Digital signature on a centralized platform

The digital or electronic signature process requires the use of a signature certificate, which we can use, either personally or as an integral part of a company.
In the latter case, either by our status as a user or as a proxy of it.
From Realsec, we offer all the relevant information in a digital signature process on a centralized platform.


In both cases with a signature digital certificate, we can sign messages, letters, invoices or any other type of document by using the set of electronic data that make up the digital signature, and whenever the process of signing is correct, it will grant legal validity and authenticity to the signed documents since the digital signature constitutes a guarantee of confidence and security that the signed document has not been altered.
However, in order for the digital signature to be legally valid, it must be previously registered before the Certificate Issuing Authority to verify the identity of the applicant for the certificate.
In the same way, for the digital signature to have legal validity, the certificate must be issued by an Accredited Certifying Authority.
In the case of Spain, we have several as the FNMT, CAMERFIRMA and others.


Although a signature certificate can be used for different processes and purposes, the means used to stamp the digital signature in a document does not always have to be the same.
The difference will be determined by the type of signature device or platform to be used.
Regarding this matter, we must never forget that the certificate private key used in the signing process must always be kept in a secure device; by secure device we mean a token, a smartcard, or an HSM.
In addition, we should not forget that the private key of our certificate is our own signature and that the Windows container is not the most secure place to save our private keys because the encryption of our software keys may also be vulnerable. 


The fact that the signature is personal does not imply that it is able, only, to be made by the custom use of a hardware cryptographic device (token or chip card) because there are other secure procedures that enable to guarantee the authenticity of the signatory and what has been signed, without having to carry in our pocket a device that can be lost or stolen and whose management, when it comes to digital signing in a corporate environment, is shown to entail multiple drawbacks.
Experience shows us that when it comes to digital signing in a corporate environment, is not operational due to its complexity and slowness when using this type of devices for the signature just like the many employees/users who carry out signature processes who make use in many cases of the same corporate certificate of company or institutional entity.
Considering that each employee or official has a “Token” Device to sign digitally “one to one” sets a serious operating error as the devices end up getting lost or are stolen which drags along a negative impact on the daily operation until they are replaced by new devices.
Moreover, not to mention the cost of new devices and their impact on productivity.
To solve this problem, there are centralized signature platforms in the market (hardware and software) that are integrated securely with the client post of the signatory and act as a corporate “Big Token” against which users authorized can make their signature processes against the same private key of their personal or corporate certificate, stored and custodied in an HSM (Hardware Security Module), and that can only be accessed by authorized users.
This type of platforms do not have the risk of getting lost, they are easy to manage and they are auditable since they allow the administrator to know who signed, what signed and when it was signed.


The main advantages of using a centralized signature platform, among others, are the following:

  • They enable to manage the private keys of all the signature certificates in a centralized and secure way, including those of empowerment certificates as well as the control of the users accessing to them.
  • Provide tools to control the validity period of the certificates used by the corporation, thus such as expiration, renewal and expiration and facilitate the operation of request for renewal and/or revocation of the certificates.
  • Facilitate access to the private key of certificate from any device.
  • Allow monitoring and control of corporate-level signature operations.
  • Provide a high level of security regarding the protection of private keys of certificates in an HSM (Hardware Security Module) integrated with great storage capacity and key custody.

All of the aforementioned, joined with greater performance in the signing process, make centralized signing platforms the best option to manage and protect the user certificates keys at the corporate level, control its usability and improve productivity and efficiency.
This is how Realsec is involved with the development of security in any field of work.

No Comments

Post a Comment