SigningHub eSignatures and digital signatures

Posted by Liaquat Khan on 21-Oct-2013 13:24:00

SigningHub is a very powerful and flexible solution. It offers eSignatures and digital signatures that cater for many different business scenarios. It provides a variety of benefits, including security, ease of use, ease of management and cost efficiency. The following list shows the different types of signatures supported by SigningHub with increasing levels of security:


SigningHub signature types

1. Esignature

SigningHub supports creating a simple eSignature. Most cloud signature service providers currently only offer this e-signing mode of signing. The image below is an example of an e-signed document:

1





2. Esignature plus a notary digital signature

SigningHub also supports the user creating a simple electronic signature, and then applies a server-side digital signature to lock the document from further change. The image below is an example of this type of signature:

2


3. Esignature plus digital signature

As standard Ascertia Docs create this type of signature. They offer the best solution from a trust perspective.

Each user’s digital signature is created with a unique public key infrastructure (PKI) key/certificate owned by the user. Only SigningHub offers individual signing keys and creates long-term signatures using centrally held or locally held keys and certificates. The image below is an example of this type of signature:

3



SigningHub differences

What is unique about SigningHub is that it can manage each user’s digital signing key securely at various levels of security and trustworthiness:

  • Each user’s key is stored in encrypted form in the SigningHub server database. The user is authenticated before signing using:
    • Policy controlled passwords, and/or
    • Using a One-Time-Password (OTP) sent to the user’s registered mobile phone. Other OTP techniques like grid systems can also be supported.
  • As above, but each user’s signing key is stored in a secure tamper-resistant FIPS-compliant Hardware Security Module (HSM) rather than in an encrypted database. The user’s key never leaves the HSM, i.e. the user’s signature is created inside the HSM.

  • The user’s signing key is held on a secure smartcard or USB token. These hardware tokens are generally compliant with FIPS, Common Criteria or other Secure Signature Creation Device (SSCD) requirements. An example is the Adobe® CDS tokens available from a number of Ascertia's Certificate Authority (CA) partners, like GlobalSign, Entrust, LAWtrust and QuoVadis.

  • The user’s signing key is held on their mobile device. The key can be held within the mobile app or on a secure microSD card, SIM or via an attached smartcard.

The “eSignature only” option, as explained above, is not recommended. It offers no security. However, it can be useful for quickly getting a person’s signature without them having to register with SigningHub – hence it does have practical uses.

This type of eSignature should only be used when a second signer will be adding a digital signature afterwards (i.e. using one of the other methods mentioned above). This will lock the first user’s eSignature so that any subsequent modifications are easily detected.



Options for creating an electronic signature

As explained, SigningHub allows users to either create an electronic signature on its own or as part of a digital signature. In both cases users can e-sign using any of the following means:

E-signing using finger /stylus on a mobile device:


4
 
 

Drawing your eSignature using a mouse

5
 
 
 
 
 
 
 
 
 
 

E-signing by just typing your name

6
 

 E-signing by uploading scanned signature image

7
 

E-signing using a specialist signature device

8
 
 
 
 
 
 
 
 
 

 

Note: We support Signotec and Wacom signature tablets. Some countries do store the user’s hand-signature image on their eID cards. As such, SigningHub can be taught to use this image as the e-sign.
 

Options for creating a digital signature

User’s can create their digital signature using keys held centrally on the server (encrypted database or HSM), keys held locally on a smartcard or secure USB token, or keys held inside their mobile device. Additionally, SigningHub supports the following different types of signatures:

  • Basic digital signatures: This is the simplest form of a digital signatures and is generally not recommended by us as they can’t be verified in the long-term.

  • Long-term digital signature: These are signatures with embedded timestamps to prove the time of signing and also embedded signer’s certificate status information to prove that the signer’s keys/certificates were valid at the time of signing. Such signatures can then be verified many years into the future (e.g. at least 10+ years). We support the following type of long-term signatures in SigningHub:

    • PAdES Part 2 (ISO 32000-1)
    • PAdES Part 4 (both LTV and PAdES-A signatures)
    • Native support for Microsoft Office 2013 documents (XAdES Signature Format) will be available soon
  • Adobe CDS and AATL signatures: In order to get your signatures automatically trusted in Adobe Reader, it’s important to use a signing key/certificate which has been issued by Certificate Authority (CA) authorised by Adobe through its CDS or AATL programs. SigningHub supports this by allowing the use of certificates from such trusted external CAs.

  • EU Qualified signatures: In order to create an EU qualified signature certain prerequisites must be met, e.g. the signer’s certificate must follow a particular certificate profile and be issued by a qualified CA, furthermore the signature must be created inside a compliant secure signature creation device (SSCD).

    SigningHub supports the use of qualified certificates issued by Qualified CAs and the use of trusted SSCDs, therefore SigningHub can create EU qualified signatures. Such signatures have automatic equivalence to hand-written signatures in a court of law.

Digital and eSignature summary

SigningHub covers all the bases.

We support an eSignatures only option, but recommend using these together with digital signatures. We allow multiple ways of e-signing on multiple devices.

In terms of digital signatures we allow multiple options for user’s signing key security, i.e. server, smartcard, secure USB token or mobile.

We also support long-term signatures which can be verified in the future. We support Adobe CDS signatures and also EU qualified signatures.

In addition to this the SigningHub core document workflow, tracking and notifications help to ensure your approval workflows are efficient and easy to manage.

Recent Posts

Download this essential eBook

Choosing the right type of e-signature
for your business

Download your eBook