Common Criteria
ADSS Server SAM Appliance
High-Trust Remote Signing and eSealing
Remote signing and eSealing enable users and businesses to authorise signing actions directly from their mobile devices, removing the need for smartcards or USB tokens. This coupled with high-trust provides a much better user experience.
Designed specifically with Qualified Trust Service Providers (QTSPs) in mind, the Ascertia ADSS SAM Appliance enables remote signing and eSealing services to be set up and offered to customers. Together with Ascertia’s SigningHub and ADSS Server products, QTSPs are now able to provide fully hosted remote signing services or hybrid solutions, for example, where organisations require an on-premise front-end with a back-end hosted certified environment managing the PKI elements. Watch the video to find out more about Ascertia’s remote signing solutions or contact us for further details.
The eIDAS regulation (910/2014) and the new rules EN 419241-2 Protection Profile for remote signing requires that the highest levels of trust are used to ensure that user signing or eSealing keys remain under the sole control of their owner. Ascertia created the ADSS SAM Appliance and ADSS Go>Sign Mobile app, leading the way and being first to market with a Common Criteria EAL4+ certified product which meets the EN 419241-2 Protection Profile – confirmation of providing the highest levels of assurance for Qualified or Advanced Remote Signing. ADSS Server SAM Appliance supports the use of SAML, OAuth and OpenID Connect to enable businesses to authroise remote signatures and eSeals using enterprise or national Identity Providers, eSeals can be authorised for a defined number of documents or for a defined time period, this means an eSeal owner does not have to authorise every document being signed.
Key Points
The first product to achieve Common Criteria EAL4+ certification against the eIDAS ETSI EN 419241 standard and the EN 419 241-2 Protection Profile with Level 2 Sole Control.
Seamless integration with Ascertia’s SigningHub and ADSS Server products and the new Ascertia Go>Sign mobile app for authorising signing actions from mobile devices.
Supports enterprise and national IDP’s using SAML, OAuth and OpenID Connect to authrorise eSealing.
A secure Trusted Path authorisation mechanism provides the CEN “Signature Activation Protocol (SAP)” requirements and ensures only the key owner can authorise the use of their centrally held signing key.
The SAP allows the user to review the “data to be displayed” and decide if this adequately describes what they are being asked to sign, if so they authorise the use of their remote signature.
Fully compliant with EN 419 241-1 in supporting internal and external crypto modules, supports secure channel for communications when deployed with an external tamper protected crypto module.
Supports the Entrust, Thales and Utimaco HSM products that are certified to CC EAL4+ meeting the EN 419 221-5 protection profile – use to generate, protect and process all user signing keys. The ADSS Server SAM Service can also be deployed on a Windows or Linux server in software mode for testing or evaluation purposes. It can use software crypto, a software HSM simulator or a PKCS#11 HSM.
A high performance 1U hardware appliance that meets FIPS 140-2 Level 3 requirements.
Key Points
The first product to achieve Common Criteria EAL4+ certification against the eIDAS ETSI EN 419241 standard and the EN 419 241-2 Protection Profile with Level 2 Sole Control.
Seamless integration with Ascertia’s SigningHub and ADSS Server products and the new Ascertia Go>Sign mobile app for authorising signing actions from mobile devices.
Supports enterprise and national IDP’s using SAML, OAuth and OpenID Connect to authrorise eSealing.
A secure Trusted Path authorisation mechanism provides the CEN “Signature Activation Protocol (SAP)” requirements and ensures only the key owner can authorise the use of their centrally held signing key.
The SAP allows the user to review the “data to be displayed” and decide if this adequately describes what they are being asked to sign, if so they authorise the use of their remote signature.
Fully compliant with EN 419 241-1 in supporting internal and external crypto modules, supports secure channel for communications when deployed with an external tamper protected crypto module.
Supports the Entrust, Thales and Utimaco HSM products that are certified to CC EAL4+ meeting the EN 419 221-5 protection profile – use to generate, protect and process all user signing keys. The ADSS Server SAM Service can also be deployed on a Windows or Linux server in software mode for testing or evaluation purposes. It can use software crypto, a software HSM simulator or a PKCS#11 HSM.
A high performance 1U hardware appliance that meets FIPS 140-2 Level 3 requirements.
Specifications
Component
Specifications
Software
ADSS SAM Server Appliance v7.0.2 (EN 419241-2 Certified)
EN 419221-5 Certified HSM’s
Entrust nShield
Thales Luna
Utimaco CryptoServer CP5
Operating System
Red Hat Enterprise Linux 8.4
Database
Percona XtraDB 8
Server
AIC-TB116AN – FIPS 140-2 Level 3 Compliant
Intel XEON CPU
32 GB RAM 960GB SSD HDD
Ask us for more information on how we can help your business streamline paper processes by using electronic signatures to secure and protect key documents and data.
Ask us for more information on how we can help your business streamline paper processes by using electronic signatures to secure and protect key documents and data.
ARCHITECTURE
Everything you need to get started
As a Qualified Trust Service Provider (QTSP) we had an urgent need to deliver Qualified Remote Signature services that met the EU eIDAS (910/2014) Regulation and the relevant ETSI standards and CEN EN 419241-2 Protection Profile for Qualified Remote Signing with Level 2 Sole Control. Ascertia was the first to release a commercial product, ADSS SAM Appliance, that was CC EAL4+ certified against EN 419241-2. QuoVadis Trustlink B.V. was then the first QTSP to order and take delivery of this advanced product. As long-standing users of Ascertia’s world-class products we are pleased to see that the ADSS SAM Appliance used the same robust ADSS Server software that we are used to with our other high-trust, high-availability services. Ascertia are an easy organisation to work with and they support us very well when needed.
Patrick Beckman Lapré
Sales & Marketing Director, QuoVadis Trustlink B.V.