The use of SecArchive for substitute scanning

SecArchive generates and verifies in conformity with the law qualified electronic mass signatures for documents received from the scanning process. Thus, SecArchive realizes – particularly in combination with scan solutions and document management systems – audit-proof archives for documents without media discontinuity  (100% paperless).


By transferring your paper documents into an electronic document management system (DMS) in combination with qualified electronic signatures according to the Signatures Act you can waive your paper documents, as by using a qualified signature, the integrity of the electronic document and the match of the content with the original can be proven at any time.

Tasks and possibilities of SecArchive

  • Display of a random sample of scanned documents at the scan workstation (supported document types are e.g. TIF (e.g. JPEG-, CCITT-compressed), PDF (PDF/A-1 and PDF/A-2), JBIG2, JPG/JPEG)
  • Implementation of a visual control to ensure content match of the scanned documents compared with the paper originals
  • Generation of qualified electronic batch signatures according to the Signatures Act for the documents in combination with SecSigner
  • Subsequent verification of the generated signatures
  • Easy integration into existing scan solutions and document management systems (DMS)
  • Support of a variety of common European signature cards and card readers (among them all familiar German signature cards and card readers).



Parts of the SecArchive workflow

You can realize substitute scanning in different ways. They will be explained in the table at the bottom of the page. In general, it means that you can decide whether you want to utilize our ready-to-use programs or if you prefer to integrate them into your own software:

  • SecArchive client
  • SecArchive API
  • SecPKI server

SecArchive client

SecArchive client in combination with SecSigner supplements the transfer of scanned documents into a document management system by the generation of batch signatures. This means one qualified signature per document file. After the implementation of a visual control (random sample), you only have to enter the PIN for the generation of several signatures on one or several document batches. Type and extent of the random sample can be easily configured. By this procedure you can generate efficiently and in conformity with the law a lot of signatures within a short period of time.


SecArchive API

With SecArchive API yo can integrate with little effort the complete technical functionality of the random sample test procedure (visual control) as well as the generation and verification of batch signatures into your capture solution. For many scan applications our partners can provide integrations and solutions. The integration takes place directly in the invoking application via integration of a Windows DLL or a Java library. You do not need any technical expert knowledge in order to integrate the API as all cryptographically relevant functions are provided completely – from the generation of hash values to the encoding of signature data objects in PKCS#7-CMS format and in conformity with ISIS-MTT.



The SecPKI-Server allows for backend based verification of mass signatures and authorizitation as well as long-term archiving of all data relevant to the signature.

From the verification of the signature and certificate chain to the request of the certificate´s status at the trust center (OCSP or CRL) and the technical verification of the authorization, you can integrate all required inspections efficiently and in conformity with the law into the processing of the signed documents. With the construction and storage of hash trees it is guaranteed hat the data objects, which are required for re-signing, are generated in time. Thus, subsequent access to a high amount of documents shall be prevented.

Especially in the field of social insurance, e.g. for health insurance, trade associations and pension insurance institutes, SecArchive meets the legal requirements of SRVwV (general administrative regulation for accounting in Germany)  §36 (storage) in combination with §40 (security for the use of automated data processing) and §41 (digital signature). The SecCommerce solution is characterized by being based on a further development of the signature application component SecSigner (confirmed according to Signatures Act by BSI, the German federal office of security in IT). It therefore fulfills the highest technical and legal requirements. Regarding the solution applied at BKK Airbus, the BVA (German federal insurance authority) confirms conformity according to §36 SRVwV.

The solution is not only suitable for the signing the daily incoming mail but especially for signing existing documents, e.g. old files.

SecArchive has been successfully integrated into a lot of capture and document management systems by ourselves and our partners and can be integrated into existing scan solutions and document management systems smoothly and with little effort. In cooperation with specialized service providers we can offer you fully developed solutions for the outsourcing of digitalizations of documents, e.g. incoming mail as well as old files, all this cost-efficient and from one single source.

Integration of digital signatures

The use of digital signatures is meant to guarantee that the scan version of the document matches the original. For this reason it is necessary to have a visual control of the documents directly before signing them. For the mass signature a random sample is sufficient. The SecArchive client app is the appropriate tool to verify the match of the random sample with the original and to initiate the scan process afterwards. There are three possibilities to integrate the SecArchive client app into the scan process.

Integration via API (ready made)
The DMS or Scan- client provider already prepared the integration.
Example: Captiva InputAccel, Solitas, FileNet, Kofax, Ceyoniq.
Integration via API (in-house development)
No integration module is available but the DMS or Scan client can be upgraded with C++, C# or Java.
Integration via the file system (Semaphore) "Standalone Mode"
No integration moduleis available and no C++, C# or Java must be used.
Integration via API (ready made)
The SecArchive- Client is activated via the "sign" or "sign-check" button in the DMS or Scan- Client.
Ask your DMS or Scan- client provider for integration modules from SecCommerce. You only need to adjust three or four parameters. Updates for the signature modules (for example for new smart card versions)are provided by us.
Integration via API (in-house development)
The Sec-Archive client is activated by an API-call coded by you. We provide a free and user-friendly API. Also, sample applications are available.
We will gladly help with the development.
Integration via the file system (Semaphore) "Standalone Mode"
Der SecArchive-Client wird über ein geliefertes Start-Script aktiviert und läuft permanent (unsichtbar) im Hintergrund.The SecArchive- Client is activated with the provided Start-script and runs permanently (hidden) in the background.
The application monitors a directory structure. Respective directories can be authorized for signature by writing a semaphore.
The SecArchive Client opens automatically upon authorization and completed stacks, random visual inspection and – after verification of the visual inspection – the signature can be selected.
When the processing of the directory is finished the SecArchive Client inserts a semaphore into the directory. Additionally, the signatures can be moved into a destination directory.
The SecArchive- client App hides in the background as soon as all stacks are processed.
Integration via API (ready made)
Ready solutions, no time and effort needed.
Integration via API (in-house development)
Possibility to fine tune, for example assigning documents to stacks and transfer them as object array.
Integration via the file system (Semaphore) "Standalone Mode"
Integration with the file system (semaphore) enables the integration in all operating systems and is independent from the programming languages.
Integration via API (ready made)
No disadvantages
Integration via API (in-house development)
Some coding knowledge required
(C++, C# or Java)
Integration via the file system (Semaphore) "Standalone Mode"
No disadvantages

We will be happy to advise on the implementation of electronic signatures in your company.

Substitute ScanningRequest SecArchive