New Features, Upcoming Releases & everything else
you need to know

Liaquat Khan

Recent Posts

International document regulations you need to know

Posted by Liaquat Khan on 18-Oct-2017 08:31:07

In this blog, we discuss the international document regulations you need to know when making a digital transformation.

60+ countries have standards and legal frameworks for eSignatures and digital transactions. This list grows each year, which makes it challenging for international organisations to deliver compliant business processes.

Read More

Meet the team at IoT Solutions World Congress 2017

Posted by Liaquat Khan on 22-Sep-2017 06:52:21

Digital signatures and trust identities are not just for human interactions, as demonstrated by how we apply our security services in the IoT space. Join the Ascertia team as we discuss digital security at the 2017 IoT Solutions World Congress.


Read More

Is your business compliant with GDPR?

Posted by Liaquat Khan on 12-Jun-2017 10:25:05

This blog discusses how your business can comply with the General Data Protection Regulation (GDPR).

Read More

Implementing eIDAS-compliant corporate eSeals

Posted by Liaquat Khan on 08-Apr-2016 12:51:50

Ensuring compliance and security is a business's top priority. In our latest blog, we explain how organisations can implement eIDAS-compliant corporate eSeals.

What are corporate eSeals?

Corporate seals have been used by companies to protect paper documents from forgery for a long time.  A document stamped with the company seal implied that it was officially from the company, i.e. the legal entity rather than a natural person, such as the company Director. 

Read More

Local signing with smartcards just got a little easier

Posted by Liaquat Khan on 08-Feb-2016 13:35:58

Local signing with smartcards introduction

Local signing  - i.e. where the signing key is held locally by the user on a Secure Signature Creation Device (SSCD) typically in the form of a tamper-resistant smartcard or USB token - had hit a serious roadblock in recent months.  

Read More

Dissecting the differences between DocuSign and SigningHub

Posted by Liaquat Khan on 13-Nov-2015 07:09:19

We often get asked how the digital signatures produced by SigningHub are different from DocuSign. Although at a basic level the document signing services may seem similar, there are significant differences when you take apart the eSignatures and analyse the security mechanisms being employed. 

Read More

Choosing the right eSignature for your business

Posted by Liaquat Khan on 17-Sep-2015 09:28:29

One of the most confusing aspects for an organisation wanting to choose an eSignature solution is understanding the jargon that providers use. There are many eSignature schemes in the market, with major differences in terms of security and trust.

Read More

5 ways to accelerate eSignature adoption in your business

Posted by Liaquat Khan on 20-Aug-2015 11:58:00

In this blog, we discuss our top five ways to accelerate eSignature adoption in your business.

Implementing an eSignature solution successfully can be a great investment, quickly saving enormous time and money for your organisation, whilst easing life for your customers, employees and partners.  But how do you get it right and not be left with yet another system for users to learn and/or avoid? 

Read More

Cloud signing: Advanced PKI digital signatures made easy

Posted by Liaquat Khan on 29-Jul-2015 14:12:00

Ensuring secure, remote signing doesn't have to be challenging. In our latest blog, we're discussing cloud signing and the ease of using advanced PKI digital signatures.

Background of advanced digital signatures

Advanced digital signatures require each user to have their own unique signing key. The security of the system then relies on the fact that the user's private signing key is not accessible to anyone else other than the owner.

If implemented properly it allows an independent judge to determine that any digital signatures produced with the user's private key must have been created by the owner and no one else. It ensures the "non-repudiation" property, where signers can't reasonably deny the signatures they have created. 

Cloud signing - solving digital signature challenges

Past digital signature technology was costly and issuing each user with their own private signing key in a secure manner was complex.

Now with the advent of cloud computing and, in particular, cloud Hardware Security Modules (HSMs), the situation has changed dramatically. Today, advanced digital signature technology can be low-cost, easy to use and secure, so that it can be applied to any business use case, even on a mass scale.  

Advanced digital signature requirements

There is much confusion between electronic signatures and PKI digital signatures. You can learn more about it here. As a quick note, basic e-signing adds the user's mark on a document and does nothing to protect the integrity of the signed document or to prove that the user actually made that mark.

