Signature Verification - Business Needs
As part of moving to a digital signature solution you need to consider two parts of the equation: one is how the digital signatures are produced, and the other, often forgotten, part is how are these digital signatures later verified?
Before relying on digitally signed documents and transactions, it is essential for business applications to verify the trustworthiness of the e-signatures and validity of the signer’s eIDs (aka certificates). The application also need to determine if the certificate issuers can be trusted, what time the signature was created, whether the signer’s certificate chain was valid at that time, if the signer was authorised to sign the data, and so on.
Ascertia provides products that answer these questions and remove the entire complexity of signature verification, certificate validation and trust management from business applications. Ascertia products are used internally with an organisation and by Managed Service Providers offering global verification services to multiple customer organisations.
Signature Verification Simplified
Ascertia’s ADSS Server product range is based on the industry-accepted concept of delegating complex security, PKI and digital signature functionality to trusted server applications. This simplifies business applications to focus on business-related functionality only, makes integration easier and improves security through centralised management, control and auditing features, not to mention much reduced costs as a result of this simplified architecture.
Ascertia's ADSS Server is based on industry accepted protocols for communicating with an e-Trust server, including OASIS Digital Signature Specifications (DSS and DSS-X) for server-side signing and verification, W3C XML Key Management Specifications (XKMS) for certificate validation, IETF Online Certificate Status Protocol for real-time revocation status checking, IETF TSP for communicating with a Time Stamping Authority and IETF Long-Term Archive & Notary Service (LTANS) for secure data archiving. Ascertia ADSS Server can verify a wide range of digital signature formats as shown here. It also complies with the latest EU PEPPOL project requirements for online Validation Authorities, see here for more details.
Signature Verification Products Coverage
There are many different digital signature standards and profiles. The situation is complex as there are multiple ways of signing, including enveloping signatures, embedded signatures and detached signatures. Ascertia is a world-leader in digital signature verification products and provides the widest capability for your current and future needs:
- PDF documents - verification of standard, timestamped and long-term signatures
- XML documents - verification of XML DSig and XAdES signatures
- Other file types - verification of PKCS#7, CMS, CAdES and S/MIME signatures
The following table shows the products that are appropriate to meet various business needs:
Centralised real-time Verification
Server-side verification of corporate, role-based or end-user signatures applied either internally or by external parties. Supports all popular signature formats, e.g. PAdES, CAdES, XAdES Products
ADSS Server (with Verification Service module)
Historic Signature Verification
Server-side verification of any signature at some specified earlier date and time. The signature may be an advanced long-term or even basic signatures can be verified historically using archived CRLs. Products
ADSS Server (with Verification Service & Historical CRL module)
Verification of Signatures on the desktop
End-users can verify signatures using local Trust Anchors managed by desktop applications or even better for those applications to request verification from central verification server and than just display the results. Local Language Support
For web applications, ADSS Server expects the browser pages to be created by application developers using local language that is suitable for the business purpose and the end-users. ADSS Go>Sign Professional Applet GUI is fully multi-lingual. Similarly local language support is available for PDF Sign&Seal by working with our local partners.