Document E-signature and Encryption Services FAQs

• Core Questions
• Contract Signing
• Document Signing
• Document CoSigning
• Document Encryption
• E-sign Management
• Signing Certificate
• E-sign API Call
• E-Signature System
• Other Questions

• 1. There are 2 different editions of document e-signature and encryption services. What are the differences?

  +

  Document e-signature and encryption services provide users with three different service editions: Starter Edition, Professional Edition. At the same time, they are divided into personal service and business service according to different user types. The specific differences are:

  1. (1) Starter Edition: Only provide users with Adobe global trusted PDF signing certificate with USB Token for digital signature. Document digital signature service is not included. Users can use the digital signature function provided by Adobe Reader to use this certificate digitally sign PDF documents.
  2. (2) Professional Edition: Provide users with Contract E-signature Services. User can use MeSign APP to initiate contract signing, sign process control and management, and sign contracts. And provide users and contract signers with Adobe global trusted PDF signing certificate, this certificate is stored securely in MeSign Key Management System in the cloud for users to call on demand. There is no limit to the number of initiating contracts signing and signing contracts including the free timestamping service.

     Provide users with Document D-signature Service is added. Users can use MeSign APP to digitally sign PDF documents locally using Adobe trusted PDF signing certificate, provide single document signing and encryption services, and multi-party co-signing service. The number of digital signatures for PDF documents is unlimited including the free timestamping service.

• 2. Why is it necessary to digitally signed, encrypted and timestamped the electronic documents?

  +

  At present, almost all PDF documents were not digitally signed, and some documents may have an electronic stamp or signature. These documents without digital signatures are untrustworthy documents, because anyone can easily pretend to be an organization and post the same types of documents, even counterfeit and tampering with the official documents issued by the government. How to ensure the trust of the publishers’ identity of electronic documents? This is not only a compliance issue, but also a huge security risk, which can easily make people to be deceived, lost money and even lost lives. This is the problem that should be solved in the project of digital transformation of management.

  At present, the only feasible solution is to use digital signatures on electronic documents to ensure that the identity of the document publisher is trusted, and to ensure that the document will not be illegally tampered with or counterfeited. Digital signature is to use a digital certificate to validate the identity of the signer and bind the signer's identity to the document through a cryptographic algorithm to prove the non-repudiation of the signing behavior. The signed document does not need to include the audit report for the signing process, and the identity validation of the signer was completed by a Certificate Authority (CA) or a Trusted Service Provider (TSP).

  Document D-signature can certify the identity of the document publisher is trusted and prevent the illegal tampering issues. However, it is necessary to use certificate to encrypt the confidential documents to ensure the document security. It is because the user’s encrypting certificate is unable to obtain for illegal user, even though the electronic document has been leaked, the electronic documents cannot be legally used by anyone. This is why Article 34 of the GDPR states that as long as it is encrypted, the liability can be reduced in data leakage incidents.

  One of the supported services for Document D-signature is the timestamping service. The default time in electronic documents is obtained from the user’s computer time, this time is untrusted which can be modified. Therefore, the release time of the important documents, including electronic contract signing time, all need to have an authoritative time that cannot be tampered with to prove the signed time of the document is trusted. MeSign Document D-signature service provides by MeSign APP is supported by the free authoritative time-stamping service which is trusted by Adobe Reader globally, to ensure that the document signing time is trusted, and cannot be counterfeited, repudiated and tampered with.

• 3. What are the special advantages of MeSign Document Digital Signature Service compared with other similar services?

