Making it easy for all users to be strongly authenticated and enabling them to sign and timestamp records is vital for a range of applications such as Case Report Forms management and New Drug Applications.
Also required is the ability to rapidly interact with staff location around the world to create and then finalise agreed reports including legislative, regulatory and approval data. In such an environment digital signatures from identified individuals are important to ensure that a final document is being approved or used or confirmed. Document status and integrity together with authorised signer identity and traceability is key to all individuals wanting to use the business documents. It is all too easy to use draft documents, assume that someone has already approved a document when they have not and make other human mistakes. Digital signatures remove these issues and make it very clear who has signed, when they signed and if their digital signature is considered valid at the time of signing in.
Digital / electronic identities (eIDs) can be used to identify internal users or workflow processes so that individual documents can be approved and digitally signed. This is especially important in Healthcare as staff need to be strongly authenticated and their access to particular data checked and securely audited. There is a clear need for prescriptions to be created in electronic form so that the data is readable can be automatically checked to see that the dosage is within accepted parameters. Traceability, integrity, audit and confidentiality are all key to the effective handling of data.
All G20 countries have enacted legislation that recognises digital signatures (or electronic signatures) as equivalent to hand-written signatures. Usually these need to be produced according to specific requirements (e.g. the EU Directive on Electronic Signature 1999/93/Ec of European parliament and council). However any digital signature can be used to identify the confirming user or system or organisation. Digital certificates can be issued by a high-trust or mid-trust or other Certificate Service Provider or even using an internal CA.
Ascertia’s products have been designed to be compliant with a range of digital signature legislation and regulatory frameworks, including EU law (EU Directive for Electronic Signatures), EU Directive for E-Invoicing, IdenTrust, US Electronic Signatures in Global and National Commerce Act (E-Sign), The Health Insurance Portability and Accountability Act (HIPAA), 21 CFR Part 11 (a regulation governing the use of electronic signatures within the pharmaceutical industry), Sarbanes-Oxley Act (SOX) and others.
Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. The products support PDF, XML, PKCS#7, CMS, S/MIME and PKCS#1 digital signatures as required to sign business documents.
To provide strong identity assurance and to grant access to systems and applications over a mutually authenticated SSL connection, usually working in conjunction with IAM systems.
Ascertia is a clear leader in creating long-term digital signatures which can be verified many years in the future, an essential requirement for most government related data. We support all the ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.
Different applications have different needs for how digital signatures are created. Some require server-side batch-signing in features, some require digital signatures to be created locally by users that have eID smartcards or secure USB tokens. Others even want key and certificate roaming solutions that offer virtual “smartcards”. Ascertia’s ADSS Server and Go>Sign Applet already provide all these options and more.
Organisations cannot control which systems and browsers end-users will work with when submitting documents. It is essential the digital signature and encryption solutions work on any platform with any browser and support multi-lingual capability. Go>Sign Applet supports all Windows platforms as well as many Linux versions and has also been tested in various browsers.
Digital signature creation is only one part of the solution that e-Gov initiatives need – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in one multi-function server. All these services are based on leading industry standards including OASIS DSS & DSS/X (singing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation), W3C XKMS (validation), etc.