Cloud Signing

Signing from any device, anywhere using just a standard Internet browser.

The traditional way of signing with smartcard or USB tokens is nowadays seen as too complex and cumbersome for users as it requires installation of specialist software and card readers. This also makes it more expensive to deploy.

A more modern approach is to host the user’s signing keys and certificates centrally in a secure Hardware Security Module (HSM). Often such solutions are referred to as Virtual ID solutions.

The main benefit is that the user can sign from any device, anywhere using just a standard Internet browser. It’s essential however to be able to prove that the centrally held signing keys were only available to the owner and no one else, a property known as “Sole Control”.

ADSS Signing Server offers sole control at two levels

Sole Control Assurance Level 1 (SCAL1)

Suitable for advanced signatures. Can employ single or multi-factor user authentication. The solution doesn’t require a Common Criteria EAL4+ certified hardware device for storing and activating the user’s signing key.

Sole Control Assurance Level 2 (SCAL2)

Required for qualified signatures. Must use a Common Criteria EAL4+ Qualified Signature Creation Device. The ADSS Server SAM Appliance serves this need.

KEY POINTS

No specialist hardware or software is required by the user apart from installing the Go>Sign Mobile app (both Android and iOS). The Go>Sign mobile app is also available as an SDK for embedding the same functionality into custom mobile apps.
Ascertia’s ADSS Server remote signing solution is available on-premise or as a SaaS
ADSS SAM Service is undergoing a Common Criteria EAL4+ certification under the standard EN 419 241-2 Protection Profile. This ensures compliance with the eIDAS Regulation for creating remote qualified signatures with SCAL2.
Ascertia ADSS cloud signing solution can be embedded into any third party business web application by making high-level API calls to ADSS Signing Server.
Ascertia ADSS Server comes with a complete built-in PKI system (CA, OCSP and TSA services) or you use an existing enterprise PKI or one of our global PKI service provider partners.

ARCHITECTURE

Ascertia ADSS Signing Server provides a powerful and flexible digital signature platform for creating EU eIDAS compliant advanced and qualified electronic signatures. All the popular signature formats, namely PAdES, XAdES and CAdES are supported.

In the cloud (remote) signing use case for SCAL2 sole control, the ADSS Server creates the AdES structure and then passes the document/transaction hash to the user’s mobile device for authorisation purposes. The user authenticates to the device using biometric techniques like TouchID/FaceID or device PIN entry, this releases the use of the authorisation key held in the phone’s Secure Element.

ADSS Signing Server passes the Signature Activation Data (SAD) to the ADSS Signature Activation Module (SAM) service for verification. If the various verification checks succeed then the ADSS SAM Service requests the HSM to activate the user’s centrally-held signing key for signing purposes.

WHY ASCERTIA?

There are very good reasons for choosing Ascertia for mobile signing

Multiple Signature Formats

Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. Whether it’s PDF, XML, PKCS#7, CMS, S/MIME or PKCS#1 signatures we can sign your business document or transaction.

Long-Term Digital Signatures

Ascertia is a clear leader in creating long-term digital signatures which can be verified many years in the future, an essential requirement for most businesses and governments. We support ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.

Multiple Signing in Options

Different applications have different needs for how digital signatures are created. Some require server-side signing with mobile used only for OTP authentication. Others require mobile signing to be done in mobile devices using certified tamper-resistant hardware chips whilst others even want soft keys managed by the mobile app. Ascertia can offer solutions within any of these methods.

PKI Components

Digital signature creation is only one part of the solution for mobile signing – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in our multi-function ADSS server. All these services are based on leading industry standards including OASIS DSS & DSS/X (signing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation).

Full Solution

Ascertia and its technology partners can offer a complete solution including Mobile Signature Servers, client-side software apps and secure hardware components.

This website uses cookies to ensure you get the best experience on our website. Learn more

I AGREE