SigningHub sets the industry benchmark in terms of:

1. Making the process of applying & verifying advanced digital signatures extremely easy. This is the key to high user adoption - the process must be a simple, quick, seamless and enjoyable experience! SigningHub users can review and sign documents from any location, on any device and at any time. Documents are synched across multiple devices so that the latest information is always available.

2. Utilising the most advanced cryptographic security in innovative ways to minimise the complexity for users. As a result, SigningHub can produce the strongest level EU Qualified Signatures that are verifiable and legally enforceable for the long term. You no longer have to choose between security or ease of use – have both!

3. Integrating & embedding the SigningHub functionality easily within your own business application web pages, by using the high-level API so that you remain in complete control of the branding and the user experience.

4. Flexible deployment - choose between SigningHub Enterprise for on-premises deployment, our public SigningHub Cloud service or a privately hosted cloud service.

5. Providing a complete out-of-the-box e-Trust infrastructure, including Certificate Authority (CA), real-time Validation Authority (VA) and Time Stamp Authority (TSA) servers. No other single solution globally can offer this level of functionality! Existing enterprise, internet or national-level trust service providers can also be registered as trust anchors. Adobe CDS and AATL-based signatures are fully supported for automatic trust in Adobe Reader.

6. SigningHub digital signatures can provide Legal enforceability, traceability & accountability by providing strong evidence that electronic documents are 100% protected and signed by a particular person at a specific date & time and without any document changes occurring.

SigningHub is a complete solution for document approval workflows, advanced digital signatures and document status tracking. It is designed to quickly optimize the way businesses deliver, review, approve and sign their business documents.

Paper-based ink signing is no longer an effective tool for document approval in today’s competitive digital business environment. Implementing digital signature services through SigningHub delivers value on many fronts, i.e.

• Increases process efficiency – shortens your sales cycle by signing online & reduces customer drop-off rates when waiting for ink signatures, freeing your staff to do core business rather than chasing papers.

• Cuts paper-related costs – printing, couriering, faxing, scanning, searching for paper documents & archiving are all time-consuming and expensive processes. On top of this ink signatures are insecure and may lead to fraud, compliance failure costs, heavy fines & reputation damage.

• Increases security – ensures that the digital identities of your transacting parties are verified securely and signed documents are cryptographically locked from unauthorized change. Also ensures legal certainty by using an undisputable evidence trail.

• Eliminates errors and re-work – by putting the approval process online SigningHub can prevent documents from being submitted with missing signatures, initials or incomplete form fields.

• Increases visibility – tracks the real-time status of your documents, know with certainty that your documents were indeed received, reviewed and signed by each signatory with the exact date & time each action was performed, based on a trusted time server.

• Provides a great user experience – makes life simpler and saves time for your customers, employees & business partners by doing business smartly. Demonstrates your digital security innovativeness and ultimately increases your brand loyalty.

SigningHub is unique in creating long-term digital signatures using its advanced PKI e-trust services and the latest cloud-based technologies to deliver an easy-to-use and cost-effective solution. Once the trust information for the CAs has been defined, existing keys and certificates from most other PKIs can also be used.

SigningHub’s comprehensive functionality, enterprise or departmental-level signing policy controls and unlimited scalability make it the ideal solution for projects of any size.

So whether you need to sign high-value contracts and agreements with external parties in one or more jurisdictions, or to sign internal management, finance or HR documents for legal compliance, SigningHub is the solution that offers all the flexibility you need to meet all your business needs.

Key benefits of SigningHub:

• Cuts paper signing process costs.

• Increases efficiency, security & legal certainty.

• Creates advanced, long-term & EU Qualified digital signatures.

• Sets up simple & complex approval workflows.

• Tracks document status, and sends notifications & reminders.

• Performs signatures using server-held credentials or locally-held smart cards, USB tokens or smartphones.

• Tightly integrates within your business applications.

• Deploys on-premise or can be used as public/ private cloud service.

• Allows enterprise branding.

