Document ownership and integrity, automated

TrustedX Electronic Signatures is an on-premises signing platform for Enterprises and Trust Services Providers, providing a complete range of web services for integrating digital signatures into applications. It is designed to centrally incorporate digital signature operations in accordance with the standards of ETSI CAdES, XAdES and PAdES.

Benefits of TrustedX Electronic Signatures

Ícone

Unattended, bulk signing integration

Signature generation and verification services can be accessed via web APIs, or using our Watched Folders module.

Ícone

Strong compliance and auditing capabilities

Audit logs are generated for any service access request and configuration changes.

Ícone

Centralized key and policy management

Acts as a centralized repository for certificates, keys, and policy management, allowing you to set signature profiles.

Como funciona

  • Architecture
  • Recursos
  • Technical Specifications
  • Optional Modules

Architecture

The Automatic Signing Server incorporates functions that provide a set of security and trust mechanisms as services that can be used with different integration strategies:

  • SOAP/WS: Using the OASIS DSS standard as an access protocol for web services
  • REST/WS, SOAP/WS: Using the TrustedX integration gateway, which supports configuring traffic and data processing with an XML pipeline language
  • Java SDK: For easy integration of electronic signature services in native Java applications

The following diagram illustrates a typical integration of the TrustedX Electronic Signature platform into your organization.

 

TrustedX electronic signature architecture

Recursos

ícone em forma hexagonal de prancheta roxo

Authentication and Authorization

Supports native authentication methods based on passwords and digital certificates. The validation can be delegated to LDAP/AD.

ícone do armário de arquivo azul

Object and Entity Management

Manages platform entities and objects. External repositories, such as user LDAP/AD, databases, files, and HSMs can be added for protecting private keys.

ícone do certificado rosa

Certificate Validation

Provides PKI functions for validating certification chains and querying certificate status. Supports OCSP/CRL and customized mechanisms (e.g., databases).

ícone de verificação ortográfica em forma hexagonal

Signature Creation and Validation

Creates and validates signatures compliant with the PAdES, XAdES, and CAdES standards; including document, email, and web services signatures.

Long-Term Validation (LTV)

Extends a signature’s validity up to the lifetime of the TSA certificate. Cryptographic reliability is preserved, the certification chain is incorporated as well as the certificate status information at the time of signing, and a timestamp.

ícone de desktop em forma de hexágono laranja

Auditing and Accounting

Logs are securely stored in a uniform and centralized way. It’s also possible to forward log data to an external SIEM tool for processing and generating a report.

Technical Specifications

  • Format: Software appliance (please contact us to learn more about supported hardware or virtual machines)
  • Event monitoring: Simple Network Management Protocol (SNMP)
  • Security services: OASIS WS-Security, DSS (Digital Signature Service) and SAML, SOAP, and SSL/TLS
  • Signature generation standards: PKCS#7, CMS, CAdES (ETSI TS 103 173), XML-DSig, XAdES (ETSI TS 103 171), signature for PDF documents (IETF), PAdES (ETSI TS 103 172) and S/MIME
  • Signature validation and augmentation standards: PKCS#7, CMS, CAdES (ETSI TS 103 173 and ETSI EN 319 122), XML-DSig, XAdES (ETSI TS 103 171 and ETSI EN 319 132), signature for PDF documents (IETF), PAdES (ETSI TS 103 172 and ETSI EN 319 142), and S/MIME Encryption standards: PKCS#7, CMS, XML-Enc, and S/MIME
  • Digital timestamping support: IETF RFC 3161 and RFC 5816 compatible servers
  • Certificate validation support: Using CRLs, IETF OCSP compatible servers and customized mechanisms (OCSP is required for LTV signatures)
  • Database and directory access: Oracle, Microsoft SQL Server, PostgreSQL and MySQL, LDAP directory access protocol
  • Authentication and authorization: Native authentication methods based on passwords and digital certificates. Password validation can be delegated to LDAP/AD
  • HSM support: PKCS#11 devices approved by Entrust Datacard (a license is required for the HSM connector)
  • Network file systems supported: SMB/CIFS and NFS

Optional Modules

TrustedX Electronic Signatures Resources

Fale com a área comercial Entrust