In this article

[This is a sponsored article with SigningCloud.]

Public Key Infrastructure (PKI) technology has existed since the early 2000’s, but it’s remained under the radar. Recent times have pushed it to the spotlight and highlighted the crucial role it can play in our new flexi-work ecosystem.

Governments across the world such as those of the United Kingdom, United Arab Emirates (UAE), Singapore, and more, are already employing PKI for authenticating identities, whether for travel, legal, or other matters.

In the UAE, for example, the government has established the UAE Pass, a digital identity and digital signature solution for its citizens and residents. 

It can be used to access all federal and local government services under a unified online application, and allows a digital signature to legally complete a transaction on the entity’s behalf.

Did you know: Digital signatures aren’t the same as electronic signatures (e-signatures). An e-signature can be a simple image pasted over the document, and therefore is prone to tampering risks. Read a more in-depth explanation here.

Leveraging the potential demand is SigningCloud, with a solution for companies to digitally sign documents online. 

SigningCloud’s parent company, Securemetric, has been in the digital security industry since 2007, and it has implemented PKI systems nationally for over 4 SEA countries.

Closer to home, its clients in Malaysia include fintech company, JurisTech, and financial institution, M24 Tawreeq.

One of SigningCloud’s current projects is working with Singapore’s government to integrate their digital identity service, Singpass onto the platform for digital signing solutions. 

But to understand how digital signatures work, one must first know the basics of Public Key Infrastructure (PKI).

Introducing PKI

PKI is a framework that oversees the encryption and cybersecurity that protects the communication between parties.

It is used to encrypt and authenticate data during transmissions, which makes it a crucial technology in identifying if Person A you’re communicating with, is really Person A.

Each person has something called a private key and a public key. These must work together. The private key can only be accessed by the owner of a digital certificate (as verified by a Certificate Authority, or also known as CA), and the owner can choose where the public key goes.

Data that is encrypted by the private key can only be decrypted by the public key, and vice versa. If the data cannot be “unlocked”, this means that the transmission has been tampered with.

Digital signatures are the present

Legal agreements that require authenticated signatures shouldn’t remain reliant on manual, paper-based processes.

With digital signatures, a person’s signature will be created using a private key that is securely kept by the signer or by a trusted service provider like SigningCloud.

The extended SigningCloud team / Image Credit: SigningCloud

The rest of the transmission is carried out following PKI procedures, thus ensuring that the process remains tamper-proof.

As signatures tend to be required for just about every agreement with legal bindings, you can imagine how the adoption of digital signatures will change industries.

The Malaysian government has already employed PKI in many of its applications, including E-Syariah, e-Filing (e-Kehakiman), ePerolehan, and more. The Ministry of Housing and Local Government (KPKT) is also using PKI for the signing of microloans.

On a smaller scale, any companies from corporations and MNCs to startups or SMEs can benefit from digital signatures too, regardless of industry. 

After all, digital security is not exclusively for companies of specific sizes or sectors; any company that handles customer data should prioritise protecting it.

Changing archaic company processes

What SigningCloud’s dashboard looks like / Image Credit: SigningCloud

Here are some features that SigningCloud is equipped with to support businesses in their pursuit of data security.

Here are some features that SigningCloud is equipped with to support businesses in their pursuit of data security.

1. A universal signing platform

Vendor lock-in is when a business can only digitally sign with one CA, and this can be an issue for companies who may have different budgets or needs.

Thus, SigningCloud’s universal signing platform supports multiple electronic Know-Your-Customer (eKYC) and CA providers, and it plans to add more local and global ones for a cross-border digital signature ecosystem.

2. High security and protection

It’s implemented top industry practices which include but are limited to multi-layered encryption, unique integration keys, 3-Tiered System Deployment, strong 2-Factor Authentication (2FA), multi-layered firewalls, and secure hardware level cryptography. To add, the team assures that it utilises one of the region’s top security-compliant cloud providers.

3. Tamper-proof features

No action on the document goes untracked / Image Credit: SigningCloud

Once a document has completed the signing process on SigningCloud, it will be “locked” to prevent any unauthorised changes, ensuring the integrity of the document’s data. If any tampering has been done, each recipient can detect it easily with a common PDF viewing tool.

4. Digital identity verification

Using a trusted eKYC system, SigningCloud verifies each and every signer’s ID on the platform. So, during the sign-up process for Digital Signature Act 1997 (DSA) compliant documents, a signer’s authenticity will be verified via facial recognition and microprint authentication before they can digitally sign.

5. Long-term validation

Embedded with PKI technology, digital signatures on SigningCloud retain long-term validation and are secured from instances of repudiation (denial of validity) with the help of time stamps. Even if the signer’s digital ID has long expired, a signed document on the platform will still be valid.

6. Regulatory compliance

According to SigningCloud, all signatures created via the platform can be recognised as effected, valid, and enforceable under the Electronic Commerce Act 2006 and the Digital Signature Act 1997.

This means that a digital signature created via SigningCloud is legally valid and will be recognised by any Malaysian court and governing bodies.

7. Affordable and versatile packages

SigningCloud’s digital signature packages range from being free to up to RM2,500/month, depending on an individual company’s needs. There is also a quote-based package for companies who prefer customisable options.

8. Transparency and seamlessness

Apart from allowing users to sign documents digitally anywhere, anytime with almost any device, all actions made to a document via SigningCloud are also traceable.

There will be a secure audit trail which all relevant parties of the document are privy to, and SigningCloud can generate a comprehensive report for future compliance audits too.

  • Learn more about SigningCloud here.
  • Read what we’ve previously written about SigningCloud here.

Featured Image Credit: SigningCloud

Subscribe to our newsletter

Stay updated with Vulcan Post weekly curated news and updates.


Vulcan Post aims to be the knowledge hub of Singapore and Malaysia.

© 2021 GRVTY Media Pte. Ltd.
(UEN 201431998C.)

Vulcan Post aims to be the knowledge hub of Singapore and Malaysia.

© 2021 GRVTY Media Pte. Ltd.
(UEN 201431998C.)