Local Signing

PKI-based smartcard or USB token to authenticate identity or sign documents.

Many countries have issued national electronic identity (eID) smart cards to their citizens. Each eID card holds the owner’s PKI private keys and digital certificates, enabling the person to prove their identity online and sign documents as part of e-Gov services and/or private business applications.

The use of a PKI-based smartcard or USB token to authenticate identity or sign documents is referred to as “Local Signing” because the private key is held locally by the owner.

KEY POINTS

Go>Sign Desktop works independently of browsers. No need for specialist browser plug-ins or applets
Supported on Windows and Apple MacOS. Multiple keystore support
Ability to filter digital certificates automatically to ensure the right certificate is used
Configurable signing policies and profiles
Simple integration via high-level API calls

ARCHITECTURE

Ascertia ADSS Signing Server provides a powerful and flexible digital signature platform for creating EU eIDAS compliant advanced and qualified electronic signatures. All the popular signature formats, namely PAdES, XAdES and CAdES are supported.

Part of the local signing solution is the Ascertia Go>Sign Desktop application. This is a small background utility which is installed on user’s machines and used to interface with the user’s local signing key. Go>Sign Desktop is called from JavaScript code within the webpage:

Local Signing Process Workflow

The user connects with an online business application using her browser, and reviews a contract and chooses to sign it
The ADSS Signing Server provides the document hash to the Go>Sign JavaScript code running in the user’s browser
The Go>Sign JavaScript automatically invokes the Go>Sign Desktop application to sign the document hash
The Go>Sign Desktop interfaces with the smartcard, token or software container using the appropriate keystore
The signed hash is returned to the ADSS Signing Server
ADSS Server enhances the basic signature to aan advanced long-term AdES signature format by connecting with relevant CRL/OCSP servers and TSA servers

WHY ASCERTIA?

There are very good reasons for choosing Ascertia for mobile signing

Multiple Signature Formats

Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. Whether it’s PDF, XML, PKCS#7, CMS, S/MIME or PKCS#1 signatures we can sign your business document or transaction.

Long-Term Digital Signatures

Ascertia is a clear leader in creating long-term digital signatures which can be verified many years in the future, an essential requirement for most businesses and governments. We support ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.

Multiple Signing in Options

Different applications have different needs for how digital signatures are created. Some require server-side signing with mobile used only for OTP authentication. Others require mobile signing to be done in mobile devices using certified tamper-resistant hardware chips whilst others even want soft keys managed by the mobile app. Ascertia can offer solutions within any of these methods.

PKI Components

Digital signature creation is only one part of the solution for mobile signing – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in our multi-function ADSS server. All these services are based on leading industry standards including OASIS DSS & DSS/X (signing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation).

Full Solution

Ascertia and its technology partners can offer a complete solution including Mobile Signature Servers, client-side software apps and secure hardware components.

This website uses cookies to ensure you get the best experience on our website. Learn more

I AGREE