Entrust Secure Transaction Platform

Verification Service

The Entrust Verification Service is designed to deliver integrity and accountability capabilities for Web services transactions through centralized digital signatures and timestamping.

This service provides critical functions for business-to-business transactions such as accountability, privacy and audit. These B2B transactions typically involve some or all of the following elements:

  • Digital signatures to represent approval of the transaction by the organizations involved in the transaction
  • Evidence that the transaction occurred at a particular moment in time
  • Verification that the transaction has not been altered since it was signed
  • And, to deliver an audit trail of all records even a significant period of time after the transaction occurred

The digital signature capability of the Verification Service provides “organizational signatures” on transactions (rather than the signatures of individuals), a concept which is analogous to the concept of a “corporate seal of approval” on paper transactions. These digital signatures, which conform to the XML Digital Signature standard, verify the organization(s) that signed the transaction and assess whether the transaction has been altered in any way since it was signed. The Digital Signature service accepts incoming XML documents or SOAP messages from Web services clients, signs them using its signing private key (contained in its Entrust profile), and sends a standard XML signature or a CMS (RFC 2630) signature back to the requestor.

As the name indicates, the timestamping capability of the Verification Service allows a transaction to be “notarized’ as having occurred at a particular moment of time. The Timestamp service generates trustworthy timestamp tokens. A timestamp token is the combination of hashed data received from a client and a timestamp (a statement of time obtained from the system clock or other source), both of which are signed by the Timestamp service.

The XKMS Certificate Validation service is a Web service used to ensure that a given certificate is valid. You can check the validity of both Entrust certificates and non-Entrust X.509 certificates. This enables you to verify the digital signatures and timestamps produced by Verification Server.

The Verification Service is standards based:

  1. Digital Signature: X.509 v3 + CMS formats
  2. TimeStamps: RFC 3161 Timestamp protocol
  3. Certificate Validation: XKMS support

The Digital Signature, Timestamp, and XKMS Certificate Validation services of Verification Server reside as a single Web application within the application server.

BACK | NEXT

Useful Links

Entrust Public Key Infrastructure (PKI)

Public key infrastructure or PKI refers to a system that provides certificate management for digital certificates. Digital certificates contain public key pairs that can be used for encryption, digital signature and authentication security. Entrust PKI security solutions help government agencies and corporations to secure their digital identities and information.

Specialized "passport PKI" is used by governments to verify and secure data stored on a chip imbedded in passports issued to citizens. Epassport PKI involves the use of PKI by governments to secure data stored on a chip imbedded in a passport. The government acts as a certification authority that issues the digital certificates used in an ePassport system.

Entrust is a trusted provider of network security solutions that include digital certificates, managed PKI certificates, two factor-authentication, ssl certificates, token authentication, smart card PKI and encryption software.