Digital signature for Government & Defence
Local and central governments by their very nature have always been paper-intensive organisations, because of core requirements for strong audit trails, decision traceability and control. Recently with increasing pressure on budgets and the need to be more open many governments around the world have initiated transformational projects to cut out expensive and inefficient paper-based process. The need to serve citizens and businesses in automated manner has led governments in many countries around the world to various e-Gov initiatives.
To ensure similar or even higher levels of authenticity, traceability and control compared to paper processes, e-Gov have an essential need to authenticate digital identities and retain long-term evidence proving who submitted or approved important e-documents. In a word digital signatures are an essential cornerstone for e-Gov!
Most governments around the world, in particular the US and EU nations, have for some time enacted legislation which recognised digital signatures (or electronic signatures) as equivalent to hand-written signatures if produced according to specific requirements (e.g. the EU Directive on Electronic Signature 1999/93/Ec of European parliament and council). Governments have even gone as far as strongly recommending the use of (electronic signatures) digital signatures for specific e-Gov applications (e.g. VAT submissions).
Ascertia’s products have been designed to be compliant with a range of digital signature legislation and regulatory frameworks, including EU law (EU Directive for Electronic Signatures), EU Directive for E-Invoicing, IdenTrust, US Electronic Signatures in Global and National Commerce Act (E-Sign), The Health Insurance Portability and Accountability Act (HIPAA), 21 CFR Part 11 (a regulation governing the use of electronic signatures / digital signatures within the pharmaceutical industry), Sarbanes-Oxley Act (SOX) and others.
There are very good reasons for choosing Ascertia digital signature products for e-Gov projects and these include:
Ability to approve and apply electronic (digital) signatures to any type of document
Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these.
Whether its PDF, XML, PKCS#7, CMS, S/MIME or PKCS#1 signatures we can sign your business document.
Ability to provide fast, scalable eID validation
To provide strong identity assurance and to grant access to systems and applications over a mutually authenticated SSL connection, usually working in conjunction with IAM systems
Long-Term Digital Signatures
Ascertia is a clear leader in creating long-term digital signatures which can be verified many years in the future, an essential requirement for most government related data. We support all the ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.
Multiple Signing in Options
Different applications have different needs for how digital signatures are created. Some require server-side batch-signing in features, some require digital signatures to be created locally by users that have eID smartcards or secure USB tokens. Others even want key and certificate roaming solutions that offer virtual “smartcards”. Ascertia’s ADSS Server and Go>Sign Applet already provide all these options and more.
Organisations cannot control which systems and browsers end-users will work with when submitting documents. It is essential the digital signature and encryption solutions work on any platform with any browser and support multi-lingual capability. Go>Sign Applet supports all Windows platforms as well as many Linux versions and has also been tested in various browsers.
More than just digital or electronic signatures / digital signatures
Digital signature creation is only one part of the solution that e-Gov initiatives need - there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in one multi-function server. All these services are based on leading industry standards including OASIS DSS & DSS/X (singing, verification and encryption), RFC3161 (timestamping), IETF LTANS (archiving), RFC2560 (OCSP validation), RFC5055 (SCVP validation), W3C XKMS (validation), etc.