Mobile Signing

The mobile device has now become a well-established, trusted personal device for users, who wish to use it to access information, prove their identity online and sign documents.

Modern mobile devices in the form of smart phones and tablets contain an embedded Secure Element (SE) which acts very much like a separate secure hardware-based smart card.

Ascertia Go>Sign Mobile can use the user’s mobile device to create PKI key pairs in the device’s Secure Element, certify those keys by communicating with online Certificate Authorities (CAs) and then use these mobile based keys for signing purposes.

Key Points

No specialist hardware or software is required by the user apart from installing the Go>Sign Mobile app (both Android and iOS). The Go>Sign mobile app is also available as an SDK for embedding the same functionality into custom apps.
Ascertia’s ADSS Server mobile signing solution is available on-premise or as a SaaS
Older mobile devices without hardware-based Secure Elements can also be supported using software key stores.

ARCHITECTURE

Ascertia ADSS Signing Server provides a powerful and flexible digital signature platform for creating EU eIDAS compliant advanced and qualified electronic signatures. All the popular signature formats, namely PAdES, XAdES and CAdES are supported.

In the mobile signing use case, the ADSS Server creates the AdES structure and then passes the document/transaction hash to the user’s mobile device for signing. The user authenticates to the device using biometric techniques like TouchID/FaceID or device PIN entry, this releases the use of the signing key held in the phone’s Secure Element.

ADSS Signing Server embeds the signature value received from the mobile device within the AdES structure and then enhances it to a long-term signature format by embedded OCSP/CRL and timestamps from relevant TSPs.

WHY ASCERTIA?

There are very good reasons for choosing Ascertia for mobile signing

Multiple Signature Formats

Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. Whether it’s PDF, XML, PKCS#7, CMS, S/MIME or PKCS#1 signatures we can sign your business document or transaction.

Long-Term Digital Signatures

Ascertia is a clear leader in creating long-term digital signatures which can be verified many years in the future, an essential requirement for most businesses and governments. We support ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.

Multiple Signing in Options

Different applications have different needs for how digital signatures are created. Some require server-side signing with mobile used only for OTP authentication. Others require mobile signing to be done in mobile devices using certified tamper-resistant hardware chips whilst others even want soft keys managed by the mobile app. Ascertia can offer solutions within any of these methods.

PKI Components

Digital signature creation is only one part of the solution for mobile signing – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in our multi-function ADSS server. All these services are based on leading industry standards including OASIS DSS & DSS/X (signing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation).

Full Solution

Ascertia and its technology partners can offer a complete solution including Mobile Signature Servers, client-side software apps and secure hardware components.