The E-SIGN Act makes online electronic signatures in a commercial transaction equivalent to a written signature. While the signing process is the keystone for binding contract, the authentication of both parties is the foundation. In the case of authentication, one size doesn’t fit all — some industries may require more stringent authentication than others, and some contracts may require additional authentication. Recognizing this, Adobe EchoSign offers multiple options for authentication including:

• Email

• OutofbandwidthsigningpasswordorPIN

• Biometricsignature

• 3rdpartywebidentity(i.e.Google,Facebook,Yahoologincredentials)

• Knowledge-basedidentitypoweredbyRSA(availableQ1,2012)

Adobe® EchoSign® Signer Identity VerificationOptions

AdobeEchoSignSignerIndentityVerificationOptionsData Sheet

Signers receive an email from EchoSign asking them to sign the document. Links in the email message contain unique tokens that identify the signer.

In the case of authentication, one size doesn’t fit all.

Email

AdobeEchoSignSignerIndentityVerificationOptionsData Sheet 2

Senders can require signers to enter a one-time password in order to gain access to sign an agreement. It is recommended that the password is given to the signer in a separate medium other thanemail(i.e.phone,inperson,text).

The document preview is disabled in the initial email notification to the signer. In order to review and sign the document, the signer must enter the password.

Theaudittrailexplicitlytracks that the signer entered the password before signing the document.

Tokens are validated by EchoSign and the signer identity is recorded in the EchoSign audit trail.

Out of Bandwith Signing Password

AdobeEchoSignSignerIndentityVerificationOptionsData Sheet 3

If an online handwritten signature is required, EchoSign users can choose to enable the biometric signature and make this type of signature mandatory for the signer. Signers may draw their handwritten signature using a mouse, or a stylus with a signing pad or tablet. EchoSign captures the timing and movements used to create the signature.

The EchoSign audit trail will contain the signer’s web identity, a link to their public profile and public profilepicture(ifavailable).

Web identity allow signers to authenticate themselves withcredentialsfrom3rdpartywebservicessuchasGoogle,LinkedIn,Facebook,Yahoo,MicrosoftLiveandTwitter. EchoSign users may choose to make web identity authentication required for signers.

Biometric Signature

Web Identity

Adobe Systems Incorporated345 Park AvenueSan Jose, CA 95110-2704USAwww.adobe.com

Adobe, the Adobe logo, Adobe EchoSign are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Apple, Mac, and Mac OS are trademarks of Apple Inc., registered in the U. S. and other countries. Microsoft, Windows, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are the proper ty of their respective owners.

© 2011 Adobe Systems Incorporated. All rights reserved. 12/11

PoweredbyRSA,knowledge-basedauthentication requires signers to prove their identity by answering questions taken from public and commercial databases. EchoSign will offer knowledge-based authentication inQ1,2012.

For more informationwww.echosign.com

Knowledge-based Authentication