Mobile Signing

Understand the true meaning of mobile signing

Different Approaches to Mobile Signing

Using a mobile device for accessing business systems is now commonplace. The ability to view and digitally sign documents from a mobile device is an essential requirement when choosing a signing platform.   However what is often not understood is that there are different levels of mobile signing, with varying degrees of what is actually performed on the mobile device:

  • Mobile device is used to initiate the signing process – the signing key is located on the server and signature takes place there, however the user initiates the process from their mobile device. SigningHub has easy to use iOS and Android apps for this and you can learn more about them here.
  • Mobile device is used to authorise the signing process – this is where the user’s mobile is sent a One Time Password (OTP) code as a form of authentication – typically using SMS messaging or via native OTP app like Google Authenticator. Again in this mode the user’s signing key is located on the server and signature takes place there. The mobile device is only being used as a second channel for user authentication.  SigningHub again supports this method of user authentication.
  • Mobile device is used to actually sign the document – this is the “truest” form of mobile signing, i.e. the user’s signature key actually resides on the mobile device and the document signature is created on the mobile device. This is an area where SigningHub is particularly strong compared to the competition and is explained below.

True Mobile Signing Feature

In the truest form of mobile signing the user’s private signing key actually resides on the mobile device and therefore under the sole control of the user. This is a highly advanced solution and not many vendors can meet this level of security.   The following diagram illustrates the process:

Diagram

SigningHub is the leading solution in the mobile signing area and can implement the above mobile signing process in a number of different ways:

  • Using specialist readers attached to mobile devices – SigningHub iOS and Android apps can use specialist smartcard readers attached to the mobile device, e.g. the Precise Biometric Tactivo readers act as covers for the mobile device. Such readers allow the user’s same PKI-enabled smartcard to be used with the SigningHub native apps as well as PCs and physical access control systems:

    Untitled-1

  • Uing Entrust® IdentityGuard SmartCredentials app – in this case the user’s private signing key is located in the Entrust app installed on the mobile device. At the time of signing, SigningHub sends a hash of the document to the Entrust app for signing on-board the mobile device (this communication is conducted via the Entrust IdentityGuard solution).
  • Using AET® ConsentID app – in this case the user’s private signing key is on a secure tamper-resistant micro-SD card (or it can even by a secure SIM card). At the time of signing, SigningHub sends a hash of the document to the AET app for signing on-board the secure micro-SD card (this communication is conducted via the AET MSSP Server solution).