In a context where organizations are moving to paperless transactions, it is necessary to electronically sign documents to guarantee their integrity and to be able to provide a proof of acceptance by the signer. The signature has to be verified strictly to detect any possible cause for invalidity. IDnomic Sign is an overall solution to create and verify electronic signatures for various use cases.
Electronic signatures guarantee the integrity of documents and identify the signers. Once a signer has produced a signature and the signature has been verified, the signature is secure and may no longer be repudiated.
Each signer uses a signature key pair (a public key and a private key) and a certificate generated by a Certification Authority.
The IDnomic Sign server can use signature certificates generated by the IDnomic PKI solution or other PKI products.
The server manages the cryptographic keys on behalf of the signers. It stores them in a secure way and allows access only to its owner. In a web application, it also allows to use keys stored locally in a smart card for example.
IDnomic Sign creates and verifies electronic signatures using the following formats: CMS, CAdES, XAdES or PAdES, and in compliance with standardized signature policies. IDnomic Sign relies on a time- stamping service such as IDnomic TSP or other time- stamping solutions.
IDnomic Sign complies with the European directive 1999/93/CE and the eIDAS regulation.
The IDnomic Sign server offers a centralized implementation of a service supporting all the operations of secure electronic signatures and signature verification. It also has a signature portal function.
- RHEL, CentOS
Third Party Stack:
MODULES, BASICS, KEY FEATURES, COMPARISONS
IDnomic Sign server: The IDnomic Sign server offers a centralized implementation of a service supporting all the operations of secure electronic signatures and signature verification
Explicit Consent Manager:dedicated appliance to perform remote qualified signatures in compliance with eIDAS EU regulation.
IDnomic Sign server: This server can be accessed in “Web services” mode (API REST) allowing the integration of the electronic signature within business applications. The signers can use signature certificates stored in a smart card they hold, or certificates centrally located at the IDnomic Sign server.
Standardized signature policies: These policies will be used when the signature is built in order to control and Sign, it is possible to define advanced signature policies authorize, for a given policy, an encryption algorithm, a key size, a trust authority, etc.
Advanced verification of certificates: Ths is an optional server component of IDnomic Sign. It allows to build and verify certification paths against the validation policies configured in its administration. The verification services are available in web service mode. The verification can be done in respect to the present time or to a past date. Trusted Certification Authorities can be automatically extracted from the European “Trusted List” (TSL).
Remote Qualified Signature: As an option, the “Explicit Consent Manager” is a dedicated appliance to perform remote qualified signatures in compliance with eIDAS. This hardware is used in addition to the IDnomic Sign server to manage the signer’s consent via an OTP or a FIDO authentication. This appliance behaves like a “Signature Activation Module (SAM)” according to the ETSI CEN 419 241-2 terminology.
Signature creation: creation with the requested format using the signature policy and the configured cryptographic token; multiple signatures and co- signatures are supported.
Immediate verification and augmentation: cryptographic signature verification following its creation and adding the necessary information to maintain its long-term validity with report generation
Subsequent verification: verification by relying parties and generation of a report.
SECURITY TOKEN & HARDWARE SOLUTIONS
Do you have any questions? Talk to us!
Do you have any questions about one of our products or solutions? Then please do not hesitate to contact us. We will advise you competently.