  +

  MeSign Document Digital Signature Service has the following eight unique advantages, and one of the biggest advantages is the global trust of all signed documents, and the second advantage is the protection of user privacy, not uploading the user’s document to be signed to the signature platform. Specifically:

  1. (1) Local e-signing tool
     MeSign APP, a local e-signing tool in user’s computer, make the two traditional paper office work - letters and documents completely paperless and trusted, and integrate email signing, document signing and e-contract signing seamlessly into one APP, this solution perfectly meets the most office work need for office business processing and administrative offices. This perfect solution is unique in the world.
  2. (2) Global trusted e-signature
     Whether Contract E-signature service or Document D-signature service, the authentic identity of each signer will be validated by trusted third-party CA in accordance with international standards and MeSign CPS. Not only is the identity of the signer trusted, but also each PDF signing certificate used for digital signatures contains signer identity information is trusted globally by Adobe.
  3. (3) E-signature is non-repudiation
     Whether Document D-signature or Contract E-signature, users need to explicitly agree to sign when using the E-sign function to sign documents and sign contracts, and the e-contract signing process control based on email transmission ensures Contract E-signature process and signing behavior of the parties are auditable that each signer need to enter the consent signing password when signing. Document D-signature and Contract E-signature use digital certificate signature technology and timestamp signature technology to ensure that the consent to signing behavior is non-repudiation. If the contract signing party does not use the MeSign APP, the user clicks the consent signing button in the contract when after receiving the Contract E-signature email and also need to enter the consent signing password, which also guarantees that the Contract E-signature act is the act of the signer.
  4. (4) Global legal effect
     Signed contracts and documents are digitally signed using Adobe global trusted digital certificates. According to the electronic signature laws and regulations of countries around the world, the e-contracts and e-documents signed by MeSign Digital Signature Service have legal effect in the world. At the same time, our e-signing service system will automatically add the signing reason for each signed contract, clearly stating that each contract signatory acknowledges that the signed contract has legal effect. The same solution for e-document signing clearly indicates that the document e-signature complies with the relevant laws and regulations and has the same legal effect as the handwritten signature of the paper document.
  5. (5) Protection of privacy and confidentiality
     Use MeSign APP to sign e-contracts and sign e-documents, we do not submit the files to be signed to the cloud e-signing platform, all e-signing operation is done locally in MeSign APP on the user's computer, effectively protecting the personal privacy and business secret in the contracts and documents, unlike other e-signature platforms that require users upload original contract file to their e-signature platform. Similarly, we do not provide contract management and contract archiving services to protect the user’s privacy and secret in the contract. The signed contracts and documents are stored in the user’s mailbox securely and encrypted, ensuring that we don’t have the contract files and document file.
  6. (6) Read and e-signature validated
     The user has completed the e-signature verification when opening the signed PDF file for reading with Adobe Reader, and the first line of Adobe Reader will display "Signed and all signatures are valid" (signed contract) or directly display the authentic identity of the signer (signed document), greatly facilitates all relevant parties (document user, contract signer and relying party) to directly verify whether the signature is valid. Unlike other e-contract signing service providers that require user upload signed contract to a verification system to verify the signature to get a verification report. Our solution is not only for the convenience of users, but also for the protection of user’s contract secret that it is impossible to disclose to the e-signature platform.
  7. (7) Watermark anti-leakage protection
     When the contract is initiated, the email of the party to be signed is inserted as watermark into the contract file as an anti-screenshot and anti-photo protection, which can effectively track the path of leakage of confidential information in the contract and reduce the risk of leakage of the confidential information . This protection measure is more secure than the traditional paper contract signing, and effectively solves the risk of the paper contract information being leaked by photocopying. Watermark protection can also be selected for encrypted documents to prevent illegal screenshots and photos from being leaked.
  8. (8) Automatic configuration of signing certificate
     Digital certificate signature technology is used to sign PDF files, but users do not need to apply for a PDF signing certificate from CA. They only need to use the MeSign APP to automatically complete the digital signature of contracts and documents. MeSign APP will automatically configure a signing certificate for each user for digital signature. The signed documents and contracts are countersigned with Adobe trusted timestamp signature, proving the signing time credibility of each contract and document signature, and supporting Adobe LTV (Long Term Validity) to ensure that the signature of the signed contracts and documents are still valid for a long time even if the signing certificate expires.

• 4. What are the differences between electronic signature and digital signature? Why does MeSign use digital signatures only?

