Relatively new in comparison to other types of e-signatures, Cloud Signatures describes certificate-based digital signatures in the cloud. Cloud Signatures enable Remote Signing via mobile or web devices with Advanced Electronic Signatures and Qualified Electronic Signatures backed by trusted and compliant certificates from Certificate Authorities (CA) and Trust Service Providers (TSP).
What is a Remote Signature?
This e-signature provides users with complete mobility, allowing people to sign from any internet-connected device, including mobile phones, laptops and tablets. It sets businesses free from the need to locally install signing devices. Instead, is a cloud-hosted signing service that provides a high trust, eIDAS compliant e-signature solution. eIDAS recognises Remote Signing and supports its use for the creation of Remote Qualified Signatures.
This is different to local signing when a user must sign via a Secure Signature Creation Device (SSCD), which uses either a secure smart card or token. Even in this case, a cloud-based remote signature can be utilised. The user must have installed the SSCD local drivers and have a smartcard reader connected. Then, their Cloud Signature service provider can send the document or transaction to the SSCD for local signing.
This short video explains a remote signing workflow.
In most cases, a Remote Signing Service Provider is a Trust Service Provider or a Qualified Trust Service Provider. These Remote Signing Service Providers deliver hash signing operations via the Cloud Signature Consortium protocol.
When a user signs a document electronically, the e-signature solution sends a hash for signing via the Cloud Signature Consortium protocol to a Remote Signing Service Provider. The Remote Signing Service Provider’s solution completes all required authorisation, signs the hash and returns the hash to the e-signature solution to compile into the user’s signature.
What is the Cloud Signature Consortium?
The standards ensure mobile and web-based applications comply with the most demanding global e-signature regulations. The Cloud Signature Consortium was created to develop common protocols to ensure distributed applications and services leverage digital signatures in a non-proprietary way.
With digital signatures migrating to a cloud-based approach, the functions needed to create digital signatures are distributed across several service instances, each carrying out sometimes multiple steps within the e-signature creation process. The Cloud Signature Consortium has ensured the interfaces between such services are now standardised.
How do I set up Remote Signing?
Remote Signing requires slightly more effort to set up versus other types of digital e-signatures. Whilst more time consuming initially, it provides more accessibility in out-of-office situations and greater flexibility.
How Remote Signing works:
Before a user can start using the SigningHub remote signing service, they must be securely vetted, and their unique signing key must be created inside the Hardware Security Module (HSM) with a Signing Certificate issued by the Trust Service Providers’ Certificate Authority.
eIDAS and ETSI/CEN standards place strict requirements for HSM requirements. Ascertia’s ADSS SAM Appliance is compliant with Common Criteria EAL4+ EN 419 241-2 Protection Profile. Our remote signing solution can be embedded into any third party business web application or SigningHub can be embedded via REST/JSON API, our mobile browser, iOS Android apps or third party business application connectors.
How secure is Remote Signing?
Remote Signing using Advanced Electronic Signatures to provide a high degree of security, as it falls under the same security requirements as traditional Advanced Electronic Signatures. With Remote Signing, the user’s identity can be captured and bound to their signing certificate, after they have been through an accredited identity provider’s extensive checks.
A user’s signing key can be held centrally in a secure Hardware Security Module (HSM), in an encrypted database or within the user’s own mobile device. Additionally, users can be authenticated by various single-factor or multi-factor options. This type of e-signature provides an even higher level of security since the entire process of signing and verifying is standardised and assured to very robust levels.
What makes a Cloud Signature via Remote Signing legal?
Remote Signing provides the same high level of trust as Advanced Electronic Signatures and Qualified Electronic Signatures. The regulations around such signature processes govern the trusted Certificate Authorities, which are used to issue e-identity certificates to end-users. User signing keys are highly protected, and trying to dispute a cloud signature made using your key under your control is almost impossible.
In terms of law standards, a remotely signed Advanced Electronic Signature or Qualified Electronic Signature is deemed equivalent to or better than a hand-written signature.
We recommend Remote Signing Signatures when only the highest levels of trust and security will do when you’re on the move. Remote Signing provides security and peace of mind even when you’re away from the office.
Remote Signing provides strong interoperability based on industry-standard digital signature techniques (ISO 32000, ISO 19005 and ETSI PAdES formats).
It’s important to choose an e-signature solution that can support your current needs and is flexible enough to support your business’s future requirements.
Want to learn more about the different types of e-signatures and which one is suitable for your business needs? Download our eBook, Choosing the Right Type of e-signature.
Comparison of different types of E-signatures