One-Shot Signature is a complete solution for the digital signature of documents within your application. It is designed so that no sensitive data has to be sent away from your premises, as only hashes of the documents to be signed need to be transmitted to the signature service.
Documents are signed through the creation of single-use signature certificates, which are created when needed and immediately used to electronically sign all documents included in a given transaction. The digital signature will include a time stamp, proving the existence and integrity of the documents at the time of signature.
The signature procedure is activated with a code sent directly to the signatary by SMS, allowing the end user to complete the signature without requiring the installation of dedicated software.
A valid digital signature requires a certificate, emitted by a trusted a Certification Authority (CA). This certificate is used to establish that the document was signed by a specific entity (in our case, the user) that is known to the CA. Although certificate generation is largely automated within One-Shot Signature, having an idea of what is going on under the hood will help us to better understand its operation.
Within the context of a Public Key Infrastructure (PKI), the entity responsible for registering new digital identities is called a Registration Authority (RA). RA employ Registration Authority Officers (RAO) to add new user identities to the infrastructure and request the creation of new digital signature certificates for its users. Each of these certificates can then be used to digitally sign documents, such as contracts.
In the case of One-Shot Signature, certificates are generated on the spot every time a new set of documents requires a signature. Through the One-Shot Signature API, you will play the role of a RAO, providing identifying data for each user and requesting the generation of signature certificates. Once user registration data has been provided and the certificate is ready to be generated, the end user will receive a One-Time Password (OTP) through an SMS message, which can be used to initiate the generation of the certificate and complete the signature procedure. After a successful signature, you will be able to retrieve the signed documents.
The One-Shot Signature workflow involves the following components:
One-Shot Signature Service: Uanataca's digital signature service, responsible for the actual digital signature.
One-Shot Optimizer: software component of the digital signature solution, it runs on a system under your control and takes care of the manipulation of the documents to be signed, so that no sensitive documents need to leave your network (only hashes of the documents need to be sent to the One-Shot Signature Service).
The One-Shot Optimizer exposes a RESTful HTTP API that allows any application capable of performing HTTP requests to interact with the signature service.
Client Business Application: an application that provides a business-specific service and requires digital signature as part of its operation.
OTP: a One-Time Password token used to simplify the digital signature procedure.
A common workflow involving the One-Shot Signature Service can be summarized by the following image:
