Common Criteria
ADSS Server SAM Appliance
High-Trust Remote Signing
Remote signing is the new buzz word in the industry. It enables users to authorise signing actions directly from their mobile devices, removing the need for smartcards or USB tokens. This coupled with high-trust provides a much better user experience.
Designed specifically with Qualified Trust Service Providers (QTSPs) in mind, the Ascertia ADSS SAM Appliance enables remote signing services to be set up and offered to customers. Together with Ascertia’s SigningHub and ADSS Server products, QTSPs are now able to provide fully hosted remote signing services or hybrid solutions, for example, where organisations require an on-premise front-end with a back-end hosted certified environment managing the PKI elements. Watch the video to find out more about Ascertia’s remote signing solutions or contact us for further details.
The eIDAS regulation (910/2014) and the new rules EN 419241-2 Protection Profile for remote signing requires that the highest levels of trust are used to ensure that user signing keys remain under the sole control of their owner. Ascertia created the ADSS SAM Appliance and ADSS Go>Sign Mobile app, leading the way and being first to market with a Common Criteria EAL4+ certified product which meets the EN 419241-2 Protection Profile – confirmation of providing the highest levels of assurance for Qualified or Advanced Remote Signing.
Key Points
The first product to achieve Common Criteria EAL4+ certification against the eIDAS ETSI EN 419241 standard and the EN 419 241-2 Protection Profile with Level 2 Sole Control.
Seamless integration with Ascertia’s SigningHub and ADSS Server products and the new Ascertia Go>Sign mobile app for authorising signing actions from mobile devices.
A secure Trusted Path authorisation mechanism provides the CEN “Signature Activation Protocol (SAP)” requirements and ensures only the key owner can authorise the use of their centrally held signing key.
The SAP allows the user to review the “data to be displayed” and decide if this adequately describes what they are being asked to sign, if so they authorise the use of their remote signature.
Includes Utimaco’s most powerful HSM which is CC EAL4+ certified meeting the EN 419 221-5 protection profile – use to generate, protect and process all user signing keys. The ADSS Server SAM Service can also be configured to just run in software on Windows or Linux for testing or evaluation purposes. It can use software crypto, a software HSM simulator or a PKCS#11 HSM.
A high performance 1U hardware appliance that meets FIPS 140-2 Level 3 criteria.
Key Points
The first product to achieve Common Criteria EAL4+ certification against the eIDAS ETSI EN 419241 standard and the EN 419 241-2 Protection Profile with Level 2 Sole Control.
Seamless integration with Ascertia’s SigningHub and ADSS Server products and the new Ascertia Go>Sign mobile app for authorising signing actions from mobile devices.
A secure Trusted Path authorisation mechanism provides the CEN “Signature Activation Protocol (SAP)” requirements and ensures only the key owner can authorise the use of their centrally held signing key.
The SAP allows the user to review the “data to be displayed” and decide if this adequately describes what they are being asked to sign, if so they authorise the use of their remote signature.
Includes Utimaco’s most powerful HSM which is CC EAL4+ certified meeting the EN 419 221-5 protection profile – use to generate, protect and process all user signing keys. The ADSS Server SAM Service can also be configured to just run in software on Windows or Linux for testing or evaluation purposes. It can use software crypto, a software HSM simulator or a PKCS#11 HSM.
A high performance 1U hardware appliance that meets FIPS 140-2 Level 3 criteria.
Specifications
Component
Specifications
Software
ADSS SAM Server Appliance v6.0 (EN 419241-2 Certified)
HSM
Utimaco CryptoServer CP5 Se1500 PCIe (EN 419221-5 Certified)
Operating System
Red Hat Enterprise Linux 7.4
Database
Percona XtraDB Cluster 5.7
Server
AIC-TB116AN with FIPS 140-2 Level 3 Protection
Intel Xeon E3-1270V6
32GB ECC DIMM RAM and 960GB SSD
Ask us for more information on how we can help your business streamline paper processes by using electronic signatures to secure and protect key documents and data.
Ask us for more information on how we can help your business streamline paper processes by using electronic signatures to secure and protect key documents and data.
ARCHITECTURE
As a Qualified Trust Service Provider (QTSP) we had an urgent need to deliver Qualified Remote Signature services that met the EU eIDAS (910/2014) Regulation and the relevant ETSI standards and CEN EN 419241-2 Protection Profile for Qualified Remote Signing with Level 2 Sole Control. Ascertia was the first to release a commercial product, ADSS SAM Appliance, that was CC EAL4+ certified against EN 419241-2. QuoVadis Trustlink B.V. was then the first QTSP to order and take delivery of this advanced product. As long-standing users of Ascertia’s world-class products we are pleased to see that the ADSS SAM Appliance used the same robust ADSS Server software that we are used to with our other high-trust, high-availability services. Ascertia are an easy organisation to work with and they support us very well when needed.
Patrick Beckman Lapré
Sales & Marketing Director, QuoVadis Trustlink B.V.