Solutions by Technology
/ Cloud Signing
The traditional way of signing with smartcard or USB tokens is nowadays seen as too complex and cumbersome for users as it requires installation of specialist software and card readers. This also makes it more expensive to deploy.
A more modern approach is to host the user’s signing keys and certificates centrally in a secure Hardware Security Module (HSM). Often such solutions are referred to as Virtual ID solutions.
The main benefit is that the user can sign from any device, anywhere using just a standard Internet browser. It’s essential however to be able to prove that the centrally held signing keys were only available to the owner and no one else, a property known as “Sole Control”.
Suitable for advanced signatures. Can employ single or multi-factor user authentication. The solution doesn’t require a Common Criteria EAL4+ certified hardware device for storing and activating the user’s signing key.
Required for qualified signatures. Must use a Common Criteria EAL4+ Qualified Signature Creation Device. The ADSS Server SAM Appliance serves this need.
In the cloud (remote) signing use case for SCAL2 sole control, the ADSS Server creates the AdES structure and then passes the document/transaction hash to the user’s mobile device for authorisation purposes. The user authenticates to the device using biometric techniques like TouchID/FaceID or device PIN entry, this releases the use of the authorisation key held in the phone’s Secure Element.
ADSS Signing Server passes the Signature Activation Data (SAD) to the ADSS Signature Activation Module (SAM) service for verification. If the various verification checks succeed then the ADSS SAM Service requests the HSM to activate the user’s centrally-held signing key for signing purposes.
Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. Whether it’s PDF, XML, PKCS#7, CMS, S/MIME or PKCS#1 signatures we can sign your business document or transaction.
Ascertia is a clear leader in creating long-term digital signatures which can be verified many years in the future, an essential requirement for most businesses and governments. We support ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.
Different applications have different needs for how digital signatures are created. Some require server-side signing with mobile used only for OTP authentication. Others require mobile signing to be done in mobile devices using certified tamper-resistant hardware chips whilst others even want soft keys managed by the mobile app. Ascertia can offer solutions within any of these methods.
Digital signature creation is only one part of the solution for mobile signing – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in our multi-function ADSS server. All these services are based on leading industry standards including OASIS DSS & DSS/X (signing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation).
Ascertia and its technology partners can offer a complete solution including Mobile Signature Servers, client-side software apps and secure hardware components.