Digital Signatures for Documents: HSM Solutions

Request a Quote

Digital Signatures for Organizations Using Automated Document Generation Software

GlobalSign offers a server-based document signing product that is ideal for organizations using an internally developed, or off-the-shelf, automated document generation software to generate and manage large volumes of documents, such as bank statements or financial reports.

This type of solution requires a GlobalSign-issued document signing credential, stored and protected on a Hardware Security Module (HSM), and an automated document generation solution to apply the signatures to the documents. Compatible signing solutions include Adobe LiveCycle, Ascertia DSS, Eldos Secure Black Box, and iText Java/C Sharp.

HSM vs. GlobalSign’s Cloud-based Digital Signing Service

GlobalSign supports two options for organizations using document management systems or workflows with high volume signature needs.

  • HSM – Signing credential is stored on an HSM. Internal PKI expertise is required to configure integration between the HSM and document workflow
  • Digital Signing Service – Signing credential is stored on GlobalSign’s cloud-based HSM so there is no on-premises hardware to manage. Easily integrate with workflows via API or SDK.

The biggest difference between an HSM and the Digital Signing Service is the availability of the cryptographic components you need to deploy digital signatures (e.g., signing certificates, key management, timestamping server, OCSP or CRL service). With HSM deployments, you need to source these components separately and set up your application to make separate calls to each service, which requires internal development resources with advanced cryptography knowledge. The Digital Signing Service includes all of these components in one REST API, so there is minimal development and overhead needed.

Digital Signing
Integration with document signing applications Requires internal cryptographic expertise to configure and maintain Via simple REST API
Signing identities Only organization or department-level identities are supported (e.g., Accounting, Finance) Individual or department-level identities are supported (e.g., John Smith, Accounting)
Scalability May require additional HSM partitions and configuration No additional configuration or integration needed
Document workflow options Integrate a custom built or existing signing workflow using PKCS#11 Easily integrate your signing workflow or use one of our partner's seamlessly integrated workflows
Private key management Customer responsible for sourcing key management Handled by REST API (no internal resources required)
Cryptographic signing components (e.g., Certificates, OCSP, CRL, Timestamping) Sourced separately, require separate calls from application and internal development resources to configure Included in one API, no advanced crypto knowledge or development resources needed

Learn more about the differences between GlobalSign's Digital Signing Service and separately-sourced, HSM deployments in our datasheet.

Digital Signing Service Case Study

“The lending space is very transaction and technology driven, so if we’re going to scale and grow – and this goes beyond just the lending industry - we need to embrace the latest technologies and automate. Integrations like the Digital Signing Service – simple, cloud-based, flexible, no large upfront investments needed – are the future and GlobalSign is leading the way.”
- Randall Nachman, Founder, DocuFirst

Download Case Study

Request an HSM Solutions Quote!

GlobalSign makes it easy to support and manage Enterprise-wide certificate needs from one easy-to-use, secure SaaS-based platform. APIs, Active Directory integration, and MDM connectors simplify and automate deployments. Contact us today!

By requesting a quote, a GlobalSign Product Specialist will contact you.