ADSS LTANS Evidence Server

Overview

Archive Authority for Long-term Data Preservation 

Proving existence, integrity and validity for the long-term

As part of complying with internal policies, external regulation or legislative requirements, certain business documents must be securely archived for a number of years into the future.

ADSS LTANS Evidence Server is a PKI-based Archive Authority product, which provides the capability to be able to demonstrate the (time of) existence, integrity, and validity of data including signed and/or encrypted data for long or undetermined periods of time. Because cryptograph algorithms may become weak over a period of time, the ADSS LTANS Evidence Server supports the ability to refresh the evidence records using new algorithms and updated PKI certificates.

ADSS LTANS Evidence Server offers these capabilities for any document format including PDF, Office and proprietary formats.  So whether the document type is legal, financial, personnel, safety, engineering drawings or project plans, they all can be evidence archived.  The business application simply needs to decide which documents need to be evidenced and under which archive policy.   Note the actual data object maybe stored/archived in a 3rd party DMS, ECM or Archive system, in this case ADSS LTANS Evidence Server only stores the evidence record for the data object. 

Key points:

  • Protects documents through the entire archive period using secure timestamps (RFC 3161) . The input data can be of any format and can be signed or encrypted
  • Supports multiple archive profiles for different business requirements or document types
  • Offers flexible retention policies, including the option of auto-deleting archive documents at the end of their retention period
  • Supports manual or automatic refreshing of the timestamp evidence information to protect against the long-term erosion of crypto algorithm security
  • Complies with IETF LTANS Specifications in particular RFC 6283 and Long Term Archive Protocol (LTAP)
  • Can use the internal ADSS TSA Service module or connect with one or more external TSAs
  • Signed data objects can have their signature verified before being archived. The full verification report and evidence data (e.g. CRLs/OCSP etc.) are also archived as process-related meta data
  • Supports notary signing of archived data using the Archive Authority's private signing key held in a Hardware Security Module (HSM)
  • Supports RSA signing with keys of 1024, 2048, 4096 bits
  • Supports ECDSA signing with keys of 192, 224, 256, 384, 521 bits
  • Supports hash algorithms: SHA-1, SHA-2 (SHA-256, SHA-384 and SHA-512)
  • Offers time drift monitoring, alerting and service stop features
  • Includes full secure transaction logging
  • Supports secure client application authentication and authorisation checks
  • Provides summary and detailed management reporting
  • Multiple integration options are possible using ADSS Client SDK. Alternatively watched folder integration using Ascertia Auto File Processor (AFP) can also be offered
  • Designed for High Availability, resilience and high throughput capability

How it works?

The following diagram illustrates the internal processes and how the Evidence Record Syntax (ERS) datafile is created:

ADSS LTANS Evidence Server architecture

ADSS Server is a powerful server application providing multiple e-Trust services as shown in the diagram below. Although it's a single product, its service modules are licensed individually and branded accordingly. Your investment in ADSS Server is therefore future-protected as you can license new service modules over time as your e-Trust business needs grow. Multiple ADSS service modules may be installed on the same ADSS Server instance, saving on hardware, software and management costs. All of the ADSS Service modules use the same GUI layout and style thereby making training simple for administrators. Ascertia tracks the latest industry standards and is committed to adding new service modules as required by our customers.

3rd Party Apps (ERP, ECM, CRM etc.)
Core ADSS Server modules Trust Manager | Key Manager | Secure Logging | HSM & DB Manager | Reporting | Client Manger | Dual Control CRL Manager | Access Control | System Integrity Checker | Auto Archiver
High-Level e-Trust Services (each separately licensed) Lower-Level PKI Services (each separately licensed) Base Modules of ADSS Server (available by default)

The above diagram shows a range of client applications (relying party application) using the ADSS LTANS Evidence Service module. Due to the wide acceptance of the standard, there are large number of client applications, including ECM, ERP and CRM. Click on any of the ADSS service modules to jump to the relevant product page.

The power of ADSS Server is that all of this functionality is available from one unified product, which minimises training costs, provides a single platform for management control and logging, and lowers the total cost of hardware and software ownership.

Request Info

Submit

Sales Inquiries:
+44 (0)800 772 0 442

15

+
Years of Digital Signature
Innovation