TrustedX Electronic Signature

Benefits

• Electronic signature on server
  TrustedX acts as a centralized repository of keys and digital certificates so that corporate users and/or applications can use them remotely without having to store them locally. This approach provides greater control over the use of keys in an audited manner and simplifies deploying, maintaining and using the PKI through centralized management. The authentication and access control offers a range of mechanisms and trust levels, and the system can be easily integrated with other repositories for managing digital identities.
• Semantic interpretation of electronic signatures
  TrustedX is the most complete digital signature platform of its kind. Multiple CAs can be managed, all electronic signature formats are supported and all complexity related to managing trust is removed from the applications. The incorporated semantic services support obtaining all signer/signature data along with a trust level indicated using discrete values (4 levels) and labels (i.e., Government, Corporate, Finance, etc.).
• Cost saving and flexible integration
  The product can be quickly deployed thanks to its standardization and multiple integration options. It can be used (i) from user applications through plug-ins, (ii) as a Web service and (iii) by means of watched folders. The product incorporates an integration gateway that uses pipelines for the straightforward integration of data and common-task processing.
• Centralized management, auditing and non-repudiation
  TrustedX provides the centralized management of all digital signature policies, the preservation of electronic signatures, and logging and auditing. This allows the corporate control of the use of the cryptography, the effective management of recognized CAs/VAs and the transparent maintaining of electronic signatures when required owing to the expiration of certificates and the renewal of cryptographic material.

Virtual SmartCard

TrustedX module for centrally managing keys and certificates:

• User keys are stored in a centralized repository that acts as a virtual smartcard.
• Users have a desktop plug-in that integrates in their applications (Explorer, Chrome, Acrobat, Office, etc.).
• Certificates can be used for signing and encrypting (secure e-mail with Outlook).
• Supports key and certificate enrollment and renewal processes being performed by the users (certificate autoenrollment).
• Keys can be shared among several corporate users (e.g., corporation certificates).
• Centralized reporting and auditing system. All key usage is logged.

Watched Folders

TrustedX module for managing electronic signatures in watched folders:

• Its low cost and quick set up make watched folder integration ideal for many environments.
• Network folder content is monitored and a series of electronic signature actions is executed on all the files copied to these folders.
• Processed files are put in an outgoing folder, which is also on the network, along with a results report.
• Supports multiple watched folders and defining the sequences of actions.
• Watched folders are suitable for end users and applications.

Signature Services

TrustedX incorporates functions that provide a set of security and trust mechanisms as services. These services can be used in different formats as they support different integration strategies:

• Java or .NET APIs: Allows easily integrating electronic signature services in native Java applications and .NET (**).
• SOAP/WS: Using the OASIS DSS standard as an access protocol for Web services.
• REST/WS, SOAP/WS: Using TrustedX's integration gateway, which supports configuring traffic and data processing with an XML pipeline language.

The platform includes a Java Applet for signature integration scenarios with user cards in Web environments.

Platform functions are grouped into the following services:

• Authentication and authorization. Manages the authentication policies and access control to platform resources/services. Password and digital-certificate based internal authentication mechanisms are supported, as are third-party authentication services based on RADIUS (TMS), SAML and LDAP/AD. 
• Object and entity management. Manages platform entities and objects. External repositories, such as user LDAP/AD, databases, files and HSMs, can be added for protecting private keys.
• Certificate validation. Provides PKI functions for validating certification chains and querying certificate status. Supports OCSP/CRL and customized mechanisms (e.g., databases and @firma platform).
• Electronic signature generation and verification. Generates and verifies electronic signatures in most standard e-document formats, including email and Web messaging. Supported formats include multiple electronic signatures, signatures with time-stamps and long-term electronic signatures.
• Non-repudiation. Allows extending an electronic signature's validity over time by preserving its cryptographic reliability and incorporating the certification chain, information on digital certificate status at the time of signing and a time-stamp.
• Auditing and accounting. Uniformly and securely centralizes e-signature log data. The log system supports incorporating specific entries, which facilitates management with third-party tools.

The following service can also be added:

• Electronic Signature Custody.  Preserves the non-repudiability of the electronic signatures, by transparently interacting with the non-repudiation service and managing signature and e-document metadata.

(**) Please, check for availavility.

Architecture

The following figure illustrates the possible TrustedX architectures. The TrustedX functions can be used as a (i) trusted Web service, (ii) a trusted gateway between applications (iii) or a combination of (i) and (ii) (not shown in the figure).