Yes, Blocknify complies with the requirements of the Bundesgesetz über die Elektronische Signatur (ZertES, SCSE Federal Act of 18 March 2016, RS 943.03), the Uniform Electronic Transactions Act (UETA, 7A Pt. 1 U.LA. 211, 211-99 (2002), U.S. Electronic Signature in Global and National Commerce Act of 2000 (ESIGN), and the European Union eIDAS (EU No.910/2014) regarding electronic signatures and transmissions.
To qualify as an advance e-signature, we need to comply with the following four requirements (how we comply):
- It uniquely linked to the signatory (we create a unique private and public key, that is never transmitted at any time)
- It is capable of identifying the signatory (we verify your email and phone)
- It is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control (the private key is always created locally and encrypted via your created signing PIN)
- It is linked to the data signed therewith in such a way that any subsequent change in the data is detectable. (Your signature is tied to a document fingerprint hash within the Blockchain, even if one pixel is changed the signature will not match)
Authentication of Signer
All signers are authenticated in compliance with advance e-signature regulations, email address (with confirmation), phone number (with SMS confirmation), name, user-created signing PIN (inputted at the time of signature), and IP address (at the time of signing). This information (excluding the signing PIN) is stored with Blocknify and tied to their unique public key.
Contract Authenticity - Tamperproof
When signing with Blocknify, a document fingerprinted is created and signed with your signature. This fingerprint allows us to verify the content of a document between users or sessions without storing the readable document. Even if one pixel or letter were to change, the fingerprint would not associate with your signature. This document fingerprint and signature are then posted to the Blocknify Blockchain and tied to the Public Ethereum Chain. The blockchain acts like a notary to record what was signed (document fingerprint), who signed it (unique user public key), and when did they sign the document (time-stamp).
Intent to Sign
The user's intention to sign the document is captured by inputting their unique signing PIN at the time of signature. This PIN is never stored, and user created.
Audit Log
An audit log is recorded within a document specific smart contract on the Blocknify blockchain to ensure immutability. Also, the Blocknify private blockchain immutability can be authenticated by a tethering smart contract on the main Ethereum public chain which periodically records a hash from each node (see more here). Every time a document is signed using Blocknify, the document fingerprint is signed with a locally created private key (using a mix of information and the signer's unique signing PIN). This is then sent to the blockchain, and a unique smart contract is created with the document fingerprint, who can sign the document, and who has signed the document. All actions are time-stamped and posted using the signers public key. Blocknify prints out the audit log from the Blockchain along with the smart contract address any time the document is signed or once all signers have signed the document and the final audit trail is emailed to all signers.
Qualified Electronic Signature within the EU and Switzerland
Some documents require a Qualified Electronic Signature, such as loan agreements within Switzerland and Germany. Each country differs on what documents require a Qualified Electronic Signature. A Qualified Certificate for a Qualified Electronic Signature can only be purchased from a Certificate Authority who is also ISO 15408 accredited as per the eIDAS and ZertES regulation. Within our Enterprise version, we do offer Qualified Electronic Signature through Swisscom which is a Certificate Authority within Switzerland and the EU. The signing process is the same, but we add an additional certificate from Swisscom. We choose Swisscom because their services don't require access to the document, which ensures the privacy of our customers.
Disclaimer
This overview of specific e-signature laws is not a comprehensive overview of the requirements of e-signature laws in the United States or other countries, is for educational and informational purposes only, and is not intended, and should not be construed, as legal advice.