  +

  Electronic Signature (or e-signature) is a broad term referring to any electronic process that indicates acceptance of an agreement or a record. Typical e-signature solutions use common electronic authentication methods to verify signer identity, such as an email address, a corporate ID, or a phone PIN. If increased security is needed, multifactor authentication may be used. The best e-signature solutions demonstrate proof of signing using a secure process that includes an audit trail along with the final document.

  But, if the user sets to use the graphic of the handwritten signature, electronic signature has a problem that it is impossible to verify whether the graphic of the handwritten signature is indeed the signature of the signer. The signing parties of the contract only either trust the signature graphic or verify the authenticity of the signature graphic by other means. This is the deficiency of the electronic signature.

  Digital Signature is one specific type of electronic signature, which is an improved and more reliable electronic signature. Digital signature use certificate-based digital IDs to authenticate signer identity and demonstrate proof of signing by binding each signature to the document with encryption, there is no need to include an audit trail along with the final document. The signer’s identity validation occurs through trusted certificate authorities (CAs) or trust service providers (TSPs).

  At present, the most popular service providers, such as DocuSign and Adobe Sign use electronic signatures to sign the contracts online. The signing parties can complete the contract signing on the platform after finishing the email verification. But in order to ensure that the signed electronic contract files will not be tampered with, then the signed documents need to be digitally signed by the PDF signing certificate of the service provider. That is to say, the signing platform does not use the signer’s digital certificate to sign the documents. According to the electronic signature laws in some countries, electronic contracts signed with electronic signatures have legal effect. According to EU and Chinese electronic signature law, only the digital signature method has the same legal effect as the handwritten signature.

  MeSign Contract E-signature Service only supports digital signature, and does not provide electronic signature, because we believe that it is not enough that just validate the contract signer's email address only, especially for signing contract online that the signing parties do not meet face to face for each other. MeSign Contract E-signature Service use digital signature method that validate the authentic identity of each signer, and automatically configures each signer with a PDF signing certificate of Adobe global trusted for digitally signing contracts. MeSince Document D-signature Service also only supports digital signature, validate the authentic identity of document signer, and automatically configures the signer with a PDF signing certificate of Adobe global trust for digitally signing the PDF documents.

  MeSign E-sign Service uses Adobe trusted PDF signing certificate for Document D-signature and Contract E-signature with Adobe trusted timestamping service, to guarantee all signed documents and contracts have legal effect globally. Additionally, all digital signatures are Adobe LTV enabled, to guarantee the signed document’s digital signature is valid for a long time.

• 5. How to apply for the document signing certificate and the document encrypting certificate? Free or charged?

  +

  Similar to MeSign email signing certificate and encrypting certificate, users do not need to apply for a PDF document signing certificate from a CA. Users only need to purchase the Document D-signature services. Once the identity validation is completed, MeSign APP will automatically apply for a Adobe global trusted PDF signing certificate from the CA when user want to sign the electronic contract or PDF document and complete the Document D-signature or Contract E-signature automatically.

  Users don’t need to apply for a document encrypting certificate. The document encryption functions provided by MeSign APP is to use the auto-configured email encrypting certificate to encrypt the document. Therefore, one encrypting certificate can be used for both email encryption and document encryption.

  MeSign Document D-signature service is a charged service. Users can purchase the Personal Pro Edition or Business Pro Edition for Document D-signature service, MeSign APP will automatically configure the right document signing certificate of the corresponding validation level for free.

• 6. What are the special advantages of the MeSign timestamping Service?

  +

  The document digital signature must have a timestamp to prove the trusted time of the document signature. Therefore, MeSign Document Digital Signature Service provides free timestamping service for MeSign APP users to automatically stamp the Adobe global trusted time signature on each signed document. In addition, we provide the free timestamping service for our E-sign API call users as well.

