Electronic signatures are generated in an organization in the following scenarios:

  • End-User Client-Side Signature.
  • End-User Server-Side Signature.
  • Corporate Server-Side Signature.

Below is a description of what TrustedX provides in these scenarios.

End-User Client-Side Electronic Signature

This signature is performed using a key belonging to one person that is stored in a cryptographic card (smartcard) or similar, which that person keeps, or in a software keystore managed by the operating system in the user's workstation or laptop.This scenario is known as end-user client-side electronic signature and is normally used when the organization wants to make use of already-deployed PKI (e.g., the PKI of the Spanish National Electronic ID card (DNI-e)) and supplies certificates to its staff.

In this scenario, TrustedX provides the electronic signature function within a Java applet called OpenSignX. This applet supports generating electronic signatures (of files, HTML forms) using a browser, meaning there is no need to install, configure or manage a electronic signature application in each client system (workstation or laptop), which results in a sizeable cost saving. Furthermore, OpenSignX can be customized to access the TrustedX electronic signature update service and add a time-stamp to the electronic signature after the electronic signature has been generated locally. This guarantees the validity of the electronic signature (i.e., its non-reputability) up until the time-stamp expires.

client side signature en

End-User Server-Side Electronic Signature

This electronic signature is performed using a key belonging to one person that is stored in a cryptographic hardware module that contains the keys for all or part of the organization's staff. This scenario is known as end-user server-side electronic signature and is for when the organization wants to centrally manage the electronic signature keys of staff so as to apply the same security policies (generation of backups, key renewal frequency, algorithms and admissible key sizes, etc.) to all the keys. I.e., to assure that the management policies for staff keys have organizational scope.

In this scenario, TrustedX provides a electronic signature generation Web service (TWS-DS) that is administered via graphical console and log-record generation to provide effective control and supervision (auditing) of the signing capability of the organization's staff. For example, all requests that do not specify the commitment the signer wants to acquire with respect to the signed data can be rejected, or the usable electronic signature algorithms can be defined. It can also be established that all electronic signatures must include a signed attribute of the electronic signature, the policy identifier used to generate it.

All corporate applications in which users have to generate a personal electronic signature must include the code for accessing the electronic signature generation Web service provided by TrustedX; the applications play no part in managing the user electronic signature keys, the security settings of this electronic signature function (e.g., the applicable policies) or the logging of use. This means that in terms of the electronic signature function, a silo-based deployment is replaced by a centralized SOA-based deployment, with all the advantages in control, coherence and cost saving that this brings.

server side user signature en

In short, in an end-user server-side electronic signature scenario, access to the TrustedX electronic signature generation service:

  • Reduces the cost of deploying the user electronic signature generation function in corporate applications as it:
    • relieves them of having to manage access control to this function.
    • relieves them of having to define use policies (e.g., the electronic signature generation policies).
    • relieves them of having to log service use (i.e., creating log records) for auditing.
  • Reduces the cost of integrating the user electronic signature generation function in all the corporate applications by providing them with a Web-service (WSDL) access interface for this function.
  • Facilitates the control and effective auditing of the use of the user electronic signature generation function in all the organization's applications by providing a single point for control and logging activity.

Corporate Server-Side Electronic Signature

This electronic signature is performed using a corporate key, which is a key belonging to the organization that is stored in a cryptographic hardware module that contains all, or at least some, of the corporate keys. This scenario is known as corporate server-side electronic signature and is for centrally managing the keys that the organization's applications use for automatically signing on behalf of the organization. This type of key management makes it unnecessary to keep multiple copies of corporate keys (one per application) and to repeat management procedures for each of them (which can become unmanageable) and facilitates the control (policy enforcement) and auditing of key use.

All applications that have to generate a electronic signature in the organization's name must include the code for accessing the electronic signature generation Web service provided by TrustedX; the applications play no part in managing the electronic signature keys used, the security settings of this electronic signature function (e.g., the applicable policies) or the logging of use. This means that in terms of the corporate electronic signature function, a silo-based deployment is also replaced by a centralized SOA-based deployment, with all the advantages in control, coherence and cost saving that this brings. The programmatic access by the applications to the corporate electronic signature generation function permits automating this generation and, as a result, also automating a large part of an organization's document and data management workflows. For example, in the corporate mail server (MTA), the generation of a electronic signature for all outgoing emails that meet certain conditions (e.g., being sent by a certain sender, having a certain type of subject) can be automated. The signing of accounting entries for a given period, the signing of invoices issued on a specific date or in a date range and the electronic signatures generated by ERP and CRM systems in the workflows in which they intervene are operations that can also be automated.

server side corporate signature en

In short, in a corporate server-side electronic signature scenario, access to the TrustedX electronic signature generation service:

  • Reduces the cost of deploying the corporate electronic signature generation function in the organization's applications as it:
    • relieves them of having to manage access control to this function.
    • relieves them of having to define use policies (e.g., the electronic signature generation policies).
    • relieves them of having to log service use (i.e., creating log records) for auditing.
  • Reduces the cost of integrating the corporate electronic signature generation function in all the organization's applications by providing them with a Web-service type (WSDL) access interface for this function.
  • Facilitates the control and effective auditing of the use of the corporate electronic signature generation function in all the organization's applications by providing a single point for control and logging activity.

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.I accept cookies from this site