digital Signatures with Z-Verify

ZorroSign’s Z-Verify unites multi-factor authentication, the biometric capabilities of your hardware devices, the opportunity for password-less logins, and even knowledge-based authentication (KBA) features—requiring the knowledge of private information of the individual to prove that the person providing identity information is the actual person—to ensure each party to the digital transaction is who they claim to be.

Further, Z-Verify features allow ZorroSign users to maintain and review a chronological, immutable, real-time record of transactions: Ensuring the security and privacy of users’ information and that of the data itself!

Z-Verify Benefits:

Immutable attribution of the signatory of any document secured in ZorroSign
Globally accepted security certificates that never expire – unlike any competitive solution certificates
Secured by private, permission-based blockchain technology built on Hyperledger Fabric
Authentication, verification and validation of digital and paper versions of documents using our patented Z-Forensics token
Verification applies to internal (registered) and external (not registered) users alike!

To learn more about Z-Verify and how ZorroSign can ensure you know exactly who signs your digital documents, when they signed, how they signed, and what they signed has not changed—contact us today or start your Free 14-Day Trial subscription to test us yourself!

The way that the legal industry conducts business has changed drastically over the last few years, foremost due to the shift during the COVID-19 pandemic to a remote lifestyle. A recent survey by the American Bar Association shows that more than half of all attorneys are now working from home almost exclusively. This switch to remote work has caused the legal industry to look towards technology to move the bulk of their processes and workflows online.

With that industry shift in mind, here are three ways that ZorroSign helps to law firms, legal departments, and attorneys worldwide to thrive in an online environment!

Automation

Lawyers are often swamped with paperwork and the hassle of printing, signing, and scanning documents. While much of this work is important to the successful operation of legal services, future-thinking law firms and legal departments are identifying repetitive, manual processes and incorporating automation to drastically improve their workflows. This allows attorneys to spend more time on client development and for staff to become more productive.

Incorporating technology into your legal service workflows can expedite operations, accelerate growth, and increase the value of the services delivered to clients. When used strategically, technology can also free up your teams from mundane tasks and enable them to apply their expertise to higher-value work. As a result, law firms and legal departments become more efficient, innovative, competitive, and profitable.

ZorroSign’s blockchain platform allows firms to build and automate templates and approval workflows, ensuring compliance with business regulations while streamlining processes from a single dashboard. Our contract lifecycle management (CLM) capabilities support automation and help move attorneys to digital record-keeping, digital communications, and digital chains-of-custody.

Expanding Privacy Regulations

Gartner predicts that by the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population. It is also expected that more state legislatures will enact privacy laws similar to t he California Consumer Privacy Act (CCPA) which gives consumers more control over the personal information that businesses collect about them. Eventually the United States can expect a law that mirrors the EU’s General Data Protection Regulation (GDPR)—one of the toughest privacy and security laws in the world.

The increased demand for privacy has been driven by individuals’ demands for improved protection of their personally identifying information (PII), healthcare records, autonomy, and digital data privacy. Expanding regulations have pushed organizations to take the necessary steps to support data sharing, while preserving the privacy of those that they are working with and who are within their organization. All in all, organizations that choose to prioritize privacy have an opportunity to win greater loyalty and more business from their customers.

So how can ZorroSign help?

ZorroSign was created with the privacy of users in mind. Built from the ground up on blockchain technology for a zero-trust digital ecosystem, we deliver top notch security that has evolved to meet the legal enforceability needed in a court of law. ZorroSign is already compliant with CCPA and the EU’s GD PR policy—plus many Canadian, Indian, UAE, and United States data protection and privacy standards, ISO 27001 certification, American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit, and International Standard on Assurance Engagements (ISAE) No. 3402 Type II audited.

For the growing list of ZorroSign privacy and security standards, visit our recent blog on global compliance.

Transfer to the Cloud

While storing information on a hosted cloud server is not a new concept, the legal industry has been slow to migrate its data because of the security concerns that this presented. Telecommute work, however, has pushed legal organizations towards cloud solutions to better connect remote workers. The cloud’s cost-effective delivery of near-unlimited storage, paired with technology like blockchains, bridges the gap between the risk of remote connections and the need for elevated data security.

ZorroSign’s multi-chain blockchain platform can be deployed in a public, private, hybrid, or on-premise cloud, while ensuring your data and privacy and security needs are met:

Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
On-premise deployments require your law firm or department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes

To learn more about how ZorroSign serves the Legal Industry, please contact us or start your 14-day free trial subscription today!

March 21, 2022, marked the 10th anniversary of International Day of Forests. This day calls attention to the importance of practicing sustainability in both your business and your personal life. Often people have a desire to live a more sustainable life, but do not know where to start . . .

Here are four ways you can practice sustainability in your day-to-day life!

Recycle & Reuse

One ready way to practice sustainability is to make a real effort to recycle and reuse. Did you know each ton of recycled paper saves an estimated 17 trees and 3.3 cubic yards of land space ? Every small and large contribution that you make counts!

You’ve most likely heard the phrase “Reduce, reuse, recycle” your whole life, but how do you actively turn a nice-sounding phrase into a habit?

Try to reuse products and items as many times as possible before binning them to reduce waste. Check out this list of household items that you would normally throw away, but you can reuse!
Avoid thin plastic packaging, as it’s usually non-recyclable. Instead go for reusable glass or thick plastic.
Instead of using plastic bags, bring reusable bags and Tupperware when going shopping or packing food or leftovers.
Buy products in bulk. Purchasing goods in large amounts means less packaging and even less cost per amount.
Utilizing trash removal and recycling services can also help you to manage waste effectively

Monitor Energy Use

Another great way to be sustainable is monitoring your energy use. By using less energy, you can help to reduce carbon emissions. There are a number of ways you can save energy at home, and most of them are practices that take no extra effort on your part.

Here are a few ways to do it:

Turn off the lights when you’re not in the room; use natural light instead of turning the lights on as much as you can.
Turn off appliances that you’re not currently using.
Dry your clothes outside instead of using the drying machine.
Save money with solar energy

Save Water

It is a fact that 70% of the Earth is covered with water, only one percent of it is available for human consumption. Conserving water is important because it keeps our water clean while protecting the environment.

Here are some effective and easy ways to cut back on your water footprint and save some money in the process:

Turn off the faucet while brushing your teeth
Wash dishes in the sink instead of under running water
Only run the washing machine and dishwasher when you have a full load
Check your kitchen pipes and dishwater hose for slow leaks

Go Paperless with ZorroSign

ZorroSign is committed to having a positive impact on the environment through sustainable practices. Switching from doing business using paper to digital is not only a smart business decision but it is also good for the environment.

Office paper waste is estimated to be around 12.1 trillion sheets of paper a year, with paper accounting for 50% of waste from businesses.

However, each time you use ZorroSign to digitally transact instead of printing, faxing, scanning, and shipping documents to collect signatures, you save trees and water . . . plus reduce carbon emissions while your business saves time and money!

To further the cause of Paperless Life, ZorroSign encourages all businesses to go digital and save trees. Our Save a Tree – Plant a Tree program is ZorroSign’s effort to do our part to help the environment. For every 8,000 pages of paper you save by using ZorroSign, we plant a tree on your behalf—that’s saving an existing tree and planting a new tree by going paperless with ZorroSign.

To learn more about ZorroSign’s commitment to sustainability and environment conservation, and how we deliver greater privacy and security for digital signatures and documents, contact us today!

The Move to Digital

Since the invention of microchips and semiconductor transistors in the 1950’s, the world has moved steadily to more and more digital information. Computers for government, then computers for business, then home computers brought vast amounts of data into digital formats, and with the birth of the World Wide Web digital information has exploded in volume.

Today, we rely on digital documents for our business operations, our finances, our government, our healthcare, our legal system, and vast amounts of news and information—both personal and public. Trusting such digital documents is critical to ascertaining truth and accurately conveying facts.

“Documents comprise evidence, and are generally assumed to amount to evidence upon which the parties and the court can rely,” explains Helen Brander for Counse l magazine. “For every point that is made, one hopes there is a document to support that point.”

The Risk of Fraud

Throughout history, there have been various techniques to authenticate documents. In the pre-industrial age, it was common in Europe for someone to sign a document in ink and to then press a wax seal on the document to indicate the authenticity of that document. It was always possible, of course, that someone could tamper with the document and forge signatures, information, or the wax seal itself.

In the modern age, the United States has notary publics who can witness a person signing a document and endeavor to authenticate the signer’s identity by inspecting a driver’s license, passport, or other form of identification for that person. Again, the risk remains that it is possible to forge such identity materials, or alter the actual documents or signatures after signing.

For example, a document may be created on a computer and subsequently printed, signed with wet ink or electronically, then faxed, delivered via courier, or scanned into the computer and finally shared electronically via email or by using other file transfer mechanisms. Despite the technology advances, such documents can still be tampered with and signatures can be forged within this process as well.

“Detecting fraud within documents that have been digitally altered with graphics editors or ‘print-manipulate-scan’ evasion techniques requires more sophistication,” notes Martin Rehak in a Help Net Security article. “Often undetectable to human fraud specialists, building an automated solution requires specialist knowledge of the metadata and digital footprints left by scanning and printing devices.”

As such, modern digital documents require a level of security as evolved and nuanced as the technologies producing, storing, and sharing the digital documents themselves.

The Security of ZorroSign

Facing this historical need, ZorroSign has developed a unique digital solution that can:

Prove that the individual who is performing the action to sign the document is who they claim to be (verification);
Apply a digital equivalent of a wet-ink signature to the document (legal intent); and,
Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

ZorroSign’s patented Z-Forensics token is a tamper and fraud-detection seal for your digital documents, creating an unprecedented, immutable audit trail and complete chain-of-custody validation.

