With over 7B mobile devices on the planet and cyber-threats at an all-time high, there is increasing market demand for highly secure digital solutions that also provide great user experiences. New regulations – like eIDAS – amplify that demand by creating higher standards for electronic signature compliance.
By providing a common protocol for cloud-based Digital Signatures, the Cloud Signature Consortium will make it possible for industry providers to build experiences that span desktop, mobile and web – and meet market expectations to sign documents anytime, anywhere, and in any application.
Compelling digital experiences are changing the way we interact, entertain, work, and relate to the world around us. Consumers and businesses alike not only expect – but demand – simple and engaging products and services from the technology industry. They want to acquire new capabilities quickly and easily, use them without extensive training, and work with them wherever they are. Unfortunately, today’s most secure methods for signing documents digitally don’t meet these expectations.
With digital signatures, document signing requires the use of a digital ID issued by a trusted certificate provider – which are sometimes delivered online, but more often requires an in-person visit. The key for that digital ID is stored on a secure signature creation device, such as a smart card or USB token that plugs into a desktop computer or laptop. The signing process not only requires specifically-installed software, but is often complicated to use – and can’t be done at all if the signer’s computer or key aren’t immediately available. And because smart cards and tokens can’t easily be used with web applications or mobile devices, choices are extremely limited when it comes to working with popular enterprise web applications (such as Salesforce or Workday), or empowering mobile workers.
Recent regulations – like eIDAS in the European Union – make the need for addressing this gap a critical priority. eIDAS demonstrates a clear preference for digital signatures using these more secure methods. With today’s solutions though, compliant processes can only be built by sacrificing user experience, working with a limited number of business applications, or deploying proprietary solutions that may cause interoperability problems in the future.
The Cloud Signature Consortium was specifically convened to address these shortcomings. Inspired by the eIDAS Regulation, which introduces the idea of “remote signatures”, the Consortium’s goal is to create an actionable specification that turns vision into reality. Remote signature creation devices would replace personal devices under the physical control of the user with a cloud-based service offered and managed by a trusted service provider. While still maintaining the highest levels of security and control, this more flexible approach would make it easy for users to enroll and use certificates online. It would also let providers build elegant, easy-to-use experiences that span desktop, web, and mobile usage so participants can complete signing processes anytime, anywhere, and in any application.
The European Commission has worked hard to bring eIDAS to life. And yet, they realize that enabling broad adoption of digital signatures in Europe will take more than just a regulation. To be successful, they need a complete ecosystem of solutions, technology, and trust service providers that are fully aligned in support of eIDAS requirements. The Consortium’s leadership in developing this standard demonstrates critical industry commitment to the success of digital transformation in Europe as a single digital market.
Digital signatures use Public Key cryptography, which relies on three types of providers to deliver the required technologies and services: solution, technology, and service providers. Solution providers deliver signature platforms and document solutions. Technology providers deliver essential components like authentication technologies, mobile apps, and hardware security modules (HSMs). Service providers act as certificate, registration, or timestamp authorities and assist with compliance validation.
Without a standard, all of these providers are required to build their own proprietary interfaces and protocols. Doing so, creates a dizzying array of compatibility questions and deployment limitations. For digital signatures to gain wide acceptance in the marketplace, users need to be able to initiate – and participate in – signing processes across a broad range of experiences, e.g. productivity applications like Adobe Acrobat Reader and Office applications, and enterprise applications like Salesforce, Workday, Microsoft Dynamics CRM, Ariba, or signature workflow applications. They also need to be able engage through desktop, web, or mobile devices. A cloud-based digital signature standard ensures that providers across the industry can create consistent, interoperable experiences across the full range of user applications and devices.