SigningHub’s Security Features

Signing Key Protection

SigningHub uses unique signing keys for every single user and supports all common storage locations for these signing keys. The choice depends on the legal and policy requirements, ease of use and of course cost. SigningHub defines the authorised locations within your enterprise service plan settings. Different options can be selected for different user groups. Alternatively users can select one option for signing when in the office and a different option when signing on the road. See how SigningHub compares:

Signature Key Location SigningHub Other solutions
Server-held keys – held inside a secure, tamper-resistant, certified, Hardware Security Module (HSM) attached to a SigningHub server; or held in encrypted form in the SigningHub database (software mode).
Locally-held keys – held on a secure, tamper-resistant, certified smartcard or USB token which is PIN protected or in encrypted form on a software file which is password protected. Accessible on Windows, Mac OS and Linux.
Mobile-held Keys – held on a mobile device on a secure, tamper-resistant, certified hardware chip or in a secure software app, in both cases password/PIN protected.

Flexible User Authentication

SigningHub supports all of these methods

No authentication

Ideal when you want to quickly present a document to a user and quickly obtain their e-signature

Username & password

The basic level of user authentication and access control

Two-factor authentication

A popular technique is to send a One Time Password (OTP) to the person’s mobile phone via SMS

External Identity Providers– External identity providers use standard protocols such as SAML, OAuth, OpenID and Radius to confirm a user’s identity. Example identity provider authentication mechanisms include Knowledge Base Access (KBA), mobile authentication, corporate Active Directory authentication, social media authentication and Google Authenticator

Locally-held PKI tokens – The user’s signing key is held within a secure tamper-resistant smartcard or USB token. A good number of countries have issued citizen e-IDs containing PKI signing keys built-in that can be used with SigningHub. Corporate PKI smartcards for physical and logical access control can also be used as can the PIV cards used extensively with the US Federal Agency, Defence and financial organisations

Enterprise Management Control

SigningHub Enterprise is a product that can be deployed quickly and easily on-premise to provide complete control over the branding, configuration and user and system management options and of course full control over the document and all log data.

SigningHub Cloud is a multi-tenanted service that still allows enterprises to keep full control of their branding, internal and external users, signing policies and any tight integration options. SigningHub allows one or more enterprise administrators to be set-up to control the enterprise account in the following ways:

Manage the enterprise profile, branding and perform centralised billing

Invite users to join the enterprise account and manage their roles, rights and default settings, and also remove users from the system when no longer required. The enrolment and removal of user accounts from the SigningHub system can also be automated through API integration with a CRM or ECM business application

Create workflow templates that define who the signatories are, in which order they must sign, where in the document the signature should be placed, their access permissions, legal notices, initials fields, form field assignments and all other low-level parameters associated with the signing process. End-users can then simply select these workflow templates to automate the document preparation stage instead of manual preparing the document each time

Create user groups (such as finance, sales, HR) and publish these to the user community. Any member of the group can open, review and sign a document sent to them. Clever access controls prevent one user trying to work on a document selected by another

Configure the different notification emails and the events for which emails should be sent

Configure the allowed user signing methods, that is server-side signing, local signing or mobile signing, as well as which signature appearance and e-signature drawing options to use

Configure the different notification emails and the events for which emails should be sent.

Manage the central online library of documents and forms for users

Manage configurations related to business application integration on behalf of the enterprise.

Manage configurations that control business application integration

Manage enterprise storage space optimisation

Define and optionally enforce the use of particular signing reasons by end-users when signing

Configure one or more legal notices for the end-user community to use in their signature workflows

Manage trusted certificate filters when using local signing to control which type of user certificates are acceptable for digital signature creation

Manage the enterprise password policy