This revolutionary security system allows a validated user to create an electronic document, then allow one or more other users to complete and sign that document in a particular sequence—”the workflow”—all the while capturing the chain of custody and an audit trail of the changes made to the document by the parties in the workflow, such as recording key authentication, security and validation information when an action took place.

Unlike any other digital signature solution, ZorroSign seals all documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

Only the Z-Forensics token:

Allows ZorroSign customers to manage permissions as to who gets to see what level of information about the transaction and the contract
Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire
Can verify, validate and authenticate both digital and printed (paper) version of electronically signed contracts

Our Z-Forensics feature enables ZorroSign users to create a virtual seal for every uploaded document: initiating a verifiable trail, tracking every step of a document’s journey through users, so that any attempts at tampering, fraud, revision or other alterations are immediately captured.

To learn more about Z-Forensics and how ZorroSign can help you prevent fraud with digital documents, contact us today!

ZorroSign team members, Allyson Hoogers, Kristen Harder, Cassidy Alexander and Megan Blood were pleased to exhibit at the Phoenix Metro Chamber of Commerce Unleash Your Power Business Conference and Expo on March 9th!

The four set up a booth displaying ZorroSign’s multi-chain blockchain platform and introducing our digital signature and IDaaS technology to a wide variety of Phoenix businesses and professionals.

Many real estate, finance, and legal industry attendees visited us to learn about ZorroSign’s digital signature solutions, see how our blockchain architecture delivers superior privacy and security, and explore our applications for digital transactions within their industries. They learned the importance of blockchain and how ZorroSign utilizes this technology for next-level security.

Allyson and Kristen also attended a panel showcasing the importance of digital security, with a focus on encrypted data and how easily information can be obtained from unwanted parties if you’re not keeping up with the latest security and technology. They were grateful to the enthusiastic crowd of Phoenix area business leaders who were ready to learn about ZorroSign and the other businesses exhibiting.

“It was so refreshing to attend an in-person event,” said Allyson. “The ZorroSign team looks forward to attending many more events here in Arizona in the future.”

“It was also great to meet and connect with some amazing business leaders around the valley,” added Kristen.

We thank the Phoenix Metro Chamber for hosting this fun event, and especially Jack DuChene and Phil Guinouard for their help in promoting ZorroSign to the Phoenix community!

ZorroSign’s multi-chain blockchain platform is a mobile-first solution with Android and Apple apps designed to run on any mobile device such as smart phones and tablets.

Our technologies help governments, organizations, businesses, and individuals sign digital documents and execute transactions securely from anywhere, at any time, including:

Signing

Quickly execute digital documents and transactions from any mobile device with ZorroSign’s blockchain-based platform, ensuring superior privacy, security, and legal enforceability.

Verifying

Verify exactly who signed what and when, with full validation of every document’s authenticity and immutability, from any mobile device with ZorroSign’s mobile app.

Work Flows

Ensure compliance with internal, regulatory, and security workflows for document approval, using ZorroSign’s automation engine from any mobile device.

Auto-Fill Forms

Make your critical documentation form-fill completion process smarter, faster, and more accurate from any mobile device using ZorroSign’s AI/ML engine.

Compliance and Audit Trails

Block it down! Ensure regulatory compliance and the immutability of your signed documents from any mobile device by storing your documents on ZorroSign’s blockchain platform.

Fraud Prevention Forensics

Create an immutable audit trail and complete chain-of-custody validation from any mobile device with ZorroSign’s patented 4n6 (forensics) token.

Mobile Supported by Public/Private/Hybrid Cloud Deployments

ZorroSign’s mobile solutions can be deployed in various configurations to meet your organization’s data security requirements. For example . . .

Public Cloud Software-as-a-Service (SaaS)

Our standard deployment is on Amazon Web Services (AWS) public cloud computing network. This configuration benefits from AWS data centers and a network architected to protect your information, identities, applications, and devices. Built with the highest standards for privacy and data security, AWS is designed to help ZorroSign deliver secure, high-performing, resilient, and efficient infrastructure for our applications.

Private Cloud SaaS

In ZorroSign’s private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization. This fully managed service is ideal for financial services institutions or any organization requiring that your data resides only in servers where you have full control.

Hybrid (Public/Private) Cloud SaaS

Sitting between fully-public and fully-private cloud deployments is the option for a hybrid cloud configuration. Here, storing your data on our private, permissioned blockchain can occur on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations. We collaborate with your organization to configure the right mix of public self-service, scalability, and elasticity with private control and customization available with dedicated hardware.

On-Premise Configurations

Finally, for those customers who require both the ZorroSign platform and their data reside behind their own firewall or demilitarized zone (DMZ)—where a physical or logical sub network contains and exposes your organization’s external-facing services such as ZorroSign digital signatures, workflow management, and identity-as-a-service (IDaaS) applications—we support on-premise deployments.

Get the Mobile App Today

Download our mobile app today on:

Apple iTunes
Android Play

Or sign up for your Free Trial of ZorroSign’s multi-chain blockchain solution for digital signatures, documents, and transactions—no credit card or payment required!

What is an Application Programming Interface?

An application programming interface, or API, is software that opens up an application’s data and functionally to external third-party developers, business partners, or internal departments within an organization.

APIs allow different applications to communicate with each other and leverage each other’s data and functionality through a documented interface. In other words, an API allows two different applications to talk to each other, access data, and acts as a go between that takes requests, translates, and returns responses.

There are four different types of APIs:

The first are Open APIs, also known as public or external APIs, and they are available to use by any developer. This leads to open APIs having relatively low authentication and authorization measures but the assets they share are often restricted.
Partner APIs are shared externally, but only with those who have a business relation with the company that is providing the API. Access is limited to only those that have been authorized or have official licenses. These limitations make partner APIs more secure than public APIs.
Internal APIs, also called private APIs, are not intended to be used by third parties. They are used internally within companies for the transfer of data between teams and systems.
Composite APIs are a combination of multiple APIs, this allows developers to group different elements of the APIs for a unified response from different servers. These APIs work as an automatic chain of calls and responses that do not require intervention.

Without knowing it, you are likely using API’s every single day! One prime example is Google maps, which is used virtually by any website that wants to provide convenient directions to their location.

So how exactly do API’s work?

1. Client application initiates an API call to retrieve information—also known as a request. This request is processed from an application to the web server via the API’s Uniform Resource Identifier (URI) and includes a request verb, headers, and sometimes, a request body.
2. After receiving a valid request, the API makes a call to the external program or web server.
3. The server sends a response to the API with the requested information.
4. The API transfers the data to the initial requesting application.

Benefits of APIs

In today’s workplace, workflows, processes, and transaction management are constantly changing. APIs help to ensure that the connectivity and collaboration continue to remain strong even as workflows and processes change.

Some other benefits of APIs include:

Improves connectivity and collaboration: In 1990, the average enterprise used a mere 5 to 10 different enterprise apps. Today, the average enterprise uses nearly 1,200 different cloud apps, many of which are disconnected. APIs allow these different apps to be strategically wired together to seamlessly communicate with one another. Through these integrations, companies are able to improve workplace collaboration and user experience as a whole.
Innovation: APIs provide flexibility, this allows for seamless connections with new business opportunities, new service options to existing consumers, and for the opportunity to enter into new markets that support digital transformation.
Enhanced customer experience: APIs allow for seamless integration for customers. There’s a reason why approximately 50% of all B2B collaboration occurs via APIs – APIs allow for the customer to design and control their own experience.

ZorroSign’s API

ZorroSign’s understands the importance of APIs and that is why our seamless API integration process allows your users to remain on your existing platform’s user interface, while integrating our multi-chain blockchain platform for your transactions!

With ZorroSign, developers and product managers can tap the power of our six technologies features, as your organization benefits from our support with flexible pricing.

ZorroSign API can empower your organizations to:

Incorporate and enforce multi-factor and biometrics authentication for added security
Digitally sign and track documents in real time using your app or web application
Automate forms and form-field data
Send electronic signature requests
Detect tampering and forgery
And more!

Read more about our ZorroSign API or contact us today for a copy of our API Quick Start Guide!

What is Web 3.0?

You may have heard about Web 3.0 (or web3) recently and wondered, what is Web 3.0 and how is it different from Web 1.0 and Web 2.0?

A broad definition of Web 1.0 is simply the initial iteration of the World Wide Web in the late 1980’s and early 1990’s. “Web 1.0 is the term used for the earliest version of the Internet as it emerged from its origins with Defense Advanced Research Projects Agency (DARPA),” writes Kuntal Chakraborty for Techopedia. “Experts refer to it as the ‘read-only’ web—a web that was not interactive in any significant sense.”

From those early static web pages, a platform model of computing soon evolved that would become Web 2.0 or the ‘social web.’ Here, interaction with growing web applications and platforms drove e-commerce and the expansion of the Internet, allowing large providers to aggregate and control much of the shared data. This is the Internet we know today.

“Web 2.0’s business model relies on user participation to create fresh content and profile data to be sold to third parties for marketing purposes,” writes Charles Silver in a recent Forbes article. “Indeed, the internet has become a massive app store, dominated by centralized apps from Google, Facebook and Amazon, where everyone is trying to build an audience, collect data and monetize that data through targeted advertising. In my opinion, the centralization and exploitation of data, and the use of it without users’ meaningful consent, is built into Web 2.0’s business model.”

The dream of Web 3.0, however, is to break the centralization of information and democratize the Internet more to the vision of its earliest founders. “Web3, ” claims Chris Dixon from Andreesen Horowitz in a recent article in The Economist, “combines the decentralized, community-governed ethos of web1 with the advanced, modern functionality of web2.”

