Five Things to Consider Before Integrating e Signatures into Mobile Applications

Today’s consumers can do almost anything from their mobile devices, and they expect to be able to sign documents from those devices.

According to Forrester Research, customers who are comfortable with web and mobile technologies are now driving e-signature adoption. By 2020 the majority of e-signature transactions will be launched from mobile devices. This will ensure secure signing, regulatory compliance and risk reduction.

When new features such as e-signatures are added to mobile apps, developers have many decisions to make before they release the apps to customers. 

Here are five factors developers should consider when they integrate e-signatures into an application:

Integration of e-signatures should be a quick process, taking as little as thirty minutes. It simply requires connecting with an easy-to-use interface, with little information requested upfront.

To make this happen using e-SignLive, the developer first starts with the e-signature solution’s mobile SDK. This SDK is packaged into a library, an interface header, and an integration guide. The developer can include the mobile library in the section link binary with libraries of their xcode project settings. 

The developer can start with either a new or an existing application source. There are a few libraries such as Foundation, CoreGraphics and CoreAudio that must be linked. The developer can get a singleton instance of the interface via the dashboard, set up some server parameters, provide a hook to the storyboard, and then call the method 

startEsigningCeremony.

Example:

        

This is where the magic happens! Users are identified, form fields are parsed and translated, and UserInterface is loaded via the provided hook.

With a responsive SDK, every action performed is reported back to the developer via the hook.

Mobile connectivity isn’t guaranteed 100 percent of the time. Using Offline and/or standalone mode e-the signatures can be applied and verified offline.  

In the Offline mode, signing and verification of the signed document are executed on the device; once the connectivity is established/restored, signatures are synchronized with the server and the document’s digital tamper seal is applied. 

In the Standalone mode, signing and verification of the signed document are executed on the device; the document’s digital tamper seal is applied on the device itself. This is useful, since a mobile device can lose connectivity at any instant without prior notification.

In the past, being offline posed many challenges, including managing synchronization and security on the device. The SDK automatically manages the offline state, and ensures that data can be accessed on the device - connected or not.

The xcdatamodeld is also exported. The developer must include it into the project settings and could track the changes into core data. The developer can also specify when synchronization should happen. Enum values like kSyncAfterDocumentCompletion, kSyncAfterTransactionCompletion, and kSyncAfterUserCompletion could be selected based on the requirements.

Adding e-signatures to a mobile application ensures that nothing has to be downloaded in order to sign a document. Users can simply use their HTML5 browser via multiple devices and create a document. The value of this is that developers don’t have to worry about supporting multiple device models/brands. If the device has an HTML5 implementation, the developer can integrate e-signing using the mobile API connected to the mobile SDK. 

With e-SignLive Mobile SDK, the mobile API is built using a REST/JSON interface to connect to the backend transaction data. The communication is also protected via an SSL layer. This could also result in the e-signature process running in hybrid mode, where part of the document is signed on one device and part on another.

Security is essential when signing electronically – the entire model of the electronic signature rests on the fact that for a signature to be valid it cannot be tampered with after signing, and that a signer cannot be impersonated (this is where authentication fits in). With mobile devices, security becomes even more important as devices often change hands, or end up vulnerable to theft. 

Generally, the e-signature solution that will provide the highest level of security is one that provides both standalone and offline options for server transactions since all user data is encrypted and securely stored locally on the device.

A secure solution should also offer a mobile SDK that ensures that even in the case of theft, misuse or unauthorized use, personal information stays completely protected.

In the case of e-SignLive Mobile SDK, a key is generated based on a set of secure criteria using AES-256 encryption on every piece of information stored on the device.  This key cannot be faked as it is linked directly to the app, the user, and the SDK. 

Regarding digital signature technology, e-SignLive Mobile SDK uses a SHA-2 algorithm to ensure that the signatures cannot be tampered with. e-SignLive Mobile SDK generates a PKCS7 digest; the verification can then be successfully done by using Adobe or other standard PDF readers. Once a signature has been applied to a PDF document, e-SignLive Mobile SDK embeds the complete history of signatures into the document, so that every moment of the transaction can be replayed. The end developer could also set up the SALT in the constants to customize the key.

A robust e-signature solution gathers evidence during the transaction that can be replayed, should a transaction come under dispute. In e-SignLive Mobile SDK, several types of evidence are gathered during the signing ceremony including document and process evidence, as well as any action the user performs including zooming, signing, scrolling or field entries. e-SignLive Mobile SDK also records how long each signer spent on the page. 

All of these recorded events are less than a kilobyte, and when they are given back to the SDK, together they will replay the event exactly as it happened. This evidence has helped settle numerous legal cases outside of court. 

For developers, the value of this evidence lies in not having to integrate any third party monitoring tools to track user behavior within their signing experience. With the footprint of this recording being extremely small, the developer does not need to worry about the amount of data the tracking process will take. e-SignLive Mobile SDK uses its own system to record user actions as a series of events. Along with the data, these events are stored in the data model. When replaying, the events are fetched and replayed with the user interface. Mapping between the events and user interface is also maintained within the SDK. 

The developer can use the dashboard interface to initiate recording/replaying with: 

An NSArray of events already recorded could also be fetched through interface properties. The end developer could also customize the recording/replaying by returning YES/NO into shouldRecord/Replay delegate calls.

According to analysts, electronic signatures are becoming simpler, cheaper and more accessible with mobile and tablets, and thanks to their many advantages including customer experience, security and risk reduction, adoption in mobile apps will continue to increase. Learn how you can get started with e-signatures on Silanis’ Developer Zone.