SigningCloud Offers Tamper-Proof Online Digital Signatures For M’sians
In business, a legal document could make or break the business. Contracts, nondisclosure agreements (NDA) and even intellectual property rights (IP) require signatures from key people in the business.
With COVID-19’s looming concerns and the focus on social distancing, meeting with the people involved and having them sign the documents may not be as convenient and secure.
And one way to do this is to introduce electronic signatures of documents within the company. Although this simple online signature method is practical, did you know that electronic signatures (electronic signatures) can be altered after signing?
“The electronic signature cannot provide tamper-proof security, which means that if someone divert your email and changes the content of the signed document, you can’t detect it Said Edward Law, CEO, co-founder and director of Securemetric.
Example of scenario n ° 1: You have just signed a contract via e-signature. But the other party suddenly decides to go back on its word. They argue that the electronic signature is not really yours and are writing a new contract because there is no evidence that you personally signed the contract.
Example scenario 2: You have an electronic signature application with your signature saved on your phone. An attacker could open the application and sign an essential document without your consent. The moment you find out, the damage is done. How can you say that the signature is not yours when you signed it?
These scenarios are examples of why digital signatures exist. It is a convenient and safer way to sign important documents online without wasting time and material compared to traditional signatures.
Securemetric, a Malaysian company specializing in digital security, wishes to introduce SigningCloud, a new platform allowing companies to digitally sign documents online.
Digital signature VS electronic signature
Although the two terms are used interchangeably, there are some differences between them in terms of security.
The electronic signature can be considered as a simple image pasted on the original document. But as mentioned, it could be altered.
Note: In electronic signatures, even a simple “x” on the dotted line will do the trick, but can it have legal value in the event of a dispute?
As for a digital signature, it has more security features that prevent it from being altered after signing.
The falsification of a digital signature is almost impossible since all cryptographic operations are carried out in a secure environment. Falsifying a handwritten signature is easier than that.
Edward Law, CEO, co-founder and director of Securemetric
But what exactly secures the digital signature?
A digital signature is based on four key pillars of security:
Before the person even signs, they must first be authenticated to show that they are the intended signatory. This is generally done via two-factor authentication (2FA) or biometric analyzes, such as codes sent by SMS, fingerprints or facial recognition on a mobile phone.
When signing a legal document, the person must complete an eKYC beforehand, which will perform MyKad and facial verification.
The documents and the communication between the parties are all encrypted so that only the owners and authorized signatories can consult them.
A digitally signed document will be a cryptographic fingerprint which is inviolable. If someone tries to edit the document after signing, it can be detected by any tools that can verify the PDF signature, such as Adobe Acrobat Reader and Foxit Reader.
This means that after all parties have signed a legal document, they cannot deny having signed it.
When signing a document via SigningCloud, the document will receive digital identification by a trusted neutral party known as the Certification Authority (CA) which is authorized by MCMC under Malaysian digital signature law. 1997.
The CA also holds all evidence of the signature and if the matter goes to court, the CA may be called to testify.
To use SigningCloud, simply register your account and download the application (available on Google Play Store and Apple App Store) on your mobile device or tablet.
This will allow you to sign anywhere and anytime without worry. In addition to that, SigningCloud also offers some additional features that set them apart from the rest.
Why use SigningCloud?
Edward says that SigningCloud is the first publicly accessible digital signature platform in Malaysia to support multiple licensed CAs. They integrated support to Raffcom and Trustgate, with the 3rd CA to come.
Raffcom is a local company providing IT and technology services and they obtained their CA license in 2018. As for Trustgate, it is a company providing Internet security products and services and they obtained their CA license in 2000.
“Imagine before signing Cloud, you can only digitally sign using a chosen certification authority because suppliers only lock their option with one certification authority.”
As to why having multiple COs is important, Edward said it allows clients to choose the AC they prefer depending on their services and prices.
SigningCloud also works on a pay-per-use basis for legal documents. But if you only sign internal company documents, they have a monthly subscription plan.
Depending on the size of your business and the value you place on corporate tamper-evident documents, you can opt for plans with varying monthly subscription fees.
Unlike other sites or online applications that you have used in the past to sign documents, SigningCloud supports and respects Malaysian Digital Signature Act, 1997 (DSA 1997).
The 1997 DSA is overseen by the Malaysian Communications and Multimedia Commission (MCMC) and the law ensures that digital signatures in Malaysia are regulated.
Last but not least, with digital signatures, your company will not have to waste resources to print, manage or store documents because everything is stored on a secure cloud server.
A company with a proven track record
Securemetric was incorporated in 2007 and since then has expanded across SEA, with offices in Indonesia, Singapore, Vietnam and the Philippines.
The company is also one of the main players in digital security by offering services such as software license protection, public key infrastructure (PKI system) and cryptography.
They have implemented PKI systems at national level for more than 4 SEE countries.
And they also managed large clients such as Lazada and implemented authentication solutions for MyEG, PLC, banks and government agencies.
The company has also won numerous awards in the past. One of their latest awards is the The best in security awards for their authentication and public key infrastructure products from Cybersecurity Malaysia and MSC APICTA.
As for why they are focusing on digital signatures, Edward revealed that it was on their roadmap and one of the main reasons they decided to go public. The IPO then enabled them to raise funds and invest in R&D.
With the additional engineering capacity allowed to them via IPO, they succeeded in shortening the development time in the creation of SigningCloud.
Featured Image Credit: Securemetric
Our sincere thanks to