The Web 3.0 “will be based on the convergence of emerging technologies like blockchain, artificial intelligence (AI), machine learning and augmented reality,” note Neeti Aggarwal and Dandreb Salangsang in The Asian Banke r. “It will be characterized by decentralized data, a more transparent and secure environment, machine cognitive intelligence and three-dimensional design.”

“The rise of technologies such as distributed ledgers and storage on blockchain will allow for data decentralization and create a transparent and secure environment, overtaking Web 2.0’s centralization, surveillance and exploitative advertising,” continues Silver. “Indeed, one of the most significant implications of decentralization and blockchain technology is in the area of data ownership and compensation… Web 3.0 will bring us a fairer internet by enabling the individual to be a sovereign.”

Web 3.0 isn’t just championed by iconoclasts and trustbusters—Alphabet CEO, Sundar Pichai, recently shared on a quarterly earnings cal l, “On Web3, we are definitely looking at blockchain, and such an interesting and powerful technology with broad applications so much broader again than any one application. So as a company, we are looking at how we might contribute to the ecosystem and add value.”

As such, even the biggest players in Web 2.0 are looking to adopt Web 3.0 technologies and strategies as they continue their evolution.

Financial Services on Web 3.0

“Think about all the financial instruments we use today—currency, loans, insurance, bonds, credit cards, stocks, futures, options, interest bearing accounts—being converted to a new model,” asks Thomson Reuters. “One that doesn’t require a traditional banking institution.”

For financial service organizations, adopting emerging technologies has historically been a slow, prove-it-before-you-move-it endeavor. With the boom in fintech the past ten years, however, financial service organizations from accounting firms, to banks, credit unions, and credit-card companies, to finance companies and managers, insurance companies, investment funds, notaries, payment providers, stock brokerages, and conglomerates have all moved faster to adopt new technologies and gain a competitive advantage in serving customers.

“Fintech refers to the latest software developments in the financial services sector,” explains a recent Finextra article. “Using technologies such as artificial intelligence, biometrics, payments, crypto and others, banks are increasingly able to offer their customers more convenient, streamlined services.”

With Web 3.0, however, it may be a case of many financial institutions pushed into new technologies by customers, rather than pulled in the hunt for larger margins and higher profits, as what sets web3 apart from web2 is ownership and control of data.

Already, “a few banks are using blockchain to power real-time transactions,” writes Emily McCormick for Bank Director. Meanwhile, “Fintechs competing with banks are also taking advantage of the disintermediation trends promised by a Web3 economy.”

Today, cryptocurrencies and decentralized finance (DeFi) platforms challenge traditional banking for services and control of consumer monetary systems. But while cryptocurrencies provide an exciting alternative to the constraints of fractional-reserve banking, financial services providers need not abandon central bank currencies to adopt Web 3.0 strategies. The distributed ledger technology of blockchains can also support financial service applications above-and-beyond cryptocurrencies.

Future Technologies for Financial Services

As most financial service providers engage Web 2.0 technologies, the opportunity for early adopters to leap ahead to Web 3.0 becomes clear.

“Over the next decade, we believe blockchain will become the dominant operating infrastructure of the financial system and look forward to helping our network of regulated banks, brokers and fintechs develop the competency and dexterity to be early adopters of this transformational technology,” said Ryan Zacharia, general partner at JAM Special Opportunity Ventures (JSOV), an affiliate of Jacobs Asset Management (JAM) and FINTOP Capital.

“Unlike the cryptocurrency market, for example—which is built on a digitally native system—Vikram Pandit, CEO of The Orogen Group and former Citigroup Inc. CEO, said that innovations in the traditional banking sector are based on applying new technology to improve old architecture, citing the use of distributed ledger technology in cross-border payments as an example,” notes a recent S&P Global Market Intelligence report.

Payments are another area ready for Web 3.0 transformation. “In the past, when you transferred money to someone online, you needed a trusted service like PayPal or a bank to make the transfer,” cites an Algorand pos t. “With blockchain networks, you can now transfer money directly to anyone with an Internet connection on a peer-to-peer basis.”

Further, securing digital transactions and the digital chain-of-custody are critical for financial organizations. Even as some financial assets move to the metaverse—NFTs are an early example—a technology that immutably tracks and reports the provenance of assets is necessary to ensure ownership and enforce agreements across transactions and holdings.

“Issues of trust, transparency, privacy, and user control lie at the heart of Web 3.0,” writes MakerDAO, and “on the back of the blockchain promises to shift the balance of power back in favor of the user.”

Blockchain, built for zero-trust environments, is the ideal architecture for tracking and storing digital transactions and documentation, and another way Web 3.0 technologies support evolving financial services.

ZorroSign and Web 3.0

And here is where ZorroSign shines! We have built our digital platform from the ground up using blockchain technology. Launched with Hyperledger Fabric, our multi-chain platform now supports the public Provenance Blockchain as well, giving our users an entirely new world of decentralized digital transactions.

At ZorroSign, we deliver digital signature solutions built on blockchain for greater privacy and security.

Our Web 3.0 technology platform also provides identity-as-a-service (IDaaS) capabilities through a patented Z-Forensics token plus fraud prevention, user authentication, and document verification. Web 3.0 features such as artificial intelligence (AI) and machine learning (ML) allow us to automate form completion for digital documents, and can improve regulatory compliance across global standards for legally enforceable digital signatures.

Paired with Provenance Blockchain—which reduces the need for third-party intermediation, drastically reducing costs and freeing up capital in financial transactions—ZorroSign’s platform promotes greater transparency and liquidity for financial service organizations, and allows for new kinds of financial engineering and business opportunities.

To learn more about Web 3.0 and how ZorroSign can help your financial service organization meet the future needs of your customers, contact us today!

The digitization of information has its roots in the 1950’s and the progression of both technology and society has been blurringly fast the past 70 years.

Individuals, businesses, organizations, and even governments are moving to digital operations at an incredible pace.

Today, faster and faster chips . . .

Run on smaller and smaller devices . . .

Coupled with faster and faster networks . . .

Able to deliver greater amounts of data (even VR and AR) . . .

To a greater number of devices!

The digitization of the real world has even inspired plans for entirely digital worlds such as the metaverse!

Moving to digital operations is not only cost-effective for private and public-sector organizations, but has become a necessity in response to the COVID-19 pandemic.

“Digital transformation is no longer an option, but an imperative. Recent research from Accenture has found that in the three years prior to 2018, firms who led their industry in enterprise technology adoption grew two times faster than laggards. Today, they are growing five times faster. The risk is no longer merely getting left behind, but being eliminated altogether.”
~Harvard Business Review
(November 30, 2021)

This need is serviced by a huge range of new technologies for digitization: Cloud providers like Amazon Web Services, Google Cloud, and Microsoft Azure; communication tools like Monday, Slack, and Zoom; databases like Microsoft and Oracle or blockchain; office tools like Google Docs and Microsoft 360; plus cybersecurity, MSSPs, wireless providers, and all the accompanying hardware and software that produces, stores, and moves digital information.

Securing Transactions with Digital Signatures

To transact business, commerce, government, or individual trade in such a digital ecosystem also requires legally enforceable digital signatures to prove agreement and intent. There are exciting new technologies supporting digital signatures, but how can such solutions provide legal enforceability?

They must ensure WHO is signing the legal documents via user authentication,
They must ensure WHAT was signed (agreed upon) via immutable document control with full audit trail of changes for document verification, and
They must ensure WHERE, WHEN, and HOW digital signatures were executed in signing ceremonies via metadata captured on digital devices and digital network.

Digital Signatures on Blockchain

Since 2000, several technologies have come to market to deliver digital signatures, but when a distributed ledger technology—such as blockchain—is used for digital signatures, signers gain the unique advantages of:

Privacy — with a private blockchain, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
Immutability — all records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
Security — all records are individually encrypted and distributed for better protected from phishin g and ransomware attacks

https://www.euromoney.com/learning/blockchain-explained/what-is-blockchain

ZorroSign was built from the ground up on Hyperledger Fabric to deliver digital signatures with the superior privacy and security of blockchain. We recently announced a partnership with Provence Blockchain to add that technology to our architecture as well, effectively becoming a multi-chain blockchain platform.

Further, solutions that incorporate Identity-as-a-Service (IDaaS) can authenticate users across multiple dimensions, such as what you know (your login password), what you have (your laptop or mobile device), and who you are (biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

Again ZorroSign, for example, delivers IDaaS via:

Multi-factor authentication
Leveraging the biometric capabilities of hardware endpoints to verify user identities
Adopting password-less logins
Using dynamic knowledge-based authentication (KBA) features, requiring the knowledge of private information of the individual to prove that the person providing identity information is the actual person

Blockchain and the Digital Chain of Custody

Together, digital signature technologies and blockchain technologies can uniquely ensure the chain-of-custody for digital transactions.

To learn more about how ZorroSign helps governments, organizations, businesses, and individuals move to digital operations—with superior privacy and security—contact us today!

Digital Signatures and Transaction Management for IT Companies that Love Blockchain and Web 3.0

You don’t have to be a DAO to appreciate the potential of communicating, sharing, and buying things online without the control of Big Tech but instead through a “multitude of small competing services on the blockchain.”

That’s the essence of Web 3.0 (or Web3), and if your IT organization aspires to something similar, then ZorroSign’s multi-chain blockchain platform was built for you!

If You Embrace Decentralized Solutions…

The idea of escaping a centralized authority managing protocols, transactions, and access was built into the World Wide Web from its earliest days. And while blockchain technologies get a lot of press today, they were conceptualized in 2008.

Blockchains are distributed ledger technology (DLT) leveraging c ryptography—user authentication, data encryption and verification—to secure information records (blocks) distributed across peer-to-p eer (P2P) networks. DLTs replicate, share, and synchronize digital data geographically spread across multiple sites (nodes), with no central data storage or administrator. They can run publicly (open) or privately (permissioned).

