ACS partnership bolsters digital certificate security

Featured

SignFlow has teamed up with Altech Card Solutions to offer Thales hardware security modules to its digital signature customers.

In a move that will see users’ private keys and personal digital certificates receiving a serious security boost, SignFlow has partnered with Altech Card Solutions (ACS), a division of Altron TMT, to offer Thales HSMs (hardware security modules) to digital signature customers.

Using SignFlow’s PKCS#11 cryptographic interface, SignFlow uses Thales NShield Connect HSMs to perform highly specialised cryptographic operations, and to fully manage and secure private keys and personal digital certificates.

Head of digital at SignFlow’s parent company PBSA, Leon can der Merwe, says the partnership with ACS sees SignFlow extending its integration reach to include the Thales NShield range of network attached, FIPS 140-2 Level 3 HSMs.

“Apart from deploying the NShield devices in the highly-secure SignFlow Cloud, we now also offer the NShield range to corporate customers who would like to localise and manage their SignFlow private keys in private data centres.”

The SignFlow HSMs are directly integrated with multiple local and global CA’s (Certificate Authorities) to offer stringent, legally compliant Advanced Electronic Signatures (AES), Qualified Electronic Signatures (QES) and Adobe Approved Trust List (AATL) certificates, which are applied to documents through its digital signature application.

A division of Altron TMT (Pty) Ltd, ACS was formed in 1993 and is today firmly established as a leading player in the secure electronic transactions market.

It is Thales’ established track record in the payments security space and global footprint in hardware and software encryption solutions that makes this partnership so advantageous, says ACS.

SignFlow, an enterprise-class digital signature and document workflow application, was born in a digital era that has seen new business opportunities emerging as paper-based systems are replaced by digital platforms.

SignFlow digital signatures are powered by robust public-key infrastructure (PKI) technology, which is recognised as best practice for ensuring digital accountability. SignFlow digital signatures offer an effective, secure and legally compliant method of providing accountability during electronic transactions.

“Our partnership with ACS will benefit customers across the spectrum – including consumers using SignFlow’s SignFREE to sign documents, businesses using the SignFlow Cloud to distribute documents and government and corporate institutions using SignFlow’s Enterprise Hybrid Servers and Private Network Servers to digitally sign and workflow documents for sign-offs,” says Van der Merwe.

Digital signature technology breakthrough for face-to-face signing

Featured

face to faceThe SignFlow team has made a technological breakthrough that gives users the ability to carry out face-to-face document signing and turn a simple electronic signature into a certifiable digital signature with a full audit trail, on the fly.

Ideal for face-to-face contractual signing, the new SignFlow feature allows users to have documents signed in a face-to-face environment, with a graphical signature that is linked to the signer’s identity, cellphone number and email address. This provides the SignFlow user the opportunity to witness the signature, which – backed by a digital certificate – is 100% legal.

While the use of electronic signatures obtained via mechanisms such as handheld signature pads is commonplace, SignFlow has taken the practice to the next level and is the only solution on the market that takes an e-signature and turns it into a digital signature, with the signer’s information embedded into a digital certificate.

SignFlow Face-to-Face is not just the scribble of a signature with a mouse – it is a fully-fledged, legally certifiable digital signature with all the security and non-repudiation benefits that come with it.

On top of this, the Face-to-Face signature from SignFlow has all the auditing advantages of a digital signature – another area in which it trumps electronic signatures. This means that, after the document has been signed and the PDF downloaded, the audit trail of the person that signed can be seen in the PDF document – allowing the user to validate the person’s signature using Adobe Acrobat.

A digital signature differs fundamentally from an electronic signature. An electronic signature has no active verification capability built into it – nor does it come with a traceable audit trail – leaving it wide open to fraud and repudiation.

A digital signature, on the other hand, is created using a cryptographic operation that creates a hash-code unique to both the signer and the content, so that it cannot be copied, forged or tampered with. In this case there is strong proof of the signer’s identity, and the data integrity of the document is totally protected.

ee publishers – Digital signatures with one click

August 6th, 2014, Published in Articles: EngineerIT

by Hans van de Groenendaal, features editor, EngineerIT

New, ground-breaking technology – called “CoSign Click” – is set to revolutionise how companies “on-board’” new customers. No cumbersome and time-consuming manual process of printing out forms, signing in pen, scanning and uploading or emailing the document.

Leon van der Merwe – Business Development Manager

Co-Sign Click is a digital signature solution which enables a company’s customers to sign on-line documents and forms electronically without them requiring a digital signature or any hardware signing device “Until now, signing electronically with a digital signature was only available to licensed subscribers of digital signature applications,” said Leon van der Merwe, business development manager of Pitney Bowes, the first company to introduce CoSign Click to South Africa.  “This new technology will be a boon for companies requiring customers to provide a once-off signature on a document or form.”

In South African law there are certain statutes that require a signature before a document can be considered valid. If this signature is to be applied electronically, the Electronic Communications and Transaction (ECT) Act of 2002 refers to an “advanced” electronic signature (AeS) and is the only type of electronic signature that is recognised as legally acceptable.

“We have partnered with ARX, a leading provider of digital signatures, to offer a legally compliant solution for digitally signing documents which can then be seamlessly integrated with an electronic document management system.”

There are three areas in which the technology ensures compliance: three “I”s: intent (to sign), identity (of the signer) and integrity (of the document).  After a person electronically signs a document the content of the document is protected. If changes are made to the signed document, the signature will no longer be valid. Digital signatures have become increasingly necessary in today’s international and local business world, as companies strive to automate and streamline their systems. CoSign Click provides a slick alternative to what has historically been a paper-intensive and inefficient process. “No printing or scanning, just a digital process”, said van der Merwe .

CoSign is said to be the most widely used digital signature solution. In 2013 it was recognised as “the strongest digital signature solution” in the Forrester Wave: E-Signatures report. Millions of people at large enterprises, SMBs, governments and cloud services around the world use CoSign every day on their computers and mobile devices to easily add secure digital signatures to documents in Word, Excel, PDF, SharePoint, OpenText, Oracle, Alfresco, Nintex, K2, and many other applications and file formats.

CoSign Click is an add-on component to collect digital signatures from partners, customers and other external parties. Documents that need to be signed are exported directly from existing workflows and securely sent to any external party from the CoSign Click interface. A web-based mobile-ready application is used to sign the document and back directly into the sender’s document management system.

View original article – ee publishers:

http://www.ee.co.za/article/digital-signatures-with-one-click.html

EngineerIT