Remote (Cloud) Signing

A cloud signing solution is one where users can digitally sign documents without having any locally installed digital signature but relying on the services of a cloud-hosted signing service.

The user’s digital signing key may also be located in the cloud for complete mobility, i.e. user being able to sign from any internet-connected device (iPad, mobile phones, any laptop etc.). Typically this mean all user keys are held in a secure Hardware Security Module (HSM) located centrally or via encrypted database.

An alternatively use case is where the user must sign via a Secure Signature Creation Device (SSCD) e.g. a secure smartcard or USB token. Even then a cloud service can still be utilised, the cloud signing service can send the document/transaction to the SSCD for local signing. In this scenario the user must have installed the local drivers for the SSCD and have a smartcard reader connected etc.

Ascertia can offer both its ADSS Server (in particular its Go>Sign Service module) as well SigningHub as cloud hosted signing service. See below for further details.

SOLUTION DESCRIPTION

Ascertia caters for cloud signatures in two different ways. The main difference is whether a simple signing/verification capability is required or a complete document workflow solution which can transfer the document to multiple signers as part of a review and approval cycle:

SigningHub

SigningHub.com is our public cloud-hosted instance of the SigningHub product. The product can be licensed for in-house or private cloud service also. For full details of this cloud-signing service visit SigningHub.com. Note SigningHub can cater for both server-side signing, local client-side signing (SSCD) or mobile signing. SigningHub provides ability to workflow the document to multiple users for sign-off purposes and track the document status. Signer’s are notified via email alerts. SigningHub service can be easily integrated within any web application using iFrames.

ADSS Signing Service

In this case individual signatures are produced (i.e. no workflow of the document between multiple parties). The client application can make a web services call to request signing of any document/transaction using PDF, XML, CMS/PKCS#7, PAdES, CAdES or XAdES signatures. The signing key can be held on the server or locally by the user in which case the ADSS Go>Sign Service and applet will be used to interface with the user’s SSCD.

WHY ASCERTIA?

There are very good reasons for choosing Ascertia for cloud signing

Multiple Signature Formats

Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. Whether its PDF, XML, PKCS#7, CMS, S/MIME or PKCS#1 signatures we can sign your business document or transaction.

Long-Term Digital Signatures

Ascertia is a clear leader in creating long-term digital signatures which can be verified many years in the future, an essential requirement for most businesses and governments. We support all the ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.

Multiple Signing in Options

Different applications have different needs for how digital signatures are created. Some require server-side signing with mobile used only for OTP authentication. Others require mobile signing to be done in the mobile devices using certified tamper-resistant hardware chip whilst others even want soft keys managed by the mobile app. Ascertia can offer solutions within any of these methods.

PKI Components

Digital signature creation is only one part of the solution for mobile signing – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in our multi-function ADSS server. All these services are based on leading industry standards including OASIS DSS & DSS/X (signing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation).