In this page, you will find technical and product information on Safelayer solutions. Whitepapers, datasheets, articles and compliance documentation are all available for download.


Safelayer Identity Services Demonstration

This video gives a quick overview of what you can do with Safelayer Identity Services:

  • Protection against identity fraud without requiring an additional authenticator (e.g., a matrix card, OTP device or cryptographic card).
  • Electronic document signing (e.g., PDF documents).
  • One-time QR for physical access control.
  • Web APIs.
  • 2FA.


Step up

Try it for yourself by visiting


PDF Document Signing with Safelayer Mobile ID

The videos below show how to sign a PDF document using a smartphone. After logging into a document management portal, the user selects a PDF document and signs it electronically using only their smartphone.


OOB Transaction Verification with Safelayer Mobile ID

The videos below show how to verify a transaction using a second channel. The user is asked to confirm the details of the operation using their smartphone with the Safelayer Mobile ID app.


Facebook federation and step-up with Safelayer MobileID

This video shows how to use a smartphone with Safelayer Mobile ID to provide a website with additional guarantees on the identity of the logged-in user (step-up).


This section contains the security standards and specifications supported by Safelayer products.

IETF - Internet Engineering Task Force

  • RFC 5280, RFC 3280: Internet X.509 Public Key Infrastructure. Certificate and Certificate Revocation List (CRL)
  • RFC 3739, RFC 3039: Internet X.509 Public Key Infrastructure. Qualified Certificates Profile
  • RFC 6960, RFC 2560: Internet X.509 Public Key Infrastructure. Online Certificate Status Protocol (OCSP)
  • RFC 3161: Internet X.509 Public Key Infrastructure. Time-Stamp Protocol (TSP)
  • RFC 5816: ESSCertIDv2 Update for RFC 3161
  • RFC 6962: Certificate Transparency
  • RFC 5652, RFC 3852: Cryptographic Message Syntax (CMS)
  • RFC 4511: Lightweight Directory Access Protocol (LDAP): The Protocol
  • RFC 3778: The application/pdf Media Type
  • RFC 2865: Remote Authentication Dial In User Service (RADIUS)
  • RFC 4210: Certificate Management Protocol (CMP)
  • RFC 5246: The Transport Layer Security (TLS) Protocol
  • RFC 6101: The Secure Sockets Layer (SSL) Protocol
  • RFC 5321: Simple Mail Transfer Protocol
  • RFC 1157: A Simple Network Management Protocol (SNMP)
  • RFC 5424: The Syslog Protocol
  • RFC 6749: The OAuth 2.0 Authorization Framework

PKCS Public Key Cryptography Standards

  • PKCS #1 RSA Cryptography Standard
  • PKCS #7 Cryptographic Message Syntax Standard
  • PKCS #10 Certification Request Syntax Standard
  • PKCS #11 Cryptographic Token Interface Standard
  • PKCS #12 Personal Information Exchange Syntax Standard


  • ITU-T Recommendation X.509 | ISO/IEC 9594-8: Information Technology – Open Systems Interconnection – The Directory: Public-Key and Attribute Certificate Frameworks
  • ISO 32000-1, Document management – Portable document format – Part 1: PDF 1.7
  • ISO/IEC 29115 Entity authentication assurance framework
  • CEN/TS 419 261 Security Requirements for Trustworthy Systems Managing Certificates and time-stamps

ETSI European Telecommunications Standards Institute

  • ETSI TS 101 862: Qualified Certificate Profile
  • ETSI TS 102 280: X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons
  • ETSI TS 101 861: Time stamping profile
  • ETSI EN 319 412 Profiles for Trust Service Providers issuing certificates
  • ETSI EN 419 422 Time-stamping protocol and time-stamp profiles
  • ETSI TS 101 733: CMS Advanced Electronic Signatures (CAdES)
  • ETSI TS 101 903: XML Advanced Electronic Signatures (XAdES)
  • ETSI TS 102 176-1: Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms
  • ETSI TS 102 778: PDF Advanced Electronic Signature Profiles;Part 1: PAdES Overview - a framework document for PAdES
  • ETSI EN 319 102: Procedures for Creation and Validation of AdES Digital Signatures
  • ETSI TS 119 612: Trusted Lists
  • ETSI TS 103 171: XAdES Baseline Profile
  • ETSI TS 103 172: PAdES Baseline Profile
  • ETSI TS 103 173: CAdES Baseline Profile
  • ETSI EN 319 122: CAdES digital signatures
  • ETSI EN 319 132: XAdES digital signatures
  • ETSI EN 319 142: XAdES digital signatures

United States Government Standards

  • FIPS 46-3 Data Encryption Standard - DES, Triple DES
  • FIPS 197 Advanced Encryption Standard - AES
  • FIPS 186 Digital Signature Algorithm - DSA
  • NIST Special Publication 800-63-2- Electronic Authentication Guideline

W3C World Wide Web Consortium

  • XML Signature WG (XML-DSig)
  • XML Encryption WG (XML-Enc)
  • XML Key Management Working Group (XKMS)

OASIS Organization for the Advancement of Structured Information Standards

  • OASIS Web Services Security (WS-Security)
  • OASIS Digital Signature Services (DSS)
  • OASIS Security Assertion Markup Language (SAML)

ePassport Specifications

  • ICAO Doc 9303: Machine Readable Travel Documents
  • ICAO PKD standards
  • Full EAC 1.11 compliant (BSI TR-03110)
  • EU Common Certificate Policy for the EAC infrastructure (BSI TR-03139)
  • SPOC (ČSN 36 9791)
  • BSI TR-03129 PKI for Machine Readable Travel Documents

Other technical specifications

  • Microsoft Cryptographic Application Programming Interface (MS-CAPI)
  • REST/JSON Architecture
  • Simple Certificate Enrollment Protocol (SCEP)
  • Microsoft Windows Enrollment
  • Microsoft Active Directory
  • Apple OTA Enrollment
  • SOAP/HTTP Protocol


This section contains a collection of whitepapers on security technologies and integration architectures that implement the Safelayer products (KeyOne and TrustedX).

KeyOne eMRTD Solutions

Conference papers

Achieving the eIDAS vision through the Mobile, Social and Cloud triad

 Towards a new electronic identification of citizens: the DNIe

 A Service Oriented Trust Development Platform


Data sheets

This section contains the Safelayer products and components data sheets grouped by product families.

TrustedX Platform

 TrustedX eIDAS Platform

 TrustedX Electronic Signature

 TrustedX Encryption Key Management

 TrustedX Watched Folders

 Safelayer Mobile ID

 Safelayer Virtual SmartCard

KeyOne Platform

 KeyOne CA

 KeyOne RA

 KeyOne VA

 KeyOne TSA

NOTE: For more information about eMRTD KeyOne components, see whitepapers section.


This section contains articles on Safelayer products and the technologies on which these products are based.


This collection of frequently asked questions offers a global vision of the architectonic and functional features of TrustedX and KeyOne.

Electronic Signature and Encryption

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.I accept cookies from this site