Skip to main content

Blockchain and Electronic Signatures - A Technical Perspective from IgniSign

· 2 min read
Julien Jenoudet
CEO of IgniSign

Blockchain as a Potential Driver for Electronic Signatures

Blockchain technology, renowned for its immutable nature, presents a compelling case for processing electronic signatures. The immutability of blockchain ensures the integrity of the signed document, while its underlying asymmetric cryptography provides robust security. These features align well with industry standards for both integrity and authentication.

Practical Robustness of Major Blockchains

Major blockchain platforms like Bitcoin and Ethereum have demonstrated considerable robustness, having remained unhacked to date. This track record underscores the potential of blockchain technology in maintaining the security and integrity of electronic signatures.

IgniSign's Choice: Hardware Secure Modules (HSM) in a Private Cloud

Despite the apparent advantages of blockchain, IgniSign has opted for a different approach, leveraging Hardware Secure Modules (HSM) within a private cloud environment. This decision is driven by two primary factors and an additional regulatory consideration:

Time Sensitivity of Electronic Signatures

Electronic signatures are inherently time-sensitive, often requiring processing within seconds. Blockchain platforms, which necessitate block validation for confirming transactions, cannot consistently guarantee this level of promptness. This delay in processing is a significant deterrent in the context of electronic signatures.

Cost-Effectiveness

IgniSign adheres to the philosophy that electronic signatures, even those with high probative value, should be affordable. Blockchain platforms, however, suffer from relatively high and fluctuating transaction costs, which conflicts with our goal of providing cost-effective signature solutions.

Regulatory Compliance in the European Union

Specific to the European Union, the eIDAS regulation mandates the use of HSM for signatures with high probative value. This regulatory requirement further influences our decision to utilize HSM in a private cloud.

Embracing Decentralized Technologies

However, IgniSign remains committed to exploring decentralized / web3 technologies. We leverage IPFS (InterPlanetary File System) for long-term data storage. Moreover, we have patented a method to decentralize part of the electronic signature process using the secure enclave in mobile devices. This strategic approach allows us to balance the benefits of web3's security and integrity with the operational and regulatory demands of electronic signature processing. By integrating both decentralized and traditional technologies, IgniSign continues to innovate in the digital signature landscape, ensuring security, compliance, and cost-effectiveness.

Confidentiality and Integrity in Danksharding with Full Privacy E-Signatures

· 3 min read
Julien Jenoudet
CEO of IgniSign

In the realm of digital security and blockchain technology, the principles of confidentiality, integrity, and authentication stand as foundational pillars.

With the increasing complexity and demands of digital transactions and communications, innovative solutions are essential for maintaining these principles without compromise.

Enter IgniSign, a groundbreaking e-signature platform that not only guarantees the integrity of signed documents but also ensures their confidentiality through a unique full privacy feature.

This feature, leveraging exchanges of hashes, presents a novel approach that could significantly enhance cryptographic commitments in danksharding.

Despite the fundamental differences between e-signatures and cryptographic commitments, IgniSign’s methodology provides a bridge between these concepts, offering robust solutions for blockchain scalability and security.

The Challenge of Confidentiality and Integrity in Blockchain

Blockchain technology, especially Ethereum's proposed danksharding model, seeks to scale the network in a way that balances efficiency with the decentralization of data.

However, a persistent challenge is ensuring the integrity and confidentiality of data—critical for transactions and smart contracts—without sacrificing the network's performance or decentralization.

Cryptographic commitments serve this purpose by allowing data to be verified without revealing its contents, thus maintaining privacy and integrity.

However, integrating these commitments with the necessary assurance of authenticity traditionally required a compromise between confidentiality and verifiability.

IgniSign’s Full Privacy Feature: A Novel Solution

By focusing on the exchanges of hashes rather than the documents themselves, IgniSign ensures the integrity of a document while fully protecting its confidentiality. This method operates under two core principles:

  1. Confidentiality Through Hashes: When a document is signed, IgniSign generates a unique hash of the document’s content. This hash, a fixed-length string of characters, represents the document but does not reveal any of its contents. This ensures that the document's confidentiality is maintained, as only the hash is exchanged or stored on the blockchain, not the document itself.
  2. Guaranteed Integrity: The hash serves as a cryptographic commitment to the document's content. It is computationally infeasible to alter the document without changing the hash. Thus, any exchange or verification process involves only the hashes, ensuring the document’s integrity without compromising its confidentiality.

