Solutions by Technology
/ Mobile Signing
Modern mobile devices in the form of smart phones and tablets contain an embedded Secure Element (SE) which acts very much like a separate secure hardware-based smart card.
Ascertia Go>Sign Mobile can use the user’s mobile device to create PKI key pairs in the device’s Secure Element, certify those keys by communicating with online Certificate Authorities (CAs) and then use these mobile based keys for signing purposes.
In the mobile signing use case, the ADSS Server creates the AdES structure and then passes the document/transaction hash to the user’s mobile device for signing. The user authenticates to the device using biometric techniques like TouchID/FaceID or device PIN entry, this releases the use of the signing key held in the phone’s Secure Element.
ADSS Signing Server embeds the signature value received from the mobile device within the AdES structure and then enhances it to a long-term signature format by embedded OCSP/CRL and timestamps from relevant TSPs.
Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. Whether it’s PDF, XML, PKCS#7, CMS, S/MIME or PKCS#1 signatures we can sign your business document or transaction.
Ascertia is a clear leader in creating long-term digital signatures which can be verified many years in the future, an essential requirement for most businesses and governments. We support ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.
Different applications have different needs for how digital signatures are created. Some require server-side signing with mobile used only for OTP authentication. Others require mobile signing to be done in mobile devices using certified tamper-resistant hardware chips whilst others even want soft keys managed by the mobile app. Ascertia can offer solutions within any of these methods.
Digital signature creation is only one part of the solution for mobile signing – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in our multi-function ADSS server. All these services are based on leading industry standards including OASIS DSS & DSS/X (signing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation).
Ascertia and its technology partners can offer a complete solution including Mobile Signature Servers, client-side software apps and secure hardware components.