loader image
Menu Close

Verified digital signatures anytime, anywhere.

Platform

Conceptual Cross-Platform 
Application, React Native

Industry

Document verification
and legal authorization

Location

Willamette Valley,

United States

My role

Solo Product Designer
& Research

The problem in context: e-signatures

One of the biggest issues that we currently face in document verification is that outside of public and private keys, you can’t tell who signed your document, and you have no way of truly knowing if the signature is a forgery.

Electronic signatures are 
becoming dangerously easy to fake.

Theft of private keys through manipulating system-level access is becoming trivial.

All an attacker has to do is compromise a device to gain access to a user’s private signing key. Malicious app code is a large driver of this problem, and it’s only getting worse by the year.

  1. Device is compromised by attacker.
  2. Private signing key is hijacked.
  3. Digital signature is applied using key.
  4. Attacker walks away with signed document.

 

 

The worst offending apps are the ones we don’t know about

The problem with trying to police this issue on the respective app stores is that there are so many apps, even the respective platforms can’t monitor them closely enough to ensure 100% safety.

“The latest campaign, according to researchers with Human Security’s Satori research team, included 80 Android Apps lurking in the Google Play Store and, notably, 9 in the Apple App Store. All together, the team reported the malicious applications were downloaded at least 13 million times.”

Satori Research Team

Dealing with the root of the problem

Instead of trying to tighten down security to the point of infeasibility, the aim of BioSign is to make digital signatures so difficult to forge that it can’t be regularly done.

Recording and device data are
streamed to the server

Instead of relying on data transmitted from any one file, BioSign takes zero-trust a step further by continuously requesting, confirming, and verifying data as it’s submitted by the user.

This additional layer of verification makes 
e-signatures prohibitively expensive to fake

In order to effectively fake a signature on BioSign, an attacker would need:

  • Emulated location data
  • Spoofed device data
  • A massive sample of user voice data for speech synthesis
  • High-resolution headshots of the user talking for facial rendering
  • Two deep learning models running in tandem to render the steaming output
  • While believably emulating gyroscope data for hand movement/sway
  • Perfectly rendering the recording with no discernible artifacts
  • And finally streaming that data with matching time, date, and location stamps
  • All while BioSign’s own AI is watching for ALL of the above attack patterns.

Like an engine-disabling car alarm, it makes it expensive enough that it's just not worth thieves' time.

Streamlining document
management & organization

After files are created, sent, received, or otherwise modified,
the system stores them based on their status.

Search by any criteria, with automatic pattern matching

Looking up a particular document is as simple as searching for any data associated with it. Names, dates, companies, etc., it’s all fair game.

View any file with permission-based field filling

Any file that’s been sent to a particular user can be viewed, filled, signed, or rejected based on their permission level from the sender or their organization.

Document status & changes
are tracked every step of the way

Instead of having to play phone-tag or deal with massive chains of emails, document status is tracked per document, and updated as the document moves through the workflow (drag to scroll below).

And you’re always notified
whenever a document changes status

Whenever a document’s status changes, users are notified and can tap to view more information.

User reception & feedback

Users reception of BioSign was generally positive, and I got some great feedback from them regarding both aesthetics and functionality.

Qualitative Findings

What users had to say about BioSign from post-use debrief interviews.

“Wow, I really like that this app is so clean and that it makes it easy to see who signed your documents.”

“If we had this at my work, I don’t think we’d need to use anything else.”

“I’d like to see the ability to add notes outside of the document description, that would be really nice.”

“Is there any way to tag the documents with specific keywords or hashtags?”

“This is cool, but I feel like Adobe Sign does more or less the same thing, and I can use it on desktop.”

“You know if I’m being honest, this is probably the first app I’ve ever seen that does this type of thing well. When is it coming out?”

Quantitative Findings

Metrics derived from surveys, interview, and observations.

64%

Of users surveyed

Stated that they were unsatisfied with their current methods of document signing and verification.

78%

Of users interviewed

Reported being impressed by the overall presentation of the BioSign app, along with its intended functionality.

96%

Of users observed

Were able to easily navigate the app in its entirety, send, receive, verify, and sign documents without assistance or intervention.

Thanks for stopping by!

I sincerely appreciate your time and consideration.

If you’re ready to take your next great idea from concept to marketplace, I’d love to help. Drop me a line, let me know what you’re looking for, and we’ll get the ball rolling.

Connect with me