Videos
Safelayer Identity Services Demonstration
This video gives a quick overview of what you can do with Safelayer Identity Services:
- Protection against identity fraud without requiring an additional authenticator (e.g., a matrix card, OTP device or cryptographic card).
- Electronic document signing (e.g., PDF documents).
- One-time QR for physical access control.
- Web APIs.
- 2FA.
PDF Document Signing with Safelayer Mobile ID
The videos below show how to sign a PDF document using a smartphone. After logging into a document management portal, the user selects a PDF document and signs it electronically using only their smartphone.
OOB Transaction Verification with Safelayer Mobile ID
The videos below show how to verify a transaction using a second channel. The user is asked to confirm the details of the operation using their smartphone with the Safelayer Mobile ID app.
Facebook federation and step-up with Safelayer MobileID
This video shows how to use a smartphone with Safelayer Mobile ID to provide a website with additional guarantees on the identity of the logged-in user (step-up).
Standards
IETF - Internet Engineering Task Force
- RFC 5280, RFC 3280: Internet X.509 Public Key Infrastructure. Certificate and Certificate Revocation List (CRL)
- RFC 3739, RFC 3039: Internet X.509 Public Key Infrastructure. Qualified Certificates Profile
- RFC 6960, RFC 2560: Internet X.509 Public Key Infrastructure. Online Certificate Status Protocol (OCSP)
- RFC 3161: Internet X.509 Public Key Infrastructure. Time-Stamp Protocol (TSP)
- RFC 5816: ESSCertIDv2 Update for RFC 3161
- RFC 6962: Certificate Transparency
- RFC 5652, RFC 3852: Cryptographic Message Syntax (CMS)
- RFC 4511: Lightweight Directory Access Protocol (LDAP): The Protocol
- RFC 3778: The application/pdf Media Type
- RFC 2865: Remote Authentication Dial In User Service (RADIUS)
- RFC 4210: Certificate Management Protocol (CMP)
- RFC 5246: The Transport Layer Security (TLS) Protocol
- RFC 6101: The Secure Sockets Layer (SSL) Protocol
- RFC 5321: Simple Mail Transfer Protocol
- RFC 1157: A Simple Network Management Protocol (SNMP)
- RFC 5424: The Syslog Protocol
- RFC 6749: The OAuth 2.0 Authorization Framework
PKCS Public Key Cryptography Standards
- PKCS #1 RSA Cryptography Standard
- PKCS #7 Cryptographic Message Syntax Standard
- PKCS #10 Certification Request Syntax Standard
- PKCS #11 Cryptographic Token Interface Standard
- PKCS #12 Personal Information Exchange Syntax Standard
ITU-T, ISO/IEC and CEN
- ITU-T Recommendation X.509 | ISO/IEC 9594-8: Information Technology – Open Systems Interconnection – The Directory: Public-Key and Attribute Certificate Frameworks
- ISO 32000-1, Document management – Portable document format – Part 1: PDF 1.7
- ISO/IEC 29115 Entity authentication assurance framework
- CEN/TS 419 261 Security Requirements for Trustworthy Systems Managing Certificates and time-stamps
ETSI European Telecommunications Standards Institute
- ETSI TS 101 862: Qualified Certificate Profile
- ETSI TS 102 280: X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons
- ETSI TS 101 861: Time stamping profile
- ETSI EN 319 412 Profiles for Trust Service Providers issuing certificates
- ETSI EN 419 422 Time-stamping protocol and time-stamp profiles
- ETSI TS 101 733: CMS Advanced Electronic Signatures (CAdES)
- ETSI TS 101 903: XML Advanced Electronic Signatures (XAdES)
- ETSI TS 102 176-1: Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms
- ETSI TS 102 778: PDF Advanced Electronic Signature Profiles;Part 1: PAdES Overview - a framework document for PAdES
- ETSI EN 319 102: Procedures for Creation and Validation of AdES Digital Signatures
- ETSI TS 119 612: Trusted Lists
- ETSI TS 103 171: XAdES Baseline Profile
- ETSI TS 103 172: PAdES Baseline Profile
- ETSI TS 103 173: CAdES Baseline Profile
- ETSI EN 319 122: CAdES digital signatures
- ETSI EN 319 132: XAdES digital signatures
- ETSI EN 319 142: XAdES digital signatures
United States Government Standards
