XML Signatures

Business Needs

XML is the de facto standard for the storage of structured information in a form that is easily read by business applications. XML documents are used for invoices, receipts, order information, transaction histories etc. XML signing is used to ensure that such XML data is trustworthy and unchanged. Such XML signatures form an essential requirement to ensure that unauthorized changes are detected, that the signer can be authenticated and also preserve it for long-term storage and audit.

XML signatures provide legal weight that the business data was signed, transactions can be trusted and reports and financial documents are unchanged. Using long-term signatures XML signed documents can be relied upon for many years, even after the original digital certificates have expired and even after the original cryptographic algorithms used in the signing process have become weak.

Server product for XML signing and verification!

ADSS Signing Server offers enhanced XML DSig and ETSI XAdES digital signature creation and verification services for business applications needing to trust XML documents and data. It provides applications with easy-to-use trust services using high level OASIS DSS compliant APIs, watched folders or secure email integration options.

ADSSADSS Signing Server provides important management features including authorising application requests, managing detailed signing and verification policies, key management, HSM management, , secure audit logging and reporting . ADSS Signing Server has been designed to service internal application needs use as well as more external third-party use and is also suitable for Managed Service Provider use.

Why use ADSS signing server?

ADSS Signing Server satisfies a wide variety of business trust services, which have various data and signature formatting requirements in government and business sectors. XML data can also be used as the input from citizens using web-forms and signed using their Qualified Certificate eID cards. Ascertia attends all the ETSI XAdES Plugtests to continue to demonstrate and verify that ADSS Signing Server meets the required standards and understand XML signatures created by other compliant products from participating third parties. ADSS Signing Server is ideally suited to fulfilling the underlying trust requirements because of the following features.

Supports all XML signature formats

ADSS Signing Server supports all of the common XML signature formats including XML DSig and ETSI XAdES. The complete list of supported XML signature formats is shown here.

Supports multiple XML signature options

ADSS Signing Server allows XML documents to be signed using centrally held corporate signing keys, centrally held unique signing keys for each user or department, or signing keys held locally by end-users on smartcards, secure USB tokens or software files. Roaming credentials can also be used, where the signing key is held inside a secure container on the ADSS Signing Server and delivered to the user for local signing when required, very similar to a virtual smartcard. Mobile signing can also be used.

Supports browser-based signing

ADSS Signing Server offers an option called ADSS Go>Sign Applet which provides a simple facility for users to view and sign documents (using centrally-held keys, locally-held keys or roamed keys). This browser based signing applet removes the need to have pre-installed signing software on user’s desktops and all the management and support and maintenance headaches that this entails.

Provides centralised signature verification service

ADSS Signing Server provides very effective verification services for all signature formats. It can verify basic, timestamped, advanced long-term signatures using embedded timestamps and revocation information, as well as historic verification using its advanced CRL monitoring and retention/archiving capability. Real-time certificate validation using OCSP is also available. Making local verification decisions can be very difficult and is virtual impossible to policy manage. All applications and web-applications should perform server-side verification following OASIS DSS and OASIS DSS-X standards.

Use cases mapping

The following table maps common use cases to Ascertia products. This is just an example and not a complete list of use cases, do get in touch with us if you have any special requirements.

Use Case Ascertia Product(s)

Bulk signing corporate digital signatures

Apply corporate or role-based digital signatures (optional held in an HSM) using server-held keys and certificates. Ideal for unattended bulk signing of XML files (e.g. e-Invoices). 

ADSS Signing Server

+ optional Auto File Processor

On-demand user signatures on a server

Allowing end-users to sign using unique keys and certificates held securely on a server (optionally in an HSM), typically generated and certified during a web registration process. For integration into existing web applications. 

Client-side user digital signatures / Qualified signatures

Enabling end-user XML signing within web applications, using signing keys held on the desktop / within a smartcard / USB token or secure download of roamed signing credentials. For integration into existing web applications.

ADSS Signing Server

+ with ADSS Go>Sign Service enabled

Mobile device digital signatures / Qualified signatures

Business applications that create XML data and need this signed by user with a mobile device certificate can do this in conjunction with ADSS Server such that long-term XAdES –X-Long digital signatures are created.

ADSS Signing Server

+ with the appropriate mobile signing sub-system (ask for details)

Local language support

For web applications, ADSS Server expects the application developers to create browser pages that can use the appropriate local language. The ADSS Go>Sign Service document viewer GUI is offers multi-lingual options.

Request Info

Submit

Sales Inquiries:
+44 (0)800 772 0 442

15

+
Years of Digital Signature
Innovation