Signature SDK Overview

Global Signature Development Team

January 2012
 Signature SDK Overview

Table of Contents
1 Introduction .............................................................................................................................. 3
2 Signature Enabled Windows Application .................................................................................... 5
2.1 Capture and Display Signature............................................................................................ 5
2.2 Check Signature ................................................................................................................. 7
2.3 Save Signature ................................................................................................................... 8
3 Signature Enabled Internet Explorer Application ........................................................................ 8
3.1 Document .......................................................................................................................... 8
3.2 Viewer ............................................................................................................................... 9
3.3 Capture and Display Signature.......................................................................................... 11
3.4 Check Signature ............................................................................................................... 12
3.5 Save Signature ................................................................................................................. 12
4 Wizard Control Signing Procedure............................................................................................ 13
4.1 Capture and Display Signature.......................................................................................... 13
4.2 Scripting Features ............................................................................................................ 13
4.3 Document Display ............................................................................................................ 14

Page 2 of 17
 Signature SDK Overview

1 Introduction

The Wacom Signature SDK includes a range of software components which were developed by the
company Florentis Ltd., acquired by Wacom in 2011. Until such time as full rebranding has been
completed there will be some residual Florentis name references.

When integrated with an application, the Signature Components allow handwritten signatures to be
captured from a pen tablet with the signature data securely bound to a document. A captured
signature can be displayed in the signed document providing a visual record of the act of signing. The
signature display is designed to give an error indication if the underlying document is changed in
some way.

The programming interface of the Signature SDK consists of the following COM objects:

 SigObj: Object that encapsulates a captured handwritten signature, including signature

characteristics, context of capture, and a hash value of the signed document. The SigObj is
central to the SDK and the remaining COM object provide support for its creation and display.
Separate Wacom products can be used for forensic examination of the signature data
(SignatureScope) or for comparison using Static or Dynamic signature verification toolkits.

 Licence: Object used to pass licence data to the other COM objects. The object is initialised with
a licence text string which defines the level of operations allowed for the signature controls. The
SDK includes an evaluation licence which is replaced in a production system by a company
specific licence.

 SigCtl: ActiveX control that provides the interface for creating and displaying a Signature object
(SigObj).

 SigCtlXHTML: Extension of SigCtl providing automated document checking for Internet Explorer
based HTML applications.

 Hash: Object that calculates a one-way hash (‘message digest’) of a data set, thus providing a
unique and reliable ‘digital fingerprint’ of the contents of a document or form.
 Key: Object that protects the integrity of data, thus providing a means of detecting any change to
the original signature data.
 ImgCtlXHTML: A control that can be used to display a graphic image from an encoded text string.

 DynamicCapture: Object that provides the necessary user interface for the capture of a
handwritten signature and the creation of an associated Signature object (SigObj)

 eSeal: Object that provides the necessary user interface for the insertion of an ''eSeal" image,
optional capture of a handwritten signature and the creation of an associated Signature object.
In some cultures, a stamp or seal, rather than a handwritten signature, is the traditional way of
endorsing a document; in other cases there may be situations where a tablet is not available but
a signing process is still required. The eSeal mechanism can be used in either of these cases to

Page 3 of 17
 Signature SDK Overview
sign a document with an eSeal image and, optionally and if a tablet is available, a handwritten
signature superimposed over the image.

 WizCtl: the Wizard control provides a means of scripting the signing process using interactive
displays on the signature tablet.

Page 4 of 17
 Signature SDK Overview

In a typical application the components will be used as follows:

 Display the document with a signature control area (SigCtl)

 Initialise the software licence
 Create a Hash of the document contents
 Call the signature capture function with the Hash
 Save the signature data
 On subsequent retrieval of a signed document, display it with the signature control area.
 Retrieve the signature data and pass it to the Signature control to display the signature
image
 Recreate the Hash then check the document contents showing the signature as invalid if
there has been a change.

For Internet Explorer applications the process can be simplified by using the extended signature
control (SigCtlXHTML)

 Display the HTML document with a signature control area (SigCtlXHTML)

 Initialise the software licence
 Call the signature capture function (a Hash of the HTML document is created automatically)
 Insert the signature data into the HTML document
 On subsequent retrieval of a signed document display it with the signature control area.
 The document is automatically checked and the signature will be shown as invalid if there
has been a change.

2 Signature Enabled Windows Application

2.1 Capture and Display Signature

Design the user interface of the application (eg a .Net Windows Form) such that it displays the data
set to be signed (or provides input fields for the user to interactively enter the data set) and displays
the ActiveX signature control (SigCtl).

For example, in Visual Studio use Tools…Choose Toolbox Items then add the .NET component
Florentios.InteropAxFlSigCOM.dll (via Browse...). The control can then be inserted in the form using
the Toolbox.

