On August 5th Ascertia launches the SigningHub summer '15 release (v6.2). There are a number of enhancements, all aimed at improving the user experience and delivering out-of-the-box integration with common business applications. As usual, all existing SigningHub users will be automatically and seamlessly upgraded.
A quick background: Advanced digital signatures require each user to have their own unique signing key. The security of the system then relies on the fact that the user's private signing key is not accessible to anyone else other than the owner. If implemented properly it allows an independent judge to determine that any digital signatures produced with the user's private key must have been created by the owner and no one else - thereby delivering the "non-repudiation" property where signers can't reasonably deny the signatures they have created.
There is a big change coming in terms of the legal recognition of electronic signatures in Europe. It's the new eIDAS Regulations, which will replace the old 1999 EU Directive on Electronic Signatures. To help you understand the new landscape we have put together a summary of what the new regulations promise in terms of making cross-border trusted communication easier and how we are ensuring our SigningHub platform remains the ideal vehicle for providing trusted online signing services.
The UK government's Cloud First initiative is helping organisations embrace digital document processes. This helps drive efficiencies and reduces the costs associated with ink-signing paper documents, scanning and returning them.
The Cabinet Office GOV.UK Verify project also provides the ability to check someone's trusted identity when they need to authenticate themselves. What is needed are trusted document workflow and signing solutions that make it easy to embrace simplicity with high security and long-term protection against unauthorised or fraudulent changes.
A security advisory was published on 11th November 2014 by Microsoft, describing a security threat that may allow arbitrary code execution by hackers. This vulnerability could allow remote code execution, if an attacker sends carefully crafted packets to a Windows server. This issue lies within Microsoft's SChannel implementation, and has been rated as "Critical" by Microsoft, for all the supported releases of Microsoft Windows. This is a test
Bulk signing is a powerful feature of SigningHub which allows users to digitally sign multiple documents in one go thus saving substantial time in opening the document and signing them one by one. This feature works both when you are using either a local (client-side) signing keys OR server side signing keys.
OpenSSL is one of the most commonly used toolkits to implement PKI services. It is free/open source, regularly updated and comes bundled with Linux. You can also install its binaries on Windows. Although issues in the SSL protocol have been identified in the past, this time most OpenSSL implementations have a critical vulnerability.
Researchers in Codenomicon and Google found the vulnerability inside the OpenSSL implementation code, see this link for more details: CVE-2014-0160. Once exploited, a threat agent can access sensitive information which includes passwords and secure key information. OpenSSL has recently provided a patch to address this vulnerability.
The SigningHub “in-person signing” feature is a new capability that enables a person to electronically sign documents without requiring them:
SigningHub currently enables users to create a combined e-signature with a digital signature. The e-signature part is the hand-signature image displayed on the document, whilst the advanced PKI digital signature is the part that is embedded into the PDF document and is verifiable upon clicking the signature appearance.