Persistent Data Integrity (PDI) A Proposal For A New Document Security Standard How Secure signatures function currently. A typical document passes through multiple eSignature and document management platforms over the course of its existence. To be fully secure, the audit trail of this document must be accessible across all platforms, and maintain this accessibility in both the analog and digital domain. This creates challenges that current platforms and systems struggle to address. Typical Use-Case Scenario Dootloop DIGITAL SELLER X Docusign DIGITAL X X BUYING AGENT Paper X Signature BUYER Security breakdown Secure ANALOG X X X X LISTING AGENT ESCROW SELLER BUYER Unsecure CONCLUSION: In this example, the document security fails as soon as the document passes into Still From secure despite the analog, or printed, domain. here, image editing software can be used to alter terms, signachange of platform tures, dates and even parties participating, without any way for downstream participants to check data veracity. Typical Use-Case Scenario with PDI PDI Signatory DIGITAL BUYING AGENT Docusign DIGITAL ESCROW LISTING AGENT BUYER Paper X Signature ANALOG Still secure despite change of platform Secure SELLER SELLER BUYER Unsecure CONCLUSION: When a document is generated within a PDI compliant framework, document security is sustained regardless of downstream platform or domain paths. Persistent Data Integrity (PDI) 2 What is PDI? Persistent This security technology persists on a document across any and all platforms and media, both analog (printed) and digital, with no degradation in the level or nature of data surety. Data This technology encapsulates user-generated materials in the form of signatures and / or other document specific content. Integrity This technology insures the preservation of data in a sound, or pure, or perfect condition using SSL, UETA, KBA, geo tagging, IP address registration, device ID tagging, cell number lookup, TXT based challenge / response, time / date stamping and other patent pending security protocols to achieve the highest level of data surety. Persistent Data Integrity (PDI) 3 What form does PDI take on a document? 86 • A score (1 to 100) generated against the level of confidence the issuing entity has in the surety of the document data. • A scannable code. What are the 3 categories of PDI validation? What form does PDI take when validating data surety? How is the PDI score created? • Signature surety – who, when, • A display of the original document • A PDI enabled system includes some where, and with what device as a digital file. or all of the technology categories not- • Document surety – physical • An abstract of all data committed to reproductions of secured documents that document using a PDI enabled • Metadata surety – digital abstract of user generated document data system (e.g. signatures, name, address, purchase price etc.) ed under the INTEGRITY bullet above. Each of these categories is assigned a weighted number. The PDI score for a given page of a given document is generated based on the extent to which • A certificate listing security data security data in all categories was collected during the creation of the collected and verified at commission. document and the commission of the data, up to and including meta data such as photo, video and bio metric IDs. Persistent Data Integrity (PDI) 4 How is PDI Different from Existing Security Protocols? There are two separate authentication domains to be considered when validating a document: Signatory Authentication, and Data Authentication. In both cases, PDI offers a standard of security not available within non-PDI enabled systems. 1) Signatory Authentication opportunities. With a PDI enabled system, photo, video and bio-metric IDs such as finger prints are always accessible. This means that a gatekeeper Determining the identity of a document signer, technology such as KBA, which becomes the sole and separately of a document creator, is currently purveyor of surety and which is available only once effected using well established, but problematic, per transaction, can be supported or replaced by technologies. The existing gold standard for this real time in person authentication – using the domain authentication is KBA, or Knowledge Based photo or fingerprint of a document signer accessed Authentication. The problem with KBA is that it through a PDI system, signer authentication can is accurate only insofar as existing databases hold confidentially be established at any stage of the data about an individual signer. There are non transaction. trivial cases where KBA will not provide acceptable security, for instance for a younger signer, who may not have historical address, billing or financial services information, or for foreign signers whose historical data might not be accessible in domestic systems. In these and other scenarios, KBA systems will fail. Where PDI enabled systems truly outpace other security protocols is when the documents in question are not digital but analog. After a document is printed, the existing standard digital authentication trail is at best extremely difficult to resurrect and at worst entirely lost, whereas PDI security extends into the analog realm as easily and securely While a PDI enabled system includes KBA, the fact as it does into the digital. This is the PERSISTANT that the data associated with a signer is persistent nature of PDI. creates deeper, more complete authentication 2) Data Authentication While some effective forms of Signatory Authen- verify that the data which belongs on the document is actually the data currently viewable. tication exist, there is very little in the way of Data PDI enabled systems create instant and