The signing key is located on the server and signature takes place there, however the user initiates the process from their mobile device. SigningHub has easy to use iOS and Android apps for this and you can learn more about them here.
This is where the user’s mobile is sent a One Time Password (OTP) code as a form of authentication – typically using SMS messaging or via native OTP app like Google Authenticator. Again in this mode the user’s signing key is located on the server and signature takes place there. The mobile device is only being used as a second channel for user authentication. SigningHub again supports this method of user authentication.
This is the “truest” form of mobile signing, i.e. the user’s signature key actually resides on the mobile device and the document signature is created on the mobile device. This is an area where SigningHub is particularly strong compared to the competition and is explained below.
SigningHub iOS and Android apps can use specialist smartcard readers attached to the mobile device, e.g. the Precise Biometric Tactivo readers act as covers for the mobile device. Such readers allow the user’s same PKI-enabled smartcard to be used with the SigningHub native apps as well as PCs and physical access control systems
In this case the user’s private signing key is located in the Entrust app installed on the mobile device. At the time of signing, SigningHub sends a hash of the document to the Entrust app for signing on-board the mobile device (this communication is conducted via the Entrust IdentityGuard solution).
In this case the user’s private signing key is on a secure tamper-resistant micro-SD card (or it can even by a secure SIM card). At the time of signing, SigningHub sends a hash of the document to the AET app for signing on-board the secure micro-SD card (this communication is conducted via the AET MSSP Server solution).