SigningHub is a comprehensive digital signature solution, which can quickly optimise the way businesses deliver, review, approve and sign their business documents. Document signing workflow can be initiated by users or business applications. Users may interact directly with the SigningHub web interface or the whole signing functionality can be embedded within your own web application/ portal.

Using the SigningHub interface

1. Upload – The user logs into SigningHub and uploads the document to be signed off. Documents are converted to PDF/A format for long-term rendering and accessibility.

2. Prepare – The user adds signer info, initials fields, legal notices, defines the signing order, etc. Alternatively, the user can select a pre-defined workflow template. Then the user can send the document for sign-off.

3. Notify 1st Recipient – SigningHub notifies the first recipient of their pending signing action via email.

4. Workflow History – The owner can keep track of sign-off status at any time by checking the document workflow history.

5. Notify Owner – SigningHub notifies the owner that the document was signed and also notifies any subsequent recipients of their pending signing action (and step 4 repeats for each recipient in the workflow).

6. Review & Sign – The first recipient logs in and is authenticated using the configured method. Then the recipient must accept any legal notices and complete any mandatory form fields before signing.

At the time of signing, the user creates their e-signature which is then secured with an advanced digital signature using a unique PKI signing key owned by the user. This private signing key can be held securely on the server for the user so that it can be used from anywhere, or locally held on a smartcard/ USB token or on the user’s mobile device.

Embedding SigningHub in your web application

You may already have a web application for interacting with your users. In such cases, your web application is responsible for user login and performing the necessary business-related functions. The only thing required from SigningHub is the ability to present a document to the user and capture the user’s digital signature in a secure and legally binding manner, all from within your web pages. This requirement can be met by using SigningHub in a tightly integrated mode. In “tightly integrated” mode, the SigningHub functionality can be easily embedded within any on-premises or commercial web application by using our high-level RESTful API. The SigningHub functionality is embedded within your webpages using iFrames, this means that the user sees no change to the webpage branding or the Internet browser address bar, in fact, they will not be aware that SigningHub is even involved.

1. Login – The user logs into your web application and performs some business transaction, which requires a signature.

2. Document Presentation – Your web application makes an API call to SigningHub to present the required document inside an iFrame on your web page.

3. User Reviews & Signs – As discussed earlier, the recipient must accept any legal notices, complete any mandatory form fields and then sign (e-signature and/ or advance digital signature).

4. Notify Web App – SigningHub notifies your web application that the user has signed the document and returns the signed document.

The actual signing process is the same as before, so includes support for server-side, local and mobile signing. The only difference is that the user is not aware they are dealing with SigningHub as all the functionality is realized from within your web application. Even the user registration and session login with SigningHub are achieved through the API, so that users may not feel inconvenienced by registering & logging in manually on two separate systems. Other hybrid use cases are also possible, e.g. the business application initiates sign-off workflow but users interact directly within the SigningHub web interface for the actual signing. We term this as “loose integration”. All of these different modes of operation are available regardless of whether you are using SigningHub Cloud or SigningHub Enterprise (i.e. on-premises instance).

SigningHub provides extensive tools for enterprises to manage the enrollment of end-users into the system, as well as their roles, associated rights and default profile settings. These configurations can be performed by one or more Enterprise Administrators, who can be assigned specific privileges on the system. Specifically, SigningHub Enterprise Administrators can:

• Manage the enterprise profile, and branding and perform centralized billing.

• Invite users to join the enterprise and manage their roles/rights & default settings, and also remove users from the system when no longer required. The enrolment and removal of user accounts from the SigningHub system can also be automated through API integration.

• Create workflow templates and link to particular document types. Workflow templates define who the signatories are, in which order they must sign, where in the document the signature should be placed, their access permissions, legal notices, initials fields, form field assignments and all other low-level parameters associated with the signing process. End-users can then simply select these workflow templates to automate the document preparation stage instead of manually preparing the document each time.

• Create user groups and publish these to the user community. User groups allow any member of the group to sign a document sent to that group.

• Configure the different notification emails' subject/content and when such emails should be sent.

• Configure user signing methods, e.g. server-side signing, local signing or mobile signing, as well as signature appearance and e-signature drawing options.