- FIPS 46-3 Data Encryption Standard - DES, Triple DES
- FIPS 197 Advanced Encryption Standard - AES
- FIPS 186 Digital Signature Algorithm - DSA
- NIST Special Publication 800-63-2- Electronic Authentication Guideline
W3C World Wide Web Consortium
- XML Signature WG (XML-DSig)
- XML Encryption WG (XML-Enc)
- XML Key Management Working Group (XKMS)
OASIS Organization for the Advancement of Structured Information Standards
- OASIS Web Services Security (WS-Security)
- OASIS Digital Signature Services (DSS)
- OASIS Security Assertion Markup Language (SAML)
ePassport Specifications
- ICAO Doc 9303: Machine Readable Travel Documents
- ICAO PKD standards
- Full EAC 1.11 compliant (BSI TR-03110)
- EU Common Certificate Policy for the EAC infrastructure (BSI TR-03139)
- SPOC (ČSN 36 9791)
- BSI TR-03129 PKI for Machine Readable Travel Documents
Other technical specifications
- Microsoft Cryptographic Application Programming Interface (MS-CAPI)
- REST/JSON Architecture
- Simple Certificate Enrollment Protocol (SCEP)
- Microsoft Windows Enrollment
- Microsoft Active Directory
- Apple OTA Enrollment
- SOAP/HTTP Protocol
Whitepapers
This section contains a collection of whitepapers on security technologies and integration architectures that implement the Safelayer products (KeyOne and TrustedX).
TrustedX Electronic Signature Platform
TrustedX Encryption Key Management
Conference papers
Achieving the eIDAS vision through the Mobile, Social and Cloud triad
Towards a new electronic identification of citizens: the DNIe
A Service Oriented Trust Development Platform
Data sheets
This section contains the Safelayer products and components data sheets grouped by product families.
TrustedX Platform
TrustedX Authentication Platform
TrustedX Encryption Key Management
KeyOne Platform
NOTE: For more information about eMRTD KeyOne components, see whitepapers section.
Articles
This section contains a collection of articles on Safelayer products and technologies on which these products are based.
Adaptive Authentication
Public Key Infrastructure
Electronic signature
- TrustedX: The Custody of Signed Documents
- X.509 Digital Certificate Validation
- Electronic invoicing: formats and directives
- Demonstration of the generation of timestamped electronic signatures
- Long term verification of digital signatures using TrustedX
- Electronic Signature Generation (PKCS#7/CMS, PDF digital signature, S/MIME, CAdES, XAdES, PAdES and WS-Security)
- Non-Repudiation and Long-Term Digital Signatures (XAdES, CAdES and PAdES)
- Electronic Signature Verification with TrustedX (PKCS#7/CMS, PDF signature, S/MIME, CAdES, XAdES, PAdES and WS-Security)
- Multi-Signature Use Case
- PAdES (ETSI 102 778): digital signature in PDF documents with TrustedX
- Server-Side and Client-Side Electronic Signatures: Using TrustedX for generating corporate and user signatures
Data encryption
Integration of Security Services
- Applications integration via an Enterprise Service Bus
- Enterprise Service Bus (ESB): the Interconnection Infrastructure for SOA
- Implementation of a REST API to access the TrustedX web services
- RESTful security web services
- Integration, administration and user interface of the TrustedX platform
- TrustedX: Integration of Trusted Services
- TrustedX integration architectures
- TrustedX: Architecture & Services Components
FAQ
This collection of frequently asked questions offers a global vision of the architectonic and functional features of TrustedX and KeyOne.
Electronic Signature and Encryption
Legal and Industry Regulations
Industry Compliance
Legal Compliance
- Proposal for New EU Payment Services Directive
- 2014 EU Regulation on “electronic identification and trust services for electronic transactions in the internal market” (eIDAS)
- EU Directive 1999/03/EC on Electronic Signatures
- Community Framework for Electronic Signatures
- Directive 2001/115/CE EU on Electronic Invoicing, the eInvoice
- EU Directive 95/46/EC on Data Protection