Digital Signatures for Documents: HSM Solutions

Digital Signatures for Organizations Using Automated Document Generation Software

GlobalSign offers a server-based document signing product that is ideal for organizations using an internally developed or off-the-shelf automated document generation software to generate and manage large volumes of documents, such as bank statements or financial reports.

This type of solution requires a GlobalSign-issued document signing credential, stored and protected on a Hardware Security Module (HSM), and an automated document generation solution to apply the signatures to the documents. Compatible signing solutions include Adobe LiveCycle, Ascertia DSS, Eldos Secure Black Box, and iText Java/C Sharp.

HSM vs. GlobalSign’s Cloud-based Digital Signing Service

GlobalSign supports two options for organizations using document management systems or workflows with high volume signature needs.

  • HSM – Signing credential is stored on an HSM. Internal PKI expertise is required to configure integration between the HSM and document workflow.

  • Digital Signing Service – Signing credential is stored on GlobalSign’s cloud-based HSM so there is no on-premises hardware to manage. Easily integrate with workflows via API or SDK.

The biggest difference between an HSM and the Digital Signing Service is the availability of the cryptographic components you need to deploy digital signatures (e.g., signing certificates, key management, timestamping server, OCSP or CRL service). With HSM deployments, you need to source these components separately and set up your application to make separate calls to each service, which requires internal development resources with advanced cryptography knowledge. The Digital Signing Service includes all of these components in one REST API, so there is minimal development and overhead needed.


HSM Deployment Digital Signing Service
Features
Integration with document signing applications Requires internal cryptographic expertise to configure and maintain Via simple REST API
Signing identities

Only organization- or department-level identities are supported (e.g., Accounting, Finance)

Individual or department-level identities are supported (e.g., John Smith, Accounting)
Scalability May require additional HSM partitions and configuration No additional configuration or integration needed
Document workflow options Build a custom signing workflow or integrate with Adobe LiveCycle, Ascertia DSS, Eldos Secure Black Box, and iText Java/C Sharp Seamless integration with growing list of partners, including Ascertia and Odyssey
Private key management Customer responsible for sourcing key management Handled by REST API (no internal resources required)
Cryptographic signing components (e.g., certificates, OCSP, CRL, timestamping) Sourced separately, require separate calls from application and internal development resources to configure Included in one API, no advanced crypto knowledge or development resources needed
 
 

HSM-based Signing Solution Case Study

Using GlobalSign’s HSM PDF Signing solution, we were able to create a custom web application so sales agents can produce digitally signed, timestamped documents instantly from the road. The turn-around time from policy application to issuance has been reduced significantly.” - Stuart Smith, SVP Information Systems, Columbian Mutual Life Insurance Company

Read Case Study

Next Steps

Get a quote for HSM-based document signing