Public blockchains can readily be used as cryptocurrencies—creating and using a coin which serves as digital money. For example, Ether is the coin of Ethereum, Hash is the coin of Provenance Blockchain, Lumen is the coin of Stellar, etc.

Private blockchains are commonly used as business apps. Here, an organization (or consortium of organizations) controls access to the blockchain—limiting its distribution but also elevating its security. While cryptocurrencies are often in the news for major purchases, market fluctuations, and hacks, blockchain business apps are often in the news highlighting how blockchain can shape business, government, healthcare, and many other industries including legal services.

Perhaps most importantly, blockchains can support smart contracts—where terms, conditions, and permissions written into the digital code that require an exact sequence of events to take place to trigger the agreement of the terms mentioned in the blockchain contract. This hardwiring of contract details greatly increases speed (via automation), trust (where accuracy and backup are built into the transaction), and autonomy (as no third parties are required to mediate or control the exchange) of transactions.

As such, centralized solutions such as blockchains have immense potential to transform business contracts, real estate deals, digital rights, supply chain security and provenance, estate planning, and many other legal transactions.

If You Demand Privacy and Security…

More than 90% of all cyber attacks begin with phishing but blockchain architecture, originally built for zero-trust environments, gives IT organizations a compelling alternative to centralized databases and a strong protection against cyber attacks. How?

In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.
In cyber attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

Recovery is quicker with blockchain, too. With blockchain, each endpoint node has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This speedy recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.

If You Digitize Operations and Customer Experiences…

For your employees and customers, your IT company’s digital efficiency is vital: Saving time and effort, automating processes, and digitizing operations can result in real dividends in efficiency and effectiveness, resulting in employees with more time to work on the most important projects, and more customers served and satisfied.

It’s likely that you deliver your solutions via the cloud or digital endpoints, and decentralized solutions speed the efficiency of such systems. We’ve already discussed how blockchain decentralizes data while elevating privacy and security, but it can also drive digital operations and help support digital customer experiences.

Again, the smart contract capabilities of blockchain might augment your customer experience with increased automation for self-service, speeding trust, and facilitating autonomy in a technology ecosystem that does not require a central authority to manage or approve transactions.

Finally, digital operations eliminate paper so “going green” with paperless operations may readily align to your IT organization’s corporate social responsibility goals or vision.

…ZorroSign Delivers the Latest Technology, with Privacy and Security, for Digital Operations

ZorroSign was built from the ground up on blockchain technology!

We deliver a multi-chain blockchain platform for digital signatures that also provides identity-as-a-service (IDaaS) capabilities through a patented Z-Forensics token, plus fraud prevention, user authentication, and document verification. Artificial intelligence (AI) and machine learning (ML) features allow automated form completion for your digital documents, and can improve your regulatory compliance across global standards for legally enforceable digital signatures.

ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities—for example, PC and mobile device fingerprint scans, iris scans, and face recognition to ensure users are who they claim to be. ZorroSign is proud to be the first to adopt password-less login amongst our digital signature competitors. ZorroSign multi-factor authentication (MFA) provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based upon your transaction security needs: What you know (i.e., your ZorroSign login password ), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

Further, ZorroSign’s platform was based on the Sherwood Applied Business Security Architecture (SABSA)—a proven methodology for developing business-driven, risk and opportunity focused security architectures. We leverage Defense in Depth (DiD) mechanisms, such as AI-based Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and border routers. Plus ZorroSign brings personally identifiable information (PII) data security, 24/7 monitoring, business continuity/disaster recovery policies, security logging and incidence response via Elastic search Logstash and Kibana (ELK), and Microsoft Intune for unified endpoint management.

For IT companies, governments, and individuals that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity.

Running on the Hyperledger Fabric private blockchain or the public Provenance Blockchain, ZorroSign can ensure privacy is always maintained as only approved endpoint users can write to ZorroSign’s blockchain database. As a result, ZorroSign’s architecture has even tighter privacy and security measures than centralized databases.

Finally, at ZorroSign, we help IT companies to achieve a paperless life. We all understand that switching from doing business using paper to digital records is not only a smart business decision, but it is also good for the environment. Each time you use ZorroSign to digitally transact agreements, contracts, and other documents—instead of printing, faxing, scanning, shipping documents overnight to collect signatures—you save trees and water, plus reduce carbon emissions.

Learn more about how ZorroSign serves the IT industry, contact us with any questions, or start your 14-day free trial today!

What is blockchain?

If Bitcoin is a blockchain, is every blockchain a bitcoin?

What are apps and dApps?

What businesses and organizations use blockchain apps today?

We are excited to answer such questions and encourage you to contact us to learn more about blockchain, dApps, and how ZorroSign delivers superior privacy and security with blockchain technology! Read on . . .

Blockchain Introduction

Blockchain is a distributed ledger technology (DLT) leveraging cryptography—user authentication, data encryption and verification—to secure information records (blocks) distributed across peer -to-peer (P2P) networks. DLTs replicate, share, and synchronize digital data geographically spread across multiple sites (nodes), with no central data storage or administrator.

They can be run publicly (open) or privately (permissioned):

Public blockchains, or open blockchains, allow anyone to run an endpoint node on the public network. Users can participate by mining a block or making transactions on the blockchain. Famous cryptocurrencies such as Bitcoin, Dogecoin, Ethereum, and Litecoin are public blockchains.
Private blockchains restrict the endpoints or peers that can store data, requiring permission to participate on the private network. As such, permissioned blockchains are not used as cryptocurrencies, but instead make excellent business applications for storing, securing, and sharing data. Hyperledger Fabric is a ready example of a consortium private blockchain, allowing organizations to grant limited permissions to those endpoints participating on the blockchain.

Cryptocurrency and Blockchain Apps

Cryptocurrencies on public blockchains essentially produce a coin which serves as digital money. Cryptocurrency coins have the same characteristics as fiat money: They are acceptable, divisible, durable, fungible, portable, and have limited supply. For example, Ether is the coin of Ethereum and Lumen is the coin of Stellar. Cryptocurrency coins are held in digital walletsthat store private/public keys and interact with various public blockchains to enable users to send and receive digital currencies and tokens.

“Bitcoin was arguably the first dApp,” writes Computerworld. “Enabling anyone in the world to download a bit of open-source code to join a blockchain network and verify transactions using a ‘mining’ algorithm, thereby generating digital currency (cryptocurrency) as a reward.”

DApps, or decentralized applications, are computer programs running on distributed ledger technologies (DLTs). With private blockchain dApps, an organization controls access to the blockchain—limiting its distribution but also elevating its security. So while cryptocurrencies are often in the news for major purchases, market fluctuations, and hacks, blockchain business apps make the news by showcasing how blockchain can advance business, government, healthcare, and many other industries.

Mobindustry Corp notes some popular dApps such as:

IBM Blockchain – one of the best blockchain apps that helps logistics companies and businesses with long supply chains to track the status and condition of every product on each stage of the supply process: from the start of production to the distribution stage. Blockchain provides full transparency of records, and offers real-time tracking of all parts in terms of their location and condition.
MedRec – a healthcare example of blockchain app that provides secure access to medical records across different providers and actors, like doctors, patients, hospitals, pharmacies and insurance companies.
Spotify – uses blockchain database for decentralized connection between Spotify tracks, artists and licensing agreements.

DApps on Hyperledger Fabric

Hyperledger Fabric is a private blockchain that emerged from an open-source collaborative effort hosted by the Linux Foundation. Built to advance cross-industry blockchain technologies and improve trust, transparency and accountability, Hyperledger Fabric’s “modular architecture maximizes the confidentiality, resilience, and flexibility of blockchain solutions,” explains IBM.

Hyperledger was built for data protection and confidential transactions, and “was introduced to accelerate industry-wide collaboration for developing high-performance and reliable blockchain,” says the Blockchain Council.

Some prominent Hyperledger Fabric deployments include:

Chainyard, designed to improve supplier validation, onboarding and life cycle information management
Honeywell Aerospace to create an Amazon-type marketplace for used aircraft parts
IBM Blockchain Platform
Walmart to create a food traceability system—decentralizing its food supply ecosystem to quickly find the source when an outbreak of a food-borne disease happens
ZorroSign digital signature, document management, IDaaS, and transaction management platform

“Hyperledger Fabric is intended as a foundation for developing applications or solutions with a modular architecture,” notes Hyperledger.org “Hyperledger Fabric allows components, such as consensus and membership services, to be plug-and-play. Its modular and versatile design satisfies a broad range of industry use cases. It offers a unique approach to consensus that enables performance at scale while preserving privacy.”

Focused on B2B collaboration where transactions taking place on the network are only visible to the authorized members, Hyperledger Fabric allows dApps to choose between no consensus needed and an agreement protocol—greatly speeding transaction times while minimizing energy requirements to update the blockchain.

For example, “transactions in the ledgers of Fabric nodes are always in the same order—they don’t get out of sync,” says BlocWatch. “So any application reading from a Fabric ledger doesn’t have to wait for blocks to age; they can be trusted immediately.”
Further, private enterprise blockchain use significantly less energy than public cryptocurrency blockchains, explains Michael Barnard in a CleanTechnica report.

“Think of it as an operating system for marketplaces, micro-currencies, data-sharing networks and decentralized digital communities,” says GamesdApp.

ZorroSign on Hyperledger Fabric

The ZorroSign platform was built from the ground up on Hyperledger Fabric and delivers digital signatures, identity-as-a-service (IDaaS) features, digital document management, user verification and document authentication, and much more. Our dApp is available on i OS or Andr oid, and can be readily accessed from any device—PC or mobile—anywhere in the world.

