There are many types of electronic signatures but some of the most commonly used in business are Advanced Electronic Signatures as they are secure, identifiable and in some cases mandated by legislation or policy.
As well as being uniquely linked and capable of identifying the signer, one of the requirements for an Advanced Electronic Signature according to eIDAS is:
The signatory must have sole control of the signature creation data that was used to create the electronic signature.
What does sole control mean in this context and how can it be achieved?
To have sole control of an electronic signature requires a means of providing a unique identity to the signer that only they have access to. This is usually provided through the use of a unique PKI signing key and certificate.
A Public Key Infrastructure (PKI) facilitates the binding of a signer’s identity with a public key, usually through a certificate authority (CA) that creates a certificate and unique key for the user. This enables the signer to independently verify who they are, when they signed and that nobody has altered the document since signing.
Sole control through unique signing keys can be achieved through:
- Remote Signing – user signing keys are held server-side in a secure HSM (Hardware Security Module) or encrypted database
- Local Signing – signing keys are held locally on a smartcard, USB token or secure software container
- Mobile Signing – signing keys are held within a mobile’s ‘Secure Element’ hardware
All of these methods ensure that only the user has access to their unique PKI signing key and that the identifiable information and data for this is kept secure to ensure compliance.
For high-trust industries such as banking and government, sole control through the use of signing keys is essential to prove identities of signers and to provide assurance that electronic signatures have been created by the correct person (and not associated with the service provider) and that documents haven’t been modified since being signed.
SigningHub implements Advanced Electronic Signatures using standards based PKI cryptography. Each user has a unique PKI signing key and associated digital certificate. The certificate acts as the person’s “digital identity” and is embedded in each signature they create – thereby securely binding the signer’s identity to their documents.
The signing key which is used to create the signature is private and remains under the sole control of the owner and is only accessible after appropriate authentication and authorisation checks.
Find out more about SigningHub’s built-in advanced PKI system and our global PKI partners here.