  The MeSign timestamping service has the following 5 advantages:

  1. (1) The timestamp certificate used for the timestamp signing is an Adobe global trusted signing certificate, ensuring that the timestamp signatures are Adobe global trusted.
  2. (2) The timestamping service is a cloud service. 360 Security Cloud provides system hosting and security services. Both bandwidth and network security are guaranteed, ensuring that every timestamping call can be quickly responded.
  3. (3) Multiple trusted time sources to ensure that the time source of the timestamping service is trusted and reliable.
  4. (4) Support RFC 3161 timestamp standard to guarantee the timestamp signature meet the global compliance requirements of timestamping services.
  5. (5) There are free services for MeSign APP users and E-sign API call, and there is also a flexible monthly or annually subscription payment model for users who have the needs on high volume timestamping service.

• 7. Why MeSign Document Digital Signature Services is based on MeSign APP?

  +

  MeSign Contract E-signature Services and Document D-signature services are all provided based on MeSign APP (Email client), except large enterprise deploy MeSign e-Signature System for automatic e-signing process in batch. There are four reasons:

  1. (1) MeSign Contract E-signature Service does not provide a simple and convenient web page signing method like other service providers. It is because with this signing method, users must upload the contract documents containing the confidential information to the e-signing platform. The user must complete the signature locally in accordance with our security bottom line of "Does not have users’ original contract". Therefore, the user must have a client software as a signing tool locally, and we just have a client software - MeSign email client.
  2. (2) For the signing of an electronic contract, both parties communicate the initial and final version of the contract by emails. MeSign APP is a standard email client. With MeSign APP, the user can click the "e-Sign" menu to initiate the contract signing after the final contract file is received in email. The other party will receive the contract signing email as an email attachment, then simply right-clicks the attached contract documents and it can be signed by MeSign APP. That is to say, we have seamlessly integrated contract signing into daily email business communication, without using third-party electronic contract signing service, which is very convenient. In addition, the entire contract signing process between two parties is completed by encrypted emails, and the confidential information of the contract is effectively protected, because the MeSign APP is an encrypted email client that automatically encrypts every email.
  3. (3) For the signing of employment agreements, the entire signing process is based on email communications, which can ensure that confidential employment agreement documents are only circulated in the corporate email system and will not leave the corporate mail server, effectively protecting highly confidential information in the agreement. Even in the web version, the contract document is in the attachment of the employee's email.
  4. (4) For Document D-signature, it should be done locally on the user’s computer. Therefore, using the MeSign APP is the best choice. There is no need to apply for a PDF signing certificate from the CA. The local completion of the signature can ensure that the confidential files will not leave the user’s computer, protecting the security of the personal privacy documents and organization confidential documents.

• 8. Does the e-contracts signed by using MeSign APP have legal effect?

  +

  The e-contracts signed by using MeSign APP has legal effect worldwide.

  MeSign Contract E-signature Services supports two signing methods: electronic signature and digital signature. Although electronic signature only validates users’ email address, but in western countries, it is legally and has legal effect to use the personal electronic signature to represent the behavior of the individuals and their organizations. Therefore, the most popular service providers, such as DocuSign and Adobe Sign use electronic signatures to sign the contracts online.

  Although most of the countries in the world are recognized the legal effect of the electronic signatures, but due to the electronic signature graphic cannot be verified, MeSign strongly recommend users to use digital signing methods to sign the e-contract since certificate-based digital signatures are the most advanced, compliant, and secure type of e-signature. When you need the highest level of assurance of each signer’s identity and document authenticity, opt for a trusted digital signature backed by digital identity certification.

  MeSign Contract E-signature Pro Edition uses Adobe global trusted PDF signing certificate to sign the e-contract, ensuring all the signed e-contracts has globally legal effect and assurance of each signer’s authentic identity.

• 9. Why does MeSign emphasize that MeSign does not upload users’ original contracts to the cloud service system?

  +

  This is because currently almost all Contract E-signature service providers require their users to upload the original contracts to be signed to their signing platforms, which is quite possible to disclose the confidential information in the contract and bring security risks to users.