With PKI digital signatures, cryptographic codes are created using privately-held signing keys under the control of the signer. They ensure data integrity and strong authentication of the user - cryptographically-binding the user's authenticated digital identity to their signed documents. 

There are many cloud e-sign providers who simply implement basic electronic signature squiggles on a document with no cryptographic evidence embedded into the signed document to independently prove it was indeed the user who made that mark.

Most high-trust schemes however, require PKI-based digital signatures where each user has their own private signing key.  For example:

EU Qualified Signatures - These are recognised as equivalent to handwritten ink signatures in a court of law and require use of unique user keys held in secure cryptographic hardware. 

Adobe AATL Signatures - This is a trust scheme run by Adobe for its Reader/Acrobat product range.  Similarly, it requires unique user keys and protection of these in secure cryptographic hardware.  Adobe software automatically marks signatures as "trusted" if the signing key was certified by an AATL-recognised Certificate Authority (CA).

Traditionally, the protection of the user's private signing key was achieved by storing it within tamper-resistant cryptographic hardware devices, like smartcards and secure USB tokens.  These are PIN-protected and kept under the control of their users.

 

Problems with smartcards / tokens and the rise of server-held keys

Although there are many examples of e-Trust schemes relying on smartcards/tokens, in particular electronic ID (eID) cards issued by many governments, the general purpose use of these devices has been limited.  This is mainly due to:

  • Complex to use - In the case of smartcards, the user needs specialist reader devices, which are not generally available.  Using such devices on mobile phones is even harder.
  • Forgotten tokens - Often users forget to bring their tokens when needed or lose/misplace them.  Also, use of such tokens in public areas is sometimes blocked or there are no readers available. 
  • Expensive to deploy - The cost of providing the secure devices (and readers) to each end-user is often too high for most business applications where a large number of users are involved.
  • Browser compatibility issues - Using smartcards/USB tokens requires web applications to deploy Java applets. The latest browser versions (e.g. Google Chrome) are blocking such technology because of various security issues.  Even where the browser allows Java, the frequent pop-up warning messages make non-technical users nervous.

To overcome this, the industry is moving to server-held signing keys i.e. each user's signing key is managed in a centrally-held HSM. As an example, the new EU eIDAS Regulations allow EU Qualified Signatures to be created using server-held signing keys - as long as they're managed securely.  Similarly, Adobe AATL Signatures can be created using server-held keys. 

However, before Cloud HSMs deploying a server-side signing solution was complex.  Basically, you needed to purchase an HSM appliance and install, configure, patch and maintain these security devices.  So, although the complexity of smartcards/USB signing devices was hidden from the end-users perspective by using HSMs, IT departments still had the complexity of managing them.

Today, Azure and Amazon cloud platforms offer cloud HSMs as part of their service.  This means you can now deploy an advanced digital signature solution using unique user signing keys with strong hardware-based protection, at a fraction of the cost and complexity compared to an on-premise HSM solution. At the same time, you can also meet the needs of high-trust schemes like Adobe AATL and EU regulations. 

Cloud signing with SigningHub 

SigningHub has extensive support for secure, cloud-based digital signatures which includes:

  • Support Azure Key Vault HSMs - For generating and managing unique user keys and creating advanced, EU Qualified and Adobe AATL signatures.  SigningHub is the first global signing platform to integrate with the Azure Key Vault, see the Microsoft blog here for more details.
  • Ability to host your own private PKI infrastructure components, such as private Certificate Authorities (CAs), OCSP Validation Authorities and Time Stamp Authority (TSA) servers using Ascertia ADSS Server.
Read More

eIDAS: changing landscape for eSignature regulations

Posted by Liaquat Khan on 15-Jul-2015 11:01:00

The eSignature landscape is changing with the introduction of eIDAS, including the legal recognition of electronic signatures in Europe. 

The new eIDAS Regulation will replace the old 1999 EU Directive on Electronic Signatures.  To help you understand the new landscape we have put together a summary of what the new regulations promise in terms of making cross-border trusted communication easier and how we are ensuring our SigningHub platform remains the ideal vehicle for providing trusted online signing services.

Read More

Recent Posts

Popular Reads

Download this essential eBook

Download your eBook

Choosing the right type of e-signature
for your business