In this blog, we examine whether you have sole control of your eSignature. There are many types of electronic signatures but some of the most commonly used in business are Advanced Electronic Signatures as they are secure, identifiable and in some cases mandated by legislation or policy.
As well as being uniquely linked and capable of identifying the signer, one of the requirements for an Advanced Electronic Signature according to eIDAS is:
The signatory must have sole control of the signature creation data that was used to create the electronic signature.
What is sole control and how can it be achieved?
To have sole control of an electronic signature requires a means of providing a unique identity to the signer that only they have access to. This is usually provided through the use of a unique Public key Infrastructure (PKI) signing key and certificate.
A PKI facilitates the binding of a signer’s identity with a public key, usually through a certificate authority (CA) that creates a certificate and unique key for the user. This process enables the signer to independently verify who they are, when they signed and that no one has altered the document since signing.
Sole control through unique signing keys can be achieved through:
- Remote Signing – User signing keys are held server-side in a secure HSM (Hardware Security Module) or encrypted database
- Local Signing – Signing keys are held locally on a smartcard, USB token or secure software container
- Mobile Signing – Signing keys are held within a mobile’s ‘Secure Element’ hardware
All of these methods ensure that only the user has access to their unique PKI signing key and that the identifiable information and data for this is kept secure to ensure compliance.
Sole control in high-trust industries
For high-trust industries such as banking and government, sole control through the use of signing keys is essential. They prove identities of signers and provide assurance that electronic signatures have been created by the correct person (and not associated with the service provider) and that documents haven’t been modified since being signed.
Ensure sole control of your eSignature with SigningHub
SigningHub implements Advanced Electronic Signatures (AES) using standards-based PKI cryptography. Each user has a unique PKI signing key and associated digital certificate. The certificate acts as the person’s “digital identity” and is embedded in each signature they create – thereby securely binding the signer’s identity to their documents.
The signing key used to create the eSignature is private and remains under the sole control of the owner and is only accessible after appropriate authentication and authorisation checks.
Find out more about SigningHub’s built-in advanced PKI system and our global PKI partners here.