Digital Signature Cloud Services

Even in the last century, many enterprises began to massively switch to electronic document management. All had computers with office programs. Documents were often typed in Microsoft Word or other text editors, exported to PDF, sent by e-mail.

It seemed that if the workflow is electronic , then we will soon forget about the cabinets with paper archives, there will not be a single sheet of paper on the desktops. If suddenly a paper document is sent to the organization by regular mail, the artifact will be immediately scanned and converted to digital form. The reality is quite the opposite. It turned out that the more an organization uses computers for digital workflow - the more documents it prints . After all, each document must be endorsed. An unsigned document is just a draft or information note. To get a signature, documents are printed, and then often scan back, keeping the originals in the archive.
')
Now it is clear that truly electronic (paperless) document management can not be implemented without digital signatures.

Today, B2B, B2C companies and government organizations are moving to the introduction of digital signatures for their undeniable advantages:

• Paperless workflow. Save time, money and resources.
• Effective business processes. Signing up electronically makes each transaction a smoother process.
• Mobile features. Interaction within the organization and with customers becomes easier.

Public Key Infrastructure (PKI) ensures integrity and confirms the authorship of each document. Time stamps certify the time of document signing, which is necessary for transactions associated with a specific time, ensuring the impossibility of declining authorship and saving data for auditing. Of course, the entire document management system with digital signatures must meet the necessary requirements in force in the country of jurisdiction, as well as in the countries where partners and customers work.

Gradually, uniform standards for electronic document management and digital signature infrastructure are being developed. For example, in the EU countries from July 1, 2016, eIDAS (electronic IDentification, Authentication and trust Services) standard for electronic identification, authentication and trust services is in effect. In the USA, the standard 21 CFR 11 is adopted.

The world's largest trusted services for electronic documents are Adobe Trusted List (AATL) and Microsoft Root Trust. The certification authorities included in this list issue certificate-based digital identifiers and time stamp services that comply with regulatory requirements in the world, like the eIDAS standard. Electronic signatures are already supported for the most popular office document formats. Including the signature of the document is supported by several persons with time stamps.

What is the Digital Signing Service?

Digital Signing Service (DSS) is a scalable platform with API support for rapid deployment of digital signatures, which provides:

• Digitally signing the hash of any document or digital transaction in the PKI setup
• Issuing a signature certificate
• AATL and Microsoft Root support
• Storage of private keys on the basis of HSM
• Audit review required for audit
• Advanced electronic stamps and, after accreditation, qualified signatures that comply with the eIDAS standard

Theoretically, you can organize a "cloud" service within your own company on your servers, opening up access to the API for users. For example, in the framework of the European project CEF Digital an open-source solution Digital Signature Service ( code on GitHub , demo ) was developed.

For your own DSS service, you need to adjust not only the signature workflow and user management. More signature certificates are required to verify the identity of the author of each document. This includes cryptographic elements such as key management, FIPS level 2 or higher key storage system (for example, hardware tokens or HSM), OCSP or CRL service, and time stamp service. Integrating these components, especially integration with the hardware security module (HSM) directly, whether cloud or local, requires considerable effort from the IT department and information security department, along with good knowledge of cryptography and the availability of the necessary resources.

It is important to consider these hidden costs and investments, as well as limitations and overhead when evaluating digital signature solutions.

Separately, it is worth mentioning that if DSS is critical for an organization, then it should work with a high level of uptime and provide greater bandwidth. That is, you need to design your solution with a certain amount of redundancy - with a margin for the future. And it should be assumed that growth is peculiar to business. The infrastructure must be scalable.

	Digital Signing Service	Traditional implementation
Integration with document signing applications	Through a simple REST API	Requires internal cryptographic expertise for configuration and support
Cryptographic signature components (certificates, OCSP, CRL, time stamps)	Included in the API, do not require advanced knowledge of cryptography or development resources	They go separately, require separate calls from applications and internal development resources to set up
Scalability	High scalability - no additional configuration or integration required	You may need to purchase additional equipment and configuration
High availability and disaster recovery	Delivers through GlobalSign's proven WebTrust infrastructure, with global data centers, redundancy, and the best network security equipment	Requires additional investment in equipment
Managing and Keeping Private Keys	Through the REST API, internal resources or equipment are not used	The client is responsible for managing and storing keys (for example, in the cloud or local HSM)
Signature certificates	Support for signatures of two levels: departments and employees (for example, John Doe, accounting)	Not all solutions support both types of credentials.

Cloud service greatly simplifies the deployment of workflow systems with support for digital signatures. All operations simply go through the API.



Cloud services vary in price and functionality. But they all guarantee flexibility, scalability and high availability. Although the services are paid, they do not need to invest in the development of their own solutions, including purchasing expensive cryptographic equipment.

Who may need a digital signature cloud service? In theory, these are any organizations of any size that develop or commission specially designed applications and intend to either integrate digital signatures there or use an already integrated application.

• Document solutions or application providers who want to integrate digital signatures or stamps. Another option: to offer them to customers as a premium option as a guaranteed protection of documents against forgery. It supports a flexible model: digital signatures can be added as an additional layer or option.
• Companies that want to integrate digital signatures or stamps into their workflow.
• System integrators who introduce digital signatures into existing and new workflow systems.

Ultimately, each organization itself determines which version of DSS is best suited, based on the requirements of the project. It takes into account the requirements of regulatory authorities, and the size of the organization, and other factors, often unique in each case.

---

PROMOTION GLOBALSIGN: Wildcard SSL + 1 YEAR AS A GIFT
Protect all subdomains with one certificate!

Save up to 30 thousand rubles when you buy Wildcard SSL certificate for 2 years!
Promotional Code: WC001HRFR

The promotion is valid for subscribers of the blog GlobalSign until June 15, 2018.

For more information, please contact GlobalSign managers by phone: +7 (499) 678 2210 or by filling out a form on the website indicating the promotional code.