IgniSign Security Overview
This document is dedicated to elucidating the robust security measures and protocols that IgniSign employs to ensure the integrity, confidentiality, and availability of data processed through our platform. It's tailored for a wide audience, ranging from professionals seeking to integrate IgniSign into their workflows to individuals curious about the security underpinnings of digital signatures. Our goal is to provide a comprehensive understanding of the security features that make IgniSign a trusted partner in digital transactions.
Secure Signature Processing with HSM
At the heart of IgniSign's security architecture is the use of Hardware Security Modules (HSMs) for processing digital signatures. HSMs are dedicated crypto-processors designed to handle cryptographic keys and operations in a tamper-resistant environment. By leveraging HSMs, IgniSign ensures that all signatures are processed securely, with the private keys used for signing never exposed to external environments. This approach significantly mitigates the risk of key compromise and ensures the authenticity of every signature.
Timestamped Audit Logs
Maintaining a reliable audit trail is crucial for verifying the legitimacy of digital transactions. IgniSign's platform automatically generates timestamped audit logs for every action performed, providing an immutable record that includes the time, date, and details of each operation. These logs are essential for compliance purposes and can be instrumental in legal proceedings, offering clear evidence of the signing process.
PKI and Certificate Management
Public Key Infrastructure (PKI) is the foundation of IgniSign's security, enabling secure electronic transactions through the use of digital certificates. PKI provides a framework for encryption, digital signature, and certificate management, ensuring that each signer's identity is verified and authenticated. IgniSign employs a rigorous certificate management process, including the issuance, renewal, and revocation of certificates, to uphold the security and integrity of digital signatures.
Short Term Certificate
Short Term Certificates are a pivotal component of IgniSign's security mechanism. These certificates have a relatively brief validity period, which significantly reduces the window of opportunity for potential misuse or compromise. By employing Short Term Certificates, IgniSign enhances the security of digital signatures, ensuring that each transaction or document signing session is protected by a freshly issued certificate.
Nominative Certificate
Nominative Certificates are issued to verify the identity of individual signers. This kind of sertificate are issued for AES and QES signature levels. Each certificate is uniquely tied to a signer's identity, providing a secure and verifiable way to execute digital signatures. This personalized approach to certificates ensures that every action taken on our platform can be traced back to a verified user, thereby bolstering the integrity of signed documents. The process of obtaining and managing Nominative Certificates is outlined in the Legally Binding section.
Application Grade Certificate
Application Grade Certificates are designed for securing applications by establishing a trusted environment for transactions. These certificates are issued to applications rather than individuals, verifying the authenticity and integrity of the application itself. IgniSign utilizes these certificates sign document with the SES signature level.
Audited PKIs
Our Public Key Infrastructure (PKI) is regularly audited to comply with industry standards and regulations. These audits ensure that our cryptographic practices and certificate management processes are secure and effective. By maintaining an audited PKI, IgniSign guarantees the reliability of our digital signature solutions.
Strict Segregation of Users, Signers and Documents per Organizations, Applications and Environments
IgniSign is committed to providing a secure and customizable signing environment. Our platform supports strict segregation per applications, environments, and levels of signature. This means that data and operations are isolated based on the application environment (e.g., development, staging, production) and the required level of signature security. Such segregation ensures that sensitive information and signing processes are protected according to the specific needs of each application and its environment.
User segregation is a critical component of IgniSign's security strategy, ensuring that data access is strictly controlled and limited to authorized individuals.
This segregation extends to signers, platform users, and end-users, each with defined roles and permissions. By enforcing strict access controls, IgniSign prevents unauthorized access to sensitive information and maintains the confidentiality of the signing process. Explore our Users, Roles, and Rights and Signers documentation for an in-depth understanding of how IgniSign manages user segregation.
Full Privacy Feature
Recognizing the need for enhanced privacy in certain transactions, IgniSign offers a Full Privacy feature that allows documents to be signed without being shared with or stored on the IgniSign platform. This feature is particularly beneficial for documents containing sensitive information, providing an additional layer of security by ensuring that only the signers have access to the document's content. The Full Privacy mode operates within an Embedded integration mode, further emphasizing our commitment to security and privacy. For more details on how to utilize the Full Privacy feature, please refer to our Full Privacy documentation.
In conclusion, IgniSign's comprehensive security measures, from HSM-based signature processing to the Full Privacy feature, demonstrate our unwavering commitment to safeguarding the digital transactions of our users. We invite you to explore the referenced documentation for a deeper understanding of each security aspect and to learn how IgniSign can secure your digital signing processes.