Skip to content

Digital Signing with Badge B2 External Card Reader Use Case

Company: Crayonic B.V.

Audience: IT administrators, security professionals, compliance officers, document management specialists

1. Introduction

1.1 Purpose

This document describes how to implement secure digital document signing using Crayonic Badge B2's external card reader functionality with X509 certificates over Crayonic Bridge. This solution enables proximity-based, biometric-secured digital signing workflows for enterprise environments requiring high security and compliance standards.

1.2 Scope

This use case covers:

  1. External Smart Card Integration - Using existing PKI smart cards with Badge B2's contact card reader
  2. Proximity-Based Signing - Wireless digital signing via Crayonic Bridge (CBLE)
  3. Qualified Electronic Signatures (QES) - Support for legally binding signatures using EIDAS certified cards
  4. Enterprise Document Workflows - Integration with document management systems
  5. Compliance and Audit - Meeting regulatory requirements for digital signatures

1.3 Supported Hardware

  • Crayonic Badge B2 - With integrated contact smart card reader (ISO/IEC 7816-1:2011)
  • Crayonic Bridge (CBLE) - Bluetooth-USB dongle for proximity connectivity
  • External Smart Cards - X509 certificate-enabled cards including:
  • Qualified Electronic Signature (QES) cards
  • Government-issued PIV/CAC cards
  • Corporate PKI smart cards
  • Banking and financial institution cards

2. Architecture Overview

2.1 System Components

Hardware Layer: - Badge B2 with external card reader slot - External smart card containing X509 certificates - Crayonic Bridge connected to workstation - User workstation with document management software

Software Layer: - CCID driver support (standard in Windows 7+, Linux, macOS) - Document signing applications (Adobe Acrobat, MS Office, etc.) - Optional: Crayonic Gateway for enterprise management - Optional: Document management system integration

Communication Flow: 1. External smart card → Badge B2 (contact interface) 2. Badge B2 → Crayonic Bridge (BLE 5.2) 3. Crayonic Bridge → Workstation (USB/CCID protocol) 4. Workstation → Document signing application

2.2 Security Architecture

Multi-Factor Authentication: - Possession: Badge B2 + External smart card - Knowledge: PIN for smart card access - Inherence: Biometric authentication on Badge B2 - Proximity: Physical presence verified by Bridge

Cryptographic Security: - X509 certificates stored on external smart card - Private keys never leave the smart card - All cryptographic operations performed on card - Secure channel between Badge B2 and Bridge

3. Use Case Scenarios

3.1 Executive Document Signing

Scenario: C-level executive needs to sign contracts and legal documents remotely

Workflow: 1. Executive approaches workstation wearing Badge B2 with inserted QES card 2. Crayonic Bridge automatically detects Badge B2 proximity 3. Badge B2 authenticates user to workstation via Bridge 4. Document management system or similar application presents documents for signature 5. Executive reviews document on screen 6. Executive confirms signing intent via Badge button press 7. Smart card performs cryptographic signature operation 8. Signed document is stored with audit trail

Benefits: - No need to physically connect devices - Legally binding signatures with QES compliance - Automatic logout when executive leaves area - Complete audit trail for compliance

3.2 Financial Institution Document Processing

Scenario: Bank officers processing loan documents and financial agreements

Workflow: 1. Bank officer inserts corporate PKI card into Badge B2 2. Officer approaches shared workstation 3. Bridge detects Badge B2 and establishes secure connection 4. Banking application authenticates officer via smart card 5. Loan documents are presented for review and signature 6. Officer signs multiple documents in batch process 7. System logs all signature events with timestamps 8. Documents are automatically archived with digital signatures

Benefits: - Shared workstation security - Batch signing capabilities - Regulatory compliance (SOX, Basel III) - Non-repudiation guarantees

3.3 Healthcare Records Management

Scenario: Medical professionals signing patient records, e-prescriptions, and treatment plans

Workflow: 1. Doctor uses medical license smart card with Badge 2. Doctor approaches patient workstation 3. OS and/or Electronic Health Record (EHR) system authenticates via Bridge 4. Patient records and treatment plans are displayed 5. Doctor reviews and signs medical documents 6. Biometric confirmation ensures authentic signature 7. Signed records are immediately available to care team 8. Audit trail maintains HIPAA compliance

Benefits: - HIPAA-compliant digital signatures - Immediate record availability - Reduced paper-based processes - Enhanced patient care coordination

3.4 Government and Defense Applications

Scenario: Government officials signing classified or sensitive documents

Workflow: 1. Official uses CAC/PIV card with Badge B2 2. Official approaches secure workstation in SCIF 3. Classified document system authenticates via smart card 4. Sensitive documents are presented for signature 5. Multi-factor authentication ensures identity verification 6. Documents are signed with appropriate classification markings 7. Signed documents enter secure distribution workflow 8. Complete audit trail for security compliance

Benefits: - FIPS 201 compliance - Secure facility integration - Classification-aware workflows - Enhanced security posture

