Ensuring signature integrity
The Signature SDK has four built-in methods which help to ensure signature integrity as listed below.
The signature data includes the context of the signature i.e. the "who", "when" and "why" data. It can also contain other identifying information such as details of the driver, operating system and digitizer pad.
The biometric information of the signature can be steganographically encoded within the image data - a proprietary format is used for this which is not disclosed, even to the programmer.
It can only be analysed by using one of our signature analysis tools - this is a deliberate design feature to minimise the possibility of forgery.
It is possible to calculate a hash value from the document being signed and incorporate it into the signature data.
When the document is later revisited the hash value can be extracted from the embedded signature(s) and compared against the current hash value of the document.
If they are not the same then the signature is deemed invalid because either it or the document or both have changed.
There is an option to embed multiple pairs of key values within the signature data after it has been captured. This protects the integrity of the data and provides a means of detecting any changes made within it.
The Signature SDK does not provide any means of checking a document for integrity other by generating a hash or key value which is stored in the signature itself.
If there is a requirement to add document integrity checking which is independent of the signature data an alternative mechanism must be used for doing so, e.g. an appropriate third-party library.