Electronic Sealing via customer-owned digital certificate

Overview

Electronic seals (e-seals) provide the same legal validity as a company rubber stamp on paper, where no individual signer authenticity is conveyed. The main difference between a seal and a signature is that a signature is meant for individuals (natural persons), whereas a seal is used by a legal entity (business or organization). E-seals can be applied by more than one person or system under the control or supervision of the legal entity.

The electronic sealing feature in Adobe Acrobat Sign allows organizations to apply e-seals using digital certificates issued to their legal entity to help convey the integrity and authenticity of invoices, statements, or other official documents. Seals can be placed using only a graphic, a text block containing the subject, reason, date, and time of the seal, or a combination of both the graphical seal and text.

Users are assigned specific privileges to automatically apply an e-seal for their organization to a document using a digital certificate obtained from a Trust Service Provider (TSP) with a Cloud Signature Consortium (CSC) API integration with OAuth 2.0 Client Credential authorization flow. The following providers currently support this feature:

 

Prerequisites

  • An enterprise-tier account is required to access the API and configure the seal.
  • Acquire the following from your Trust Service Provider (see above for TSP options)
    • OAuth 2.0 client_id and client_secret: Adobe uses these values to generate an access token which is used to make remote signing calls to the TSP. The access token is generated by calling the oauth2/token endpoint with a grant_type of "client_credentials." Please see section 8.3.3 of https://cloudsignatureconsortium.org/wp-content/uploads/2020/01/CSC_API_V1_1.0.4.0.pdf for details.
    • Credential ID: An Identifier associated with the credentials of a given user for the TSP provider. A credential is a cryptographic object with related data used to support a remote digital signature over the Internet. It consists of the combination of a public/private key pair (also named "signing key" in CEN EN 419 241-1 [i.5]) and an X.509 public-key certificate managed by a remote signing service provider on behalf of a user. The credential is used as the entity with which the electronic seal is associated.
    • Credential PIN: A pin code is used to secure access to a given TSP credential.

Configuration options

Electronic seals are automatically available to Adobe Acrobat Sign enterprise tier accounts and can be configured at the account or group level.

Two settings must be configured to expose the e-seal options on the user's Send page.

  1. Enable the account/group for senders to mark recipients with an electronic sealer role.
  2. Authorize user(s) to add electronic seals to their agreements, either by the account/group level setting or individually through the user's profile.

Create a new e-seal

At least one e-seal must be configured, active, and available to the group from which the agreement is being sent. Otherwise, the option to add the e-seal isn't exposed on the page.

Creating an e-seal requires that you first obtain a digital certificate from a TSP with a CSC API integration. (See the Prerequisites)

Once you have the certificate, you can configure the e-seal by:

1. Navigating to Account Settings > Electronic Seals.

2. Click the plus icon with a circle around it .

Create a new Electronic Seal

The interface to configure the new e-seal opens.

3. Enter the e-seal parameters using the information provided by your TSP:

  • Name - Enter an intuitive name for the e-seal. This name is presented to the senders on the Send page.
  • Cloud Signature Provider - Select the provider that issued the certificate.
    • OAuth Client ID - Enter the client ID obtained from your TSP.
    • OAuth Client Secret - Enter the client secret obtained from your TSP.
    • Credential ID - Enter the credential ID obtained from your TSP.
    • Credential PIN - Enter the credential PIN obtained from your TSP.
  • Reason - Provide some text that identifies the reason for the e-seal application. This string is displayed in the e-seal on the document and in the audit report.
  • Group -Select the group for which the e-seal is available.
  • Graphic appearance -  One or both of the blow options must be enabled for the seal to be successfully saved and used:
    • Display Subject, Reason, Date, Time and Acrobat logo - When enabled, the text components of the seal are applied in the signature. If not enabled, only the seal graphic is used.
    • Upload a graphic file to customize the appearance of this Seal - When an image is uploaded, it is applied to the signature. If no image is uploaded, only the text is used.
  • Display email - Provide an email address that should be associated with the e-seal. This email is displayed in the email template as the address for the e-seal recipient.

4. Click Save when done.

Define the seal properties

Example of the three seal configurations

The configured e-seal is created in Active status and displays on the Electronic Seals page in the list of seals.

The e-seal is ready to be applied to agreements immediately.

Configured Electronic Seal

Manage existing seals

Create a new agreement with the seal as a recipient

When the group, user, and e-seal are properly configured, the Add Electronic Seal link is exposed in the top menu bar of the Recipients stack.

  • If more than one seal is available, then a dropdown list is accessible from the name of the e-seal.
  • E-seals can be included at any point of the signature cycle and adding more than one is permitted.

Once the agreement is sent, the e-seal recipient may not be edited or delegated.

Märkus.

If the Add Electronic Seal link is not exposed, check that:

  • The correct group is selected. The group selector only loads the e-seals associated with the group (to include account-wide e-seals).
  • The group is configured to allow e-seal usage.
  • The user is empowered to use the e-seal role.
  • There is at least one seal available to the group from which the agreement is being sent.
Add the Electronic Seal as a recipient

Hoiatus:

All agreements that use an e-seal recipient must go to the authoring environment to place the digital signature field that contains the e-seal.

Authoring

All e-seals must be explicitly placed on the document using a digital signature field.

  • Only one digital signature field is permitted for each e-seal recipient.
    • If a second e-seal must be placed, a second recipient must be defined for that e-seal placement.
  • All other field types are disabled for the e-seal recipient.
  • All fields assigned to an e-sign recipient on uploaded templates pre-configured with fields are removed.

All other recipient roles can be authored normally.

Add a digital signature field

Email notification and application of seal

The e-seal is applied immediately after the e-seal recipient becomes the active recipient in the signature cycle.

The e-seal is applied programmatically in the location of the digital signature field, and the next recipient is notified (if any).

Email notification of the signing event follows the same rules and format as other recipient emails.

Electronic Seal email example

The applied e-seal provides the signature reason (as defined in the seal configuration) and the time/date stamp of when the seal was applied.

Electronic Seals

The digital signature object that contains the e-seal is slightly larger in height than a standard e-signature field:

Electronic Seals

Audit Report

Agreements that include an e-seal recipient clearly identify the sealing process in the audit report.

Details captured include:

  • The signing reason (as provided in the e-seal configuration)
  • The Cloud Service Provider
  • The Service Provider's IP address
  • The Service Provider's URL
  • The certificate issuer
  • The timestamp for the seal application
  • The timestamp provider
Electronic Seals

Saage abi kiiremini ja hõlpsamalt

Uus kasutaja?