SigningHub uses true “advanced electronic signatures” to deliver the level of trust and security that customers ask for in a signing solution – unlike some other providers, we don’t use this term just as a marketing phrase! The legal definition is that an advanced electronic signature is one which is:
Signing solutions from the major vendors use one of these approaches:
The following diagram illustrates this point showing a basic e-signature (the blue layer) and a digital signature (the green layer). Most service providers only give you the top blue layer – which offers no security at all; whilst a few vendors add the crypto digital signature green layer – but the issue is that most use a single service provider corporate key to create this digital signature. SigningHub is unique in that is delivers maximum security by not only using the user’s e-signature but then also adding their own digital signature created using their unique signing key:
This table summarises the major differences in the security provided by these different approaches:
|Features||Basic e-Signatures||e-signature + service provider’s digital signature||The SigningHub Approach
e-signature + user’s unique digital signature
|Does the solution prevent copying the signature from one document to another, leading to forged signatures?|
|Does the solution detect any changes to a signed document (e.g. even changing a single character anywhere in the document)?|
|Does the signature by itself give a clear indication of who signed the document (i.e. without having to rely on the service provider to identify the signer)?|
|Is the signature created using a means which is under the sole control of the signatory (this helps to deliver the “non-repudiation” service)?|
Does the signature contain all the legal evidence to allow independent, offline, verification (i.e. no need to ask service provider to verify etc.)?
For signed PDF documents you can quickly determine if your solution is using unique digital signature keys by verifying the document in Adobe® Reader as shown below. Simply click on the e-signature appearance to reveal the name of the actual signer, shown highlighted below. Other solutions show the service provider’s name here as the signer rather than the actual user!
Within the EU the highest signature trust level is called a Qualified Signature. These are the “gold standard” for signatures and as such are automatically recognised as equivalent to hand-written signatures in courts across the EU Member states. Qualified Signatures are similar to advanced electronic signatures however they require the user’s signing key to be held on a hardware-based Secure Signature Creation Device (SSCD), usually a smartcard or USB token, which meets EU-accepted security levels to prevent hacking. Furthermore the user’s digital certificate that uniquely identifies them, must be issued by a Qualified Certificate Authority (CA), these are licensed and recognised by the relevant EU Member State. SigningHub fully supports Qualified Signatures:
|Is the solution capable of supporting Qualified Certificates from any EU recognised Qualified CA?|
|Can it trust certificates from multiple Qualified CAs at the same time to allow cross-border interoperability?|
|Does the solution come with a built-in CA functionality which allows an in-house Qualified CA to be set-up if required? Note to operate a Qualified CA requires the organisation to use a “trustworthy” CA product which has been independently evaluated and certified using the standard: CEN CWA 14167-1.|
When verifying digitally signed PDF documents outside the signing service it is very useful that end-users can trust the digital signatures immediately and avoid seeing messages within their PDF Reader that the signature is valid but the signer’s identity is not trusted. To avoid this issue the signing solution needs to support digital certificates from CAs which are registered as part of the Adobe AATL program. Further details on the AATL program can be found here: http://helpx.adobe.com/acrobat/kb/approved-trust-list2.html
AATL signatures are similar to Qualified Signatures in that they are created using keys and high-trust certificates issued to users on secure hardware devices by AATL member CAs licensed by Adobe. SigningHub also supports all AATL certificates:
|Does the solution support unique per-user AATL certificates?|
|Can the solution use certificates from any AATL CA? Can it support multiple AATL CAs (or other qualified or high-trust CAs) in the same instance?|
|Can the solution use individual server-held AATL certificates (stored in a secure HSM) as well as client-side certificates (stored in smartcard or secure USB tokens)?|
Certificate Authorities (CAs) issue digital certificates to users to prove their online identity. CAs are operated by government bodies, global and national service providers, banks or any other trusted organisation. A large number of high-trust CAs are in operation across the world. It is important that the signing solution recognises these various different trusted authorities to ensure the greatest interoperability for its subscribers. See how SigningHub compares:
|If the signing solution is a cloud-based service, how large is its recognised CA trust list?||250+||Typically 1 (or <5)|
|Can new CAs be registered upon request?|
|Can custom plans be set-up with just those CAs that the customer organisation wants to trusts (rather than the complete list of CAs)?|
|Does the signing solution provide a built-in CA module if the end-users do not have easy access to a public CA?|
|Can an organisation have a private CA that shows their brand name?|
Digital identities have become a part of everyday life. People hold digital IDs based on popular social network sites, bank-issued IDs, corporate IDs and also in many countries government-issued IDs. Each of these provides a different level of assurance as to the real-world identity of the owner. The signing solution must be capable of using any of these identities. Of course if the user doesn’t have any existing identities the solution must implement its own identity validation mechanism. This allows the business to choose the right assurance level corresponding to the risk model for that business process. SigningHub has a pluggable authentication architecture, allowing multiple authentication connectors to be set-up based on business needs. Example user authentication options include:
SigningHub supports all of these methods:
When signing paper documents you implicitly trust the fact that the signature will be verifiable for several years into the future. Similarly in the electronic world, digitally signed documents must be verifiable at a later date. For example, in many jurisdictions and regulated industries, business documents need their authenticity to be verifiable for at least 7 to 10, whilst specialist applications may require verification for 15 or 20+ years. Not all signing solutions are capable of offering a long-term validation capability. This is an area we have invested in heavily by following the latest advanced, long-term digital signature standards as explained below:
|PAdES Part 2||Original PDF standard, ISO 32000-1. Supports embedded signature evidence information for Long-Term Validation (LTV).|
