Simplifying Digital Signatures for Businesses
Craftspire's Role in Developing a Top-Quality Digital Signature Platform
Digital Signatures on the Rise
The rapid digitization of business processes has been an ongoing trend in recent years, and the COVID-19 pandemic has only accelerated this shift toward electronic solutions. As a result, electronic signatures have become a widely accepted method of signing agreements, with many companies opting to adopt this technology to streamline their operations.
It is important to note that electronic signatures must comply with both EU and local country regulations in order to be considered valid and legally binding. This means that businesses must be vigilant in ensuring that the appropriate signature method is used for each specific use case and document type, and adds to the overall technical complexity of the solution.
Craftspire partnered with one of the emerging market leaders in Poland to provide software development expertise and augment them in delivering their envisioned product. They aimed to offer a highly intuitive and user-friendly platform that provides robust solutions for customers, allowing them to manage their signature processes in a secure and compliant manner.
Understanding Digital Signature Business
At Craftspire we have extensive experience in developing complex systems for Trust Services and Security Critical Systems. We have in-depth knowledge of the technical details of digital signatures, but before the partnership, we lacked business knowledge about eIDAS and digital signature laws.
During the first few months of engagement, we approached some basic initial technical challenges that had to be solved to ensure the platform could provide the minimal necessary functionality to its users. These challenges included:
integrating the platform with HSM using PKCS#11
working on integrating with the first Trusted Signature Provider (TSP)
implementing support for various signature types such as AES and QES, as well as document timestamping in PDF documents using PAdES
Thanks to our previous experience we were able to approach the initial technical challenges with confidence. However, we also knew that for the product to be successful, we have to understand the business. Because of that, we have used those first months to gain a deeper understanding of the inner workings of the Digital Signature business and how they operate within legal frameworks.
Craftspire's ability to quickly adapt to new technologies and regulations, combined with their profound knowledge of security and intricate business processes, laid the foundation for a successful partnership
The New Challenges
With these initial tasks completed, we were able to easily meet the client's requirements and move on to the next set of challenges. Our ability to quickly adapt to new technologies and regulations, combined with our deep understanding of security and complex business processes, provided a strong fundament for further cooperation.
As our partner’s business grew, so did the complexity of the project. Our team was faced with a new set of challenges that required our expertise in the development of complex systems and security. The new requirements included:
Supporting SaaS, on-premise models, and multiple TSP providers
Signing documents from foreign TSPs
Ensuring the trust of our signatures by major solution providers
Integrating with external partners, including federated identity, 2FA, and document storage
To fulfill the requirements, Craftspire conducted requirements workshops with the client and applied domain-driven design (DDD) to design a robust architecture. We separated the system into smaller domains, prepared it for multi-tenancy, and extended REST APIs to support multiple integration scenarios. Our security expertise allowed us to integrate with various federated identity solutions (OAuth, SAML, and Kerberos), and 2FA solutions (SMS Code, TOTP, and OIDC Backchannel Authentication). Our previous experience with cloud providers enabled us to add support for secure data storage using encrypted direct disk storage, cloud S4 storage, and Azure Storage (with data at rest encryption).
As our team was busy with development, we encountered an unexpected requirement - the system needed to be compliant with the Polish Financial Supervision Authority's (KNF) cloud guidelines in order to be available for Polish financial institutions. This meant ensuring that the data was processed and stored securely according to KNF standards.
Fortunately, our team was well-equipped to handle this challenge. We made technical adjustments to the application and deployed it on a cloud provider that had undergone the necessary audits and established procedures to meet KNF requirements. Thanks to our experience with cloud solutions and our use of Docker as a container platform, the migration process to new provider proceeded quickly and efficiently.
eIDAS and KNF Compliant Product
On-premise and Cloud Solution
Steady Growth of Customer Base
Enterprise Ready System
Reaping the Benefits
The union of our partner's business, PKI, and eIDAS expertise, combined with Craftspire's software development skills, resulted in the creation of a product that provided tremendous value to the digital platform clients while simplifying the signature process behind a user-friendly interface.
The availability of both on-premise and cloud versions of the system made it accessible to clients who either did not need their own deployment or required a solution on their infrastructure. Additionally, the delivered solution was multi-tenant ready, allowing our customer to tune their offer to the specific needs of their clients.
The final product is easily adaptable to various client needs, including different identity mechanisms, 2-FA types, and providers, Trust Service Providers, and storage solutions, which contributed to steady growth in the customer base and provided a solution for a variety of corporate clients.
The support for different signature flows, including AdES and QES signatures, enabled a wide range of product offerings, such as cloud-based signatures or local signatures that did not require signed documents to leave the signee's computer.
The cooperation provided great value for the Craftspire too. Our team has broadened experience in developing complex security systems for digital signatures, built the understanding of legal and regulatory requirements for digital signatures, and expanded their expertise in working with federated identity, 2FA, and document storage.
The successful partnership on this project highlights Craftspire’s ability to effectively deliver value on a cutting-edge and innovative project. We are proud to have been a part of this, and we look forward to continuing to provide our expertise and experience to clients in industries as complex as digital signatures