Page 5 of 17
 Signature SDK Overview
The control will appear as an unsigned ‘signature area’:

Signature Control (unsigned)

Add code (activated by some appropriate user action, such as clicking a button in the application
interface or double-clicking the signature control) to capture a signature and bind it to a message
digest of the data set, as follows:
a) Check that the data set is complete (ie. document has been correctly loaded or all
mandatory input fields have been completed).
b) Create a Hash object and (repeatedly) use its ‘Add’ method to add all elements of the
data set to the hash.
c) Determine the name of the signatory (user) and his or her reason for signing.
d) Create a Licence object and pass it the supplied licence string.
e) Create a DynamicCapture object and pass it the Licence object.
f) Invoke the ‘Capture’ method of the DynamicCapture object, passing it the signatory
name and the reason for signing and Hash object.
Note 1: if it is desired to simply capture a signature without binding to a data set then
steps (a) and (b) can be omitted and the ‘Capture’ method invoked without the Hash
object.
Note 2: if desired, an optional Key object may be created and supplied to the ‘Capture’
method in order to provide a means of subsequently checking the integrity of the
captured signature data.
g) The ‘Capture’ method displays the Capture Window, as shown below. An attached
tablet will be used to capture the user’s signature and bind it to the supplied Hash
object, if any. (Pressing the ‘OK’ button will complete this operation and dismiss the
window; pressing the ‘Clear’ button will clear all signature ‘ink’ from the window, if any
is present; pressing the ‘Cancel’ button will dismiss the window without capturing a
signature. The ‘OK’ and ‘Clear’ buttons only become accessible (enabled) once signature
‘ink’ has been entered.)

Page 6 of 17
 Signature SDK Overview

Capture Window (showing the reason for signing, the signatory name and the
current date and time)
h) Following capture, the control displays the signature:

2.2 Check Signature

Add code (activated by some appropriate user action, such as clicking a button in the application
interface) to determine if the data set has been modified since it was signed, as follows:
a) Create a Hash object and (repeatedly) use its ‘Add’ method to add all elements of the
data set to the hash. The order in which data set elements are added must be identical
to the sequence used prior to capture.
b) Use the control’s ‘Signature’ property to obtain a reference to its internal SigObj object
in which is contained the signature data itself. Invoke the ‘CheckSignedData’ method of
SigObj, supplying the Hash object, in order to determine whether or not the data set has

Page 7 of 17
 Signature SDK Overview
been modified since it was signed. If a change is detected, the signature will be displayed
crossed out. The application can also inform the user of the result by means of a pop-up
window, a text field, or similar.

Code may be added to check the integrity of the signature data in the control’s SigObj object to
ensure that it has not been modified (whether maliciously or accidentally) by means of the object’s
‘CheckIntegrity’ method. (For this to be possible, an application-defined Key object must have been
supplied when the signature was captured)

2.3 Save Signature

Code may be added to extract the raw signature data or other signature attributes by means of the
properties of the control’s SigObj object. For example, if it is required to store the signature data in
a database then it may be accessed using the object’s ‘SigData’ and ‘SigText’ properties, which
provide the signature data in binary and text form respectively. (Conversely, these properties may
be used to populate an unsigned signature control with signature data retrieved from a database or
from some other application and thus display the signature image in the control.) Similarly, the
object’s ‘When’, ‘Who’ and ‘Why’ properties provide the time of signature capture, the signatory
name and the reason for signing respectively.

3 Signature Enabled Internet Explorer Application

3.1 Document

An HTML document to be signed is created, comprising a summary of all the pertinent information
the signatory must confirm. Note that the sign-able document is created after all the information
has been collected; it should not provide any input fields or controls for modifying the data.

The SigCtlXHTML ActiveX control is inserted wherever signatures are required in the document. Prior
to signing the control will appear as an unsigned ‘signature area’:

Signature Control (unsigned)

Page 8 of 17
 Signature SDK Overview
When binding the document contents to a signature, the control will only hash URLs of external files,
not the resources to which they point. This includes images, style sheets, script files and other HTML
documents (within frames). From a legal point of view this is highly unsatisfactory as the target files
could change without being detected by the document binding. For this reason, fames and external
style sheet files should not be used in documents to be signed. (Script, as noted below, whether
external or embedded, should be avoided altogether.)

To allow images to be used the preferred approach is to bind the image data within the document
and use the ImgCtlXHTML control to display it when the document is loaded. This gives absolute
binding between the signature and the full contents of the document.

A trivial document with a single image and one unsigned signature control might appear as follows:

3.2 Viewer

Code is needed to control the interaction with the signature controls, for example to indicate that a
signature is to be collected. This is generally implemented in the form of javascript or VB script, but
it is bad practice to put the operating code into the document itself. Instead the document should be
presented within an <iframe> tag in a 'viewer' HTML document. The containing document provides
all the controls needed to handle the document, including signing, interrogating and submitting the
data. A simple viewer (which is included with the SDK sample code) is illustrated below. Note that in
this example the signing process is started by clicking on the “Capture” button. Alternatively the
viewer could be written such that the user clicks on the signature area before signing. Either way,

Page 9 of 17
 Signature SDK Overview
the document hash is automatically constructed for the document using the original html presented
to the browser.