• Manage the central online library of documents and forms for users.

• Manage configurations related to business application integration on behalf of the enterprise.

• Manage enterprise storage space optimization.

• Define and enforce the use of particular signing reasons by end-users when signing.

• Configure one or more legal notices and publish them for the end-user community to use in their signature workflows.

• Manage trusted certificate filters when using local signing (i.e. to control which type of user certificates are acceptable for digital signature creation).

• Manage the enterprise password policy.

• Manage enterprise branding.

Anyone new to this area can be easily confused about what constitutes a signature and how different types of signatures compare in terms of evidential power and legality.

At a basic level, any mark on an electronic document can be used to capture the signer’s intent to approve or accept the contents of that document. The form of the “mark” or how it was created is not important. What is important is proving who made the mark and that the document was not changed subsequently.

Signatures

These involve the signer applying their signature mark on the document which is protected with a cryptographic digital signature. With the signature having eSeal as a level of assurance, the crypto digital signature is created using a server-held signing key, e.g. belonging to the service provider organisation, hence we refer to this as a “witness” digital signature. In SigningHub this witness digital signature is applied every time a signature mark (having eSeal as a level of assurance) is applied by the user and cryptographically binds this mark to the document and protects the document from any subsequent changes, thereby ensuring data integrity. This is a long-term signature that includes a trusted timestamp.

Normally basic e-signature may or may not require the user to be registered and their identity validated as a part of this. Regardless of whether or not users are registered with basic e-signature, the signer’s identity is not verifiable directly from the signed document.

Advanced and qualified e-signature

Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES) are fully supported in SigningHub. AES and QES provide the highest level of trust and assurance because these use unique signing keys for every signer. This directly links the user’s identity to the signed document such that anyone can verify it on their own using an industry-standard PDF reader.

Furthermore, as the signer has sole control of their unique private signing key this ensures non-repudiation, i.e. even the service provider cannot be held responsible for creating the signature. SigningHub complies with eIDAS regulations for AES and QES using locally held credentials, such as a National eID card, or importantly remote signing where the user’s key is held securely, server-side. Remote signing has many benefits including the ability to sign from any machine without the use of specialist devices like smartcards, hardware tokens and readers. The advantage of using AES/QES is that they show exactly who signed the document. QES are a more trusted version of AES because they require the highest levels of security for the protection of the user’s signing key and also a formal registration process for the user to verify their identity by a qualified Certificate Authority. From a legal perspective, QES can be considered even stronger than handwritten signatures as the burden of proof shifts to the signer to prove that they did not sign!

Signing of Microsoft Word Documents

SigningHub also supports the signing of Microsoft Word documents in their native XML format.

SigningHub supports the following signing methods:

Signing methods for web browsers

• Server-side Signing - Crypto keys required for digital signature creation are held securely on the server, and only released for signing after user authentication (single or 2-factor authentication). Any modern web browser can be used for signing.

• Client-side (Local) Signing - Crypto keys required for digital signature creation are held locally by the signatory, e.g. on secure smartcard/ USB tokens or encrypted software files. In this mode, the signatory's browser requires an up-to-date Java Runtime Environment (JRE).

Signing methods for mobile apps

• Server-side Signing - Crypto keys required for digital signature creation are held securely on the server, and only released for signing after user authentication (single or 2-factor authentication). Any modern device can be used for signing.

The use of mobile devices to access business systems has now become commonplace. The ability to view and digitally sign documents from a mobile device is an essential requirement when choosing a signing platform. However what is often not understood is that there are different levels of mobile signing, with varying degrees of what is performed on the mobile device:

• The mobile device is used to initiate the signing process – the signing key is located on the server and the signature takes place there, however, the user initiates the process from their mobile device.

• The mobile device is used to authorize the signing process – this is where the user’s mobile is sent a One-Time Password (OTP) code as a form of authentication.

• The mobile device is used to actually sign the document – this is the true form of mobile signing, i.e. the user’s signature key actually resides on the mobile device and the document signature is created on the mobile device.