Security is based on an effective concept and a clean implementation. The secure, hardware based, encryption process for electronic signatures provided by StepOver, based on the biometric data of the handwriting, is transparent and can be used as evidence in court, if necessary. This process was used countless times since 2010. The matching patent No. EP 2367128 B1 was issued for Germany, France and the United Kingdom on 14th October 2015 as well as a corresponding US patent No. US 8612769 B2.

Handwritten electronic signatures use biometric data (individual handwriting characteristics like pressure, speed, etc.) as identification feature of the signatory. Signature solutions have to fulfil the following requirements in order to be allowed as evidence at court:

• The identification feature has to be protected at every point of the process from unauthorized access and misuse.
• The identification feature has to be connected to the signed document in a way it cannot be extracted and used in another document.
• Changes to the signed document have to be detected with absolute certainty and consequentially render the signature invalid.

Systems for handwritten signatures usually consist of two components in order to ensure the previously mentioned points:

1. The biometric signature containing the identification feature, which makes it possible to identify the signatory.
2. The digital signature verifying the (encrypted) biometric data is part of the document and ensuring the document cannot be changed. The digital signature offers the option to validate the integrity of the document.

Generally, biometric data (= the identification feature) is protected by a notary key pair, of which the public key is used for encryption and the private key is used for decryption. The private key is stored at and only accessible to the notary. This means, the notary is the only person, who can access the biometric data of a signature. The digital signature normally uses a key pair either created by the user or the provider of the signature solution.

ATTENTION: A system which uses only the digital signature to ensure the connection between the signature and document has an attackable weakness. In this case, the proof that a signature belongs to a document (and only to this document), is solely based on self-made and self-managed key pairs of the user or the provider of the signature solution. Sometimes even the signature device (and its serial number) is needed to proof this connection between the signature and the document, which means the signature device has to be available as evidence at the time of court. If you have longer contract periods – e.g. insurance contracts – this is not practical, because the devices are usually recycled after approx. 5 years.

Additionally, self-made key pairs are not protected in the same way as keys stored at a notary. This means a (encrypted) signature can be retrieved from the original document and misused with another document in a way it looks like the signatory has signed this second document. StepOver does neither support nor use these potentially unsecure methods.

With the patented StepOver encryption process the secure notary key is used to deliver proof of both:

• The identification feature, which is safely encrypted with the notary public key.
• The unambiguous connection of the signature (identification feature) with the document, which is also done with the notary key.

Since 2010 StepOver offers the only system on the market with that security. The user can be certain that his signatures can be used as evidence at court, because of the secure, notary based storage of the private key. StepOver only uses self-made keys for simple validation, these keys have no significance in the line of evidence.

You should not have to make any compromises with data protection and data security and thanks to the patented signature solution provided by StepOver you don’t have to. Keeping this in mind we at StepOver wish you a lot of success in your future endeavours.