FAQ

signaturiX is the flagship product of Xtension. It is a handwritten electronic signature system. The signature is applied with a stylus on devices equipped with touch screens. Depending on their type, a number of parameters (biometric features) unique to each person are recorded, which can be used in the analysis of the authenticity of the signature. 

signaturiX aims to improve the quality and security of services requiring a handwritten declaration of intent in the form of a signature and to reduce the number of paper documents in circulation by replacing them with an electronic form - in accordance with the ISO standard and PAdES with a PDF file.

Under eIDAS (electronic IDentification, Authentication and trust Services), an electronic signature is "data in electronic form that are attached to or logically associated with other data in electronic form and that are used by the signatory as a signature". 

There are three types of electronic signatures: 

• A simple signature is merely a declaration of the author's identity made electronically underneath a document, for example, name, facsimile signature, etc. 
• The advanced signature, thanks to the use of appropriate technical means, is additionally uniquely linked to the document and the signatory, thanks to which it is possible to identify the signatory and any subsequent change of data is detectable. 
• A qualified signature is a special type of advanced signature, created with a qualified device and based on a qualified certificate.
  What is a biometric electronic signature? 

It is an electronic signature using behavioural biometrics. A person's signature is linked to biometric characteristics such as pen position, signing speed, acceleration or pressure.

It is an electronic signature using behavioural biometrics. A person's signature is linked to biometric characteristics such as pen position, signing speed, acceleration or pressure.

signaturiX is an advanced electronic signature using qualified trust services, i.e:

• qualified electronic seal,
• a qualified timestamp.

As a result, signaturiX has almost all the advantages of a qualified signature, while being free of its limitations. There is no need for prior certification or the use of qualified devices.

signaturiX allows you to sign any document, contract, agreement or statement in PDF format. Before the document is signed, the content of the file is presented to the user, and after the user signs, the content of the document becomes inextricably linked to the signature, which is further confirmed by a qualified electronic seal certificate. Documents signed biometrically and sealed with a qualified and sealed with a qualified certificate of an electronic seal retain full legal and evidentiary force.

This type of signature is used, for example, in customer service offices.

The conclusion of contracts in writing requires the handwritten signature of the statement of intent. The written form is binding when the parties to the contract exchange original copies with the signature of all parties. 

Signing using signaturiX is sufficient to constitute a written form.

signaturiX is a server software which is installed in the customer's infrastructure. Via the signaturiX API internal domain systems send documents to be signed. The system presents the document and optionally allows additional information to be added. After the signature the biometric data is encrypted and the resulting PDF file is created, which is signed with an electronic seal and a time stamp. 

Anyone can verify the signature and integrity of the content anytime, anywhere using popular free PDF viewing software such as Adobe Reader. This way, any subsequent change to the document is easily detectable. Unlike cloud-based solutions, documents never leave the customer's internal infrastructure.

All that is needed to sign documents biometrically in signaturiX is a web browser and a suitable touchscreen device with a stylus (e.g. signpad, tablet, phone or laptop). 

It is also possible to work on devices without a stylus, in which case the signature is made with a finger or a computer mouse. In this case we are dealing with a simple signature, because incomplete biometric data of the signature are collected or the signature does not contain them at all, retaining only the image itself.

signaturiX has a number of security features to ensure that the document is integrally linked and the content and biometrics of the signature do not fall into the wrong hands. Among the numerous security features are: 

• protection against unauthorised access to the system, 
• protection against alteration or substitution of the document displayed for signature, 
• protection against CSRF attacks, 
• security against interception of biometric signature data, 
• security against the copying of biometric signature data between documents, 
• cryptographic security API for integration with other systems. 

With the security service provided, the private key needed to decrypt biometric data is securely stored. This key never leaves the Hardware Security Module (HSM) on which it was generated.

Online signatures are not verified when they are created. The signaturiX system does not store biometric data, nor is it possible to decrypt them.

The encrypted biometric data is stored only in the document to be signed (PDF file). To decrypt it, a key stored securely in the HSM (Hardware Security Module) is required. Access to the decrypted biometrics is only available to persons authorised by the court The access to the decrypted biometrics is only available to persons authorised by the court in a given case, e.g. an expert witness (graphologist).

As an additional service, a biometric encryption key is securely generated and stored. State authorities have the option of using dedicated software to decrypt and export biometric data from a document, as well as software to analyse biometric signatures. The private key needed to decrypt the biometric signature data never leaves the HSM (Hardware Security Module), is not transmitted anywhere and is not compromised.