Security at the heart of signing services

Strengthen your eIDAS-compliant signing services and create a Qualified Signature Creation Device (QSCD) by integrating our Signature Activation Module (SAM)* and CC EAL 4+ and FIPS 140-2 L3-certified HSMs with your signing infrastructures.

*Estimated CC EAL 4+ certification completion: end of 2021

Entrust Signature Activation Module Benefits

user check icon white

Role segregation

The Entrust SAM acts as a security intermediate between your signing application and the Cryptographic Module (HSM).

key icon white

Key and signature management

The Entrust SAM authorizes key generation, deletion, assignment of key pairs and signature generation in the HSM.

document sign icon white

Authenticity checking

The Entrust SAM is configured to only accept signature requests signed by whitelisted Authorization Servers.

Folder lock icon

Security records

The Entrust SAM generates audit records for all security events involved in its operations.

How it Works

  • general architecture
  • qscd and eidas compliance

General Architecture

The following diagram illustrates the Entrust SAM and nShield Solo XC or Connect XC in the context of a Remote Signing Service. The implementation described can vary depending on the implementation requirements and existing infrastructure.

QSCD and eIDAS Compliance

The concept of QSCD is uniquely tied to eIDAS. It is a mandatory element for the generation of qualified signatures and seals, which have the highest level of legal recognition in the European Union. Without a QSCD, a qualified trust service provider can only generate advanced signatures and seals.

Entrust Signature Activation Module Resources

Entrust Signature Activation Module Related Products