Signum Enteprise Crypto Platform


Protect data assets from the moment they are created

Signum is an Enterprise Security and Cryptography Platform, designed to protect sensitive digital assets from the moment they are created and as long as required

Your systems and users create and exchange vast amounts of data assets, often without any protection of confidential material. Signum steps in to mitigate these issues in a cost effective manner.

How and why

Larger enteprises use various different software systems in their day-to-day business processes. Systems and their users create various documents of varying confidentiality level, and in large volume. Many of these assets lack even the most basic protection:

  • Data integrity (eg. who created a document and when) is not respected and can present a significant risk to undisrupted business flow.
  • Unprotected circulation of assets between users and business partners can lead to compromised secrets and creates a potential for fraud.

Upgrading large software systems with security features, as well as legacy systems, is a slow, expensive, and often unfeasible undertaking. Integrating these systems in a secure manner can present an even bigger challenge, especially with ever-increasing data exchange between business partners.

Signum acts as a security mediator between users, software systems and business partners. It allows for easy data protection and secure integration, while at the same time employing highest levels of cryptography and secure data exchange.

  • By seamlessly integrating via Signum, utilizing its unified approach to data asset protection, existing systems rarely need major security hardening.
  • An additional benefit is that users gain an additional level of confidence and trust, without having to know the details of protection mechanisms in place, or requiring an extensive education in IT security.

Your enterprise becomes more compliant to security standards and requirements defined by ever growing threats.

Find out more about our approach to security


A unified, identity based approach to data protection

Signum features several different mechanisms, or modules, working together to protect data integrity, as well as provide nonrepudiation and verification tools. Total data encryption provides security during transfer and storage.

Signum Features

Data & Document Signing

Signum comes with integrated distributed digital signature server.

Along with regular digital signatures, EU AdES standards are supported based on Qualified Certificates.

Document Validation

Automated data type validation and digital signature verification provide system-wide protection even before a document enters your business processes.


Applied to digital signatures, transactions or audit logs, trusted timestamps provide a secure means of tracking the exact creation and modification times of documents, as well as other arbitrary data.

Document Vault

Fully encrypt and store your digital assets with Signum Document Vault and its DMS services, or by integrating the platform with your document management system.

Multi-dimensional data structure allows you to create complex document relations and quickly access any document and any version.

Secure Delivery

Know when a message has been delivered and opened by transaction participants, with full control over payload decryption process.

You can even choose to send data first, and provide access to it later.


Total data encryption for storage and transfer is achieved with a minimum of 5 different keys.

256 bit cryptography for symmetric algorithms and 2048 bit for PKI are mandatory. Signum is configurable and can provide you with larger, more secure and future proof keys.

Encrypted Transfer

End-to-end security is provided by Signum, meaning that it can provide you with maximum data protection even in an unsafe, open enfironment.

This is a welcomed feature when dealing with various business clients with different security standards, however it is strongly recommended a TLS infrastructure with a minimum od 2048 bit key is provided.

Secure Messaging

Communicate with your partners via Signum. Providing you with a trusted alternative to unsecure emails or chat, Signum handles every payload with maximum protection mechanisms.


Signum platform protects data from everyone, including the plaftorm itself

Our unique approach to data security led us to develop the 5+ data transport protocol.
We jokingly call it "The Paranoid Protocol". Here is why:

  • The protocol requires a minimum of 5 separate keys for each data payload (hence the "five plus" name)
  • The key structure is designed to protect the data from:
    • All external threats - 3rd party attackers will not be able to access protected data, even if they gain access to your systems
    • All internal threats - administrators and superusers are never able to read the data
    • The platform itself - Signum Platform protects you from itself. It never stores data access keys, therefore it cannot be compromised.
  • Even in a scenario where you are forced to provide access to protected data it will not be possible without access keys

5+ protocol - protection layers

1. Payload Session Key

The Payload Session key is a one-time created key that wraps data during transfer and storage. It si dynamically created and is never reused, no matter how small the message was.

This key can only be accessed by parties involved in the transaction. Therefore, they are the only ones that can ever access encrypted data.

2. Sender - Receiver Trust

This layer consists of two key pairs, the Sender and Receiver keys, with trust established by a mutually trusted Authority. The keys provide identity assurance for every participant, as well as provide access to data.

Based on your scenario, these keys can be stored on hardware devices such as smart cards, loaded into software system, or can be dynamically generated per each transaction.

Note that this is a simplified representation - there can be an arbitrary number of participants in a transaction, each with their own set of keys generated in different ways.

3. Server Encryption Key

Transaction details and metadata are protected with the server encryption key used by Signum Platform

Ideally, this key is stored on a Hardware Security Module, but can be also defined on system startup

The key is never stored on disk

4. Authentication and Authorization

Full user authentication, authorization and auditing is available, with option to integrate with existing SSO providers, LDAP etc.

Authentication and authorization management is also provided for all 3rd party systems integrated via Signum

dsds..usr managements or sso

5. Secure Transport Channel

Running Signum in a TLS protected environment is a strong recommendation, even though its end-to-end encryption allows it to exchange messages over an unprotected network

Supported mutual certificate-based authentication can be a preferred way to authenticate 3rd party systems

Signum 5+ Protocol