  We believe that in order to protect the confidential information in the users’ contracts, the Contract E-signature service providers do not require users to upload original documents, which should be bottom line of all Contract E-signature services. As a global leading e-Signing services provider, MeSign should promote the Contract E-signature service industry to provide services to users according to this bottom line. Only in this way, we can guarantee the healthy and rapid development of Contract E-signature services. This is not only the demand from users, but also it is required by related laws and regulations. We firmly believe this bottom line of the eSigning services will definitely become the standard of Contract E-signature services.

  ‘Does not have users’ original contract’ is the bottom line of MeSign Contract E-signature services. The essence of digital signature is to use digital certificate to sign the HASH of the file, it doesn’t need the original documents. However, currently all Contract E-signature Service providers, such as DocuSign and Adobe Sign, or others, all require users to upload the original documents to the e-signing platform. It is because they make users to sign the contract on the web page, and the contract documents can generate the HASH of the document on the server of the signing platform directly which are truly very convenient for users and users really like this method. However, users haven’t recognized the confidential information on the contract has been submitted to the e-signature service provider, which is a big security risk for them. Maybe some users have recognized these issues, but they have no choice, because all vendors provide this kind of services.

  MeSign believe that Contract E-signature service providers should not have users’ original contract documents, and this is an issue about contract document security which must be solved. Therefore, we provide a solution of splitting the signing process into two parts. The generated HASH data will be done in users’ computer, and the documents to be signed will not leave users’ computer or users’ internal management system. Users use MeSign APP to generate the HASH data and MeSign APP will only submit the HASH data to MeSign e-Signing Services system. When completing the HASH signing in the cloud, the returned signed data will be sent to the MeSign APP on users’ local computer. MeSign APP is responsible to complete the signing by writing the signed data into the PDF file. If large enterprises need to fully automate the entire e-contract signing process, then the local signing process will be done by MeSign e-Signature System.

  MeSign Document D-signature service and Contract E-signature Service all use the technical solution of cloud HASH signing.

  MeSign use digital signature technologies, of which the legal effect is dependent on using the identity validated signing certificate with signer’s identity to digitally sign the e-contracts or documents. Although the email signing certificates has been configured on MeSign APP automatically, but the email signing certificate is a soft certificate installed on the user’s device. However, the regulations of Adobe Approved Trusted List do not allow to use the soft certificate for digital signatures. In order to reduce the user's cost (purchasing a USB Token or HSM) and to facilitate the management of the certificate, the digital signature service provided by MeSign use the method of cloud HASH signing. The certificates used for digital signature are generated and encrypted hosted in the cloud HSM, and it will only be used on an as-needed basis when users completed the authentication and agreed to sign the contract and document.

  It is worth to point out that MeSign Document D-signature Service only upload the HASH of the document to be signed to the cloud and does not submit the original documents to be signed to the cloud. After completing the HASH signing in the cloud, MeSign APP will write signed data into the PDF document at user’s local computer, which can effectively protect the personal privacy information and business secret.

  If the Contract E-signature services you are using or you are planning to use require you to upload the original contract and documents to be signed to the e-signing platform, we recommend you use it cautiously.

• 10. What application scenarios can MeSign E-signature Service be used for?

  +

  MeSign Technology completely simplify and generalize the contract and Document D-signature that make it easy to use. The email-validated only electronic signature methods for global users is very easy to use. The identity-validated digital signature methods make the contract and Document D-signature more trustworthy and has the same legal effect to handwritten signatures or organizational seals. If users purchased the Contract E-signature Service, they can unlimitedly initiate contract signing and unlimitedly sign the contract, which completely solve the issue of the last step of the business activity – delivering paper-based contract. The Global Trusted Document D-signature service completely solve the trusted issues in enterprise’s paperless management, completely achieve trusted paperless and ensuring the documents won’t be tampered with or impersonated illegally.

