A security advisory was published on 11th November 2014 by Microsoft, describing a security threat that may allow arbitrary code execution by hackers. The SChannel (CVE-2014-6321) vulnerability could allow remote code execution, if an attacker sends carefully crafted packets to a Windows server.
This issue lies within Microsoft's SChannel implementation, and has been rated as "Critical" by Microsoft, for all the supported releases of Microsoft Windows.
Security is our top priority. In this blog, we discuss the HeartBleed OpenSSL vulnerability - and SigningHub's protection against it.
OpenSSL is one of the most commonly used toolkits to implement PKI services. It is free/open source, regularly updated and comes bundled with Linux. You can also install its binaries on Windows.
Although issues in the SSL protocol have been identified in the past, this time most OpenSSL implementations have a critical vulnerability.
Researchers in Codenomicon and Google found the vulnerability inside the OpenSSL implementation code - see this link for more details: CVE-2014-0160.
Once exploited, a threat agent can access sensitive information, including passwords and secure key information. OpenSSL has recently provided a patch to address this vulnerability.
SigningHub's new “in-person signing” feature offers capability enabling a person to electronically sign documents without requiring them:
SigningHub enables users to create a combined eSignature with a digital signature.
In the real-world, it often doesn't matter who signs a document but rather do they have the sufficient group and departmental level authority to do this. That is the "identity" of the signer is not as important as the "authorisation". E.g. a Purchase Order typically requires an authorised member from the Procurement department to sign-off on it.
We have recently added a strong user authentication method into SigningHub that uses X.509 SSL/TLS client authentication certificates. This feature is only available to on-premise installations of SigningHub.
The latest release of SigningHub provides a very handy way to guide users on the form fields they are required to complete before signing the document - navigation tabs. Navigation tabs (or tooltips) guide users through a document in a step-by-step fashion.
Form filling is an integral part of many business workflow processes. Organisations of all sizes require their employees, partners and customers to fill forms. For example:
What is delegated e-signing? In this blog, we explain the process in-depth.
Often, in the real world, people are unable to sign documents because they are away on holiday or some other important business. In situations like this, there is typically a possibility that another suitably authorised person can sign on behalf of the original signer.
Within SigningHub, we have built support for delegated or PP signatures. Set-up is simple, just identify the person who can sign on your behalf and the date range when this is allowed (e.g. whilst you are on leave).
For a while now, SigningHub has provided a comprehensive web services interface (API) for 3rd party websites and applications. It allowed business applications to initiate document signing workflows and create/delete user accounts.
However, many website applicationsdon't want users to register and login separately with the signature service provider. All the interactions should be through their own website so that there is consistent branding and user experience. To help in this usage scenario, we have now added website integration using our REST based interface.
Choosing the right type of e-signature
for your business
