Solutions by Technology
/ e-Notarisation & Secure Archiving
Very often organisations need to archive important business documents anywhere from 2 to 10 years for compliance reasons. Specialist organisations responsible for maintaining archives on behalf of others, e.g. digital libraries may need to archive documents for even 100+ years
The reason for archiving something is to prove something happened. For example, a particular online transaction took place with a customer, a particular instruction was approved by company executives, a particular company policy document was signed by an employee, and many other such examples.
In order for a digital archive to be effective and stand the test of time it needs to:
Prove that archived data objects have not changed and are exactly the same as those submitted
Prove the time when the archive objects were submitted
Protect the archive objects for a long period of time, i.e. beyond the lifetime of PKI certificates, timestamps and algorithm weaknesses
In addition to the above the archive provider may need to digitally sign the input documents as part of an e-Notarisation service. This may include signing the content or witnessing an existing digital signature. In case of any existing digital signatures on the input documents the service must verify these fully and also store the verification evidence data together with the archived object for later proof.
SOLUTION DESCRIPTION
Ascertia provides solutions to meet e-Notarisation and long-term archiving needs in the following way:
Server-side signing of data objects using a special archive key to create long-term archive signatures with embedded timestamps and revocation info (e.g. ETSI CAdES-A and ETSI XAdES-A signature profiles) that ensure the integrity and evidentiary capability of the preserved data. Any existing signatures on the document can be first verified and also extended to archive signature format by embedding timestamps and signer revocation info.
Creating long-term XML Evidence Record Syntax (XMLERS) archive objects based on the IETF LTANS Specification. The XMLERS archived objects can be stored in the ADSS Archive Server’s SQL databases or returned to selected enterprise content management (ECM) applications. The ADSS Archive Server performs archive management, automated evidence refreshing based on flexible archive policy and archive retention policy management.
Any type of document (PDFs, Word, Excel, Proprietary Format, Encrypted Documents etc.)
Archive Object (timestamped using IETF Evidence Record Syntax). Note the Archive object can be stored locally by ADSS LTANS Evidence Server in its database or returned to the business application (e.g. a Document Management System)
Using signatures and timestamps, documents can be shown to have existed, been processed, been accepted, been notarised by a particular individual, system or organisation at a proven date and time.
WHY ASCERTIA?
There are many reasons for choosing Ascertia’s digital signature products for e-Notarisation and long-term archiving projects. These include:
Support for IETF LTANS Specifications
Ascertia is a leader in providing a secure archiving server which complies with the IETF Long-Term Archive and Notarisation Specifications (LTANS). Specifically Ascertia supports the XML Evidence Record Syntax (ERS) format as well as the XML/SOAP web services based Long-Term Archive Protocol (LTAP).
Apply electronic (digital) signatures to any type of document
Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. The products support PDF, XML, PKCS#7, CMS, S/MIME and PKCS#1 signatures as required to sign business documents. German and other country qualified certificates can be used to provide advanced electronic signatures.
Verify existing electronic (digital) signatures to any type of document
Ascertia has the widest support for verification of digital signature formats as mentioned above. It also provides enhanced OASIS DSS-X Verification Reports and PEPPOL based quality ratings for signatures and associated certificates. All of this evidential information can be stored as meta data with the data objects being archived for later use.
Long-term signatures
Ascertia is a clear leader in creating long-term signatures – these can be verified many years in the future, an essential requirement for most government related data. ADSS Server supports ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.
Multiple Signing Options
Different applications have different needs for how signatures are created. Some require server-side batch-signing features, some require signatures to be created locally by users that have eID smartcards or secure USB tokens. Others even want key and certificate roaming solutions that offer virtual “smartcards”. Ascertia’s ADSS Server and Go>Sign Client already provide all these options and more.
Multi-platform support
Organisations cannot control which systems and browsers end-users will work with when submitting documents. It is essential digital signature and encryption solutions work on any platform with any browser and support multi-lingual capability. ADSS Go>Sign Client supports all Windows platforms as well as many Linux versions and has also been tested in various browsers
Multiple Integration Options
ADSS Enterprise Server can be easily integrated with any business document production environment using our Watched Folder application called Auto File Processor, or our high-level Java and .NET ADSS Client SDKs or via direct XML/SOAP web service calls or even email integration using Secure Email Server.
High Performance, Scalability & Security
ADSS Server can be run in load-balanced configuration to sign millions of documents in automated manner. All signature operations can be conducted in a secure Hardware Security Module (HSM) and multiple HSMs can be connected for performance and resilience purposes. All signing operations are securely logged in ADSS Server database.
More than just digital or electronic signatures
Digital signature creation is only one part of the solution – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in one multi-function server. All these services are based on leading industry standards including OASIS DSS & DSS/X (singing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation), W3C XKMS (validation), etc.
Ascertia is a global leader in high-trust PKI and digital signature products, delivering essential trust services that keep citizens secure and business flowing. Ascertia’s products are easy to integrate and use across a range of business scenarios.
Ascertia is a global leader in high-trust PKI and digital signature products, delivering essential trust services that keep citizens secure and business flowing. Ascertia’s products are easy to integrate and use across a range of business scenarios.