“We are proud to deliver a mature blockchain solution for digital signatures that is cost-effective and more secure than any encrypted e-signature technology that relies upon public-key infrastructure for security credentials,” says ZorroSign co-founder and CEO, Shamsh Hadi. “ZorroSign’s platform efficiently leverages blockchain to protect online identities and documents such as business agreements, government files, healthcare records, and other legal evidence stored in digital formats.”

For businesses, institutions, and individuals that desire to securely digitize paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce clerical errors, and increase productivity. Plus as a private blockchain, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

Learn more our blockchain platform or contact us today to “block it down” for your data!

Insurance companies of all sizes—from individual agents to huge corporations—need to provide superior customer service to win new customers and sign new policies.

ZorroSign supports that superior customer service by allowing your new customers to sign documents, access those documents, and enjoy faster (remote) services with our blockchain-based digital signature and transaction platform.

Speed Signing and Form-Filling

With our patented, legally binding, fully automated digital signature technology, ZorroSign’s Z-Sign feature enables you to skip the print/sign/scan process, stop chasing paper signatures, and sign digital documents from anywhere—all the while monitoring a policy document’s current status from the ZorroSign dashboard.

Our digital signatures leverage mobile device biometrics for verification and authentication of users, signatures and documents, then stores all digital documents (and metadata on signing) to our blockchain for immutable records and audit trails.

ZorroSign can even accept handwritten or computer-generated signatures for specific purposes, and track them immutably on our blockchain for fraud-prevention and E&O audits.

Elevate Privacy and Security

ZorroSign is built entirely on a blockchain architecture that protects identities and data—uniquely authenticating users, encrypting communications, and securing digital data immutably through its lifetime. Specifically, ZorroSign’s platform was built from the ground-up on private, permissioned Hyperledger Fabric blockchain technology.

For insurance companies that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

Further, ZorroSign’s patented Z-Forensics token is a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the insurance transaction including time stamps, user authentication, document, and attachments.

Our Z-Forensics token securely reads the information from the secure ZorroSign servers so it can be accessed by the document originator or third parties (with permission from the originator) when requested. Only the Z-Forensics token:

Allows ZorroSign to manage permissions as to who gets to see what level of information about the transaction and the document
Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire
Can verify, validate and authenticate both digital and printed (paper) version of electronically signed documents

Reduce Errors and Omissions (E&O)

Make your critical insurance form-fill completion process smarter, faster and more accurate using ZorroSign’s automated engine, Z-Fill.

Built with artificial intelligence (AI) and machine learning (ML) to speed form completion and increase accuracy, ZorroSign’s Z-Fill feature helps your customers fill forms with ease by anticipating entries, reduces errors by matching profile information to form-fill options, and learns from historical form-fills to anticipate more and more entries over time.

Plus all of your insurance documents can be stored on ZorroSign’s Z-Vault for regulatory compliance and the immutability of signed documents, metadata, and workflow records. Z-Vault enables you to store, structure, organize and search documents in folders and subfolders natively, with the peace of mind that comes from superior blockchain privacy and security.

Improve Customer Service

All ZorroSign’s benefits for your insurance business map right back to customers as well:

Digital signatures allow customers to sign at their convenience, wherever and whenever they prefer
Elevated privacy and security for all insurance documents and transactions
Form-fill automation to reduce errors and omissions (and improve regulatory compliance)
Plus a secure document management system for immutable records that can readily be audited for details or history

ZorroSign helps bring your insurance business into the digital age: Speeding customer processes and service, helping your organization “go green” with paperless operations, and allowing you to serve customers from anywhere, anytime!

Learn more about how ZorroSign serves the insurance industry, contact us with any questions, or start your 14-day free trial and bring these benefits to your insurance business today!

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), more than 90% of all cyber attacks begin with phishing.

“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” explains CISA. “Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.”

Thus phishing attacks seek to steal data or inject malware—adware, bots, keyloggers, ransomware, spyware, trojans, worms, etc.—that cause damage at a later time.

Phishing Attacks

In phishing attacks, “scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts,” warns the Federal Trade Commission (FTC). “Scammers launch thousands of phishing attacks like these every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.”

“What really distinguishes phishing is the form the message takes,” notes a recent CSO online article. “The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.”

This credibility is paired with a sense of urgency to inspire victims to respond quickly to the message: Clicking a link or downloading a file that starts the attack. For example, Crowdstrike, a cybersecurity company, found that Amazon and Apple were the two most impersonated organizations for phishing scams in 2020. As the COVID-19 pandemic moves more people to work-from-home and out of traditional workplace settings, phishing scams increase to take advantage of anxiety and remote communications.

“Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns,” adds the CSO online article. “During a crisis, people are on edge. They want information and are looking for direction from their employers, the government, and other relevant authorities. An email that appears to be from one of these entities and promises new information or instructs recipients to complete a task quickly will likely receive less scrutiny than prior to the crisis. An impulsive click later, and the victim’s device is infected or account is compromised.”

“Phishing and social engineering attacks are now experienced by 85 percent of organizations,” reports Accenture. And the number of phishing attacks has been increasing in the United States, “with a growth of 65% in the last year,” adds Crowdstrike.

Blockchain Cybersecurity Against Phishing

“Traditionally, businesses sought to prevent phishing attacks through employee training,” writes Cloudphish, a blockchain cybersecurity company. “While this method did provide some success, it was overly reliant on human judgment.” As an alternative to such an approach of relying upon employees and staff to determine what emails or attachments they can safely open, blockchain offers a chance to secure the system access attackers ultimately seek.

Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against phishing attacks.

In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.

Whereas centralized databases can be stolen by one endpoint breach—such as the infamous attacks on Yahoo in 2013 and 2014, the United States Office of Personnel Management (OPM) in 2015, Equifax in 2017, Marriott/Starwood Hotels in 2019, and countless others—the distributed ledgers of blockchains minimize the potential damage of any phishing attack on individual endpoints. At ZorroSign, for example, we use a private permissioned blockchain, Hyperledger Fabric. Hence, even during a successful phishing attack, the adversary would not gain access to the blockchain data because the adversary would not have access to the blockchain certificates. With Hyperledger Fabric, blockchain certificates are maintained in a secured certificate authority.

In phishing attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so phishing attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This quick recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.

To learn more about blockchain as cybersecurity and how ZorroSign employs private, permissioned Hyperledger Fabric blockchain, visit https://www.zorrosign.com/z-forensics/secure-blockchain-technology/

It seems we cannot escape the continued headlines: A huge company hacked, a critical utility crippled by ransomware, a government agency’s data breached. The frequency and scale of cyber attacks is growing and so are the damages to commerce, identity, privacy, even national security.

While there are many attack vectors—brute-force attacks, code injection, cross-site scripting (XSS), phishing, and distributed denial of service (DDoS) are notable threats—the ability of attackers to install malware and either shut down systems, control systems, or hold systems ransom are among the most damaging.

Ransomware Attacks
“Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable,” claims the Cybersecurity and Infrastructure Security Agency (CISA) “Malicious actors then demand ransom in exchange for decryption.”

Historic detect-and-respond approaches to ransomware leave organizations far too exposed to outages, theft, and long recovery times. “Even if there is no evidence that confidential information has been leaked, organizations can still suffer significant damage,” writes the National Law Review in a recent article. “The cost of reassuring stakeholders and mitigating reputational harm can almost match the consequences of a full blown attack.”

“The average total cost of recovery from a ransomware attack has more than doubled in a year,” notes Sophos, a cybersecurity company in findings from a global survey. “Increasing from $761,106 in 2020 to $1.85 million in 2021… The average ransom paid was $170,404.”

Worse, CISA warns that “ransomware incidents have become more destructive and impactful in nature and scope. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations large and small.”

More than 90% of all cyber attacks begin with phishing and ransomware is often brought into a network from remote or mobile devices. However, “ransomware gangs have been shifting their focus to managed service providers (MSPs), a platform that serves many clients at once,” says Varonis. “This means that if a hacker gains access to one MSP, it could also reach the clients it’s serving as well. Most of the time, MSPs are hacked due to remote access tools that are poorly secured.”

While securing endpoints is critical to defending against phishing and ransomware attacks, the vulnerability of MSPs means any centrally managed database could be compromised if its hosting MSP is hacked.

Once breached, ransomware typically “displays an on-screen alert advising the victim that their device is lock or their files are encrypted,” notes the U.S. Secret Service Cybercrimes Investigations unit. Yet “paying the ransom does not guarantee regaining access. In some cases, a decryption key was not provided in return to a paid ransom. In other cases additional ransom was demanded.”

Blockchain Cybersecurity Against Ransomware
Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against ransomware attacks.

Blockchain’s distributed ledger technology (DLT) provides two means of preventing and/or ameliorating the threat of ransomware attacks: First, by decentralizing the data set itself; and second, by giving endpoints a quick path to recovery, even if they are themselves breached and access ransomed.

Unliked centralized databases—which can be breached at unsecure endpoints (users and devices) or even at MSPs hosting them, giving attackers complete control once they gain central access—blockchain technology distributes data across geographically separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature so defeats any attack seeking to breach a system and holistically encrypt the data files stored therein: A single endpoint node might be breached and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully attacked (presumedly compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint).

This unique recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set: With a new key and without needing to pay any ransom to the attackers for restored access.

To learn more about blockchain as cybersecurity and how ZorroSign employs a private, permissioned blockchain, visit https://www.zorrosign.com/z-forensics/secure-blockchain-technology/

NOTE: CISA strongly advises victims of ransomware to report such attacks to federal law enforcement via IC3 or a Secret Service Field Office. Victims can request technical assistance or provide information to help others by contacting CISA. If your organization becomes a victim of ransomware attacks, visit CISA’s reporting links at https://www.cisa.gov/stopransomware/report-ransomware-0

ZorroSign is proud to launch consumption-based pricing for our software subscriptions!