Note: script should not manipulate the content of the document to be signed (except through the
use of the 'Markup' feature). In particular, the dynamic insertion of signature controls in not
supported.

Page 10 of 17
 Signature SDK Overview

3.3 Capture and Display Signature

When the ‘Capture’ button is clicked the Capture Window is displayed, as shown below. The dialog
box shows the reason for signing and the name of the person, both of which are set from the viewer
scripting. The information displayed in the dialog box will also appear on the tablet display.

Capture Window (showing the reason for signing, the signatory name, the
current date and time and, below the buttons, licence information)

Pressing the ‘OK’ button indicates that signing has been completed; the dialog will disappear and the
signature image will be shown within the signature area in the document.

Pressing the ‘Clear’ button will clear all signature ‘ink’ from the window, if any is present; pressing
the ‘Cancel’ button will dismiss the window without capturing a signature. The ‘OK’ and ‘Clear’
buttons only become accessible (enabled) once signature ‘ink’ has been entered.)

Page 11 of 17
 Signature SDK Overview
Following capture, the control displays the signature:

Signature Control (signed)

3.4 Check Signature

Code in the Viewer can call the CheckDocument function for each signature; the SigCtlXHTML
control creates the hash automatically from the document contents. In any case, the signature area
includes a tick-mark in the corner to indicate that the binding to the document is correct. If the
document is subsequently modified and loaded the signature(s) will all appear crossed out to
indicate that they have been invalidated.

3.5 Save Signature

Code may be added to extract the signature data or other signature attributes by means of the
properties of the control’s SigObj object. It should be noted that the signature control displays
signatures as they are captured but does not add the signature data to the document. To embed the
signature permanently in the document it is necessary to extract the data from the control and
submit it to the server where it can be inserted into the unsigned document as a param value.

For example, in the document a previously captured signature can be initialised with the SigObj text
property and appear similar to this:
<object type="application/x-florentis-signature" style="width:55mm;height:20mm">
<param name="Signature"
value="RlNm5hZFAtB9QwEBFxEQTXIgV2lsbGlhbSBIYXllcxY0M0kgaGF2ZSByZWFkIGFuZCB1bmRlcnN0
...
AAA="/>
</object>

Page 12 of 17
 Signature SDK Overview

4 Wizard Control Signing Procedure

4.1 Capture and Display Signature

The Wizard Control allows the user to be guided through a set of instruction pages displayed on the
signature tablet LCD display, each page requiring a selection by tapping the pen on the tablet
surface, for example selecting ‘Next’.

The ActiveX control was originally developed for use in Internet Explorer, scripted by Javascript
support code. If can, however, be used in many other applications which support COM components
and scripting. In a typical application the signing process follows the sequence:

 the client requests a document

 the server creates the document and a dedicated Viewer page
 the client views the document via the Viewer page

The Viewer page provides the controls and displays the document to be signed. It contains the
JavaScript required to action the control buttons as well as the Wizard Script which defines the
signing process.

The Wizard control can also be used to configure the signature tablet to display a simple keyboard,
such as a numeric keypad for entering PIN code numbers.

4.2 Scripting Features

Each document can have its own set of rules for the signing process and these are assembled when
the Viewer page is created on the server. When the Viewer is opened by the client, the document is
displayed and the signing process can begin.

Each step in the signing process contains:

 Display Setup: draw the text and user controls on the Pad Display
 Event Handler: response to user input on the tablet

The script can add a number of entities to the tablet display:

 Text eg, instructions or explanations

 Images can be passive (eg a company logo) or act like a button and respond to
clicks
 Button procedure control (eg Next/Cancel)
 Checkbox application options
 Input PIN code input
 Simple graphics lines, rectangles and ellipses

Page 13 of 17
 Signature SDK Overview

The script can, in addition, associate a signature control or signature object with the Wizard control.
Captured signature data is then saved to the control or object when an OK button is clicked.

4.3 Document Display

The sequence of screenshots below shows an example signing procedure using the Wizard control. A
Viewer page displays the control buttons and the document to be signed. In the screenshots, the
Viewer support script has opted to reproduce the tablet display in a popup window. The same
displays also appear on the tablet LCD where user input is made with a pen.

The page is opened:

The wizard script controls the signing process by presenting a number of screens on the tablet,
prompting for confirmation or selection of options, leading to signature capture.

Page 14 of 17
 Signature SDK Overview

‘Next’ is pressed on the tablet:

The wizard script has changed the document display to focus on a specific section to review.

‘Next’ is pressed on the tablet and a screen with a checkbox is presented:

Page 15 of 17
 Signature SDK Overview

Checkboxes provide options for the signing process. Selected options can be transferred to the
document or continuation of the sequence can be prevented until a checkbox is ticked, eg if a
confirmation is required.

‘Next’ is pressed on the tablet and the user signs:

‘OK’ is pressed to complete the process and the captured signature is displayed in a Signature
control embedded in the document.

Page 16 of 17
Signature SDK Overview

Page 17 of 17