Remote Authorised Signing (RAS) is a secure way to create server-side signatures (server held signer key) under the instruction and sole control of the signer. The signatory uses their registered mobile device to authorise the server-side signing action. SigningHub Mobile App authorises the signing intent by digitally signing the authorisation request using a dedicated key pair held in the mobile device’s Secure Element/Enclave.
It offers the best user experience since there is no need for users to handle smart cards/tokens and they can sign using their personal mobile device. The high-trust security offered by SigningHub ensures legal acceptance across the globe. For more details, see how Remote Authorised Signing Works.
Remote signatures are ones where a natural person signs a document by using the online services of a Trust Service Provider (TSP) i.e. ADSS Server, which manages the user’s signing key on behalf of the owner. The responsibilities of ADSS Server include ensuring that the user’s signing key stays under the sole control of the user with a high degree of confidence.
There are clear benefits for organizations and end-users of remote signing:
- No hardware. No need to distribute secure hardware devices (e.g. smart cards/ tokens) to end users: ADSS Server manages signing keys server-side;
- No software. No need for users to install specialist software applications or plug-ins. All users need is a standard browser (including mobile browsers) and an Internet connection to sign from any device at any time;
- Simplified key management. ADSS Server performs all cryptographic key management server-side, and automatically without user involvement, ensuring certificate issuance, certificate revocation and certificate renewal is easy and fast;
- Centralized control. ADSS Server controls all security policy and management ensuring strong security;
- Centralized logging. SigningHub records all user actions performed during a signing operation to provide additional evidence of the user’s actions beyond the signed document itself; and
- Cost-effective. With no reliance on secure smart cards or USB tokens for end users, so the solution is more cost-effective.
These benefits help to ensure a great user experience, lower costs and improved security compared to the traditional smart card/token-based local signing approach.
Step-by-step Configuration Guide
This document details the set-up and configuration based upon Qualified Certificates, and thus creation of Qualified Electronic Signatures. However, the same procedures apply equally to Advanced Electronic Signatures. The only caveat is that for Advanced Electronic Signatures certificates may be issued by any trusted provider but not necessarily one certified to issue Qualified Certificates.
- ADSS Server based configurations
- SigningHub Admin based configurations
- Enterprise Admin based configurations
- Enterprise User (end user) based configurations
After configuring the above mentioned steps, you may start using Remote Authorised Signing.
1 This is a part of the User Registration process. Users can update or verify their respective number at any time. Use either “00” or “+” to dictate international number.
2 Supported OS versions: 6.0+ for Android, and iOS 9.0+ for Apple. Android devices must support fingerprint verification, and conversely, iOS devices, Touch ID, and passcode verification.