Your fast and secure way to paperless office
Legito BioSign is an add-on to your Legito Smart Document Workspace. Legito BioSign allows you to biometrically sign PDF documents on your tablet or smartphone.
How does it work?
Why Legito BioSign?
Faster & less expensive than paper signatures
More time for new projects instead of scanning documents
Each signatory has a unique and unmistakable identifier
Cost savings for additional physical document storage
Trees used for printing papers – Enviromentally friendly
More secure than other forms of digital signatures
Frequently Asked Questions
How is a biometric signature different than an image of a signature?
There are two main differences:
- Imaged signatures capture only one type of biometric data – curvature. Biometric signature captures 5 types of biometric data.
- Signature in the form of a simple image can be replicated. Conveniently, this makes it possible for you to copy and paste the same image to multiple documents. Inconveniently, others may use the image of your signature to execute documents. A biometric signature however, is unique to every use, and always belongs to a single document. It cannot be reused.
More than other signature options, like in the real world, a biometric signature is an original signature. An imaged signature on the other hand, is more like an unverified copy of your original signature.
As such, if a signature should be disputed, only a biometric signature contains enough data to help a Forensic Document Examiner (FDE) determine the authenticity of a signature. A simple imaged signature, without additional correlating evidence, may not have sufficient information to prove legitimacy.
We believe that biometric signatures are the safest way to execute contract and other documents.
Biometric signature contains following biometric data:
- Position (x,y)
- Pen inclination
Do our executives, employees, representatives, or clients need any special registration or certificate to sign documents with Legito BioSign?
No, they do not. Once you create your company’s Smart Document Workspace in Legito, you can start biometrically signing your documents within 5 minutes. Due to security reasons, users who can activate the biometric signing process must be registered under your company’s Workspace. Individuals who will be signing documents using Legito BioSign do not need Legito accounts.
Unlike Advanced Electronic Signatures (AdES), or Qualified Electronic Signatures (QES), Legito BioSign doesn’t require the issuing of a certificate for each signing individual. You, your colleagues, or your clients simply grab an electronic pen and sign away!
What happens if there is a dispute over a signature?
“I didn’t sign that”, or “It’s not my signature.” are phrases lawyers often hear in courtrooms and other legal proceedings. People may dispute physical or digital signatures, including biometric signatures
Proving that a certain individual signed a document using digital signature is a process quite similar to that of proving the veracity of a physical signatures. The only difference is that all the biometric data from a biometrically signed PDF document must be extracted before a Forensic Document Examiner (FDE) can decide if the biometric signature was or wasn’t written by a certain individual.
A biometrically signed PDF document is encrypted, and this includes its biometric data, so the signature cannot be replicated and used in for another document, nor can the content of a biometrically signed PDF document be changed.
Legito as an independent provider, together with its highly renowned team of trusted escrow agents, securely holds the private keys for the extraction of biometric data from biometrically signed PDF documents.
Any authorized individual can request Legito to extract biometric data from a biometrically signed PDF document.
- You send a formal request (including authorization) to firstname.lastname@example.org.
- We schedule an appointment for an online meeting. Legito will provide the necessary software for screen sharing and remote desktop control.
- Attend the meeting, which will be recorded for the evidential purposes.
- You will upload your biometrically signed PDF document to Legito BioSign Extractor, available at
- Legito will apply the private key which will extract the biometric data from your document.
- You will be able to download graphs of the extracted biometric data for the target signature(s).
- Process complete! You now have all the biometric data you need, and it can now be placed into the hands of the FDE.
Here is an example of graphs depicting extracted biometric data for an FDE:
Visualization of a biometric signature as you can see it at a PDF document:
What devices are supported? Why can't I use any device with a touch screen?
Currently supported on the following devices:
- Samsung Galaxy Tab S3 (with S Pen) and all successor models
- Apple Ipad 2018 (with Apple Pencil) and all successor models
(Some Samsung and Apple devices with hardware properties similar to the above-listed models may also support Legito BioSign. Please contact Legito support for more information.)
Currently, Legito BioSign doesn’t support Signature Pads because they are single-functional devices, and we believe that multi-functional devices such as smartphones or tablets provide more benefit. Most companies already employ such devices in their day to day business, so generally there is no need to invest in hardware, or if they there is such need, these mobile devices can have multiple uses.
The reason why Legito suggests the devices above, is that for a Forensic Document Examiner to determine the authenticity of a biometric signature, the captured signature must have a certain minimum of biometrical data points. To ensure this threshold is met, the hardware – touch screen – used for biometric signatures must have a very high frequency to capture enough data. Furthermore, the device must be able to communicate with an electronic pen. Only the more recent touch screens (like those mentioned above) meet all the requirements to catch enough biometrical data points to prove authenticity.
Why do I need an electronic pen to biometrically sign documents? Why can't I just use a finger?
Because only the combination of a touch screen of the appropriate frequency (as described in the article above) and an electronic pen can capture all the necessary biometrical data to assist a Forensic Document Examiner in proving the authenticity of a signature. Signing a document with a finger is quite similar to using an imaged signature, and doesn’t uniquely identify an individual as well as a biometric signature using an electric pen.
What types of encryption are used in with biometrically signed PDF documents?
Biometric data are stored in ISO/IEC 19794-7 biometric interchange XML.
- The encrypted key with encrypted biometric data is combined in the following format:
[2B] [Key] [Biometry]
- 2B – 2 bytes in network byte order (big-endian), which determine the length of RSA-encrypted key in bytes
- RSA – encrypted key
- AES – encrypted biometric data
This data is encoded into readable text using Base64.
Each biometric signature in the finalized executed PDF document is signed separately according to PDF ISO 32000, Adobe.PPKLite filter, adbe.pkcs7.detached subfilter. Each biometric signature includes a bitmap with visible Base64 and encoded biometric data in the key (Biometrics).
Can I set which users can activate the signing process?
Yes, of course. Please, go to the People section in your Smart Document Workspace, open the User permissions settings for the particular user and check or uncheck the Can activate signing process permissions as appropriate.
What happens if I stop using my Legito Smart Document Workspace? Will I still be able to decrypt my biometric signatures?
The security and validity of PDF documents signed with Legito BioSign will not be affected if you stop using your Smart Document Workspace.
You always have the option to download biometrically signed PDF documents and store them elsewhere.
If a dispute over a biometric signature arises after you stop using your Legito Smart Document Workspace, the only Legito software you will need will be the decryption tool which Legito offers free of charge, along with the tool’s source codes (open source).
Legito will attach a private key to the decryption tool to allow decryption of the biometrical data.
What is the legal framework for biometric signatures?
Electronic signatures, including (dynamic) biometric signatures, are regulated as follows:
- In the EU by eIDAS – Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
- In the USA by the ESIGN Act – The Electronic Signatures in Global and National Commerce Act (E-Sign Act) (2000),, and UETA – The Uniform Electronic Transactions Act (1999).
The main difference between the EU and the USA is that the laws in the USA do not distinguish different types (levels) of electronic signatures. The EU law distinguishes between Electronic Signatures, Advanced Electronic Signatures (AdES) and Qualified Electronic Signatures (QES).
Similar acts have been passed around the world, making digital signatures a legal and reliable way to execute contracts and other documents. Electronic signatures, including dynamic biometric signatures, are legally valid, binding, and enforceable in almost every developed country in the world.
For EU customers, according to the eIDAS regulation, Legito (as a privately held company) is classified as a non-qualified trust service provider, and Legito BioSign falls under the description of (simple) electronic signatures. As per the eIDAS regulation, Legito shall take appropriate technical and organizational measures to manage the risks posed to the security of the trust services they provide. Having regard to the latest technological developments, those measures shall ensure that the level of security is commensurate to the degree of risk. In particular, measures shall be taken to prevent and minimize the impact of security incidents and inform stakeholders of the adverse effects of any such incidents. Also, Legito shall, without undue delay but in any event within 24 hours after having become aware of it, notify the supervisory body and, where applicable, other relevant bodies, such as the competent national body for information security or the data protection authority, of any breach of security or loss of integrity that has a significant impact on the trust service provided or on the personal data maintained therein.
Legito BioSign can only be used in the private sector. It shouldn’t be used in any capacity with state or public authorities, including courts.
Can I prepare a final draft of a document on my computer and use a tablet or phone to sign them later?
Is it necessary for all parties to biometrically sign the document in the same place and at the same time, or is it possible to stagger the signature process?
If you have a bundle of documents requiring separate signatures, you can sign each document separately at different times.
Currently however, in order to ensure security, all signatures to the same document must be completed within a single process, before the biometrically signed PDF document is encrypted and saved.
However, we are already working to enhance the next version of Legito BioSign to allow a more nuanced signature process, so signatures can be added at different times and locations, while still maintaining the same level of document security.
What happens after a document is executed using Legito BioSign?
After all biometric signatures have been attached to a document, and you have confirmed as much, the biometric signatures are encrypted to the PDF document to ensure that neither the document nor the signatures can be altered. The executed PDF document is then automatically uploaded to the specified document record in your Smart Document Workspace. Now, you may, download, copy or share your biometrically executed PDF document.
How do I copy biometrically signed PDF documents?
As with any other PDF file, you simply download the file from your Smart Document Workspace, and then upload to another space as needed. Such PDF files will be considered original documents, and in rare cases, could be used by a Forensic Document Examiner in a dispute over a biometrical signature.
Legito does not recommend printing / exporting / saving a biometrically signed PDF document to simple (non-biometrical) PDF.
How do I start using Legito BioSign?
If you haven’t created your Smart Document Workspace in Legito yet, please create one.
If Legito BioSign is not activated in your Smart Document Workspace, please contact our customer support.
Go to the administration area of the Template Suite where you intend to use Legito BioSign.
Find the template from which you will generate a document to use Legito BioSign and open the settings. Check, “Sign with BioSign” as follows:
Now open Legito Template Editor and insert the text LEGITOSIGN in the place where you want the document to be biometrically signed.
Now, you are ready to start biometrically signing documents generated from this template in your Smart Document Workspace.
The final step is to install Legito BioSign app from Google Play (Android) or the Appstore (iOS).
Once installed, there is no need to sign-in to the app, the sign-in process is activated from your Smart Document Workspace, and the Legito BioSign app will open automatically.
Now simply click the “Sign” button under your Legito Smart Document, and confirm which document you would like to sign:
Can I sign any uploaded PDF file, or do I need to generate the PDF from a Legito Template?
Absolutely, you can upload any PDF file via your Smart Document Workspace in Legito and execute it using Legito BioSign.
Just upload the PDF document you want to sign to Legito and click to Sign button next to the file name:
Please make sure you have added the “LEGITOSIGN” text to every spot where you want to attach a biometric signature to the document. Size (height and width) of a signature field will be determined by the size of the text string (LEGITOSIGN) so if you would like to make it bigger (or smaller), adjust the font size and/or type accordingly.