SigningHub is a global leader in Advanced and Qualified Remote Signing. To help ease your business’s transition from traditional signatures to electronic signatures, the experts at SigningHub have compiled a series of blogs to help you understand the software’s features. This blog, the third in the series, goes in-depth on how to use SigningHub’s advanced features.
SigningHub by Ascertia is a complete e-signature and document workflow solution, available as a cloud service or as an on-premise product for when complete control of your documents is required. Find out how it can help streamline your business processes with this guide on how to use SigningHub.
The final blog in our series on the different types of eSignatures, this deep dive focuses on Cloud Signatures for Remote Signing and the details around this eSignature solution.
Remote working has quickly become the new normal. As global businesses transition to remote channels, we discuss how eSignatures can help facilitate this process.
Many businesses that were initially sceptical have experienced the benefits and many will likely continue with remote working long after it’s necessary.
In an international business environment, signing solutions that work across borders are essential. With approval chains growing, in size and complexity, solutions that save time whilst providing high-security, e-IDAS compliant remote signing are invaluable.
Ensuring secure, remote signing doesn't have to be challenging. In our latest blog, we're discussing cloud signing and the ease of using advanced PKI digital signatures.
Advanced digital signatures require each user to have their own unique signing key. The security of the system then relies on the fact that the user's private signing key is not accessible to anyone else other than the owner.
If implemented properly it allows an independent judge to determine that any digital signatures produced with the user's private key must have been created by the owner and no one else. It ensures the "non-repudiation" property, where signers can't reasonably deny the signatures they have created.
Past digital signature technology was costly and issuing each user with their own private signing key in a secure manner was complex.
Now with the advent of cloud computing and, in particular, cloud Hardware Security Modules (HSMs), the situation has changed dramatically. Today, advanced digital signature technology can be low-cost, easy to use and secure, so that it can be applied to any business use case, even on a mass scale.
There is much confusion between electronic signatures and PKI digital signatures. You can learn more about it here. As a quick note, basic e-signing adds the user's mark on a document and does nothing to protect the integrity of the signed document or to prove that the user actually made that mark.
With PKI digital signatures, cryptographic codes are created using privately-held signing keys under the control of the signer. They ensure data integrity and strong authentication of the user - cryptographically-binding the user's authenticated digital identity to their signed documents.
There are many cloud e-sign providers who simply implement basic electronic signature squiggles on a document with no cryptographic evidence embedded into the signed document to independently prove it was indeed the user who made that mark.
Most high-trust schemes however, require PKI-based digital signatures where each user has their own private signing key. For example:
EU Qualified Signatures - These are recognised as equivalent to handwritten ink signatures in a court of law and require use of unique user keys held in secure cryptographic hardware.
Adobe AATL Signatures - This is a trust scheme run by Adobe for its Reader/Acrobat product range. Similarly, it requires unique user keys and protection of these in secure cryptographic hardware. Adobe software automatically marks signatures as "trusted" if the signing key was certified by an AATL-recognised Certificate Authority (CA).
Traditionally, the protection of the user's private signing key was achieved by storing it within tamper-resistant cryptographic hardware devices, like smartcards and secure USB tokens. These are PIN-protected and kept under the control of their users.
Although there are many examples of e-Trust schemes relying on smartcards/tokens, in particular electronic ID (eID) cards issued by many governments, the general purpose use of these devices has been limited. This is mainly due to:
To overcome this, the industry is moving to server-held signing keys i.e. each user's signing key is managed in a centrally-held HSM. As an example, the new EU eIDAS Regulations allow EU Qualified Signatures to be created using server-held signing keys - as long as they're managed securely. Similarly, Adobe AATL Signatures can be created using server-held keys.
However, before Cloud HSMs deploying a server-side signing solution was complex. Basically, you needed to purchase an HSM appliance and install, configure, patch and maintain these security devices. So, although the complexity of smartcards/USB signing devices was hidden from the end-users perspective by using HSMs, IT departments still had the complexity of managing them.
Today, Azure and Amazon cloud platforms offer cloud HSMs as part of their service. This means you can now deploy an advanced digital signature solution using unique user signing keys with strong hardware-based protection, at a fraction of the cost and complexity compared to an on-premise HSM solution. At the same time, you can also meet the needs of high-trust schemes like Adobe AATL and EU regulations.
SigningHub has extensive support for secure, cloud-based digital signatures which includes:
Choosing the right type of e-signature
for your business