  There are many applications scenarios as following:

  1. (1) Business Contract E-signature: No matter you are self-employed, you are a SME, large enterprises, government agencies, you can find the best solution to implement your e-contract and document signing from MeSign. We provide MeSign APP Local Sign, Cloud API HASH Sign, e-Signature System Local Sign and other types of signing methods to help users deploy the best e-signing solutions. All e-contracts and documents signed by MeSign have legal effect worldwide.
  2. (2) Employment agreement e-signing: Different from commercial contract, the signatories of employment agreement are the organization and the employee, so MeSign provide a special employment agreement e-signing solution for companies. As long as the employee can receive the contract email, the employee can quickly sign the employment agreement or other legal documents for free. We recommend all employees use MeSign APP to sign the employment agreements, ensuring the entire signing process is encrypted and the contracts are saved with encryption.
  3. (3) Digital signature on government document and certificate: All types of government documents and certificates should be digitally signed by their own signing certificates, ensuring the government documents won’t be tampered with or impersonated illegally. If there is no digital signature on the documents published by the government, then there is no way to certify the document was published by the government. At present, more and more governments, councils are deploying workplace digital transformation, so all notifications or issued documents should be paperless and the most effective way to guarantee the trustworthy of these electronic documents is to use digital signatures. MeSign provide e-Sign API service and e-Signature System for local signing can seamlessly integrate with government management systems.
  4. (4) Signing and encryption on internal documents: In order to guarantee the document security of governments or enterprises, only need to add the people who have the right to read this document into the list when signing the documents, then MeSign APP will use the public keys of the people in the list to encrypt the document and finally sign it, then this encrypted document can only be seamlessly read by the person who are in that list, because others don’t have the key to decrypt the document.
  5. (5) Co-signing document issued by multi-organization: MeSign APP supports co-signing the documents or certifications issued from multi-organization to be digitally signed by signing certificates at the same time, ensuring the identity of co-signing signatories are trusted. Adobe Reader will display the identity information of co-signing initiator and ‘Signed and all signatures are valid.’ Co-signing the document issued by multi-organization manually can be completed by MeSign APP, but if the user wants to integrate it to the office management system to automate the entire co-signing process, then the MeSign e-Signature System must be deployed locally.
  6. (6) Solidification evidence by digital signature: Any chat record and shopping history converted from screenshot to PDF file can be digitally signed and timestamped by the document signing function in MeSign APP. The signed PDF file has legal effect as evidence solidification. Once there is any dispute in the future, it can be used as valid evidence in legal proceedings. We recommend the public to develop a good habit of using MeSign APP to consolidate evidence.
  7. (7) Proof of copyright of electronic files: We recommend to converted the various electronic files, such as the photos and the articles created by yourself into PDF files after they have been completed, and immediately use the document signing function in the MeSign APP to digitally signed and timestamp the PDF files. It can be used for proving the originality and ownership of copyrights when has a copyright dispute. It is because digital signatures and timestamps cannot be counterfeited. The time on the timestamp can prove that the pirate must have obtained this electronic file later than the author.
  8. (8) Anti-tampering of electronic files: In order to prevent various electronic files from being tampered with illegally, this file can be digitally signed and timestamped by the document signing function in MeSign APP. Once the file has been tampered, the digital signature of the signed file becomes invalid. Adobe Reader displays "At least on signature is invalid", and a red cross will be displayed at the signature place, proving that the file has been tampered with, which can effectively prevent the file from being illegally tampered with.
  9. (9) Proof of the existence or release time of the file: All PDF files digitally signed by MeSign will be automatically signed with an Adobe trusted timestamp signing certificate. Clicking the ‘Signature Properties’, you can see the timestamp information trusted by Adobe, such as: ‘The signature includes an embedded timestamp. Timestamp time: 2019/08/18 10:25:43 + 08'00', The signature was validated as of the secure (timestamp) time: 2019/08/18 10:25: 43 + 08'00’'. This is very suitable for all application scenarios that need to prove the existence time or release time of documents, the signed time is trusted and has legal effect worldwide.
  10. (10) There are more applications scenarios waiting for you to find out, please enjoy the endless fun and endless power of the digital signature, timestamping and encryption service provided by MeSign to your digital life.