Cloud signatures for remote signing
Relatively new in comparison to other types of eSignatures, Cloud Signatures describe certificate-based digital signatures in the cloud.
Cloud Signatures enable Remote Signing via mobile or web devices with Advanced Electronic Signatures and Qualified Electronic Signatures backed by trusted and compliant certificates from Certificate Authorities (CA) and Trust Service Providers (TSP).
What is a remote signature?
This type of eSignature provides users with complete mobility. It allows people to sign from any internet-connected device, including mobile phones, laptops and tablets.
Remote signing sets businesses free from the need to locally install signing devices. Instead, is a cloud-hosted signing service that provides a high-trust, eIDAS-compliant electronic signature solution. eIDAS recognises Remote Signing and supports its use for the creation of Remote Qualified Signatures.
Remote signing is different to local signing when a user must sign via a Secure Signature Creation Device (SSCD), which uses either a secure smart card or token. Even in this case, a cloud-based remote signature can be utilised.
The user must have installed the SSCD local drivers and have a smartcard reader connected. Then, their Cloud Signature service provider can send the document or transaction to the SSCD for local signing.
View this short video explaining a remote signing workflow.
When a user signs a document electronically, the eSignature solution sends a hash for signing via the Cloud Signature Consortium protocol to an RSSP. The RSSP's solution completes all required authorisation, signs the hash and returns the hash to the eSignature solution to compile into the user’s signature.
What is the Cloud Signature Consortium?
The standards ensure mobile and web-based applications comply with the most demanding global eSignature regulations. The Cloud Signature Consortium was created to develop common protocols to ensure distributed applications and services leverage digital signatures in a non-proprietary way.
With digital signatures migrating to a cloud-based approach, the functions needed to create digital signatures are distributed across several service instances, each carrying out sometimes multiple steps within the eSignature creation process. The Cloud Signature Consortium has ensured the interfaces between such services are now standardised.
How do I set up remote signing?
Remote signing requires slightly more effort to set up versus other types of digital eSignatures. Whilst more time consuming initially, it provides more accessibility in out-of-office situations and greater flexibility.
How remote signing works:
Before a user can start using the SigningHub remote signing service, they must be securely vetted, and their unique signing key must be created inside the Hardware Security Module (HSM) with a Signing Certificate issued by the Trust Service Providers’ Certificate Authority.
eIDAS and ETSI/CEN standards place strict requirements for HSM requirements. Ascertia’s ADSS SAM Appliance is compliant with Common Criteria EAL4+ EN 419 241-2 Protection Profile.
Our remote signing solution can be embedded into any third party business web application. Alternatively, SigningHub can be embedded via REST/JSON API, our mobile browser, iOS Android apps or third-party business application connectors.
Is remote signing secure?
Remote signing using Advanced Electronic Signatures (AES) provides a high degree of security. It falls under the same security requirements as traditional Advanced Electronic Signatures.
With remote signing, the user’s identity can be captured and bound to their signing certificate, after they have been through an accredited identity provider’s extensive checks.
A user’s signing key can be held centrally in a secure HSM, in an encrypted database or within the user’s own mobile device. Additionally, users can be authenticated by various single-factor or multi-factor options.
This type of eSignature provides an even higher level of security, since the entire process of signing and verifying is standardised and assured to very robust levels.
What makes a cloud signature via remote signing legal?
Remote signing provides the same high level of trust as Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES).
The regulations around such signature processes govern the trusted Certificate Authorities (WAs), which are used to issue e-identity certificates to end-users. User signing keys are highly protected, and trying to dispute a cloud signature made using your key under your control is almost impossible.
In terms of law standards, a remotely signed Advanced Electronic Signature or Qualified Electronic Signature is deemed equivalent to or better than a handwritten signature.
We recommend remote signing signatures when only the highest levels of trust and security will do and you’re on the move. Remote signing provides security and peace of mind even when you’re away from the office.
Remote signing offers strong interoperability based on industry-standard digital signature techniques (ISO 32000, ISO 19005 and ETSI PAdES formats).
It’s important to choose an eSignature solution that can support your current needs and is flexible enough to support your business’s future requirements.
Want to learn more about the different types of eSignatures and which one is suitable for your business needs? Download our eBook, Choosing the Right Type of eSignature.
Comparison of different types of eSignatures