Web services platform for integrating identification, authentication and electronic signature (eIDAS) user methods. In addition to multifactor authentication, trust management and identity federation, the platform provides remote signing with PKI keys on the server via the Web API.

  • It combines authentication, single sign-on (SSO), identity federation and authentication trust level management functionality. Authentication methods including PKI, SMS/email OTP and Safelayer Mobile ID are provided.
  • The platform is complemented through the incorporation of PKI identity attributes for implementing electronic signature functions.. In addition to authentication functionality, the platform provides server and mobile-device signature services. It is an integral solution for deploying the new eIDAS trust services.

 

Benefits

  • Complete solution
    Secure user identification on mobiles and in the cloud. As well as authentication, SSO and identity federation, the solution provides qualified remote signing via Web APIs.
  • Trust elevation
    TrustedX eIDAS provides an adaptive authentication engine that classifies the trust level of the authentication method (as per NIST's AAL/eIDAS's assurance levels). The trust level can be raised via an additional authentication factor such as SMS/email OTP or Safelayer's Mobile ID.
  • Cloud signing
    Management of public key infrastructure (PKI) identity attributes and remote signing functions in accordance with the CEN 419 241 technical standards. Ongoing Qualified Signature Creation Device (QSCD) certification to be operated by Trust Service Providers (TSPs).
  • Standard integration
    Thanks to the support of the REST Web services API implemented via the OAuth 2.0/OpenID Connect, SAML and ETSI's *AdES signature format standards, basic HTTP tools available in any environment/language for integration can be used.
  • Security and auditing
    The system records and aggregates identification, authentication and electronic signature information as per the security requirements applicable in the technical standards associated to the eIDAS Regulation.

Operation

The TrustedX eIDAS platform acts as an identity provider (IdP) and a signature provider (eSigP) for the users in their interactions with the applications by providing the following functionality.

  • Identity provider (IdP)
    Validates user identities, manages the trust level of the authentication as per NIST's ALL/eIDAS's assurance levels, and provides identity federation and SSO between applications.
    It includes authentication methods based on PKI, SMS/email OTP and Safelayer Mobile ID (*). Supports authentication plug-ins for incorporating other authentication services. (*)
  • Electronic signature provider (eSigP)
    Manages the PKI material of the users as identity attributes in a secure and audited HSM-based repository. The user can have one or more digital certificates for electronically signing documents once identified by the IdP.
    Signing functions are available as a Web service or via the Safelayer Virtual Card component (*).
  • Integration standards
    It supports the SAML and OAuth/OpenID Connect standards for Web SSO. Signature functions are accessible via a Web API. TrustedX eIDAS aswell supports the ETSI PAdES, XAdES, CAdES and RSA PKCS #1.

(*) See the product sheet for more information Safelayer Virtual Card and Safelayer Mobile ID

Architecture

TrustedX provides multifactor authentication and user remote signing to the applications via corporate Web services or services operated by a trusted service provider.
The following figure illustrates the interactions between TrustedX eIDAS with the following infrastructure components:

  • Identity services: Can include the LDAP server (for attributes and authentication), an authentication server (e.g., OTP), PKI services, databases and federated IdPs.
  • Network HSM: Cryptographic security device that guarantees the protection of user PKI private keys.
  • Other components (not displayed in the figure): Mail servers, SMS servers, monitoring systems.

 tx eidas en v9

Videos

PDF Document Signing with Safelayer Mobile ID

This video shows how to sign a PDF document using a smartphone. After logging into a document management portal, the user selects a PDF document and signs it electronically using only his smartphone.

 

OOB Transaction Verification with Safelayer Mobile ID

This video shows the transaction verification process using a second channel. The user is prompted to confirm the details of an operation with his smartphone via the Safelayer Mobile ID App.

 

Facebook federation and and step-up with Safelayer MobileID

This video shows how a smartphone with Safelayer Mobile ID can be used to provide a website with additional guarantees on the identity of the logged-in user (step-up).

Events

World eID and cybersecurity
September 24 - 26, 2018 | Marseille, France

Digital Trust & Paperless Conference
April 24, 2018 | Prague, Czech Republic

RSA Conference
April 16 - 20, 2018 | San Francisco, USA

Govern Digital
March 21 - 22, 2018 | Barcelona, Spain

Mobile World Congress
February 26 - March 1, 2018 | Barcelona, Spain

Jornadas CERES
February 7 - 8, 2018 | Madrid, Spain

TRUSTECH
November 28 - 30, 2017| Cannes, France

World eID and Cybersecurity
September 25 - 27, 2017 | Marseille, France

Security Document World
June 26 - 28, 2017 | London, UK

eSignature in Public Administrations
June 7, 2017 | Madrid, Spain

EFPE
June 5 - 7, 2017 | Szczecin, Poland

GISEC
May 21 - 23, 2017 | Dubai, UAE

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.I accept cookies from this site