News And Events

Updates

  • Global: ADSS Server v4.8.6 released

    Sep 28, 2015
    ADSS Server v4.8.6 has been released with the following features and enhancements:
    • ADSS Key Manager now supports the latest Microsoft Azure Key Vault APIs.
    • ADSS Go>Sign Service now supports local signing using IntoIT middleware to support Belgian eID smartcards without using a local Java runtime.
    • ADSS Go>Sign Service now supports mobile signing using AET Mobile ConsentID.
    • The Manage CAs module now supports direct calls to GlobalSign's online Certificate Service.
    • ADSS Server can now request certificates from a remote ADSS CA Server using a secure client/server TLS/ SSL channel.
  • Global: SigningHub v6.2 released

    Aug 03, 2015
    SigningHub v6.2 has been released with the following features and enhancements:
    • Parallel workflows can now be defined to allow users to be able to sign a document in any order and at any time, this complements the existing sequential or star workflow functionality.
    • SigningHub now offers a wizard-based approach for document preparation. Users are guided to upload a document, identify the signers, then point and click to position signature or other fields including name, email, job title, company, date.
    • Document navigation has been enhanced to allow users to click right to access the next document or click left to see the previous document.
    • Workflow templates can now be created with placeholder names associated with signature fields. When a template is selected an existing contact needs to be assigned to each placeholder location by the document owner or via an API call.
    • A signer within an active workflow can now be changed by the workflow owner, very useful if someone changes role or is otherwise unavailable.
    • SigningHub now supports SAMLv2 authentication and the first supported identity provider is Active Directory Federated Services. When configured, this allows corporate users to access SigningHub and authenticate themselves using their existing AD credentials.
    • Users can use their existing Office 365 credentials to login to SigningHub and sign documents.
    • Users can now use their Google Drive accounts to upload documents in SigningHub and then workflow them. Once the workflow completes the document can be saved back to Google Drive.
    • AET ConsentID mobile users can now sign in to SigningHub and also sign documents.
    • The local language can now be changed within the user’s settings screen.
    • The home screen now shows Signer Count, Remind Signer and a quick access button.
    • The RESTful API has been enhanced – see the developer’s guide for details.
  • Global: ADSS Server v4.8.5 released

    Jul 16, 2015
    ADSS Server v4.8.5 has been released with the following features and enhancements:
    • ADSS Server now supports Distributed OCSP and complies with the RFC 2560 and RFC 6960 standards in this area.
    • A new separately licensed ADSS Server OCSP Repeater Service is now available which works with a separate full ADSS Server OCSP Service to provide precomputed OCSP responses for local OCSP clients - this is valuable where local OCSP clients do not want to always rely on central but remote OCSP servers and/or where speed of response is vital such as in PACS/LACS (physical or logical access control systems).
    • The Manage CAs module has been enhanced to support direct communication with these external CAs, (a) Windows Server 2008 and 2012 CA, and (b) QuoVadis CA
      This is in addition to the current support for ADSS CA Server, GlobalSign CA and PrimeKey CA (EJBCA).
    • The Signing Service has been enhanced to allow API calls to override the value for the “Signed By” field in a visible signature.
      Memory and database connections statistics can now be examined by clicking “System Health” in the Server Manager module and new operator alert messages can be configured for these items within the Global Settings > System Alerts page.
    • Manual renewal of infrastructure certificates is now possible in Key Manager.
    • An existing profile / or certificate template can be used as a base when creating a new profile or template for selected services.
  • Global: SigningHub v6.1 released

    May 05, 2015
    SigningHub v6.1 has been released with the following features and enhancements:
    • Multiple authentication options are now supported. In this release Salesforce IDs (via OAuth) and Active Directory authentication are included.
    • Documents can now be uploaded from Dropbox.
    • Enterprise admins can now set define the logo and colour branding for their Enterprise account.
    • Long-term Digital Witness Signatures are now supported so that each e-signature is cryptographically bound to the document using a high trust Qualified or Adobe AATL certificate.
    • Document can now be merged or attached before the workflow.
    • Manual and automatic reminders for workflow signers has been added.
    • A new intelligent SigningHub installer has been created to load the software and configure it correctly for use with IIS 8.0 in just a few clicks.
    • SigningHub now allows all signing keys to be generated and used within a centrally held set of HSMs using key strong wrapping techniques that works with most HSMs (SafeNet Luna range must use KE model and not the CL model). Microsoft Azure Key Vault is also supported.
    • The SigningHub web services API has been extended to support various new features.
  • Global: ADSS Server v4.8.4 released

