Skip to end of metadata
Go to start of metadata

Remote Authorised Signing (RAS) is a secure way to create server-side signatures (server held signer key) under the instruction and sole control of the signer. The signatory uses their registered mobile device to authorise the server-side signing action. SigningHub Mobile App authorises the signing intent by digitally signing the authorisation request using a dedicated key pair held in the mobile device’s Secure Element/Enclave.


It offers the best user experience since there is no need for users to handle smart cards/tokens and they can sign using their personal mobile device. The high-trust security offered by SigningHub ensures legal acceptance across the globe. For more details, see how Remote Authorised Signing Works.


Remote Signatures  

Remote signatures are ones where a natural person signs a document by using the online services of a Trust Service Provider (TSP) i.e. ADSS Server, which manages the user’s signing key on behalf of the owner. The responsibilities of ADSS Server include ensuring that the user’s signing key stays under the sole control of the user with a high degree of confidence.

There are clear benefits for organizations and end-users of remote signing:

  • No hardware. No need to distribute secure hardware devices (e.g. smart cards/ tokens) to end users: ADSS Server manages signing keys server-side;
  • No software. No need for users to install specialist software applications or plug-ins. All users need is a standard browser (including mobile browsers) and an Internet connection to sign from any device at any time;
  • Simplified key management. ADSS Server performs all cryptographic key management server-side, and automatically without user involvement, ensuring certificate issuance, certificate revocation and certificate renewal is easy and fast;
  • Centralized control. ADSS Server controls all security policy and management ensuring strong security;
  • Centralized logging. SigningHub records all user actions performed during a signing operation to provide additional evidence of the user’s actions beyond the signed document itself; and
  • Cost-effective. With no reliance on secure smart cards or USB tokens for end users, so the solution is more cost-effective.

These benefits help to ensure a great user experience, lower costs and improved security compared to the traditional smart card/token-based local signing approach.

Step-by-step Configuration Guide

This document details the set-up and configuration based upon Qualified Certificates, and thus creation of Qualified Electronic Signatures. However, the same procedures apply equally to Advanced Electronic Signatures. The only caveat is that for Advanced Electronic Signatures certificates may be issued by any trusted provider but not necessarily one certified to issue Qualified Certificates. 

  1. ADSS Server based configurations
    1. ADSS SAM Server configurations 
    2. Creation of RAS Profile in ADSS Server
    3. Creation of Certification Profile in ADSS Server
    4. Creation of RA Profile in ADSS Server
    5. Creation of Signing Profile in ADSS Server
  2. SigningHub Admin based configurations
    1. Creation of ADSS Server connector in SigningHub Admin
    2. Creation of RA Profile in SigningHub Admin
    3. Creation of Signing Profile in SigningHub Admin
    4. A Service Plan in SigningHub Admin that supports RAS
  3. Enterprise Admin based configurations
    1. Configuration of RAS in Enterprise User Role
  4. Enterprise User (end user) based configurations
    1. User mobile number1 correctly set in their SigningHub profile 
    2. Installation of SigningHub Mobile App2 on user's mobile device
    3. Mobile Device Registration via SigningHub Mobile App

After configuring the above mentioned steps, you may start using Remote Authorised Signing.

1 This is a part of the User Registration process. Users can update or verify their respective number at any time. Use either “00” or “+” to dictate international number.
2 Supported OS versions: 6.0+ for Android, and iOS 9.0+ for Apple. Android devices must support fingerprint verification, and conversely, iOS devices, Touch ID, and passcode verification.

 

Icon

For more details, see how Remote Authorised Signing Works