Bridging the Gap: Cryptographic Commitments and E-Signatures

IgniSign’s innovative approach provides a unique opportunity to bridge the conceptual and functional gap between cryptographic commitments and e-signatures in the context of danksharding. By using IgniSign's methodology, the following advantages can be leveraged within danksharding:

  • Enhanced Privacy and Security: IgniSign can facilitate the creation of cryptographic commitments that ensure the confidentiality of transaction data within shards, enhancing privacy without sacrificing security or integrity.
  • Scalability with Integrity: By maintaining the integrity of data through hash exchanges, IgniSign can contribute to the scalability of blockchain networks. This is achieved by reducing the data load without compromising the verification processes essential for maintaining blockchain integrity.
  • Flexibility and Versatility: IgniSign’s approach is versatile, applicable to various data types and blockchain applications. This flexibility is crucial for danksharding, which requires accommodating diverse transactions and smart contracts.

Conclusion: A New Era of Blockchain Scalability and Security

As blockchain technology continues to evolve, the integration of innovative solutions like IgniSign's full privacy feature with blockchain scalability efforts such as danksharding represents a significant leap forward. IgniSign not only demonstrates the potential for e-signatures to contribute beyond their traditional domain but also highlights the importance of innovative cryptographic techniques in addressing the complex challenges of modern digital transactions and communications.

By ensuring both the confidentiality and integrity of documents in a scalable, decentralized context, IgniSign is contributing to a new era of blockchain security and efficiency.

Keep the Control Over Your Signature Process

· 3 min read
Paul Cayon
CTO of IgniSign

In the digital age, where every transaction, agreement, and contract can be executed electronically, maintaining control and integrity over your signature process is paramount. Ignisign offers a comprehensive suite of features designed to empower organizations to manage their electronic signature processes with precision, security, and flexibility.

Segregation of Signers

One of the foundational aspects of Ignisign is the strict segregation of signers. This feature ensures that users within your organization are managed with a high level of granularity, allowing for a clear delineation between different roles and permissions. Whether you're handling internal documents or engaging with external parties, Ignisign's approach ensures that each signer is uniquely identified and managed within their specific context. This segregation is crucial for maintaining the integrity and confidentiality of the signing process, ensuring that documents are only accessed and signed by authorized parties.

More on Segregation of Signers

Full Privacy Mode

When dealing with sensitive information, privacy is not just a requirement; it's a necessity. Ignisign's Full Privacy mode is designed for documents that require the utmost confidentiality. In this mode, documents are not stored on Ignisign's platform, ensuring that sensitive information remains under your control and is shared only with the signers. This feature is particularly beneficial for legal, financial, and personal documents where privacy is paramount. The Full Privacy mode is a testament to Ignisign's commitment to security and privacy, providing peace of mind for organizations handling sensitive information.

Explore Full Privacy

Signature Profiles

Customization and flexibility are key to adapting the signature process to your organization's needs.

Ignisign's Signature Profiles allow you to define the signature process with precision, tailoring it to meet the specific requirements of each document or transaction.

From simple electronic signatures to advanced and qualified electronic signatures, the platform provides a range of options to match the legal and operational needs of your process.

Signature Profiles are a powerful tool for organizations looking to streamline their signature processes while adhering to legal standards and operational efficiency.

Learn about Signature Profiles

Documents That Can Be Signed

Ignisign's versatility extends to the types of documents that can be signed using the platform.

Whether you're working with PDFs, encrypted PDFs, images convertible to PDF, or Microsoft Word documents, Ignisign supports a wide array of document formats.

This flexibility ensures that your organization can manage electronic signatures across a diverse range of documents, from contracts and agreements to official forms and reports.

By accommodating various document types, Ignisign simplifies the electronic signature process, making it accessible and efficient for organizations of all sizes. Supported Document Types

In conclusion, Ignisign stands as a robust platform for organizations seeking to maintain control over their electronic signature processes.

With features designed for security, privacy, customization, and flexibility, Ignisign empowers technology leaders, developers, and DIY enthusiasts to manage their signature processes with confidence and efficiency.

Whether you're a startup looking to implement an electronic signature solution or an SME aiming to streamline your document management processes, Ignisign offers the tools and features necessary to achieve your objectives with precision and control.

Why Detached E-Signatures Are Superior to Embedded E-Signatures

· 3 min read
Julien Jenoudet
CEO of IgniSign

In the digital age, e-signatures have become a cornerstone of secure and efficient document processing. However, not all e-signature methods are created equal. A closer examination reveals that detached e-signatures, such as those in the XAdES (XML Advanced Electronic Signatures) standard, offer distinct advantages over embedded e-signatures, commonly found in PAdES (PDF Advanced Electronic Signatures) format. This post delves into the inherent benefits of detached e-signatures and the limitations of their embedded counterparts.