    Apr 27, 2015
    ADSS Server v4.8.4 has been released with the following features and enhancements:
    • ADSS Server has been enhanced to utilise Java 8 (JDK 1.8.0u31) and Apache Tomcat 8 (8.0.20).
    • The Key Manager module has been enhanced to support Microsoft Azure Key Vault using the software or HSM based keystore, and allows automatic renewal of infrastructure certificates to be enabled or disabled.
    • The JVM maximum memory parameters for the ADSS Core, Console and Service Windows services or UNIX daemons are now configurable via the installation wizard.
    • The Manage CAs module has been enhanced to view and save the CRLs for local CAs and send alerts when automatic CRL publishing fails.
    • The ADSS Signing Service has been enhanced to ensure that PDF document conversion and signing is PDF/A-1, PDF/A-2 and PDF/A-3 compliant and to also support centrally created signature location profiles.
    • The ADSS Go>Sign Service has been enhanced to sign multiple fields assigned to the current user in one go.
    • ADSS Server Console has been enhanced to manage and repair HMAC verification failures if these arise in the Transactions Log of any service.
    • Microsoft SQL Server 2014 and PostgreSQL 9.4 have been added to the list of supported databases.
  • Global: ADSS Server v4.8.3 released

    Mar 02, 2015
    ADSS Server v4.8.3 has been released with the following features and enhancements:
    • The HSM key wrapping functionality has been enhanced to ensure that SSCD Type 2 (CWA 14169 PP) compliant signatures are produced. This is important as Europe adopts the eIDAS regulation and the forthcoming TS 419241 specification.
    • The ADSS Signing Service has been enhanced to define the PDF signature dictionary size within the signing profile - this enables operators to create profiles that allow custom signature data sizes (larger or smaller) to be embedded in the PDF. This simplifies the creation of long-term PDF signatures when larger CRLs need to be embedded.
    • The ADSS Verification Service has been enhanced to provide more details for PAdES Part 2 and PAdES Part 4 signatures, such as:
      1. Is the signature LTV enabled?
      2. The validity of the LTV signature
      3. Is this a Qualified Signature?
      4. Signature verification date and time
      5. Exact signature type e.g. PAdES Part 4
      6. EPES signature policy data
      7. Signature application
      This enables applications such as SigningHub to display key signature verification details.
    • ADSS Server now integrates with EJBCA PKI and GlobalSign ePKI (as external Certificate Service Providers), and thus enable ADSS Server to obtain digital certificates directly from these CAs. Integration with existing PKIs simplifies the ability to deliver digital signature services, allowing applications such as SigningHub to connect to existing PKIs and obtain user certificates.
    • The ADSS Go>Sign Service has been enhanced:
      1. Go>Sign Viewer now supports Microsoft Word 2013 and Office 365 Word documents
      2. PDF document conversion is now PDF/A-1, PDF/A-2 and PDF/A-3 compliant
      3. Empty signature fields can now be created at predefined locations
      4. Go>Sign Applet can be reloaded in a single page application without reloading the page
      These changes provide applications with much greater flexibility when using ADSS Go>Sign Viewer and ADSS Go>Sign Applet.
    • Auto File Processor (AFP) has been enhanced such that local PDF document conversion is PDF/A-1, PDF/A-2 and PDF/A-3 compliant. This continues Ascertia’s support for key industry standards.
    • The ADSS Server external configuration files had to be manually copied during an upgrade. From this release onward, all of these file based configurations are held in the database so that future updates can managed in a fully automatic way.
  • Global: SigningHub v6.0 released

    Feb 18, 2015
    SigningHub v6.0 has been released with the following features and enhancements:
    • The product name has been changed from Ascertia Docs to SigningHub Enterprise.
    • This is a major release providing a completely new architecture and user interface that is easier to use, requires fewer mouse clicks and is several times faster than previous versions. Greater flexibility is provided for application connectors, enterprise management and user role management. A new management application has been Version 6.1 will complete the change from version 5 to version 6.
  • Global: ADSS Server v4.8.2 released