As software-as-a-service (SaaS) evolves and specializes, we are seeing the unsophisticated per-seat pricing model wane as users demand more control over their usage and corresponding costs. SaaS-providers who meet that need are better aligned with their customers and can deliver both stronger performance and instill greater loyalty by only charging for those services and resources their customers use.

“A consumption-based pricing model is a service provision and payment scheme in which the customer pays according to the resources used,” notes a recent TechTarget article. “This model is essentially the same as the utility computing payment structure and those of other utilities, such as water and electricity.”

Consumption-based pricing for SaaS solutions means escaping from rigid per user/per month pricing schemes and offering customers a more tailored experience with their software subscriptions.

“Your customers shouldn’t feel forced to pay month-to-month for services they’re not actually using on a regular basis,” notes Brent Barnhart in a usage-based pri cing article. “Usage-based pricing is often presented as a sort of win-win for customers and companies alike. That is, your users enjoy some much-needed flexibility in terms of their budgets while also holding themselves accountable for how much they end up using your product.”

With ZorroSign, for example, Individual subscriptions can be priced by set numbers of documents or unlimited document sets, while Business subscriptions are custom priced by number of needed users, signers, and document sets. And our Enterprise subscriptions are priced granularly by users and documents used so users are not paying for unused licenses or consumption.

Other digital signature platforms still cling to per user/per month pricing which leaves many of their customers unsatisfied with paying higher subscription fees than they actually need. ZorroSign is offering an alterative approach that brings clear benefits to customer finances and scalability.

Zuora, leading subscription economy evangelist, summarizes the immediate benefits of consumption-based pricing as:

“Customer satisfaction. When customers can self-serve, they’re more likely to feel they’re receiving value for the price.
“Go-to-market agility. Flexible combinations of recurrent and consumption pricing allow companies to experiment, testing in-market and readjusting quickly.
“Reduced revenue leakage. Efficient pricing models mean there’s less money left on the table as you optimize product usage—and revenue generated—from each customer.”

“We not only want to deliver the highest technology standards for privacy, security, and compliance,” says Shamsh Hadi, CEO and co-founder of ZorroSign. “We also want to deliver unmatched value to our customers—and that starts with a pricing model aligned to their needs for digital signatures, IDaaS, and digital document workflows.”

To see our new pricing and calculate how much an individual or business subscription might cost your organization, visit www.zorrosign.com/pricing/ or contact us today.

ZorroSign is proud to stand alone in a crowded field of digital signature solutions. Only ZorroSign’s document management platform was built from the ground up on Hyperledger Fabric—the worlds most trusted blockchain technology. This private, permissioned blockchain architecture provides ZorroSign users with the highest levels of data privacy and security available for digital signatures.

Further, we have created and patented Z-Forensics: A 4n6 (“forensics”) token to uniquely verify users and authenticate the immutability of both digital and paper documents. Let us explain this innovative new method for document security…

A HISTORICAL NEED TO PROTECT DOCUMENTS

More recently, with the popularity of electronic or digital documents, the digitization of business processes is taking place. In other words, from the creation of documents, to the signing of documents, to the storage and subsequent retrieval of documents, one or more steps may be conducted digitally. For example, a document may be created on a computer and subsequently printed, signed with wet ink or electronically, then faxed, delivered via courier, or scanned into the computer and finally shared electronically via email or by using other file transfer mechanisms. Despite the technology advances, such documents can still be tampered with and signatures can be forged within this process as well.

Today, electronically signed or mixed-signed documents are shared with parties who are all part of a specific workflow. Because electronic or digital documents can be readily altered, a technical problem exists whereby the digital version of an electronically signed document can be shared with anyone, but the recipients of the “digitally modified” document cannot be certain of—or otherwise prove—the validation of the user and authenticity of the document, its content, and the signatures on it. The signatures applied to these documents are only images captured on electronic devices, signature pads, mouse pads, or other capturing devices and not an equivalent of a wet signature when signed with a pen.

THE PATENTED Z-FORENSICS TOKEN

Facing this historical need, ZorroSign has developed a unique digital solution that can:

Prove that the individual who is performing the action to sign the document is who they claim to be (verification);
Apply a digital equivalent of a wet-ink signature to the document (legal intent); and,
Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

We have patented this technology solution which we call the Z-Forensics token.

ZorroSign’s platform can authenticate system users with biometrics (leveraging the multi-factor authentication of hardware devices such as iris scans, fingerprints, or face-recognition technology), knowledge-based authentication (KBAs) from third-party providers such as LexisNexis®, or passwords.
Users create or import a document comprising of fields to be completed by one or more users and any attachment required to be part of the workflow. All users—those who can act on the document or those who have view-only access—are considered to be “in the workflow.”

Users in the workflow (except view-only users) can edit, add, or enter values or signatures in those fields. The sequence is pre-defined for execution—whether that is sign, date, initial, check box, or fill out fields in various forms. Users can upload supporting attachments as necessary.

When the document is complete—i.e., all users have completed their acts on the document and attachments—the ZorroSign platform adds an encrypted visualization element (the Z-Forensics token) to the document that uniquely identifies and secures the document.
Thereafter, a copy of the original document, all attachments, authentication, security and validation information, and all other relevant information about the document and users will be available to view in the chain of custody and audit trail by the authorized users by scanning the token visualization element within the platform (web or mobile app).

Of critical importance, users may also share a completed document with individuals external to workflow (for example, a commissions, judge, or audit panel) to verify the immutability and authenticity of the signed documents.

WHY YOUR ORGANIZATION NEEDS Z-FORENSICS

Unlike any other digital signature solution, ZorroSign seals all documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

Only the Z-Forensics token:

Allows ZorroSign customers to manage permissions as to who gets to see what level of information about the transaction and the contract
Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire
Can verify, validate and authenticate both digital and printed (paper) version of electronically signed contracts

To learn more about blockchain security, digital signatures, and how ZorroSign can help you Block it Down, contact us today!

Banks, credit unions, investment groups, lenders, and other financial service providers use ZorroSign’s digital platform to lower operating costs while protecting privacy and data security. Only ZorroSign pairs digital signatures with blockchain technology—delivering 21^st century security to the age-old ceremony of signing agreements.

FINANCIAL SERVICES INDUSTRY NEEDS

Anyone managing technology for a financial services provider feels the stress of managing data, networks, and endpoint devices in a world where cyber attacks, regulatory compliance, and customer needs are changing quickly.

To ensure their financial organizations are secure, compliant, and delivering easy to use customer-facing solutions, IT departments need the latest technologies but also proven solutions. ZorroSign is proud to protect financial services data—for customers, for regulators, and for the institutions themselves.

TRANSFORM YOUR FINANCIAL SERVICES WITH SUPERIOR SECURITY

Whether you’re a financial advisor or lender, a bank, credit union, or other services provider, you need fully compliant, automated, blockchain-level security and digital transactions you can trust. ZorroSign delivers:

Unbeatable user authentication, validation and privacy, with superior data and document security

A secure, paperless digital signature solution that’s easy to use, so you can “sign it and forget it”

Workflow automation that saves times and eliminates paper—streamlining approvals, signatures, and workflows

Error-free forms filled out and processed faster via artificial intelligence and machine learning

Financial institutions need privacy and security, but also need to know their technology solutions meet regulatory compliance. ZorroSign’s platform is compliant with the Digital Millennium Copyright Act, UETA, the ESIGN Act, GDPR, plus ISAE 3402 Type II certified, SOC II Type 1 certified, and ISO 27001 certified while supporting HIPAA, ADA, WCAG 2.1, CCPA, New York SHIELD Act, and other standards varying country by country.

For banks, credit unions, and other financial service providers that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity.

As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

ADD IDENTITY-AS-A-SERVICES (IDAAS) TO KNOW-YOUR-CUSTOMERS (KYC)

Beyond digital signatures, ZorroSign delivers identity-as-a-service (IDaaS) to verify financial services users and support know-your-customer (KYC) requirements:

ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities
ZorroSign is the first to adopt password-less login amongst our digital signature competitors
ZorroSign MFA provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of private information of the individual to prove that the person providing identity information is the actual person.

Moving forward, ZorroSign will be adding further user verification capabilities, including integrations with U.S. driver licenses via state motor vehicle departments, verification via passports (with approximately 72 countries to start), other government-issued identities (with approximately 100 countries to start), and even tapping U.S. credit union databases for identity verifications.

Further, we will be implementing a blockchain-based audit trail for all user activities—including profile updates, signature changes, etc.—and will maintain a separate blockchain to maintain users’ signatures. With these immutable blockchain records, we can uniquely validate users in ways no competitive solution can.

We invite you to request a copy of our ZorroSign Security Brief to learn how our private blockchain architecture, document storage and protection, and platform security measures can support your financial service clients today!

The PDF Problem

Researchers have recently uncovered two major security flaws in certified Adobe PDF applications. These flaws leave organizations that use such PDF signatures exposed to a number of cyberattacks.

“Certified portable document format (PDF) files are used to securely sign agreements between two parties while keeping the contents’ integrity protected,” writes Becky Bracken in a recent Threat Post article. However, researchers from Ruhr-Universität Bochum “found vulnerabilities to two specific novel attacks they dubbed, ‘Evil Annotation’ (EAA) and ‘Sneaky Signature’ (SSA). Both allow an attacker to overlay malicious content (PDF) on top of the certified information without showing any signs it was altered.”

In quick summary, the EAA attack displays “malicious content in the document’s annotations and then sends it on with its digital signature intact. SSAs add malicious content over legitimate content in the PDF itself.”

