The General Data Protection Regulation (GDPR) will come into force in May 2018 across the EU, changing the way businesses record and store personal data. A year from now may seem a way off but businesses need to consider their GDPR strategies sooner rather than later to ensure compliance.
Corporate seals have been used by companies to protect paper documents from forgery for a long time. A document stamped with the company seal implied that it was officially from the company, i.e. the legal entity rather than a natural person such as the company director.
Local signing - i.e. where the signing key is held locally by the user on a Secure Signature Creation Device (SSCD) typically in the form of a tamper-resistant smartcard or USB token - had hit a serious roadblock in recent months.
We often get asked how the digital signatures produced by SigningHub are different from DocuSign. Although at a basic level the document signing services may seem similar, there are significant differences when you take apart the e-signatures and analyse the security mechanisms being employed.
One of the most confusing aspects for an organisation wishing to deploy an e-signature solution is understanding the technical jargon that different providers use. There are many e-signature schemes being offered in the market, with significant differences in terms of security and trust.
However there is very little documentation that explains these different techniques and thus allows them to be compared and assessed for their suitability in meeting a particular business purpose. Due to our extensive research in this area we have developed a high-level eBook "Choosing the right type of e-signature" with key information that helps business managers and technical architects understand the various types of e-signature that exist.
Implementing an e-signature solution successfully can be a great investment, quickly saving enormous time & money for your organisation, whilst easing life for your customers, employees and partners. But how do you get it right and not be left with yet another system for users to learn and/or avoid?
From our experience, it’s all in the integration - that is, how seamless is the user experience from interacting with your business applications to interacting with the e-signing platform in getting documents prepared, sent, signed and completed.
A quick background: Advanced digital signatures require each user to have their own unique signing key. The security of the system then relies on the fact that the user's private signing key is not accessible to anyone else other than the owner. If implemented properly it allows an independent judge to determine that any digital signatures produced with the user's private key must have been created by the owner and no one else - thereby delivering the "non-repudiation" property where signers can't reasonably deny the signatures they have created.
There is a big change coming in terms of the legal recognition of electronic signatures in Europe. It's the new eIDAS Regulations, which will replace the old 1999 EU Directive on Electronic Signatures. To help you understand the new landscape we have put together a summary of what the new regulations promise in terms of making cross-border trusted communication easier and how we are ensuring our SigningHub platform remains the ideal vehicle for providing trusted online signing services.
A security advisory was published on 11th November 2014 by Microsoft, describing a security threat that may allow arbitrary code execution by hackers. This vulnerability could allow remote code execution, if an attacker sends carefully crafted packets to a Windows server. This issue lies within Microsoft's SChannel implementation, and has been rated as "Critical" by Microsoft, for all the supported releases of Microsoft Windows. This is a test
Bulk signing is a powerful feature of SigningHub which allows users to digitally sign multiple documents in one go thus saving substantial time in opening the document and signing them one by one. This feature works both when you are using either a local (client-side) signing keys OR server side signing keys.