    Dec 01, 2014
    The latest version of the Ascertia Advanced Digital Signing, (ADSS) Server includes the following major enhancements:
    • ADSS Signing and Verification Services, in addition to PDF and XML based digital signature can now also create and verify Microsoft Office 2013 and Office 365 based native digital signatures. ADSS Client SDK is also enhanced to support Microsoft Office 2013 digital signatures.
    • The ADSS Certification Service has been enhanced to:
      1. Support Certificate Transparency extensions within TLS/SSL server certificates compliant with RFC 6962.
      2. Enable certificate issuance requests to be prevented if CA certificate constraints are violated. This prevents issuance of malformed digital certificates.
    • The ADSS Verification Service now supports embedding attribute certificates within PDF digital signatures as part of verification and enhancement. The embedded attribute certificate can be also viewed from Adobe Reader.
    • Local Certificate Authorities and Attribute Authorities supports the publishing of their issued certificates on a defined LDAP server.
    • When exporting ADSS Server configuration data, all dependent configurations are now automatically included. This is very handy for operators to properly synch two different ADSS Server instances without having to worry about what dependent data is to be selected for export.
    • The ADSS Client SDK (signing APIs) now supports empty signature field creation for local and remote hashing using field coordinates.
    • The ADSS Client SDK (certification APIs) have been enhanced to mention digital certificate SAN extensions, in the requests which are then be put inside the issued digital certificate.
    • Auto File Processor (AFP) has been enhanced to support:
      1. Signing of Microsoft Office 2013 and Office 365 documents
      2. PDF documents can now have empty signature fields created with in AFP to provide greater flexibility especially when local hashing is required which is then signed using ADSS Server.
  • Security Bulletin: SSL POODLE Vulnerability (CVE-2014-3566)

    Oct 17, 2014
    Summary
    A security advisory (https://www.openssl.org/~bodo/ssl-poodle.pdf) was published on 14th Oct 2014 by Google, describing a security attack allowing plaintext to be extracted from an SSL connection when the SSL client and server both use SSL version 3.0. The issue is inherent in the protocol, which is almost 20 years old, and the only recommended way to overcome the latest issue is to disable SSL version 3.0 and ensure that only the more modern replacement TLS protocols are used instead. To successfully exploit POODLE the attacker must be able to inject a malicious JavaScript into the victim's browser and also be able to observe and manipulate encrypted network traffic on the wire.

    Mitigating Factors
    • As you would be having trusted/controlled environment.
    • If the connection is based on TLS 1.0 or higher and the client does not attempt to reconnect using SSL v3.0 then there is after a handshake failure then there can be no compromise. TLS 1.2 is always recommended to prevent weaknesses in TLS 1.0.
    • If you have disabled SSL v3.0 in your browser then even if it is enabled on the server, there can be no compromise.
    Impact of this vulnerability on Ascertia Products:
    • SigningHub Cloud (www.signinghub.com): No impact - SSL v3.0 is already disabled in this service
    • SigningHub Enterprise: This product is not bundled with a web-server and is therefore POODLE safe. You must ensure SSL v3.0 is disabled on the IIS web server (see corrective action below).
    • ADSS Server: Apache tomcat is bundled with the product. SSL v3.0 is by default enabled (see corrective action below to disable SSLv3.0).
      Corrective Action
    To disable SSL v3.0 for ADSS Server, follow the steps mentioned in the following KB Article.
    To disable SSL v3.0 on your web server or browser (IIS, Apache, IE, and Chrome and Firefox) follow the steps here.

    For more details contact Ascertia Support.
  • Global: ADSS Server v4.8.1 released

    Sep 15, 2014
    The latest version of the Ascertia Advanced Digital Signing Services (ADSS Server) includes the following major enhancements:
    • A comprehensive new PKI component called an Attribute Authority has been added. An Attribute Authority issues (and revokes) attribute certificates to users. Attribute certificates are used for assigning rights, privileges and authority to access particular resources. ADSS Server allows multiple attributes certificate profiles to be set-up and used in wide range of business scenarios. Business applications, including Registration Authority (RA) products such as AET BlueX, can request attribute certificates on behalf of end-users through the ADSS web services interface.
    • The ADSS SCVP Service has been further enhanced to dynamically discover and validate the certificate chain for an OCSP Responder certificate when using advanced discovery settings. It achieves this using certificate extensions and/or configured LDAP directories, avoiding administrators to manually find and import such certificates. Complex PKI networks such as Bridge CA environments, in particular the Federal PKI, where finding the certificate chains of distant OCSP responders is complex and time-consuming, will benefit greatly from the automated processing of OCSP responder certificates.
    • The ADSS Certification Service has been enhanced to support short-life certificates. Typically such certificates can have a lifetime of a few minutes. This is useful for schemes which require the use of One Time Certificates (OTC) for the creation of one time digital signatures. Such schemes have higher inherent security because certificates can only be used once (i.e. no chance of misuse) and also do not need revocation management as they expire very quickly. Such schemes also aid ease of use since one time certificates can be managed solely on the server-side without requiring delivery to the owning user.
    • ADSS Server now includes functionality for scheduled restarts at a selected future time, typically a quiet time such as 02:00 so that any configuration changes do not affect processing during normal business hours. To maintain enhanced security, ADSS Server does not permit dynamic changes to ADSS Server security and policy settings.

About Us

News and Events

Customers

Partners

Contact Us

Privacy Statement

Request Info

Submit

Sales Inquiries:
+44 (0)800 772 0 442

15

+
Years of Digital Signature
Innovation