Home » Biometrics

Since 2013, the security world recognizes the first Thursday of May as World Password Day—promoting better password habits such as changing passwords, moving to more complex passwords, and turning on multi-factor authentication (MFA) to improve digital security.

In advance of this year’s World Password Day, ZorroSign is proud to remind our users that ZorroSign’s platform not only accommodates complex passwords and MFA, but also supports “password-less” logins!

How?

First, ZorroSign leverages the biometric security of Apple and Android mobile devices to login to the device (and ZorroSign app) with hardware biometric capture features such as face, fingerprint, and iris scans. Such biometric login facilitates password-less user authentication at the device-level for subsequent ZorroSign digital signatures and document management.

Further, our multi-chain blockchain platform can validate multiple dimensions of authentication based on the transaction security needs:

  • What you know — your ZorroSign login password or knowledge-based authentication
  • What you have — your PC or mobile device
  • Who you are — biometrics such as finger prints, eye iris on the device securing who can access it

ZorroSign’s dynamic knowledge-based authentication (KBA) feature—provided by LexisNexis—requires the knowledge of private information of the individual to prove that the person providing their identity information is the actual person.

With ZorroSign’s user authentication options, it is almost impossible for an imposter to sign a document on the ZorroSign platform, ensuring:

  • Legal Enforceability — Using digital signatures with real digital information
  • Signature Attribution — Incorporating high-level security provisions and multifactor authentication (including biometrics) to ensure signatory attribution to a specific user

To learn more about our password-less login capabilities and how ZorroSign provides superior privacy and data security with our blockchain platform, contact us today or sign up for a Free 14-Day Trial to see for yourself!

With the era of “going paperless” well underway, the days of “wet signs” are soon going to be an ancient history. Going paperless, of course has its advantages, ranging from efficiency to environmental benefits, however, it is vital to keep in mind safety and security when it comes to using eSignatures as the replacement of actual wet signatures.

 

There is a plethora of evidence supporting the tectonic shift of going digital, however, many are concerned about the end-to-end execution of the entire document signing process. The US Federal ESIGN act defines it as, “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” This is a broad definition, and there are a plethora of ways documents can be signed electronically and contracts (or transactions) can be executed ranging from entering your initials, checking a box, typing your name, pasting a scanned image of your signature, and using a cryptographic-based digital signature.

 

Many digital signature solutions have been created with different levels of security measures around each. These include ensuring that they are tamper proof by forming a link between the signatory and his signature with the help of an encryption key that may be in the possession of the signatory.  This layered security ensures that the three vital aspects of the digital signature that ensure its legal validity have not been breached. These three aspects are:

 

Authentication: All the signatories are known to each other and can be authenticated easily.

Integrity: The signatories are the same persons who have signed the contract. I.e., the documents and the digital signatures have not been changed en-route

Non-repudiation: None of the signatories to a contract can deny that they are in fact, the actual signatories of the contract

 

But, this however, leaves a glaring gap, the susceptibility to hacks, forgery, and fraud.

Enter the world of biometric signatures.

 

Biometric verification of a signature now adds yet another level of security to the documents that are a part of a digital transaction.  The idea is to find a very unique way to authenticate and verify signatory because even the most complex passwords can be cracked. Biometrics is the natural answer because it is unique and, if done right, cannot be stolen or duplicated. A ‘bio’ signature is pretty much amongst the highest levels of security solutions out there. It has the capability of recording individual idiosyncrasies of the person signing the digital document. Traditionally biometrics means signing and verifying signatures and documents with retina scan, iris scan, and recently popularized by mobile devices, fingerprints and facial recognition technology. Advanced biometric may also use the personal mannerisms of the signatory such as the ‘flourish’ of the pen when he signs, when he slows down and consequently where he accelerates when signing, his overall rhythm and speed; and many other seemingly random variables that taken together, form a highly personalized and forensically identifiable and therefore utterly unique foolproof signature.

 

And the applications for biometric signatures are endless. They can be as basic as opening a bank account to as complex as closing multi-million dollar deals. Biometrics can also be used in conjunction to a simple 2-form authentication. Biometrics can be used not only to secure the digital transactions but also to restrict access to authorized individuals only.  And we are just getting started.