Understanding the Digital Signature Legality for Polygraph Consent in Australia

How to eSign a document: digital signature legality for Polygraph Consent in Australia

Electronic signatures are transforming the  way organizations get documents signed and   approved by their customers employees  and partners in today's connected world.  Compliant electronic signatures are  accepted across international borders   removing the need for paper this makes  the entire process faster more efficient   and less costly and offers much better security. The type and level of an electronic signature are   categorized differently around the world however  where high trust security and legal acceptability   is required PKI based electronic signatures  are the only effective solution advanced or   qualified electronic signatures require each  user to have their own unique signing key and   certificate with their name indelibly embedded  traditionally these signing Keys have been held   on hardware devices such as smart cards and USB  s creating an electronic signature with such   a device is referred to as local signing. Local signing is widely accepted as a very   secure approach however the process is too arduous  for the general public as it requires the use of   specialized card readers and also software to  be downloaded and installed connecting a card   reader to a mobile device is even harder  making signing from any device anywhere   anytime a challenge with local signing the  more modern cloud-based approach is remote   signing where instead of the signing Keys being  held locally by users they are held securely in   server based systems or secure cloud services  making them usable from any connected device in   Europe the European eIDAS regulation specifically  recognizes remote signing and supports its use for   the creation of remote qualified signatures the  highest trust level for signatures in Europe.  eIDAS and the underlying ETSI/CEN standards  place strict requirements for remote qualified   signature creation devices to achieve formally  eIDAS compliance as Ascertia has taken the   following approach firstly by developing an  ADSS server appliance a tamper protected device   hosting the signature activation module or SAM. The job of the SAMis to authenticate the signers   and get their formal authorization to use their  signing key this is being independently certified   under the common criteria EAL4 + assurance  level against the eIDAS remote signing   protection profile namely en 4 1 9 2 4 1 part 2. Secondly the ADSS server SAM appliance includes an   embedded HSM which is also common criteria EAL4  + certified under the remote signing protection   profile for HSMs namely en 419221 part 5. Access to the user signing keys inside   of the HSM is protected by the SAM. Here's an example of a remote signing workflow the   user initiates a signing operation with a business  application this could be any web application   a government portal Ascertia's SigningHub  solution or other applications like SharePoint.  Users signing request is passed  by the business application to   the Ascertia ADSS server SAM appliance. The SAM then requests a formal authorization   by sending a notification to the user  via their registered mobile device the   user views the authorization request and  approves it by authenticating to their   mobile device behind the scenes a secured  authorization response is sent to the SAM   and this message is signed using an authorization  key stored in the mobile device secure element.  The SAM appliance verifies that the authorization  message is from the users registered mobile device   is signed correctly and corresponds with  the same data plus various other checks.  If all the checks succeed the Sam then instructs  the HSM to release the user's signing key to   perform the signature and this is returned to the  business application using advanced or qualified   remote signing enables any business application  dealing with formal paperwork to now quickly   and easily transform itself to using high trust  electronic signatures on PDF or Word documents. Ascertia is recognized by reputable  analysts as a leader in this field   and has considerable experience of  delivering large-scale solutions with   simple multilingual user interfaces  that anyone can use anywhere anytime   ask us for more information on how remote  signing can transform your business today.