The Hidden Complexity of Embedded E-Signatures

Embedded e-signatures might seem simpler on the surface, but this perceived simplicity masks underlying complexities. By integrating the signature directly into the document, embedded e-signatures, like those used by DocuSign or Adobe, alter the original document's content, potentially compromising its integrity and leading to various issues, including:

  • Tampering: Embedding a signature alters the original document, raising questions about the document's authenticity since the e-signature provider effectively tampers with it.
  • Compatibility Issues: The modified document may not be compatible with systems that do not recognize the embedded signature format, limiting its accessibility and usability.
  • Limited Flexibility: Embedded signatures lack flexibility, especially in scenarios requiring multiple signatures or separate management of signatures and documents. They also necessitate placeholders within the document for signatures, complicating the signing process.

The Superiority of Detached E-Signatures

Detached e-signatures offer a solution to these problems by maintaining the original document's integrity and offering greater flexibility and security. Here's why detached e-signatures, as exemplified by the XAdES standard, are superior:

  • Integrity Protection: By not modifying the original document, detached e-signatures ensure the document's authenticity is preserved, safeguarding against tampering.
  • Total Ownership: Detached e-signatures give signers complete control over their signature without reliance on large corporate networks, promoting independence and ownership.
  • Simultaneous Signing: Detached e-signatures allow for concurrent signatures, eliminating the need for a sequential signing process and thereby speeding up document workflows.
  • Versatility: They can sign any file type, including protected (read-only) PDFs, without requiring placeholders or specific document formatting, offering unparalleled flexibility.
  • Universal Verification: Documents signed with detached e-signatures can be easily verified in various PDF viewers, not just Adobe Acrobat Reader, enhancing their accessibility.
  • Compatibility and Flexibility: Since the original document remains unchanged, detached e-signatures are more likely to be compatible with different systems and offer flexibility for scenarios requiring multiple signatures or separate management of signatures and documents.

Conclusion

The choice between detached and embedded e-signatures is not merely a technical preference but a strategic decision impacting document security, integrity, and usability. Detached e-signatures, by preserving the original document's integrity and offering greater flexibility, security, and independence, emerge as the superior choice for individuals and organizations alike.

The Risks of Relying on Simple Electronic Signatures - A Comprehensive Analysis

· 5 min read
Paul Cayon
CTO of IgniSign

The Risks of Relying on Simple Electronic Signatures: A Comprehensive Analysis

In the digital age, the use of electronic signatures has become increasingly prevalent across various sectors due to their convenience and efficiency. However, relying solely on simple electronic signatures—those captured through basic means such as email—can introduce significant legal and operational risks. This comprehensive analysis will explore the vulnerabilities associated with simple electronic signatures, outlining specific examples across different legal contexts, and suggest best practices for mitigating these risks.

Understanding Simple Electronic Signatures

Simple electronic signatures typically involve minimal verification processes, such as an acknowledgment via email. This type lacks the security features of more robust electronic signatures, potentially leading to disputes over authenticity and integrity.

  1. European Union (EU): The EU’s eIDAS regulation recognizes three types of electronic signatures: simple, advanced, and qualified. Each has varying levels of security and legal implications, with simple electronic signatures providing the least legal assurance.

  2. United States (US): The U.S. acknowledges electronic signatures under the ESIGN Act and UETA, validating their use in commerce. However, the enforceability of simple electronic signatures can be challenged under specific conditions.

Authenticity and Identity Verification

Disputes often arise over who actually signed the document when a simple electronic signature is used. This is especially problematic in significant agreements where identity verification is critical.

Integrity of the Document

The lack of features that detect post-signature alterations poses risks to the document's integrity. If changes are made after signing, proving the original consent can be challenging.

Examples of Risks in Various Contexts

  1. Real Estate Transactions: Simple electronic signatures may not fulfill legal requirements for notarization in real estate contracts, leading to potential invalidation.

  2. Intellectual Property Transfers: These agreements require detailed and formal acknowledgment, often necessitating advanced signatures for legal binding.

  3. Legal and Court Documents: Many legal documents must be signed in the presence of a court official or notary, criteria that simple electronic signatures cannot meet.

  4. Healthcare Consents: Medical consent forms typically need to be witnessed, a requirement that cannot be satisfied by simple electronic signatures.

  5. Financial Agreements: Documents like loans and investment contracts often require compliance with regulatory standards that demand more secure electronic signatures.

  6. Corporate Governance: Shareholder agreements and corporate resolutions require transparency and accountability, which simple electronic signatures may not provide.

  7. Environmental Compliance Reports: Regulated industries require auditable signatures for compliance documents, beyond the capability of simple electronic signatures.

