Secure Digital Signing with Mobile PKI

Allow users to sign documents, transactions and perform all high-trust use cases directly from their own mobile devices without compromising security.

( let’s talk )

Does Digital Signing Mean Making a Choice Between Usability or Security?

Public-key infrastructure (PKI) allows users to sign transactions, documents, and perform high-trust operations. Keeping private signing keys secure is essential, as a compromised private key collapses the entire security model. So how is it possible to secure X.509 certificates and protect private keys when the devices that perform signing operations are inherently insecure and exist outside the boundaries of the organization?

Storing Keys on External, Dedicated Hardware is Bad UX for Mobile

Carrying dedicated external hardware is frustrating to end-users, who may have multiple devices for multiple services

Provisioning and shipping external devices is not scalable, often costly and inefficient for procurement teams

Mobile devices such as smartphones are incompatible with USB tokens and smartcards, thus making making PKI on mobile impossible in some cases

...but Storing Keys on Endpoints is Bad Security

Mobile devices are inherently insecure, as they allow for potentially malicious software to be installed

Storing keys on insecure devices means keys can be lifted off and compromised remotely

Using manufacturer embedded hardware, e.g. secure elements, if possible at all, means developing apps per device which isn’t infeasible in a fragmented device landscape

Enable Digital Signing from Any End-User Mobile Device

Unbound Crypto-of-Things (CoT) allows secure digital signing without requiring trusted storage on the end-user’s device OR on external, dedicated hardware.  A unified, single API is used to deploy a virtual secure enclave across all devices to protect crypto keys at the application level. Unbound’s Distributed Trust Platform enables signatures to be created without actually having the private key on the device, thus ensuring keys cannot be compromised, cloned or tampered even if the device is infected by malware or physically controlled by an adversary.

This software-only solution gives users a comfortable, transparent method to sign transactions from their own devices. Now they only need to approve a push request – without carrying any external hardware device.

Secure & Easy

No hardware tokens and smart cards – same level of trust, just without the hassle

Any App. Any Device

Integrates directly into the app and deployed on any desktop, mobile or laptop

Elastic and Scalable

Infinitely scalable to support any number of devices

Central Control

Centralized management and tamper-proof, real-time auditing on any digital signing operation

Instant revocation

If needed, revoke the key immediately on the central management server

See how it works:

In the diagram below, Unbound CoT enables secure digital signing with mobile PKI

Unbound CoT integrates with PKI applications, enabling secure digital signing from mobile devices without requiring any additional hardware. The signing can be done for transactions initiated on the mobile device, or alternatively the mobile device can be used as a second factor to transactions initiated on a desktop application / website.

Step 1: User approves the transaction request on mobile device, optionally using authentication methods such as PIN/password/device native biometrics.

Step 2: The mobile app signs the transaction with the CoT server.

See it in Action:

Learn how your organization can use CoT to enable secure, user-friendly transaction signing from the devices that your users already own and carry.

( Request a Demo )

Related Articles


Get an in-depth explanation of how Unbound uses MPC, a mathematically proven method to secure keys on any device.

( Download )


Control Your Own Keys in the Cloud (CYOK) can ensure your sensitive assets remain secure even in the event of a breach.

( Watch )


Learn how Unbound Key Control, the first secure-as-hardware key management system can protect your crypto keys anywhere.

( Download )


Learn more about how two major banks are using Unbound to reinvent data reinvent data protection in the Digital Banking age.

( Watch )