Document prepared by Ducati Motor Holding Spa under Italian Prime Minister’s Decree of 22-02-2013 , Art. 57, paragraphs 1 and 3, concerning Advanced Electronic Signatures.
During2015, Ducati Motor Holding Spa (“Ducati”) introduced an innovative IT solution allowing Ducati customers and users (“Customer/s”) to electronically sign agreements. This solution, hereinafter referred to as “ dynamic signature”, is part of a broader project to dematerialise (digitise) work flows by gradually moving from paper documents to digitized documents. In short, the dynamic signature service is based on a technology that allows for documents to be signed using a tablet (digitizing tablet) using a particular type of electronic signature, reducing/eliminating the need to print paper documents to be preserved and/or handed over to customers. This document describes the characteristics of the Advanced Electronic Signature Service and of other technologies such service is based on, and is published on the homepage of the Ducati Motor Holding websites as required by applicable regulations, so as to be available to Customers and the general public at all times.
A dynamic signature is obtained by recording the dynamic characteristics (rhythm, pressure, coordinates, etc.) of a customer's handwritten signature written on a digitizing tablet with a stylus. The dynamic signature solution adopted by Ducati Motor Holding Spa meets the IT and law requirements of the advanced electronic signature category as defined by the Italian Prime Minister's Decree of 22-02-2013 “technical standards for the generation, affixing and verification of advanced electronic signatures, qualified electronic signatures and digital signatures” published in OJ no. 117 of 21-05-2013 and ensures (see Italian Prime Minister’s Decree 22-02-2013, art. 56, paragraph 1): a) signer authentication b) unique link of signature to signer c) signature generation system is under the sole control of the signer (including any biometric data used to generate the signature) d) ability to verify that the signed digital document remains unaltered after it was signed e) ability of the signer to obtain evidence of signed content f) identification of the subject as per article 55, paragraph 2, letter a) of the technical standards g) no elements of the signed document allow for changes to the acts, circumstances or data contained in the document h) unique link of signature to signed document.
The documents signed by Customer with a dynamic signature are digital documents that: - meet the technical safety requirements specified by prevailing regulations - have the same legal value as paper documents signed by hand. A dynamic signature may be used to sign agreements / commitments and statements of indemnity concerning the use of Ducati motorcycles for any purpose, reason or cause, and any documents relating to / connected with them.
The dynamic signature service adopted by Ducati Motor Holding Spa enables Customer, with the help of an operator, to: view the document to be signed on a suitable screen; read and check the digital document to be signed sign the document in the special "signature" fields available on the tablet using a special pen. Visually, a dynamic signature on the table looks exactly the same as a handwritten signature on a paper document. After the signature is completed, Customer may: accept the signature by pressing a "confirm" key on the tablet using the stylus repeat the signature by pressing a "cancel" key on the tablet using the stylus cancel the signing operation After the signing process, certain technical and IT features of the document are enabled that ensure its integrity and uneditability. Customer has the right to obtain copy of the documents signed with dynamic signature. Customer may demand a hardcopy of the documents when they are signed, or obtain the documents in digital format by submitting an e-mail request to: email@example.com
In order to use the dynamic signature service, customers need to agree to use dynamic signature to sign any documents Ducati Motor Holding Spa makes available to sign with dynamic signature in a suitable statement (see Italian Prime Minister’s Decree 22-02-2013, art. 57, paragraph 1, letter a). Customer who subscribe to this service may obtain copy of the authorisation agreement at any time free of charge by submitting an e-mail request to:firstname.lastname@example.org (see Italian Prime Minister’s Decree 22-02-2013, art. 57, paragraph 1, letter c). Likewise, customers may revoke their consent statement at any time and revert to using conventional handwritten signature on paper documents.
DIGITIZING TABLET The hardware component used by Ducati Motor Holding Spa is a special digitizing tablet based on electromagnetic resonance technology that accurately detects the biometric values of the customer affixing the signature. These tablets feature a colour TFT LCD and a special pen that the customer uses to sign the digital document displayed on the screen. The tablet shows the signature in real time as the customer writes on the screen, and customer experience is the same as when writing on a paper document. The tablet enables customer to: view the document and scroll through it as required sign the document and confirm the signature cancel the signature and sign again cancel the signing operation These operations are performed using a special stylus and suitable function keys available on the tablet screen; the signer has sole control over the signature generation system at all times. DYNAMIC SIGNATURE SYSTEM The dynamic signature system ensures the security of the biometric data that provide a unique link of the signature written on the tablet to the signer/customer. The digitizing tablet is connected to the operator's workstation in secure mode using an AES algorithm with double symmetric key exchanged using the DIFFIE-HELLMAN algorithm. Biometric data is encrypted using a public certificate with RSA 2048-bit asymmetric key and SHA256 encryption algorithm. Data is then embedded into the PDF and a PadES signature is created by applying a technical digital signature based on an additional certificate with private key and SHA256 algorithm. Biometric data is not stored in clear text in any manner whatsoever, either by the tablet or by the signature application. The set of biometric values is bound to the digital document viewed and signed by Customer with a unique, indissoluble link connected, so that any given signature cannot be attached to any other document. The digital document signed by the customer is stored in PDFa1-a format and signed digitally in PAdES mode, so as to meet all law requirements in terms of document self-consistency, uneditability and readability. At the end of the signing process, the document is sent to a digital archive to be preserved in accordance with law requirements. BIOMETRIC DATA MANAGEMENT Ducati Motor Holding Spa has no independent access to the biometric data of the signer. This means that such data may only be encrypted as allowed by the law with the assistance of a third party appointed by Ducati Motor Holding Spa by observing a strict, detailed corporate procedure. This ensures that biometric data is not used for any other purposes, such as identifying and authenticating Customer in IT procedures. LEGAL DIGITAL ARCHIVE Legal archiving is a secure archiving process for digital documents signed by Customer aimed at ensuring that documents remain undamaged, unaltered and readable over time. To this end, Ducati Motor Holding Spa uses a digital document archiving service in accordance with Italian Legislative Decree no. 82/2005 (Digital Administration Code). When the signing process is completed, the documents signed by Customer are sent to the archiving system to ensure their long-term integrity, uneditability and validity. All documents are available in the archiving system that may be accessed by certain authorised operators that are members of the staff.
In compliance with Italian Prime Minister’s Decree 22-02-2013, art. 57, paragraph 2, Ducati Motor Holding Spa entered into insurance policies with AIG Europe Limited - Via della Chiusa, 2 - Milan, Italy, on 25 June 2015 to protect users / customers who sign with dynamic signature.