The Simplest Secure Digital Signature Service in Singapore
Since early last year (2020), the world economy was nudged into transitioning to a more digital-centric approach of running businesses, executing transactions, and conversion of face-to-face (F2F) interactions to cyberspace virtuality. As we transitioned to the more digital approach, numerous business processes had to change or transform – everything from communication between employees to interactions with business partners and customers has been transformed. This necessitated a safe, secure, and hassle-free way of transferring and signing documents without subjecting ourselves to the risks of F2F interactions and virus transmissions. With NDISign’s superior Digital Signature Services here in Singapore, you can expect a simple, fast, and secure way of signing important documents for all your business digital document transactions.
What is an Electronic Signature?
An electronic signature is a digital mark on a digital document - the most common incarnation being an image of a supposed wet signature or a scribble on a sign pad - that is copied or attached in documents requiring a signature of the signee. It’s a mark, sometimes just a checkmark, identified merely by an email address, and sometimes an SMS code sent to a phone number. Makes you think about Identity and Integrity (I2): “Really?”
Unlike the traditional way of using pen and paper to sign documents, electronic signatures involve a different process. After receiving the request for your signature, the person getting the email logs-in (identifies oneself), simply attaches the digital version (an image) of one signature to the digital document (somehow), and by some magic that is supposed to indicate to the recipient that the document has been signed. Again, think about Identity and Integrity (I2): “Really?”
Problems with Electronic Signatures
Although Electronic Signatures do give the perception of an actual signature, it comes with serious security flaws and risks. These risks include the following:
- Identity - The first risk is that electronic signatures can be easily copied. Since it’s usually just in an image format, it opens the possibilities for any stolen signature being used to sign the document. This means that the identity of the signee cannot be validated by the image alone, it might require assurances from a third party or orchestrator, who then again can only rely on an email address and/or mobile number or login credentials which again can be stolen. There is no independent Identity verification.
- Integrity – It is crucially important that when a document is signed, the contents of the signed document are not altered in any way (for example the amount on a check or TT transfer is changed after it is signed). Using electronic signatures in itself does not provide this assurance. And you are dependent on the underlying workflow and secure transport and storage of the document to provide integrity assurances. This risk is really out there, especially when we hear of all the cybercrimes and identity thefts taking place. Ensuring that the document has not been tampered with after you’ve attached your e-signature is almost impossible, without the document itself being enciphered by a trusted Digital Signature after you signed it?
- Storage - Another security risk that common types of e-signatures systems and flows have, is the store account information, the signatures, and documents. Once this model is used, it is open to cyber security risks – nobody can say they are totally safe once they store anything. Databases in the commercial world are routinely breached without detection in many cases. We, therefore, follow a very simple rule “we don’t store – so that they won’t score” so that being hacked and robbed is an inevitability which we are not prone to in terms of any data compromise or loss.
- Account Creation – Another downside of traditional e-signature systems is the requirement to create an account, validate your identity via email and choose or upload your e-signature to the system for future use. This is yet another password you have to keep, remember, keep changing or perhaps forget when you least expect to. The utopia digital world should not have systems that remember accounts and who you are, but rather validate who you are with the highest assurances, only on-demand and when needed (singpass cleverly provides this). Why should you go through another inconvenient process of applying for an access account, signing up, and confirming yourself via email? Did you just give your signature away when you opened an account?
With these risks and downsides mentioned, the current digital landscape is in need of a more secure, hassle-free, and efficient way of signing documents - this is where NDISign’s Digital Signature (via the singpass framework) comes into play.
What is a Digital Signature?
A Digital Signature is very different from an Electronic Signature.
“a digital Signature is a code that is generated with public-key encryption. This uses the certificate identifying the signee in conjunction with a summary of the document. These are then cryptographically computed as a code (the signature) and assembled back into the document. Authentication is via the same public key encryption, and is typically automated when the document is digitally viewed”
Essentially, the Identity of the signee is assured with the issuance of the digital certificate from a highly trusted authority, and the Integrity of the document is assured in part by the digital certificate being enciphered in conjunction with the document being signed. This signature (Digital Signature), is then packaged back into the document – this assures absolute Identity and Integrity (I2).
