(0 Items) Login Register
Skip Navigation LinksProducts > ADSS Server > Features

ADSS Server Features

Architecture

 
  • Modular Design

    ADSS Server’s modular design ensures that all its service modules (e.g. signing, verification, timestamping, encryption etc.) are individually licensable. Any unlicensed functionality is hidden from the GUI. It’s easy to update your license and access new functionality whenever you need.

  • Signing Service

    The ADSS Signing Service enables server-side signatures to be created as well as client-side signatures in conjunction with Ascertia Go>Sign Applet. ADSS Signing Service uses the latest OASIS DSS web services protocol so no need to rely on proprietary techniques. An optimised pure HTTP interface is also available for the high performance needs. screenshot

  • Verification Service

    The ADSS Verification Service provides server-side signature verification capability, using the OASIS DSS and DSS-X web services protocol interfaces. Multiple verification profiles can be configured with their own trust anchors and other verification parameters. screenshot

  • Certification Service

    The ADSS Certification Services provides automated key generation and certification (using built-in CA or external CA). Keys are securely managed in HSM or encrypted database, and auto-certificate renewal is also supported. screenshot

Signature Formats

  • Standard Signature Formats

    ADSS Server supports the creation and verification of all basic and advanced digital signature formats according to PDF, CMS/PKCS#7, XML DSig and all ETSI CAdES and XAdES profiles. For full details click here.

  • Multiple Signature options

    Documents can be signed multiple times to create wrapping countersignatures.

  • Document/Signature embedding

    Enveloping, enveloped and detached signatures are supported. For high performance client applications do not even have to send the full document to ADSS Server for signing since it provides capability to sign document hashes.

  • Hash algorithm Support

    Laws in many countries now require the use of more advanced hash algorithms to be used, i.e. beyond basic SHA-1. ADSS Server now allows documents to be signed using latest SHA-2 set of algorithms including SHA-512.

Signing Modes

  • Corporate Signatures

    Use these for applying signatures on behalf of an organisation or department, e.g. the signing of many thousands or millions of e-statements or invoices. This requires ADSS Server’s automated high-performance batch signing capability, rather than manual personal signature. screenshot

  • End-user Authorising of Corporate Signatures

    Often customers have asked for strong proof of authorisation before corporate signatures are applied. To cater for this Ascertia has provided a unique capability to authorise corporate signatures by end-users first signing the document using a personal signature. An "M of N" authorisation scheme can be enabled for maximum security and traceability. For further details read this whitepaper. whitepaper

  • Unique user signatures on server

    This is very much like corporate signatures, but this time ADSS Server holds unique signing keys for ever user! The HSM (or encrypted database) acts a global smartcard for everyone. This approach has major cost and ease of use benefits than deploying smartcards/tokens to every user. screenshot

  • Local signatures using smartcard / USB tokens

    By using ADSS Server in conjunction with Go>Sign Applet, end-users can apply personal signatures using locally held smartcards, USB tokens or software keys. This is an ideal solution where users already hold smartcards/tokens e.g. as part of a national citizen eID infrastructure. screenshot

  • Local signatures using roaming credentials

    Yet another option within the ADSS Server / Go>Sign Applet solution is to provide signing capability using roaming credentials. These are signing keys held within a secure container stored centrally by ADSS Server and delivered to user whenever required. User authentication is performed locally by Go>Sign Applet. A very flexible, low-cost and secure solution which provides ability to sign from any machine anywhere! screenshot

Verification Service

  • Historic Verification

    A signature valid today may no longer be verifiable in future if the signing certificate has since expired (or revoked). To overcome this advanced long-term signatures should be used. ADSS Server not only supports the verification of these long-term signatures, but also can verify basic signatures historically using its archive of old CRLs – so that it can check the certificate status in the past.

  • Quality Assessments

    ADSS Server not only provides cryptographic signature verification capability but also performs quality assessment of the Certificate Authority policy and practises, algorithm strengths and key lengths to get an overall idea of how trustworthy a particular signature is. ADSS Server follows the latest PEPPOL signature and certificate quality rating scheme, for further details read this whitepaper

  • Centralised verification

    Signed documents that are received by an organisation need to be verified before trusting them. Similarly for end-users verifying documents using locally-installed software, this has issues because of its complexity, trust anchor update and management and no centralised control on verification policy as well as no centralised logging. For these reasons Ascertia recommends the use of ADSS Server for centralised verification services. screenshot


Business Application Integration

  • ADSS Client SDK

    We have made integrating advanced trust services so simple with our JAVA and .NET SDKs. A PHP SDK is also coming soon. These provide a very high-level API so you could be going in just a couple of lines of code. The SDKs also include plenty of source code samples and demo applications. WSDL is also available for all ADSS Server web service interfaces. For further details click here

  • ADSS Auto File Processor (AFP)

    This is a watched folder application front-end to ADSS Server. It provides automated high-performance signing of documents found within one or more configured input folders. For further details click here

  • Ascertia Docs

    Ascertia Docs is a front-end document approval and workflow application for ADSS Server. It allows documents to be uploaded and shared with other users as part of an approval system. Each user is notified if a document awaiting their approval. Approvers view the documents securely using Go>Sign Professional Applet, and sign-off as needed. For further details click here

  • ADSS Secure Email Server (SES)

    An MTA application front-end to ADSS Server. It enables all incoming and outgoing emails to be filtered based on policy rules, and then matching emails or attachments can be signed, verified or archived based again on the configured rules. SES works by making calls to ADSS Server. For further details click here

Security & Administration

  • Identification & Authentication

    Strong I&A for both ADSS Server operators and client business applications to ensure only trusted entities are allowed in. screenshot

  • Access control

    Fine grain Role-Based Access Control (RBAC) ensures operators can access and see only authorised functionality. screenshot

  • Secure Logs

    Detailed operator activity, system events and transaction logs which record everything on the system. Logs are protected using secure hash functions. Advanced log searching and filtering facility is provided. screenshot

  • Dual Control

    Optionally turn on dual control feature to ensure two or more operators are required to make any changes to the ADSS Server configuration.

