1. E-Signature - SigningHub supports creating a simple e-signature (most cloud signature service providers only offer this e-signing mode of signing). The image below shows an e-signed document:
2. E-Signature plus a notary digital signature – SigningHub also supports the user creating a simple electronic signature, and then applies a server-side digital signature to lock the document from further change. The image below shows such a signature:
What is unique about SigningHub is that it can manage each user’s digital signing key securely at various levels of security and trustworthiness:
- Each user’s key is stored in encrypted form in the SigningHub server database. The user is authenticated before signing using:
- policy controlled passwords, and/or
- Using One-Time-Password (OTP) sent to the user’s registered mobile phone. Other OTP techniques like grid systems can also be supported.
- As above, but each user’s signing key is stored in a secure tamper-resistant FIPS-compliant HSM rather than encrypted database. The user’s key never leaves the HSM, i.e. the user’s signature is created inside the HSM.
- User’s signing key is held on a secure smartcard or USB token. These hardware tokens are generally compliant with FIPS or Common Criteria or other Secure Signature Creation Device (SSCD) requirements. An example is the Adobe® CDS tokens available from a number of our CA partners, like GlobalSign, Entrust, LAWtrust and QuoVadis
- User’s signing key is held on their mobile device. The key can be held within the mobile app, or on a secure microSD card, SIM, or via an attached smartcard.
The “e-signature only” option as explained above is not recommended because it offers no security, however it can be useful for quickly getting a person’s signature without them having to register with SigningHub – hence it does have practical uses. However this should only be done when a second signer will be adding a digital signature afterwards (i.e. using one of the other methods mentioned above), this will lock the first user’s e-signature so that any subsequent modifications are easily detected.
Options for creating an electronic signature
As explained, SigningHub allows users to either create an electronic signature on its own or as part of a digital signature. In both cases users can e-sign using any of the following means:
e-signing using finger /stylus on a mobile device:
e-signing using mouse drawing
e-signing by just typing your name
e-signing by uploading scanned signature image
e-signing using a specialist signature device
Options for creating a digital signature
As explained above user’s can create their digital signature using keys held centrally on the server (encrypted database or HSM), or keys held locally on a smartcard or secure USB token, or keys held inside their mobile device. Further to this, SigningHub supports the following different types of signatures:
- Basic digital signatures: This is the simplest form of a digital signatures and is generally not recommended by us as they can’t be verified in the long-term.
- Long-term digital signature: These are signatures with embedded timestamps to prove the time of signing and also embedded signer’s certificate status information to prove that the signer’s keys/certificates were valid at the time of signing. Such signatures can then be verified many years into the future (e.g. at least 10+ years). We support the following type of long-term signatures in SigningHub:
- PAdES Part 2 (ISO 32000-1)
- PAdES Part 4 (both LTV and PAdES-A signatures)
Native support for Microsoft Office 2013 documents (i.e. XAdES signature format) is coming soon.
- Adobe CDS and AATL signatures: In order to get your signatures automatically trusted in Adobe Reader, it’s important to use a signing key/certificate which has been issued by Certificate Authority (CA) authorised by Adobe through its CDS or AATL programs. SigningHub supports this by allowing the use of certificates from such trusted external CAs.
- EU Qualified signatures: In order to create an EU qualified signature certain prerequisites must be met, e.g. the signer’s certificate must follow a particular certificate profile and be issued by a qualified CA, furthermore the signature must be created inside a compliant secure signature creation device (SSCD). SigningHub supports the use of qualified certificates issued by Qualified CAs and the use of trusted SSCDs, therefore SigningHub can create EU qualified signatures. Such signatures have automatic equivalence to hand-written signatures in a court of law.
We have all the bases covered in SigningHub. We support e-signatures only option but recommend using these together with digital signatures. We allow multiple ways of e-signing on multiple devices. In terms of digital signatures we allow multiple options for user’s signing key security, i.e. server, smartcard, secure USB token, mobile. We also support long-term signatures which can be verified in the future. We support Adobe CDS signatures and also EU qualified signatures. In addition to this the SigningHub core document workflow, tracking and notifications help to ensure your approval workflows are efficient and easy to manage.