SignWise Signature Module – eSignatures Made Easy

To complete the transition to digital documentation and adhere to industry and legislative compliance, the ability to sign digitally generated and stored documents is essential. The ability to hand-sign electronic documents and transactions is central to a state-of-the-art, enterprise-wide information and transaction automation system.

The new Signwise module provides a complete digital signature software solution for the capture, encryption, storage, and verification of Topaz generated Signatures and biometric / forensic-quality electronic signatures. They are secured, validated, controlled, tracked and audited within ViewWise.

Signatures can be added to any document, and once applied, should the document be subsequently edited and or modified in any way, then the document signatures are revoked, dissolved and an audit trail record triggered. On output from ViewWise the option to generate a Certified Document is provided. This certification generates a Global Unique Identifier (GUID) that is appended to each page, regardless of the file format. The GUID validates the pages of the document to the signatures shown on the certification page. At any time signatures and GUID can be validated within the issuing system.

There are two signature options dependant on the level of authenticity required, both fully tracked and audited by ViewWise:

• Certified Signatures – (Electronic) utilizing a Topaz (SignWise) signature pad, signatures are first registered in AdminWise and a biometric and forensic-quality electronic template compiled. Then when a subsequent signature is to be applied to a Document, via a signature pad available on a ViewWise client, a verification of user ID and password is required followed by a biometric / forensic-quality validation of the actual signature in real time. When authenticity is confirmed only then is the signature applied together with a text confirmation of the User and a date/time stamp. When applied the process binds the signature to the document using secure Hash and Encryption. Provided a signature pad is utilized, a registered Certified signature can be applied from any ViewWise station on the network that has a SignWise signature pad available.
• Authorized Signatures – (Digital) again, utilizing a SignWise signature pad, signatures are first registered in AdminWise against registered users. When the registered user, on any given document, requests a signature, then subject to verification of User name and password and confirmation that a valid Authorized signature is available for that user on the system, an Authorized signature is automatically applied together with a text confirmation of the User and a date/time stamp (no signature pad required). When applied the process binds the signature to the document using secure Hash and Encryption.

Visual Representation
ViewWise Documents that have Certified and/or Authorized signatures are clearly marked with icon representations at the document level. Access to view all applicable signatures is available and if subsequently those signatures are revoked, this action is clearly designated. At any time the list of both active and revoked signatures for any document can be viewed.

Verification and Validation of Document Signatures
On document output from the system i.e. print, fax and or email, the Certified Document option details the identification of the document, number of pages, index information together with a full listing and display of all active signatures in a cover page together with the GUID which is appended to each page regardless of the file format to validate the pages of the document to the signatures listed.

Compliance with State and Federal Digital Signature Regulations
SignWise is compliant with Federal and State handwritten digital signature regulations. The use of Topaz forensic and biometric verification meets both the letter and the spirit of the regulations, especially the State of California regulations that specifically require the time-consuming process of traditional forensic verification to authenticate a signature.

What about Signature Security - How is Tampering or Copying Prevented?
The Computhink / Topaz approach to electronic documents and contracts with electronic signature is to mimic the tried-and-true methods of ink-on-paper contracts, documents, and authentication. This complies with all current state and federal digital handwritten electronic signature regulations that are also based on the same approach.

In SignWise, signature data contains the original signature data and little else. A SignWise electronic signature is original signature data encrypted in such a way that the signature can only be verified in the context of the original document. Encrypted, verifiable electronic signature data cannot be viewed or printed by it self. The signature software was designed so that document data including meaning and the identity of the signer stay as originally authored in the document. This allows compliance with FDA regulation 21 code, Part 11, section 11.50, and state regulations such as CA 220002(b)(4)(A) and (B).

By keeping traditional pen-and-paper document data where it belongs - in the document - the SignWise electronic signature solution avoids potential security and refutability problems that may plague other systems - a major step forward in providing the traditional benefits of pen-on-paper signed documents.

SignWise specifically avoids problems that may plague other systems:

• There is no "secret" key bound to the signature, which would jeopardize all records if the secret were to become known.
• The Computhink/Topaz solution uses both traditional forensic and computerized biometric verification of signatures.
• The CA regulations require forensic, not biometric verification. See section 220003(b)(3)(B) of the CA regulations.

Links to e-Signature Regulations

California: http://www.ss.ca.gov/digsig/regulations.htm
Nebraska: http://www.nol.org/home/SOS/digitalsig/digsig.htm
US FDA: http://www.fda.gov/cder/esig

e-Signature Related Legistation:

Federal ESIGN Act In 2000
Began the e-signature revolution by legalizing the use of electronic signatures in place of their pen and paper counterparts. SignWise is designed to comply with the ESIGN Act and to work in concert with the specific guidelines of the legislation.

Model Notary Act of 2002
Sponsored by the National Notary Association, the Model Notary Act of 2002 is a comprehensive statute prototype designed to modernize the Notary Public office. Within the Act, guidelines for electronic notarization are articulated clearly, with the emphasis on electronic signature technology. In mid-2003, the National Notary Association announced the ENJOA (Electronic Notary Journal of Official Acts) that enables notaries to collect official signatures and fingerprints electronically and bind them into an electronic journal, eliminating the old paper journals and diminishing fraud. Jurisdictions around the US are now evaluating this act for inclusion in future legislation.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA Congress recognized the importance of protecting the privacy of health information given the rapid evolution of health information systems in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, which became law on August 21, 1996. SignWise offers multiple e-signature options for companies or practitioners seeking to more efficiently comply with HIPAA, from software to streamline processing of informed consent forms to a virtual sign-in log for a doctor’s waiting room.

U.S. Patriot Act of 2002
In October 2002 Congress passed the US Patriot Act with the intent of making it more difficult for criminals to launder money or take advantage of the financial system. Within the law, Section 326 places a large burden on financial institutions to verify that their clients are NOT known terrorists or criminals. As a result, banks and insurance companies will need to better and more accurately verify the identity of new applicants. This can be achieved most efficiently through biometrics, and SignWise offers a biometric solution for financial institutions to utilize.

GPEA (Government Paperwork Elimination Act)
Signed into law in October 1998, GPEA directs Federal agencies to provide public access to government services and documents by 2003 and gives the public the option of submitting government forms electronically. Further, GPEA requires agencies, by October 21, 2003, to provide for the use and acceptance of electronic signatures.