Digital Signature features include:
- Identity - Digital Signatures contain, among other things the public signing certificate used in the signature process – proving the identifying the signee. In the process which takes place on the mobile phone, the document is actually signed by the private part of the PKI certificate pair (issued by a higher authority and based on ICA records for National Identity). The public part retained in the signature in the document, proves the identity of the signee, and this is instantly counter checked with authority records each time the document is opened or the signature is inspected. If the record does not exist, the signature is simply invalid. Simply peace of mind.
- Integrity – The second half Digital Signatures framework is the preservation of the integrity of the document being signed. The signature, again comprising of many parts is in fact enciphered with the document being signed. This means that you cannot re-use that signature on any other document. It is the act of signing, on your device that generates a unique signature, the combination of your ID with a document ID. The fact that the document is enciphered in the signature means that computationally you can prove that the document is intact (integrity preserved) or in fact altered. This is done by invoking the mechanisms of PKI trapdoor functions (not to go further in detail). Essentially it preserves the Integrity, and this is very quickly and independently verified when the document is opened or the signature is inspected. Additionally, any signature on a fraudulently modified document will seal the proof of the modification and the person who signed it. Simply peace of mind.
- Self Validation - Unlike e-signatures, Digital Signatures on a digital document are automatically identified by trusted PDF viewers, and by default, they validate the underlying signatures on the fly. This is a basic check of the validity of the signee (Identity) via contact with the authority that issued the identity, as well as computational checks of document modification (Integrity) via data stored in the signature and the document. This usually provides a green checkmark when the document is opened. If this feature is turned off or disabled in the viewer – the document can be manually validated in the viewer by inspecting the signature and/or clicking validate (where that function and the viewer is capable of validating Digital Signatures) All this means is there is no 3rd party to explicitly contact when you need assurances of Identity and Integrity (I2). Simply peace of mind.
- Accounts - NDISign’s Digital Signatures does not involve any complex and lengthy account creation processes. NDISign uses your National Digital Identity (which are already provisioned) in your singpass account. Your identity authentication and the signing of any document is done within your Singpass app. Simply peace of mind.
The Best Digital Signature Service in Singapore
NDISign’s approach to digital signatures gives our customers all the benefits of digitally signing documents without actually having to be cumbersome or complex. Our Digital Signature Services here in Singapore make use of your National Digital Identity to give you the most secure, hassle-free, trusted, and efficient digital signing experience.
Our Digital Signature Services caters to everyone’s needs. From individuals to businesses… we have what you require to execute your tasks.
For professionals on-the-go that needs to acknowledge, approve, and receive documents: NDISign’s digital signature services are perfect for you! Always have the ability to sign any document you need anytime, anywhere. Please review for Individuals for the latest features and use cases.
Small Business owners who don't want the "print-wet sign-Scan" hassle
Government agencies or Businesses that require Signatures/Digital, Signatures for Identity Authentication and Document Integrity
Inter party transactions that need digital signing - qoutes, offers, agreements, contract, certificates, receipt, etc...
NDISign gives you the ability to provide your B2B or B2C partners, customers, and internal workflows (employees) a seamless means of applying digital signatures to your digital documents. We give you the flexibility of customization of your signdesk, and the signature canvas (visual) on the documents. Along with a great number of features and use cases, and to be used by everyone you influence, you also have deployment choices of either a hosted signdesk or an in-premise implementation.
Please review for Businessses for the latest features and use cases.
Self service forms or documents retrieved from your website
Automated Surveys - simply add convenience for signing via [sign with singpass] button and signature positioning.
Over The Counter - Assisted signing (swing screen to scan)
Over Video Conference - in a directors meeting, all directors can sign through the glass, in the same session.
Over Video Conference - Instant Proof of identity through glass
Ad Hoc documents - via email, the signing URL can be placed in the email with simple instructions.
SIGN in a RUSH - any divice,