|PAdES Part 4||Corresponds with the latest EU Qualified Signature Standards (CAdES-X-Long and CAdES-A). Unique ability to extend the lifetime of signed documents by embedding additional protective timestamps at a later date.|
|XAdES-X-Long||The XML long-term signature format used for Microsoft Office documents. SigningHub supports this when signing Word documents via the SigningHub Word app.|
|PDF/A||ISO standard (ISO 19005) specifically designed for long-term accessibility and rendering of document with no dependency on external references.|
|IETF LTANS Evidence Record Syntax (ERS)||Long-Term Archive & Notary Service (LTANS) is a set of specifications from the IETF for secure long-term archiving . Ascertia provides both LTANS Server and client functionality and this can be tightly coupled with SigningHub for a complete, long-term secure solution.|
An effective signing solution should also meet these business requirements:
SigningHub uses unique signing keys for every single user and supports all common storage locations for these signing keys. The choice depends on the legal and policy requirements, ease of use and of course cost. SigningHub defines the allowed locations within your enterprise service plan settings. Different options can be selected for different user groups. Alternatively users can select one option for signing when in the office and a different option when signing on the road. See how SigningHub compares:
|Signature Key Location||SigningHub||Other solutions|
|Server-held keys – held inside a secure, tamper-resistant, certified, Hardware Security Module (HSM) attached to SigningHub server; or held in encrypted form in the SigningHub database (software mode).|
|Locally-held keys – held on a secure, tamper-resistant, certified smartcard or USB token which is PIN protected or in encrypted form on a software file which is password protected. Accessible on Windows, Mac OS and Linux.|
|Mobile-held Keys – held on a mobile device on a secure, tamper-resistant, certified hardware chip or in a secure software app, in both cases password/PIN protected.|
A Secure Document Viewer is essential so that user can clearly review what they are about to approve. Within the industry this is called “What You See Is What You Sign” (WYSIWYS) and ensures the user can only sign the document that is presented on the screen. It must not be possible for malicious code to show one thing to the user and get them to sign something else behind the scenes. SigningHub uses a secure document viewer that always shows a flattened image of the document. The user always sees exactly what they are about to sign and always sees what other users have already signed. This is an essential requirement for secure signature and non-repudiation services, the user cannot later claim they did not see the document in its exact final form. The secure viewer also provides data leakage protection options.
In addition to this SigningHub records and embeds a document snapshot at the time of signing within the document itself. With this feature, anyone can see what the document looked like before a particular signature was applied. This prevents signers from claiming they signed a different version of the document. This is a standard feature available within our signed PDF documents, even when verified offline. You can see this option by right-clicking a signature field and then selecting the “view signed version”. A new window opens and shows the document immediately before signing.
All user interactions with SigningHub are conducted over a secure TLS / SSL VPN with the highest security options enabled. All information is encrypted between the web-browser and web-server using AES 256-bit encryption to maintain information privacy. As soon as a document is uploaded to SigningHub it is AES-256 bit encrypted at the application layer before being stored in the database. This ensures that document encryption is not under the control of the database administrator. The decryption keys are not available to any user or operator and SigningHub ensures that only the document owner and any users they authorise can review the document.
When the document is shared for review and signature, the document does not leave SigningHub, instead users are notified via email. They use the service plan authentication method to access and view the document using the SigningHub secure document viewer.
The document owner can define the following rules and permissions either manually or by using a template:
As explained above SigningHub digital signatures contain full evidence information for independent offline verification using Adobe® Reader. In addition to this SigningHub creates a document log. This records all document events together with details of who performed these, at which date/time, the browser type and device operating system and IP address that was used:
SigningHub is also able to capture all screens shown to the user, all document pages viewed by the user before signing, and even a full screen video of the user signing ceremony.
In addition to this SigningHub maintains logs for all user and administrator activity plus system events.
SigningHub Enterprise is a product that can be deployed quickly and easily on-premise to provide complete control over the branding, configuration and user and system management options and of course full control over the document and all log data.< /br>
SigningHub Cloud is a multi-tenanted service that still allows enterprises to keep full control of their branding, internal and external users, signing policies and any tight integration options. SigningHub allows one or more enterprise administrators to be set-up to control the enterprise account in the following ways:
Since security is our forte, we have hardened SigningHub with some of the most secure algorithms and protocols, including:
The SigningHub cryptographic engine has been independently-evaluated and certified to be compliant with the CEN CWA 14167-1. This standard specifies the requirements for trustworthy systems for the issuance and management of EU Qualified Certificates. The SigningHub internal Certificate Authority (CA), OCSP Validation Authority (VA) and Time Stamp authority (TSA) services were all certified. In addition the SigningHub signature creation and verification services are compliant with CEN CWA 14170 and CWA 14171.
SigningHub supports the use of FIPS 140-2 and Common Criteria EAL 4+ certified HSMs, Secure Signature Creation Devices (SSCDs) and Qualified Signature Creation Devices (QSCD) under the new EU eIDAS regulations. We partner with a number of secure hardware vendors including SafeNet, Thales and Utimaco.
SigningHub Cloud is also available as part of the UK Government Software as a Service G-Cloud 6 initiative.
SigningHub Cloud is located in a secure and resilient data centre which has been independently certified under various schemes including:
If required a dedicated SigningHub system can be hosted in a cloud service provider of your choice. Specialist Public Sector cloud services providers work in partnership with us to deliver the solution via the PSN or Internet.
Contact us for further details on any of these security features.