Advanced Vocal Signature

European Agency of Digital Trust has developed a check list to assess best practices adoption in systems managing advanced electronic signatures when voice (and its specific biometric information) is used as signature creation data.

REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC /EIDAS) defines advanced electronic signature in Article 26:

An advanced electronic signature shall meet the following requirements:

  1. it is uniquely linked to the signatory;
  2. it is capable of identifying the signatory;
  3. it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
  4. it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

It is clear that voice signature:

  1. it is uniquely linked to the signatory;
  2. it is capable of identifying the signatory;
  3. is with a high level of confidence, under the sole control of the signatory

Nevertheless, to comply with all requirements, an advanced electronic signature solution also must guarantee:

  1. it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

The best practices as defined by TCAB also mandate additional requirementss:

  1. Evidence of the granting of consent by the signatory in relation to a document in his/her own voice and the linking of the evidence to the document.
  2. Resistant to pre-recorded voice simulations and speech synthesisers by potential impersonators (phishers).
  3. Probative symmetry. Immediate availability of the document to the signatory and evidential resources at a cost in line with those applied to paper signatures.
  4. Durable medium as signature support. Persistency of the document so that the parties can prove the identity of the signatories and content of the document at any given moment in the future.
  5. Option of verification of the vocal signature and document contents by the signatory in a straightforward manner, through the degraded version of the speech sound as pronounced by the signatory.
  6. Impossibility of retrieving the high quality recorded voice by the organisation applying the technology and that of the embedding of the voice signature on other documents.
  7. Option of comparison of the high quality recorded questioned voice with known voices from the signer within a forensic context and that of dispute resolution.
  8. Option of generating hybrid documents valid on paper and electronic formats.
  9. Availability of information to signatories or their legal representatives as regards the method of furnishing evidence and analysis thereof within a litigation.
  10. Protection of personal information pursuant to the Privacy Act. Existence of Data breach response plan in place

In Spain, European Agency of Digital Trust (EADTrust) is the first accredited security auditor to carry out assessments regarding Advanced Vocal Signature following the aforementioned principles. You can contact them calling +34 91 7160555

This entry was posted in Advanced electronic signature, Advanced vocal signature, EIDAS, Voice biometric, Voice consent. Bookmark the permalink.