  8. Software Licensing Agreements: These often involve critical or enterprise-level software that requires advanced electronic signatures to ensure enforceability and proper use.

  9. Employment Contracts: Contracts involving non-compete or confidentiality clauses require clear consent that might be challenged if signed with a simple electronic signature.

  10. International Agreements: Different jurisdictions may have varying requirements for electronic signatures, leading to potential non-compliance issues in international contracts.

  11. Rental Contracts: Lease agreements for commercial or residential properties in certain jurisdictions require signatures that meet specific legal standards.

  12. Insurance Documents: Policies and claims might need qualified electronic signatures to meet industry regulations and ensure validity.

  13. Construction Contracts: These often require multiple approvals from various stakeholders, including regulatory bodies, necessitating more than simple electronic signatures.

  14. Shareholder and Partnership Agreements: The complex nature of these agreements typically demands a higher level of verification to ensure all parties' clear and informed consent.

  15. Judicial and Official Documents: Some legal documents have specific signing requirements that are not met by simple electronic signatures, potentially leading to legal invalidation.

  16. Non-Disclosure Agreements: Given the sensitivity of the information, NDAs often require secure signatures to protect confidential information effectively.

  17. Consumer Contracts: These may involve detailed disclosures and consent that simple electronic signatures cannot adequately document.

  18. Merger and Acquisition Agreements: The high stakes and complexity of these transactions require advanced electronic signatures to ensure all parties are properly authenticated.

  19. Long-term Service Contracts: For agreements extending over a long period, such as maintenance or IT services, advanced electronic signatures help ensure ongoing validity and compliance.

  20. Regulatory Compliance Documents: Certain sectors require compliance documents to be signed in a manner that can be verified and audited, which simple electronic signatures do not provide.

Best Practices to Mitigate Risks

To minimize the legal and operational risks associated with simple electronic signatures, organizations should:

  • Understand and adhere to the legal requirements specific to their documents and jurisdictions.
  • Employ advanced or qualified electronic signatures for transactions that involve substantial risk or require higher levels of security.
  • Implement robust identity verification processes to enhance the legitimacy of each signature.
  • Educate all parties on the type of electronic signature used and its legal implications to ensure informed

Conclusion

While simple electronic signatures offer convenience, they carry inherent risks that could lead to serious legal and financial repercussions. By understanding appropriate use cases and implementing stronger electronic signature solutions where necessary, organizations can safeguard their operations and ensure that agreements are legally compliant and enforceable.

SMS vs TOTP

· 2 min read
Julien Jenoudet
CEO of IgniSign

In terms of security, TOTP (Time-based One-Time Password) is generally considered more secure than SMS-based 2FA (Two-Factor Authentication). Here's a technical breakdown of why:

Vulnerability to Interception
SMS-based 2FA can be intercepted through various means such as SIM swapping, where an attacker convinces a mobile carrier to switch a phone number to a new SIM card, effectively hijacking SMS messages. Additionally, SMS messages can be intercepted through SS7 (Signaling System No. 7) vulnerabilities in the mobile phone network. TOTP, on the other hand, does not rely on SMS and is generated on the user's device, making it less susceptible to these types of attacks.

Reliance on External Networks
SMS-based 2FA relies on mobile networks and can be affected by network outages or lack of mobile coverage. TOTP does not require a network connection as it uses a software-based token generator, which typically runs on a smartphone or other devices

Time-Sensitivity and Uniqueness
TOTP tokens are only valid for a short period (usually 30 seconds), after which a new token is generated. This makes them less susceptible to replay attacks, where an intercepted code could be used by an attacker. While SMS codes are also typically time-sensitive, the window of opportunity for interception and misuse is potentially larger, especially if the SMS is delayed

Phishing Resistance
TOTPs are more resistant to phishing attacks. Phishing attempts that trick users into revealing their SMS codes can be more effective, as users might perceive SMS as inherently secure. In contrast, TOTPs generated by an app like Google Authenticator or Authy are not as easily phished

Standardization and Control
TOTP is based on a well-defined standard (RFC 6238) and its implementation can be controlled and audited. With SMS, you rely on the security protocols of mobile carriers, which can vary and are not typically transparent to end users or service providers.

However, it's important to note that while TOTP is more secure, it requires users to have a smartphone or a device capable of generating TOTPs, which might not be feasible for all users. In such cases, SMS-based 2FA, despite its weaknesses, still provides a significant security upgrade over basic username/password authentication.

For a technology firm dealing with digital signatures, recommending or implementing TOTP over SMS for 2FA would align with a higher security standard, which is crucial in the context of digital identity and signature verification.