SigningHub patched to prevent the SChannel (CVE-2014-6321) vulnerability

A security advisory was published on 11th November 2014 by Microsoft, describing a security threat that may allow arbitrary code execution by hackers. This vulnerability could allow remote code execution, if an attacker sends carefully crafted packets to a Windows server. This issue lies within Microsoft's SChannel implementation, and has been rated as "Critical" by Microsoft, for all the supported releases of Microsoft Windows.

Digitally Sign multiple documents using 'Bulk Sign' feature

Bulk signing is a powerful feature of SigningHub which allows users to digitally sign multiple documents in one go thus saving substantial time in opening the document and signing them one by one. This feature works both when you are using either a local (client-side) signing keys OR server side signing keys.

SigningHub is not affected by the HeartBleed OpenSSL vulnerability!

OpenSSL is one of the most commonly used toolkits to implement PKI services. It is free/open source, regularly updated and comes bundled with Linux. You can also install its binaries on Windows. Although issues in the SSL protocol have been identified in the past, this time most OpenSSL implementations have a critical vulnerability.

SigningHub New Feature: In-Person Signing

The SigningHub “in-person signing” feature is a new capability that enables a person to electronically sign documents without requiring them:

• To have an account on SigningHub
• To have an email address
• To have their own computer

SigningHub offers e-signatures and digital signatures at the same time

SigningHub is a very powerful and flexible solution that caters for many different business scenarios, each with different trade-offs between security, ease of use, ease of management and costs. The following list shows the different types of signatures supported by SigningHub with increasing levels of security:

SigningHub New Feature: E-Signatures

SigningHub currently enables users to create a combined e-signature with a digital signature. The e-signature part is the hand-signature image displayed on the document, whilst the advanced PKI digital signature is the part that is embedded into the PDF document and is verifiable upon clicking the signature appearance.

Real-World Use Case: Group/Departmental Level Signing

In the real-world often it doesn't matter who signs a document but rather do they have the sufficient authority to do this. That is the "identity" of the signer is not as important as the "authorisation". E.g. a Purchase Order typically requires an authorised member from the Procurement department to sign-off on it.

Strong Authentication using SSL/TLS Client Certificates

We have recently added a strong user authentication method into SigningHub that uses X.509 SSL/TLS client authentication certificates. This feature is only available to on-premise installations of SigningHub.

SigningHub introduces Navigations Tabs

The latest release of SigningHub provides a very handy way to guide users on the form fields they are required to complete before signing the document. This is achieved through the use of navigation tooltips guiding the user in a step-by-step fashion.

Ensuring Correct Form Filling

Form filling is an integral part of many business workflow processes. Organizations big or small require their employees, partners or customers to fill forms e.g. account opening forms, signing up to company policy documents, filling in and signing insurance claim forms, completing expenses and holiday requests etc.

Delegated e-Signing

Often in the real world people are unable to sign documents because they are away on holiday or some other important business. In situations like this there is normally a possibility for some other suitably authorised person to sign on behalf of the original signer. Within SigningHub we have built support for delegated or so called  PP signatures. Set-up is simple, just identify the person who can sign on your behalf and the date range when this is allowed (e.g. whilst you are on leave).

3rd party websites can now leverage the full power of SigningHub

For a while now we have provided a comprehensive web services interface (API) for SigningHub.  This allowed business applications to initiate document signing workflows and create/delete user accounts.  However an issue for many website applications is that they don't want users to register and login separately with the signature service provider.  All the interactions should be through their own website so that there is consistent branding and user experience. To help in this usage scenario we have now added website integration using our REST based interface:

Fast effective document workflow signing and approval

The iPad is the perfect device for signing documents. It provides a large screen for easily viewing documents and drawing the signature on the touch screen with your finger/stylus is as natural as signing with pen on paper! There are many iPad apps which do this.

SigningHub accepts South African AeSign credentials

We are pleased to announce that by working with our South African partner LawTrust we can now bring AeSign credentials to the SigningHub.  AeSign (Accredited Advanced Electronic Signatures) are the only signatures in South Africa which are deemed by law to have been valid and applied correctly by the signatory and are therefore trusted to be equivalent to handwritten signatures. So for the first time, you can now use your digital certificate from the LawTrust AeSign CA directly in SigningHub.  Also any documents signed using such credentials can be verified through SigningHub.  We will continue to ensure our SigningHub service has the widest interoperability with high-trust digital ID providers globally, so look out for further developments in this area.

Liaquat Khan
Technical Director