The original research report further describes “how the attack classes EAA and SSA can be used to inject and execute JavaScript code into certified documents.”

The ThreatPost article concludes that “Certified signatures present a massive, potentially catastrophic, security risk for many organizations and the report urges PDF applications to work quickly to come up with wide-scale fixes.”

The ZorroSign Blockchain Solution

In light of this frightening security gap in Adobe PDF files, ZorroSign is proud to bring an alternative technology to the market for digital signatures. Our platform—built from the ground-up on Hyperledger Fabric blockchain—does not employ the Approval and Certification signatures built into PDFs to authenticate Adobe documents.

Instead, ZorroSign leverages distributed ledger technology (DLT) to securely record documents, workflows, users, and changes to our private, permissioned blockchain. This immutable record preserves chain-of-custody and provenance for agreements, contracts, documents, transactions, and any other digital workflow requiring signatures. And, equally important from a security risk management perspective, prevents any tampering to document annotations or adding content over legitimate content in the digital files themselves.

ZorroSign further deploys our patented 4n6 (“forensics”) token to each and every document—a unique technology seal that captures the chain of custody and an audit trail of the changes made to the document by the parties in the workflow, such as recording key authentication, security and validation information when an action took place.

This summer, ZorroSign will also deploy our new Z-Verify feature. The EAA and the SSA attacks are only possible because the PDF document is verified by itself. With Z-Verify, digital documents are checked against ZorroSign’s private permissioned blockchain record. Hence, the PDFs that are signed using ZorroSign can be cryptographically verified using the Z-Verify platform, preventing the EAA and SSA attack vectors.

Taken together, ZorroSign’s unique security architecture prevents the JavaScript code injection risks in Adobe PDF applications where the Ruhr-Universität report claims “the only requirement is that the victim fully trusts the certificate used to certify the PDF document.”

To learn more about the superior security of ZorroSign digital signatures and how we leverage blockchain technology and our proprietary 4n6 tokens to protect your data, contact us today!

Identity-as-a-Service (IDaaS) is a relatively new—and somewhat nebulous—concept in today’s market. Gartner, a global research and advisory firm, has a category defined as “identity management as a service” but most Software-as-a-Service (SaaS) companies providing identity and identity management functionality tend to define IDaaS to their own strengths and capabilities, so it is hard to find a consistent definition.

Yet the world of digital data we engage today requires digital identities for access and operations. Using digital identities we can trust is at the heart of modern cybersecurity—and hacking, phishing, or stealing identity credentials is one of the most common attack vectors for cybercriminals seeking to penetrate digital systems. As such, IDaaS has a very well-defined need, if not yet a well-defined category.

What is IDaaS?

At a basic level, all IDaaS platforms are created to enhance online user experiences, secure access to critical enterprise applications, and reduce IT resource-related expenses with efficient identity and access management (IAM) and privileged access management (PAM).

“There’s no way around it: sound identity management is essential,” writes Mark Diodati at Gartner. “Without good IAM, you are at real risk for data breaches and denial of service attacks. And IAM is hard to get right.”

The overarching goal of IDaaS solutions is to ensure users are who they claim to be—and to give users access to applications, data, systems, or other digital resources as authorized by their organizations.

Why Organizations Need IDaaS?

Foremost, IDaaS solutions can improve data security and cybersecurity. Knowing with confidence who your digital users are can elevate privacy and security across all digital systems. With an estimated 81% of hacking-related breaches leveraging either stolen and/or weak passwords, effective IDaaS solutions can eliminate one of the most glaring gaps in cybersecurity.

For government agencies and public-sector organizations, IDaaS is quickly becoming a critical need. “Cyber attackers always target government agencies to gain access to confidential government data,” explains Markets and Markets™, the world’s largest revenue impact company, headquartered in Pune, India.

Another key advantage of IDaaS is operational cost savings. Provisioning IAM with onsite solutions can be expensive: IT teams have to manage servers and software—purchasing, installing, upgrading, and managing backup data. Plus, onsite teams must shoulder the burden of monitoring network security and endpoint device management.

With IDaaS, however, costs can be minimized to subscription fees and administration. In one-ready example, secure single sign-on to applications can significantly reduce IT help desk costs related to password resets.

Besides security and savings, the ROI for IDaaS solutions can include improved user experiences with saved time via faster logins and fewer password resets. “Whether a user is signing in from open WiFi at an airport or from a desk in the office, the process is seamless and secure,” notes Fabrice Berté, director at Weborama.“The improved security can keep companies from facing a hack or breach that might topple their business.”

Today, Gartner defines key market drivers for IDaaS as access to SaaS applications, provisioning, managing, vertical communities, ensuring strong authentication, and gaining SaaS efficiency. And trends in IDaaS that Gartner reports include information breach concerns, the broader use of consumer authentication, and reverse-proxy WAMs.

“We’ve been talking about this for a very long time,” said Diodati in a CSO Magazine article. “But didn’t have the big data/analytics capabilities and the mobile platform architectures until recently.”

How ZorroSign Delivers IDaaS to Verify Users

While it used to be acceptable to grant access via username and password, the industry standard is two-factor authentication and rapidly evolving to MFA with password-less logins. Here are ways ZorroSign delivers IDaaS to verify users:

* ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities.

* ZorroSign is the first to adopt password-less login amongst our digital signature competitors.

* ZorroSign multifactor authentication (MFA) provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

These technologies secure the endpoints of our private, permissioned blockchain architecture where only approved nodes (endpoints) are allowed to access our Hyperledger Fabric distributed ledger. Hyperledger emerged as an open-source collaborative effort, hosted by the Linux Foundation, to advance cross-industry blockchain technologies and improve trust, transparency and accountability.

For governments, companies, and individuals that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. And built on a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

Moving forward, we will be implementing a blockchain-based audit trail for all user activities—including profile updates, signature changes, etc.—and will maintain a separate blockchain to maintain users’ signatures. With these immutable blockchain records, we can uniquely validate users in ways no competitive solution can.

Patented Z-Forensics Token

Finally, ZorroSign’s patented Z-Forensics (“4n6”) token is a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.

ZorroSign’s Z-Forensics token securely reads the information from the secure ZorroSign servers so it can be accessed by the document originator or third parties (with permission from the originator) when requested. Only the Z-Forensics token:

* Allows ZorroSign to manage permissions as to who gets to see what level of information about the transaction and the document

* Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire

* Can verify, validate and authenticate both digital and printed (paper) version of electronically signed documents

Together, this dynamic and integrated set of technologies allows ZorroSign to provide unmatched privacy and security for our users. Our IDaaS capabilities augment our blockchain architecture to ensure users/signers are who they say they are and deliver trusted connections in a zero-trust environment.

According to Gartner, contract life cycle management (CLM) is the “process for managing the life cycle of contracts created and/or administered by or impacting the company. These include third-party contracts, such as outsourcing, procurement, sales, nondisclosure, intellectual property, leasing, facilities management and other licensing, and agreements containing contractual obligations now and in the future.”

CLM spans the entire process of generating contracts, the workflows of approving and negotiating changes to contracts, the signing (or executing) of the contracts, storing and archiving the executed contracts, plus tracking and audit trails to retrieve contracts and review their lifecycle of approvals, iterations, and signatures.

If contracts are critical to your business or organization—as most contractual obligations are—then a secure, reliable solution for managing the contract life cycle is imperative.

Why CLM?

CLM technology solutions help manage the complex and evolving nature of contracts—making your organization more efficient at producing, executing, and upholding contractual agreements.

Key functionality to look for when assessing CLM solutions include visibility (a dashboard or overview of where individual contracts are in the life cycle), integration with communications and storage systems, automation (as few contracts start from scratch—most are iterations of previously created agreements), and of course change tracking to readily see how contracts changed during negotiations and what final version was executed by all parties.

Top 3 Benefits of CLM:

Save time in contract workflows: From creation to approval to negotiation to execution
Improve transparency across your organization, partners, suppliers, and customers
Improve profitability by saving time and costs via operational efficiencies and reduced errors, while also surfacing revenue opportunities in contracts

According to a Villanova University article, CLM solutions can help organizations:

Avoid litigation from contract non-compliance – A major issue in many contracts is compliance. If contractual obligations are incomplete, the potential for litigation can increase.
Save money – Penalties for non-compliance, missed opportunities from special terms and rebates, and payment errors incurring fees and penalties can be avoided with good contract administration.
Deliver greater value to customers – Fulfilling and exceeding customer expectations through proper contract performance enhances an organization’s value and leads to future business.
Reduce costs and time involved in contract administration – Streamlining processes in contract administration has a direct affect on labor time and costs.
Prevent contract managers from functioning as contract administrators – Contract managers, dealing with details and delays, are best doing just that, while contract administrators focus on higher-level management activities, such as developing important relationships with suppliers and customers.

Why ZorroSign for CLM?

Specifically, ZorroSign’s platform was developed on private, permissioned Hyperledger Fabric. Hyperledger emerged as an open-source collaborative effort, hosted by the Linux Foundation, to advance cross-industry blockchain technologies and improve trust, transparency and accountability.

With this technology architecture, ZorroSign can manage contracts as it manages all digital documents, providing:

Digital Signatures to quickly execute legally binding contracts
Patented 4n6 (“forensics”) token to ensure contract immutability
Workflow automation to quickly build templates and approval chains
Document management system (DMS) leveraging Hyperledger Fabrics secure distributed ledger
ZorroFill deploying machine learning to streamline form completion

ZorroSign’s platform can be accessed via PCs and mobile devices, allowing your legal department, operations and procurement teams, and sales teams to efficiently generate, negotiate, communicate, and sign agreements. And with our blockchain architecture, contracts reside on an immutable DMS where they can be saved, searched for, and managed easily from a single, intuitive user interface.