direct ac- Authentication available at the consumer level. cess to the original document. Additionally, more We know of no standardized set of procedures advanced PDI enabled systems create an abstract established in this domain. Ironically, analog Data of the data on the document to quickly determine Authentication outpaces digital authentication, the veracity and accuracy of the version being since a paper form can be enveloped, sealed and audited. And again, due to the PERSISTANT nature dated, and reliably identified as an original, while of PDI, this access is equally available whatever the in the digital space, once a document has been media, whether printed or digital, of the docu- printed, edited by hand, scanned, edited digitally, ment. This is the great, over arching benefit of PDI sent through multiple signature systems such as – security conferred equally to digital and non-dig- Docusign and Digital Ink and printed again, it ital documents. can be impossible to backtrack to the original and Persistent Data Integrity (PDI) 5 The NuOffer PDI Implementation + The NuOffer implementation of PDI covers all documents and signatures created in the course of writing, submitting, responding to and accepting an Agreement to Purchase real property originating within the system. In the future this implementation will be extended into the post-acceptance, and eventually into the post-close phases of this transaction. The present document deals only with the PDI and security features of the NuOffer system, and not with the offer writing, transaction Persistent Data Integrity (PDI) nuoffer management, CRM, vender marketplace or broker tool elements. These security features to be addressed revolve around two distinct data subsets; offer terms and signatures. Within the NuOffer system a signature is first Composed, then Enabled. A signature is Composed with a finger or a stylus on a touch sensitive surface, and Enabled when it is applied against a given document. A single signature can be Composed only once, but may be Enabled multiple times. The device on which the signature is Enabled is referred to as the Enabling device. 6 When is PDI logged in the NuOffer system? 1) A PDI snapshot is taken at the time a signature is Composed. Signatures are Composed in the NuOffer system: Signature • By a client on an agent’s device • By a client on client’s device (phone) • By an agent on agent’s device 2) A PDI snapshot is taken whenever signatory permission (legal release to Enable signatures) is granted from a device other than the device that will be used to physically Enable a signature. This is NuOffer’s Txt2Sign technology, requiring a client to grant permission, via TXT, for a given document to be signed if the Enabling device belongs to the agent. 3) A PDI snapshot is taken whenever a signature is Enabled on a document. Signatures are Enabled in the NuOffer system: • By a client on an agent’s mobile device • By a client on client’s device (phone) • By an client on a desktop computer 4) The user generated data (offer terms) attendant upon any document drafted or submitted in the NuOffer system is logged in association with all Enabled signatures from all participants at every juncture. How is PDI accessed in the NuOffer system? NuOffer is a complete implementation of the proposed PDI standard. This means that all three categories of PDI validation are provided: • Signature surety – who, when, where, and with what device • Document surety – physical reproductions of secured documents • Metadata surety – digital abstract of user generated document data There are two links in the data access chain: 1) A QR Code is assigned to every page of every document which leads to a unique Secure Document URL 2) The Secure Document URL allows permission-based access to the PDI information for that page of that document. • Scanning the code, either through the native NuOffer application or any other commercially available QR code scanner loads a log in URL. continued next page . . . Persistent Data Integrity (PDI) 7 • All registered offer participants are granted full access to all pages of a document from the QR Code of any individual page of a document after successful log in. These can include but are not limited to: Listing Agent, Selling Agent, Buyer, Buyer Two, Seller , Seller Two, or any non-signatory who has been included on the Submit page of the NuOffer app. • Along with all global PDI information, the QR code on a given document facilitates ID tracking for the document recipient, so while a single Purchase Agreement might be copied and emailed to a buyer, a seller, a seller agent etc., all PDI information is identically logged except the document recipient. Thus if the document is reproduced and distributed by any given recipient, either digitally or in a printed form, origination data is available to audit. • By default, non-signatories accessing a Secure Document URL are allowed to see only the digital reproduction of the page that has been QR scanned, not the signatory surety or the metadata surety. This setting can be adjusted. Working With Secure Document URL Pages 1) Any signatory has the ability to forward this document to any other signatory or non-signatory by scanning the QR code for a given page or document and entering contact information. In this case, a new QR Code is generated reflecting the ID of the new recipient. 2) Agent signatories have the ability to forward pages and documents from Secure Document URLs to their clients for signatures. This allows an agent to present a printed, completed document for review and quickly Enable signatures on those pages digitally as the client approves them. Persistent Data Integrity (PDI) 8
© Copyright 2024 ExpyDoc
