This document describes a Telegram chatbot that allows users to sign documents within Telegram chats. It discusses how the chatbot uses Cloud Signature and Time4Mind technologies to provide legally valid electronic signatures that are integrated with the EU's eIDAS regulation on electronic identification and trust services. The chatbot demo is available on GitHub and allows signing documents through simple chat commands. Potential improvements include enabling signature meetings between multiple users and integrating with other applications to start signature processes.
2. 2
Cloud Signature Chatbot
Sign a document within a Telegram chat
Emanuele Cisbani
Technical Evangelist at Intesi Group
ecisbani@intesigroup.com
9 March 2017
3. 3
Cloud Signature: Step Into Digital Transformation
Agility, efficiency, cost saving, great customer experiences:
● Get documents signed in minutes, not days
● Paper lifecycle cost saving
● Mobile & easy user experience, as expected by people today
● Legally valid and enforceable
4. 4
eIDAS: Unified EU eSignature
● eIDAS is the base for the EU Digital Single Market
● eIDAS enforce pan-EU interoperability from 1st July
2016
● The Qualified eSignature has the equivalent legal
effect as a handwritten signature
● Regulation mean mandatory adoption for all member
states
● Legitimizes cloud-based signatures by removing
smartcard requirements
5. 5
Authenticity & Integrity In The Digital Era
In the digital world, it is easy to reproduce a
message. The digital identity "bits" cannot be
directly transmitted alongside the message
itself. Whoever gets hold of these aspects may
have the opportunity to act digitally on my
behalf.
6. 6
e-Identity: Cryptographic vs. Biometric
Cryptographic identity is uniquely
generated by cryptographic keys, which
are securely stored inside a device.
● Provides a "native digital" identity
without statistical errors
● Protects privacy
● Is based on portable devices (not
necessarily connected to the
network)
● Allows digital identity revocation
Biometric devices use physiological
or behavioral characteristics, as in
the case of fingerprints, iris scans,
calligraphy, voice and face
recognition.
The only advantage of biometric
solutions is that you do not need to
identify users in advance and they do
not need to carry any particular
personal device.
7. 7
Cloud Signature Powered by Time4Mind
● Time4Mind is a platform of
webAPI for Trust Services
● Time4Mind supports
Advanced (AdES) and
Qualified (QES) eSignatures
in the EU’s eIDAS
regulation.
● Time4Mind works with
accredited certificate
authorities (CAs) and
qualified signature creation
devices (QSCDs).
Adobe SignValid Sign
Signature
Printer Driver
Any legacy
Application
Signature
Mail Gateway
Cloud Signature
Chatbot
Time4Store
10. 10
Requirements
● Python3 >= 3.4.2
● python libraries:
○ requests - RESTful client
○ Zeep - SOAP client
○ Flask - RESTful server
○ python-telegram-bot - Telegram Bot API wrapper
● PkBox server to process document signatures locally (envelops)
● Time4Mind ssl-client certificates to use webapi for strong authentication
11. 11
Possible Improved Usage Scenarios
● Signature meeting: same document signed by two or more users in a group
chat
● Signature of a set of documents in one shot
● Selection of certificates to use in case you have more than one suitable
● BP integration: start a signature process on other applications (i.e.: create a
folder on Valid Sign)