Compelling digital experiences are changing the way we interact, entertain, work, and relate to the world around us. Consumers and businesses alike not only expect – but demand – simple and engaging products and services from the technology industry. They want to acquire new capabilities quickly and easily, use them without extensive training, and work with them wherever they are.
Unfortunately, today’s most secure methods for signing documents digitally don’t meet these expectations. With digital signatures, document signing requires the use of a digital ID issued by a trusted certificate provider – which in many cases, requires an in-person visit. The key for that digital ID is stored on a secure signature creation device, such as a smart card or USB token that plugs into a desktop computer or laptop. The signing process not only requires specifically-installed software, but is often complicated to use – and can’t be done at all if the signer’s computer or key aren’t immediately available. And because smart cards and tokens can’t easily be used with web applications or mobile devices, choices are extremely limited when it comes to working with popular enterprise web applications (such as Salesforce or Workday), or empowering mobile workers.
Recent regulations – like eIDAS in the European Union – make the need for addressing this gap a critical priority. eIDAS demonstrates a clear preference for digital signatures using these more secure methods. With today’s solutions though, compliant processes can only be built by sacrificing user experience, working with a limited number of business applications, or deploying proprietary solutions that may cause interoperability problems in the future.
The Cloud Signature Consortium was specifically convened to address these shortcomings. Inspired by the eIDAS Regulation, which introduces the idea of “remote signatures”, the Consortium’s goal is to create an actionable specification that turns vision into reality. Remote signature creation devices would replace personal devices under the physical control of the user with a cloud-based service offered and managed by a trusted service provider. While still maintaining the highest levels of security and control, this more flexible approach would make it easy for users to enroll and use certificates online. Most importantly, it would also let providers build elegant, easy-to-use experiences that span desktop, web, and mobile usage so participants can complete signing processes anytime, anywhere, and in any application.