Uanataca Interactive Signature: Full signature safety guarantee on your business process

Two of the basic premises for IT security are related to confidentiality and access control, critical aspects not always considered in some cases by Trust Service Providers. When it comes to trust, there’s a common belief in the fact information provided to an IT system is not anybody’s concern, thus sometimes necessary protection measures are sometimes not taken.

The present article explains the functionalities of Uanataca Interactive Signature Service, aimed to fulfill the understanding of its main advantage: Signer’s identity security guaranteed throughout the whole process and after its completion. Secondly, main workflow stages regarding API REST service integration are briefly described. API integration allows an easy performance of our Interactive Signature within your company’s systems. Keep reading! 

 

Digital defense: the importance of a secure authentication

When introducing our cardholder data on Internet products/services e-commerce apps or websites, we are normally redirected to secured gateways provided by card issuing banks or payment processing entities like Visa or MasterCard, intended to prevent data is put directly into the application. Likewise, cloud-stored digital certificate access data require the necessary protection to avoid future accessibility via the application itself, thus blocking any chance of fraud. 

For a better explanation of the above described, let’s analyze the following example: John has a cloud-stored digital certificate, intended for internal usage with the company he works for. On the other side, his company uses an application for personnel vacation request management, and actions like electronic signature of documents require each employee’s digital certificate.

John logs into the application to submit his leave permit and then inserts his certificate cloud access credentials for final consent and sign. These credentials could easily remain stored in application cookies, logs, or temporary files. Nothing ensures John a malicious person gets afterward access to his certificate and signs a resignation letter in his behalf!

The generation of mechanisms to ensure secured environments plus prevention against credential-related frauds is a doubtless key factor for organizations due to the increase in the usage of online platforms, as they’ve become an important part of the daily work for professionals.   

Signature Interaction: safe credentials through Uanataca Gateway

A case like explained above could be easily prevented if exists a protection way for user’s cloud-stored certificate access credentials.

Uanataca Interactive Signature service is especially designed to be integrated into corporate systems. The service facilitates the electronic signature of any document with a digital certificate, as shields the operation by providing the signer of a secure gateway for his/her cloud certificate PIN code insertion. Don’t forget this code is the way to access the certificate associated private key, essential to sign any document.

The PIN code validation is tied to the generation of a representative alphanumeric string to be used instead of the code. This way makes possible to continue the signature process by cancelling any possibility of further unauthorized usage of the certificate.  

¿Double authentication factor? Interactive Signature via OTP code

In some scenarios, signing with the highest legal validity requires a double authentication factor. One of them corresponds to the Qualified Signature described in the European Regulation 910/2014 (eIDAS). In this case is not longer necessary to replace signer’s PIN code like mentioned above because the code itself is not enough for triggering the sign action. There must exist, besides the PIN code, a second authentication factor.

An OTP code is a single-use dynamic password. Prior to the formal signature request, it is necessary to generate an OTP code to be immediately sent via SMS to the signer’s phone number, which is included in data inherent to his/her associated certificate. The whole process management relies on Uanataca.

Once the SMS is received, the signer inserts the OTP code into the application along with the rest of credentials, thus proceeding to the document signature. The subsequent post-signature security is totally guaranteed. 

Interactive Signature process through our REST API

The REST API integration to Uanataca’s Interactive Signature service involves the execution of a process that can be summarized in the following stages:

The document to be signed is shown to the signer

In this stage, the signer must read carefully his or her document and approve its signature.

Secure authentication mechanism generation

In this stage, depending on the chosen method, a generated gateway link or an OTP code via SMS are sent to the signer. Both ways will ensure total security in the signature process.

Signature request with all required parameters

Among all parameters to be considered in the API signature request, cloud-stored certificate credentials are mandatory. For the gateway mode, as said, the PIN code will be replaced by an alphanumeric string. In case of the OTP mode, the dynamic password goes along with the PIN code.   

Process completion

The signer is notified the process has finished. Further application actions, like showing or downloading the signed document, can be performed.

The two intermediate stages described above require the execution of REST API requests. Yes, only two API requests make possible the integration to our Interactive Signature service via API!

In conclusion, the Uanataca Interactive Signature offers the chance to add transparency in the execution of a process that otherwise could expose the signing part to an important privacy vulnerability in terms of provided credentials. Integration to our API adapts efficiently to this situation, offering one method or the other depending on the authentication requirements, which in turn depends on the certificates that apply the signatures as well as their background regulation.

In any case, the Interactive Signature will guarantee a person the signature will be applied to a document with no concerns about his or her certificate can afterwards be used by others.

---