  • Auto System Integrity Checking

    Automated verification and reporting of all system configurations and database records based on configurable heartbeat interval. screenshot

  • Auto Archiving

    Automatically archive logs based on configurable policy to keep your database size in check. Log files are auto signed upon archiving. screenshot

  • Real-time alerts

    Configure emails and/or SMS alerts for specific events and send these to specific ADSS Server operators. SNMP alerting is also supported. screenshot

  • HSM

    ADSS Server can work with all popular PKCS#11 HSMs, e.g. from SafeNet, nCipher/Thales and AET. ADSS Server supports connection with multiple PKCS#11 devices at the same time, including use of smartcards and USB tokens. Cryptographic keys can be grouped for purposes of High Availability. screenshot

  • Certifications

    ADSS Server has been independently evaluated by various government experts and also undergoing CWA 14167-1 evaluation.

Reporting

  • Transaction Viewers

    ADSS Server provides unparalleled views for every transaction that it processes. The human-readable request/response viewers show exactly what went on, even with back-end operations like checking a certificate using an OCSP server or obtaining a timestamp from a TSA. These are an essential tool to avoid lengthy support calls and also for dispute resolution purposes. screenshot

  • Service Reporting

    Each ADSS Service comes with its own management reporting module. This provides ability to create graphic and tabular reporting on all service requests within a particular date period. The management reports shows number of transaction processed, their results, who the main clients are, which profiles are used the most etc. Reports can be exported in PDF and CSV format for importing into spreadsheet software. screenshot | screenshot

Performance

  • ADSS Server clustering

    For high performance needs ADSS Server can easily be installed as part of a load-balanced clustered environment.

  • Hash based signatures

    For very large documents it is possible to hash the document locally and only send the hash value to ADSS Server for signing.

  • Optimised HTTP interface

    A high performance pure HTTP interface is also provided as an alternative to XML/SOAP web interface. ADSS Client SDK allows easy switching between the two interface types.

Standards Compliance & Interoperability

  • OASIS DSS

    This defines the request/response web services protocol for server-side signature creation and verification services. ADSS Server complies with this fully within its signing and verification service modules.

  • OASIS DSS-X Verification Reports

    This is one latest specifications from OASIS DSS-X group. It allows the server to provided detailed verification results for all signatures found on the input documents. ADSS Server v4.1 complies with this important enhancement.

  • Certificate Validation Options (XKMS, SCVP, OCSP & CRL)

    Certificate validation is an essential part of signature verification, and ADSS Server is unsurpassed in its support for the relevant standards in this area. It supports all important protocols in this area including: XKMS, SCVP, OCSP, CRLs (including indirect CRLs and delta CRLs)! So it doesn’t matter what the back-end Certificate Authorities (CAs) use, as long as its standard approach we are sure to interoperate.

  • PEPPOL Quality Ratings

    ADSS Server v4.1 supports the latest PEPPOL signature and certificate quality rating specifications. See here for more details.

Low Total Cost of Ownership

  • Modular Licensing

    Because of its modular architecture you only need to license the functionality you need today. E.g. if you need only PDF signing capability, then there is no need to license XML signing, or even PDF signature verification! This helps to ensure you only pay for what you actually use.

  • Future Proof

    It’s inevitable that business requirements change over time, but is your security server able to cope with future demand for e-trust services? With ADSS Server supporting the widest range of signature formats, document formats and PKI protocols you can be assured we already have all the bases covered. Whenever you need a new licensed module, all you have to do is update your license file.

Legal Compliance

  • Legal Compliance

    ADSS Server has been designed to be compliant with a range of digital signature legislation and regulatory frameworks, including EU law (EU Directive for Electronic Signatures), EU Directive for E-Invoicing, IdenTrust, US Electronic Signatures in Global and National Commerce Act (E-Sign), The Health Insurance Portability and Accountability Act (HIPAA), 21 CFR Part 11(a regulation governing the use of electronic signatures within the pharmaceutical industry), Sarbanes-Oxley Act (SOX) and others. A configurable legal statement can be shown to the user before signing using Go>Sign Applet to ensure the user understands the implications of their digital signature.

Platform Independence

  • Operating System independence

    ADSS Server is a standard J2EE application and supported on Windows, Linux (Centos, Suse) and Solaris (X86 and Sparc). Other UNIX flavours can be supported also upon request.

  • Database independence

    All ADSS Server configurations and transaction logs are stored within a DBMS, however because of our use of Hibernate® technology, it is DBMS independent. We support SQL Server, Oracle, MySQL and PostgreSQL.

  • HSM / Smartcard Independence

    Any PKCS#11 crypto device (i.e. HSM, smartcard or USB token) can work with ADSS server to generate cryptographic keys, store them and utilise them within the secure device.

  • PKI independence

    ADSS Server relies completely on open PKI standards so it can work with any CA, CRL issuer, OCSP server, LDAP repository and TSA server. We have taken away all the complexities of interoperability!

Copyright © 2002-2011 Ascertia. All rights reserved.

Company | Privacy Statement | Contact Us

Ascertia is a global provider of Digital Signature products and solutions that enable trust within electronic workflows. Organisations can now safely cross the final hurdle in migrating old paper-intensive approval processes to the new secure digital world. Ascertia’s Digital Signing products are designed to be easy to integrate and use in a range of business scenarios.