This topic contains 6 replies, has 2 voices, and was last updated by  Duo_Liang 2 days, 9 hours ago.

  • Author
    Posts
  • Participant
    InCruento
    Newbie
    Member since: 01.03.2018
    Number of posts: 4

    Our customer wants to deploy an App in a tablet for having their patients signing a consent form authorizing some medical procedures. It would be an in-person signing scenario. Since it is a sensitive process, they need to identify that patient using biometrics (using an existing 3rd party service already integrated in the tablet) and to record that information embedded into the document using OneSpan Sign.

    Is it possible using the mobile SDK?

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 183

    Score

    0

    Hi there,

    With OneSpan Sign, you are able to integrate your own authentication method into the workflow. The following is the workflow I understand and suggest to use in your scenario:
    0. Turn off the automatically email notification sent to signers by contacting our support team(sign.support@onespan.com).
    1. Using your 3rd party service to get the biometrics for signers.
    2. Once you get the metrics, you can use Package Attributes Feature to put these information in the package JSON and create the package.
    3. Instead of sending the email, you can use Authentication Tokens for signers (guidance here) to manually generate the signing link and embed this link into an iFrame.
    4. Patients sign the document.
    5. If you want these info, you can use GET /api/packages/{packageId}to retrieve them.

    If I misunderstand anything, please let me know. And hope this could help you!

    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    • This reply was modified 1 week, 5 days ago by  Duo_Liang.
    • This reply was modified 1 week, 5 days ago by  Duo_Liang.
    • This reply was modified 1 week, 5 days ago by  Duo_Liang.
    Participant
    InCruento
    Newbie
    Member since: 01.03.2018
    Number of posts: 4

    Score

    0

    Hi Duo,

    Thanks indeed for your answer, it is very useful for us. I just have a couple of doubts about what you suggest since there are two moments for the user that needs to be recorded when interacting with a document in an in-person scenario:

    1. The first one is when the document is to be presented to the signer. In the sandbox preset workflow, it only prompts the users to be switched with no additional validation. Currently the sms authentication seems to be unavailable for this scenario. Could we enable it somehow by using an approach similar to what you suggested (using the Iframe)?

    2. The second moment is when the signer accepts the document, after he had read it, and wants to sign it. The idea is to use biometrics at this point as a way to reinforce legal compliance. which would be the suggested procedure to achieve that?

    Thanks in advance for your help.

    Participant
    InCruento
    Newbie
    Member since: 01.03.2018
    Number of posts: 4

    Score

    0

    Hello, is there any update?

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 183

    Score

    0

    Hi there,

    Sorry for the late reply! It just took me some time. And talking about your two concerns.
    For 1#, can I know why you’d use in-person signing? Because from my knowledge, there’s no way to force using authentication methods(SMS, Q&A, etc.) But if you just want to switch between signers more easily, you can build this capability at your own side by invoking signing session for the specific signers and applying your own front end logic. I’ve got some sample code in Java and HTML pages for you. As long as it’s not a in-person signing, the authentication methods are available.

    For 2#, I still a little bit confused about how you are gonna use your biometrics, you want to embed these values into the audit trail? Or you want to embed these values directly into the document? Or you want to show these messages when signer confirm their transaction?

    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    • This reply was modified 2 days, 10 hours ago by  Duo_Liang.
    Participant
    InCruento
    Newbie
    Member since: 01.03.2018
    Number of posts: 4

    Score

    0

    Hi Duo,

    Thanks for the answer. Regarding your comments:

    #1. Yes, we know that currently OneSpan Sign does not support authentication for an in-person scenario and that is precisely why we are looking for a workaround. The customer needs the signing process to be both in-person and authenticated and that all of the authentication information be embedded into the audit trail. So, according to your previous answer, I was wondering if we could manually “trigger” an sms from the platform to validate the switching of the signers.

    #2. Regarding the biometrics, what we want is to ask the user for the fingerprint when he confirms the transaction and to embed the image into the document and the minutiae digital data into the audit trail.

    Hope I was clear.

    Thanks

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 183

    Score

    0

    Hi there,

    For 1#, yes you can trigger a sms sending to the target phone, but the issues is, for current, you can’t integrate this when switching the signer as there’s no front-end notifier or back-end callback notifier for this event. If you still want this, the better way is to build the in-person and switch function with your own application. Because as long as you embed the signing ceremony into an iFrame, the audit trail will still shows the signer is using your application’s IP which is same as the in-person signing.

    For 2#, let the signer confirm the document first, get their fingerprints and then change the document is really not the workflow we suggest to use. The authentication should be done before the transaction is created and all documents shouldn’t be modified after creation. You can embed these biometrics directly into the document just before creating the package.

    Talking to write something into the audit trail, you can use our session fields feature.

    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist

You must be logged in to reply to this topic.