4. Technical Implementation

4.1 Badge B2 Configuration

Smart Card Reader Setup: - Insert external smart card into Badge B2 contact reader - Badge automatically detects card insertion - Card appears as standard CCID device to connected systems - All smart card protocols are transparently forwarded via BLE or USB cable

Bridge Pairing: - Badge B2 comes pre-paired with Crayonic Bridge - No additional pairing or configuration required - Automatic connection when in proximity (configurable distance) - Secure encrypted communication channel

Biometric Configuration: - Configure fingerprint templates on Badge B2 - Set authentication policies (biometric + PIN, biometric only) - Configure timeout settings for continuous authentication - Set up gesture controls for signing confirmation

4.2 Workstation Setup

Driver Requirements: - Standard CCID drivers (included in modern operating systems) - No additional software installation required - Compatible with Windows 7+, Linux, macOS

Application Integration: - Adobe Acrobat Pro for PDF signing - Microsoft Office for document signing - Custom document management systems - Web-based signing applications

Bridge Configuration: - Connect Crayonic Bridge to USB port - Configure proximity detection distance (1-10 meters) - Set automatic logout timeout - Configure connection priority settings

4.3 Certificate Management

External Smart Card Types: - QES Cards: with ISO7816 standard i.e. Thales, Gemalto certified cards - Government Cards: CAC, PIV, eID cards - Corporate Cards: Enterprise PKI smart cards - Banking Cards: Financial institution signature cards

Certificate Validation: - Real-time certificate status checking (OCSP/CRL) - Certificate chain validation - Timestamp authority integration - Certificate lifecycle management

5. Security Features

5.1 Advanced Security Mechanisms

Proximity-Based Security: - Automatic logout when user moves away. No cards left behind in readers! - Configurable distance thresholds

Transaction Confirmation: - User confirmation required for each signature - Anti-replay protection - Transaction logging and audit

Secure Communication: - Encrypted BLE 5.2 communication - Factory pre-paired devices - Secure element protection - Key rotation and management

5.2 Compliance and Standards

Regulatory Compliance: - eIDAS Regulation: Qualified Electronic Signatures - FIPS 201: PIV card compatibility - Common Criteria: EAL5+ secure element - HIPAA: Healthcare document signing - SOX: Financial document compliance

Technical Standards: - ISO/IEC 7816: Smart card interface - ISO 14443: NFC communication - PKCS#11: Cryptographic token interface - X.509: Digital certificate format - RFC 3161: Timestamping protocol

6. Enterprise Integration

6.1 Document Management Systems

Supported Platforms: - SharePoint and Office 365 - DocuSign and Adobe Sign - OpenText and IBM FileNet - Custom enterprise solutions

Integration Methods: - smart card middleware integration

6.2 Workflow Automation

Automated Processes: - Document routing and approval - Signature validation and verification - Archive and retention management - Audit trail generation

Business Rules: - Role-based signing authority - Document classification handling - Approval workflow enforcement - Compliance policy automation

7. Deployment and Management

7.1 Enterprise Deployment

Rollout Strategy: 1. Pilot deployment with key users 2. IT infrastructure preparation 3. User training and certification 4. Phased rollout by department 5. Full enterprise deployment

Infrastructure Requirements: - PKI infrastructure for certificate management - Document management system integration - Network connectivity for certificate validation - Backup and disaster recovery procedures

7.2 User Management

Provisioning Process: 1. Issue Badge B2 to authorized users 2. Provide external smart cards with certificates 3. Configure user profiles and permissions 4. Train users on signing procedures 5. Establish support procedures

Lifecycle Management: - Certificate renewal procedures - Device replacement workflows - User onboarding/offboarding - Audit and compliance reporting

8. Benefits and ROI

8.1 Business Benefits

Operational Efficiency: - Reduced paper-based processes - Faster document turnaround times - Elimination of physical document storage - Streamlined approval workflows

Security Enhancement: - Strong multi-factor authentication - Non-repudiation guarantees - Audit trail compliance - Reduced fraud risk

Cost Savings: - Reduced printing and storage costs - Lower administrative overhead - Decreased compliance costs - Improved productivity

8.2 Compliance Benefits

Legal Validity: - Legally binding digital signatures - Court-admissible evidence - Regulatory compliance assurance - International recognition

Audit and Reporting: - Complete signature audit trails - Automated compliance reporting - Real-time monitoring capabilities - Historical signature verification

9. Best Practices

9.1 Security Recommendations

  • Regularly update certificate revocation lists
  • Implement strong PIN policies for smart cards
  • Monitor and log all signature activities
  • Establish incident response procedures
  • Conduct regular security assessments

9.2 Operational Guidelines

  • Provide comprehensive user training
  • Establish clear signing procedures
  • Implement backup signing methods
  • Monitor system performance and availability
  • Maintain documentation and procedures

© 2025 Crayonic. All rights reserved.