A big piece of news occurred a few weeks ago and is still in the process of getting “digested” by the analyst community that tracks enterprise content management; Kofax acquired “signature specialist” Softpro.
Among the warmed-over press release rehashes are two good quick write ups by Craig LeClair’s blog over at Forrester and Ralph Gammon’s blog at Document Imaging Talk. Ralph takes care to identify that Softpro actually has two primary technologies: one aimed at fraud associated with image-based signature verification and the other dealing with electronic signatures.
Both state it is a natural fit that enhances Kofax’s move into process-based applications that deal with all types of document-oriented workflows; both paper and electronic documents especially where the new technology can make processes more efficient.
Going deeper, what’s not as apparent is the nature of the technology employed by Softpro. Most document signing or signature solutions revolve around what is known as Public Key Infrastructure (PKI) where public and private keys are exchanged to verify identify. For document signing, a user will attach their private key that only they have to a document and anyone with the public key can verify the “signers” authenticity.
Common with all of these solutions is the concept of attaching a “signature”. The signature itself is typically a certificate that serves the purpose of managing the timestamp of when the document was signed in addition to “hashing” the document to ensure that nothing on the document changed in-between signing the document and sending to the recipient. Hashing is a way to apply a “fingerprint” to a document that can be used to detect changes. Users can include an actual signature, but it is just an image of the signature and serves no other purpose than cosmetics.
A problem with document signing technology is that users need to remember an ID and a password or a PIN to sign a document. It is well-known that passwords and PINs are a weak link because they are easy to crack.
Let’s turn to Softpro’s version of signatures. The big difference is that Softpro uses actual signatures and the biometric information contained within them to sign a document. By using a signature, the requirement of a PIN or password is mitigated; you can still use them of course but they are not required because your signature acts as a verified PIN or password and the biometric information is actually used to create the encryption used to secure the document.
On the negative side is the requirement for a way to sign your name, but with the increased use of touch-sensitive screens on mobile devices (including laptops) and even desktops, the ability to capture a biometric signature is getting easier and easier. That, and everyone knows how to sign their name – even your great grandmother!
So does this mean that online biometric signatures steps into the spotlight as a user-friendly and secure compliment to traditional electronic signature technologies? Kofax and others are betting on it.