Signing Key Protection
SigningHub uses unique signing keys for every single user and supports all common storage locations for these signing keys. The choice depends on the legal and policy requirements, ease of use and of course cost. SigningHub defines the authorised locations within your enterprise service plan settings. Different options can be selected for different user groups. Alternatively users can select one option for signing when in the office and a different option when signing on the road. See how SigningHub compares:
| Signature Key Location | SigningHub | Other solutions |
|---|---|---|
| Server-held keys – held inside a secure, tamper-resistant, certified, Hardware Security Module (HSM) attached to a SigningHub server; or held in encrypted form in the SigningHub database (software mode). | ||
| Locally-held keys – held on a secure, tamper-resistant, certified smartcard or USB token which is PIN protected or in encrypted form on a software file which is password protected. Accessible on Windows, Mac OS and Linux. | ||
| Mobile-held Keys – held on a mobile device on a secure, tamper-resistant, certified hardware chip or in a secure software app, in both cases password/PIN protected. |
Flexible User Authentication
SigningHub supports all of these methods
No authentication
Ideal when you want to quickly present a document to a user and quickly obtain their e-signature
Username & password
The basic level of user authentication and access control
Two-factor authentication
A popular technique is to send a One Time Password (OTP) to the person’s mobile phone via SMS
External Identity Providers– External identity providers use standard protocols such as SAML, OAuth, OpenID and Radius to confirm a user’s identity. Example identity provider authentication mechanisms include Knowledge Base Access (KBA), mobile authentication, corporate Active Directory authentication, social media authentication and Google Authenticator
Locally-held PKI tokens – The user’s signing key is held within a secure tamper-resistant smartcard or USB token. A good number of countries have issued citizen e-IDs containing PKI signing keys built-in that can be used with SigningHub. Corporate PKI smartcards for physical and logical access control can also be used as can the PIV cards used extensively with the US Federal Agency, Defence and financial organisations
Enterprise Management Control
SigningHub Enterprise is a product that can be deployed quickly and easily on-premise to provide complete control over the branding, configuration and user and system management options and of course full control over the document and all log data.
SigningHub Cloud is a multi-tenanted service that still allows enterprises to keep full control of their branding, internal and external users, signing policies and any tight integration options. SigningHub allows one or more enterprise administrators to be set-up to control the enterprise account in the following ways:
Manage the enterprise profile, branding and perform centralised billing
Invite users to join the enterprise account and manage their roles, rights and default settings, and also remove users from the system when no longer required. The enrolment and removal of user accounts from the SigningHub system can also be automated through API integration with a CRM or ECM business application
Create workflow templates that define who the signatories are, in which order they must sign, where in the document the signature should be placed, their access permissions, legal notices, initials fields, form field assignments and all other low-level parameters associated with the signing process. End-users can then simply select these workflow templates to automate the document preparation stage instead of manual preparing the document each time
Create user groups (such as finance, sales, HR) and publish these to the user community. Any member of the group can open, review and sign a document sent to them. Clever access controls prevent one user trying to work on a document selected by another
Configure the different notification emails and the events for which emails should be sent
Configure the allowed user signing methods, that is server-side signing, local signing or mobile signing, as well as which signature appearance and e-signature drawing options to use
Configure the different notification emails and the events for which emails should be sent.
Manage the central online library of documents and forms for users
Manage configurations related to business application integration on behalf of the enterprise.
Manage configurations that control business application integration
Manage enterprise storage space optimisation
Define and optionally enforce the use of particular signing reasons by end-users when signing
Configure one or more legal notices for the end-user community to use in their signature workflows
Manage trusted certificate filters when using local signing to control which type of user certificates are acceptable for digital signature creation
Manage the enterprise password policy