Unlike any other CLM solution, ZorroSign seals contracts with our 4n6 token—capturing the complete audit trail and the contract’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, documents and attachments.

Only the 4n6 token:

Allows ZorroSign customers to manage permissions as to who gets to see what level of information about the transaction and the contract
Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire!
Can verify, validate and authenticate both digital and printed (paper) version of electronically signed contracts

Our unique platform supports CLM to speed digital transformation—reducing paper costs and logistics, supporting environmental conservation, and improving operational efficiencies for in-office and remote teams.

Plus ZorroSign delivers the automation capability necessary to proactively and methodically manage contracts from creation and negotiation, through execution, compliance and renewal. To learn more about CLM and how ZorroSign can support your organization in managing contracts, contact us today!

The first Thursday of May is World Password Day. Since 2013, the day promotes better password habits, as secure passwords are a critical piece of today’s cybersecurity.

While many people observe World Password Day by changing their passwords; moving to longer, complex passwords; turning on two-factor authentication; and other steps to improve individual password security, ZorroSign is working to remove the risk of passwords all together!

According to last year’s Verizon Data Breach Investigations Report, over 80% of hacking breaches involve brute-forced credentials or the use of lost or stolen credentials.
In an article from last year’s World Password Day, CPO Magazine proposed that the best password is no password at all, as “passwords alone are not enough to protect products and users would be foolish to think otherwise.”
A recent Information Age article claims the time is right for passwordless authentication, as “passwordless authentication makes users’ lives easier” and removes the human factor from cybersecurity—where “people just can’t be trusted to set reliable passwords, to change them frequently, to make sure they are strong, and to keep them secure.”
Philip Black at Techradar.com published an April 2021 article dispelling the myths around passwordless authentication. Black suggests “a paradigm shift is on the horizon as new passwordless solutions and technologies gain in popularity, such as biometrics, laying the foundation for a more secure standard for accessing information in the digital world.” And he removes the mythical obstacles around multifactor authentication, the risks of biometrics, and how expensive it is to escape passwords for cybersecurity.

Looking to overcome these risks, we partnered with Trusona, the pioneering leader in passwordless identity solutions. Our shared goal is to authenticate user identities in digital environments without needing passwords.

ZorroSign’s identity-as-a-service (IDaaS) solution now includes identity proofing capabilities—uniquely combining Trusona’s authentication architecture with ZorroSign’s digital signature and a document management system.

Trusona’s solution uses passwordless identity proofing that is available in 38 states and provides the ability to scan a government-issued REAL ID Act identification—like a driver’s license—and then verify the identity with the state’s department of motor vehicle. ZorroSign’s integration with Trusona will elevate the user authentication capabilities of digital signatures, digital document workflows, contract lifecycle management (CLM), and potentially eVoting.

“Blockchain is here; remote identity proofing is here,” says Ori Eisen, founder and CEO of Trusona. “Trusona helps us protect our high-valued documents like sensitive financial assets and voting records, providing us with the confidence to execute documents securely and from any location.” Over 200 organizations, including some of the world’s largest financial services and health care companies, rely on Trusona’s identity proofing solutions.

Plus, with our mobile app, ZorroSign leverages the biometric security of Apple and Android devices to secure privacy and data with biometrics such as fingerprints and iris scans—facilitating passwordless user authentication at the device-level for digital signatures and document management.

To learn more about passwordless user authentication, and how ZorroSign provides superior privacy and data security with our blockchain technology, contact us today.

ZorroSign’s primary focus is the security and privacy of our customers’ data.

Our technology platform was built for the highest levels of security and compliance—from our blockchain architecture to our patented 4n6 token, to our multi-factor authentication—all ensuring our platform is compliant with dozens of international privacy and security standards.

BLOCKCHAIN ARCHITECTURE

ZorroSign has implemented its own secure instance of Hyperledger Fabric—the world’s most trusted blockchain technology, created by the Linux Foundation—using proprietary technology. This blockchain architecture is permissions-based and requires users to authenticate themselves before making requests to read or write into the distributed ledger (i.e., the “blocks” on the “chain”) or taking any action that adds to the blocks on the ledger.

As a private blockchain, ZorroSign can ensure privacy is always maintained, as only approved nodes (endpoint users) can write to ZorroSign’s blockchain—as opposed to public blockchains (like Bitcoin and Ethereum) where anyone can be an endpoint and write to the blocks. As a result, ZorroSign’s architecture has even tighter privacy and security than other blockchains. If users make a change to the information recorded in one particular block of a blockchain, they cannot rewrite that block—instead, the change is stored or recorded in a new block along with the date and time of the change, permanently capturing the chronological changes to the document.

Further, ZorroSign’s platform was based on the Sherwood Applied Business Security Architecture (SABSA)—a proven methodology for developing business-driven, risk and opportunity-focused security architectures. We leverage Defense in Depth (DiD) mechanisms, such as AI-based Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and border routers. Plus ZorroSign brings personally identifiable information (PII) data security, 24/7 monitoring, business continuity/disaster recovery policies, security logging and incidence response via Elastic search Logstash and Kibana (ELK), and Microsoft Intune for unified endpoint management.

PATENTED Z-FORENSICS TOKEN

The ZorroSign patented Z-Forensics token is a digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.

The key benefits of ZorroSign’s blockchain and Z-Forensics token technology include immutability of chronological records, permissions-based private blockchain security and privacy of the users’ information (i.e., PII or PHI), fraud prevention, and lifetime escrow (as ZorroSign issues its own certificates that never expire).

MULTI-FACTOR AUTHENTICATION (MFA)

With the growing number of data breaches affecting user authentication, protecting one’s account credentials has become a top priority. Many solutions are now moving towards a Zero Trust model where the user must prove their identity. While it used to be acceptable to rely on a username and password, the current industry standard is two-factor authentication which is rapidly evolving to MFA with password-less logins.

ZorroSign is proud to be the first to adopt password-less login amongst our digital signature competitors—validating what you know (i.e., your ZorroSign login password ), what you have (e.g., your laptop or mobile device), and who you are (e.g., biometrics such as fingerprints or eye iris on the device, securing who can access it).

GLOBAL PRIVACY & SECURITY COMPLIANCE

This unique combination of security architecture and data privacy functionality grants ZorroSign compliance across many international standards for privacy and security, including but not limited to:

Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
Canada: The Uniform Electronic Commerce Act (UECA)
EU: Data Protection Regulation (GDPR) for data privacy and security
EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
India: The Information Technology Act 2000 (IT Act of India)
International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
International Organization for Standardization (ISO) 27001 certified
PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
USA: California Consumer Privacy Act (CCPA)
USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
USA: The Digital Millennium Copyright Act (DMCA)
USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
USA: The Health Insurance Portability and Accountability Act (HIPAA)
USA: The Uniform Electronic Transactions Act (UETA)

We invite you to request a copy of our ZorroSign Security Brief for details on our private blockchain architecture, document storage and protection, and platform security measures today!

April 22 is Earth Day—an annual event to demonstrate support for environmental protection. At ZorroSign, however, we aspire to protect the environment and conserve natural resources every day.

How?

Environmental conservation is part of our corporate social responsibility and intrinsic to our mission, our values, and even our technology.

Our Mission
At ZorroSign, we help individuals, businesses, organizations, and even government entities to achieve a paperless life. We all understand that switching from doing business using paper to digital records is not only a smart business decision, but it is also good for the environment. Each time you use ZorroSign to digitally transact agreements, contracts, and other documents—instead of printing, faxing, scanning, shipping documents overnight to collect signatures—you save trees and water, plus reduce carbon emissions.

And with ZorroSign’s SAVE A TREE – PLANT A TREE initiative, for every 8000 pages you save using our digital platform, we will plant a tree on your behalf!

Our Values
ZorroSign is committed to democratizing user privacy and data security by bringing digital signatures and a paperless life to everyone around the world. Not only can you save operating costs by moving away from paper, printing, copying, conveying, and storing hard copy documents, but you also decrease your environmental consumption by digitizing your communications and operations.

Achieving a paperless life helps you and your organization to have a positive impact on the environment through sustainable practices. Visit our environmental savings calculator to quickly see how you can save trees, wood, water, CO₂ emissions, and time by “going digital” with ZorroSign.

Our Technology
It has been a long-running criticism of cryptocurrencies that the data mining required to produce coins consumes an astonishing amount of electricity. With the public blockchains used for cryptocurrencies, mining coins requires complicated mathematical processing on high-end graphic processing units (GPUs), consuming energy both for calculation processing and cooling those GPUs down under heavy load.

However, ZorroSign was not built on a public blockchain architecture.

Instead, we are built on private, permissioned Hyperledger Fabric. Unlike Bitcoin and the cryptocurrency models for blockchain, Hyperledger Fabric is a next-generation enterprise blockchain architecture “with even lower electricity costs and attendant carbon footprints,” writes Michael Barnard in a CleanTechnica report.

Hyperledger Fabric’s architecture is so completely different than the mining and broadly distributed model of bitcoin that the enterprise blockchain can operate faster with far, far lower energy consumption.

This combination of speed and energy-efficiency made Hyperledger Fabric the ideal technology for ZorroSign’s digital platform.

“We are proud to use Hyperledger Fabric as our blockchain architecture,” says ZorroSign CEO and co-founder, Shamsh Hadi. “Not only does this private, permissioned approach bring greater privacy and security to our users, but the environmental costs of operating a private enterprise blockchain—like Hyperledger Fabric—is magnitudes lower than the high energy consumption required of public blockchains like Bitcoin and other cryptocurrencies.”

To learn more about ZorroSign’s commitment to environmental conservation, our corporate social responsibilities, and how we deliver greater privacy and security for digital signatures and documents, contact us.