Building Digital Signatures into Document Platforms – Don’t DIY, Take It to the Cloud

Regulations like eIDASFDA CFR 21 Part 11, and US state architecture and engineering requirements are putting a spotlight on the need for trust and identity in electronic transactions. As a result, the demand for trusted, high assurance digital signatures has never been higher and companies are turning to, and expecting, their document workflow or digital transaction management providers to offer this capability directly within their existing platforms.

The customers want Trusted Digital Signatures; the service providers want to provide them…but how to do it? For years, the most common option for adding digital signatures into a document platform was to piece together the complex cryptographic components you’d need and basically build the integration in-house. Those components include:

  • The signing certificates – issued to the verified signers’ identities, these are used to apply the signature.
  • Revocation services (e.g. OCSP, CRL) – these check the status/validity of the signing certificates
  • Timestamping services – rather than relying on the local system clock, a third party timestamp can be embedded in the signature to provide greater assurance about when the signature was actually applied. This is not technically required to apply a digital signature, but is often needed to meet industry, legal or other regulatory compliance.
  • Cryptographic hardware - (usually hardware security modules [HSMs] either located and maintained on-premises or hosted by a third party) for storing and protecting the private keys of the signers.
  • Staff with cryptographic and PKI expertise - to set up and maintain the integrations and hardware.

Each of these components would need to be separately sourced with separate API calls back to your platform each time a signature is applied (see example diagram below). And this requires good cryptographic knowledge to set this up.

A cloud-based service can deliver all the components you need to easily deploy digital signatures in your platform without any upfront hardware investment or complex development, while also providing scalability and flexibility and assuring compliance and security. GlobalSign’s new Digital Signing Service (DSS) does exactly this – providing everything you need to integrate digital signatures with one REST API call. There is no need to separately source and set up individual integrations for everything back to your platform. We are truly changing how to enable digital signature capabilities in any workflow offering.

It simplifies the integration between the cryptographic components and your platform, which saves internal development resources and eliminates the need for internal PKI expertise, the cloud-based DSS also offers greater flexibility with signing identities, allows for future growth and scaling. Removes the responsibility of private key management from the service provider, ensures high availability by default and keeps you in line with the latest best practices/baseline requirements. 

The value of integrating digital signatures into your document platform is clear – make it easy for your customers to add trusted, compliant signatures to their workflows – but you shouldn’t have to be a PKI or crypto expert to be able to do so.