A biometric signature is commonly defined as an electronic signature produced with a manual gesture very similar to an autograph on a paper document.
For Italian legislation, a biometric signature is considered an Advanced Electronic Signature (FEA) and allows you to sign a digital document (PDF file, etc.) without having to print it, and is inextricably linked to it (includes a document hash).
A biometric signature system, based on the technology used, is able to memorize various characteristic data of the signature: position in space of each point, speed and acceleration of the stroke, point pressure value of the pen on the sensitive surface, etc.
There are many fields of application: ranging from contracts and banking operations, insurance contracts, couriers and transport in general, as well as privacy forms, clinical documents such as informed consent and, more generally, any signed document that must be kept over time.
Often the biometric signature operation takes place where a company representative is present (in Branches, Agencies, Points of Sale, etc.). The person in charge, equipped with a Smart Card or Token (or with a Certificate deposited on a remote HSM), can re-sign the document with their Qualified Electronic Signature (FEQ). Before affixing the FEQ, it is possible to include various types of files such as frames or videos of the signature deed, voice files with predefined questions and GPS coordinates if available on the device used. After the signature, a Time Stamp can be affixed which gives the document opposability to third parties.
The biometric signature has two main methods of use:
Advanced Electronic Signature – the data associated with the biometric signature are indissolubly joined to the digital document (in most cases a PDF file) that was the subject of the signature. The data is also encrypted to make it inaccessible and unusable with other documents. Then they are embedded in an electronic signature field to protect their integrity. The advanced electronic signature has the validity provided for by article 2702 of the civil code and integrates the requirement of the written form (with only some exceptions for acts referred to in article 1350, points 1-12 of the Italian Civil Code). The signature associated with the document is then verifiable, in case of denial, through a Calligraphic Expertise which, by comparing the biometric data, can easily determine if the signature is authentic.
Real Time Authentication – the data of the acquired biometric signature are compared with a series of “specimens” previously collected. If the authentication system recognizes a match, it can authorize a given activity (such as a payment). In this case we speak of “authentication” and not of “signature”, because the stored biometric data do not constitute a real electronic signature (advanced, digital or qualified), but serve only as an enabling tool (e.g. password) for a certain function, which can also be simply the activation of a private Qualified Electronic Signature key previously deposited on an HSM server.
The adoption of the biometric signature offers numerous advantages including: