Digital Signatures FAQ

Digital signatures take the concept of traditional paper-based signing and turn it into an electronic "fingerprint.”  To learn more, please refer to the Digital Signatures FAQ.

CoSign is a digital signature solution that takes a better approach. By embedding the standard signature technology directly into mainstream business applications, CoSign makes it easy to digitally sign transactions, documents, and records. CoSign embeds a signature record that travels with the document for every signature it captures. This Portable Signature Format (CoSign PSF™) allows anyone to seamlessly verify and retain proof of identity, intent, and document integrity without costly, complicated, or proprietary software.

CoSign makes it easy to sign, verify, and retain digital records, because the digital signature standard is already built into applications like Microsoft® Word, Excel®, SharePoint®, Outlook®, Adobe® Reader®, Acrobat®, AutoCAD®, Bentley® MicroStation®, IBM Lotus®, Oracle UCM, and Lawson M3, among others. Because of this, CoSign users simply sign with one click of the mouse using familiar applications. Furthermore, users and third parties can verify the record with off-the-shelf applications from most major software vendors. This speeds adoption and the scaling of business processes that include digital signing as a routine practice.

CoSign, based on PKI technology, guarantees signer authenticity, data integrity, and non-repudiation of documents and transactions. ARX’s patented technologies have changed the entire behavior of the PKI environment with the advent of CoSign – a PKI-based digital-signature solution that is not only simple-to-use and easy to manage but also cost-effective.  

The CoSign digital signature solution is available in two offerings – CoSign Central, which is suitable for medium to very large deployments and CoSign Desktop, which is designed for a small number of signers.  

The CoSign Central solution includes a tamper-proof hardware appliance for centralized key generation, storage and signing operations, while consisting of software components for integration with various 3rd party applications (such as Microsoft Office) and User Management Systems (such as Active Directory®).

The CoSign Desktop solution utilizes a software token (or USB token) that contains the Private Key of the user, maintaining all of the necessary elements locally with the user.

While both CoSign Desktop and CoSign Central include a hardware element, they also both consist of software components for integration with various 3rd party applications.

The following are some of the features that set CoSign apart:

• Simple-to-use and easy-to-deploy 
• Reliable digital signature – the signature ensures document integrity and guarantees the identity of the signer. 
• Centralized solution – Private Keys are generated and stored in a central secure tamper-proof appliance, eliminating the traditional need for hardware tokens (e.g., Smart Cards, USB Tokens, etc.). 
• CoSign supports numerous applications: Microsoft Word, Microsoft Excel®, Adobe Acrobat, TIFF, and many more.  
• All required components in one box - Built-in CA for issuing and renewing certificates, user management, and more. 
• User Management support - Use CoSign in sync with major User Management Directories such as Microsoft Active Directory and Novell® eDirectory/NDS, or use the built-in management tool for managing users. 
• Graphical signature - Users may add a graphical representation of their signature using an electronic signature pad, providing a visual indication that users are accustomed to, as well as an assured method of sealing documents. 
• Standardized signature method – CoSign uses industry standard electronic signatures based on "Public Key Infrastructure" (PKI) technology for signing and validating signatures. Using these standards allows receiving parties to validate signatures without any additional software installation required.

• Users create and save a document or message; then  
• Add a signature field by positioning the cursor in a specified signature location and clicking the signature button located at the top of the window.  
• They sign by right-clicking the signature field and selecting the “Sign” option (according to configuration set, the user may be prompted to enter a password); and  
• Graphical and digital signatures are embedded in the application.

Simply right-click on the signature and choose the “Validate” option.

Validating the digital signature enables the recipient to authenticate the identity of the signer and view the reason, date and time of the signature. Validation guarantees the signed document was not tampered with and/or modified, ensuring the signer was a valid employee, for example, at the time of signing the document. CoSign allows receiving parties to validate signatures without requiring software installation. 

Note: Validating a signature varies slightly according to the application and its version.

• Adobe Acrobat 6 (and higher)    
• Adobe Livecycle    
• Adobe Reader 5 (and higher)    
• AutoDesk AutoCAD 200 (and higher)    
• Bentley MicroStation       
• Corel WordPerfect   
• Crystal Reports  
• HTML Files   
• IBM Lotus Forms    
• Lotus Notes    
• Any application that uses MS CAPI, PKCS#11, or JCA for Signing  
• Microsoft Word 2000/XP/2003/2007    
• Microsoft Excel 2000/XP/2003/2007    
• Microsoft Power Point XP (and higher)  
• Microsoft Outlook 
• Microsoft Outlook Express  
• Microsoft InfoPath 2003/2007   
• Microsoft Biz Talk   
• StarOffice/OpenOffice Writer  
• StarOffice/OpenOffice Calc  
• TIFF 
• Web applications 
• XML documents  
• Any application that can print (via OmniSign)  

* Signing with Adobe Reader is enabled using Adobe LiveCycle Reader Extensions ES. For more information on Adobe LiveCycle Reader Extensions ES, please click here.

• Microsoft Active Directory  
• Novell eDirectory  
• Oracle Internet Directory (OID)  
• IBM Tivoli  
• LDAP-based Directories  
• Directory Independent Installation  
• Sun Directory Services 

Traditional PKI-based solutions are some of the most expensive and difficult solutions to deploy. With so many components in a PKI environment - the Certificate Authority (CA), the key-storage device (hardware or software), the management application and the signing applications (workflow, ERP, mail, or any other application) - integration is a complex, long, and prohibitive process.

ARX's vision is to make PKI affordable and easy-to-use for all companies, large and small. ARX, with its patented technologies, has changed the PKI environment by designing CoSign, a simple-to-use and cost-effective digital signature solution.

CoSign is quick to deploy and offers ALL the components of a digital-signature solution. CoSign solves complex deployment problems and dramatically reduces the TCO (Total Cost of Ownership) of deploying digital signatures.

For those organizations with a higher number of signers, CoSign Central enables new users to automatically enroll in the PKI system (i.e., it creates the keys, issues certificates and renews them), ensuring the system is always simple and easy-to-use. Organizations have the option to manage their users either inside CoSign or through MS Active Directory and Novel eDirectory.

Read more on CoSign digital signatures legal compliance.

CoSign Central has been self-qualified by ARX as an SSCD. The Common Criteria SSCD validation provides compliance with the EU Electronic Signature Directives (European Union Directive 1999/93/EC on Electronic Signature).