Document ownership and integrity, automated

TrustedX Electronic Signatures is an on-premises signing platform for Enterprises and Trust Services Providers, providing a complete range of web services for integrating digital signatures into applications. It is designed to centrally incorporate digital signature operations in accordance with the standards of ETSI CAdES, XAdES and PAdES.

Benefits of TrustedX Electronic Signatures

Icon

Unattended, bulk signing integration

Signature generation and verification services can be accessed via web APIs, or using our Watched Folders module.

Icon

Strong compliance and auditing capabilities

Audit logs are generated for any service access request and configuration changes.

Icon

Centralized key and policy management

Acts as a centralized repository for certificates, keys, and policy management, allowing you to set signature profiles.

How it works

  • Architecture
  • Features
  • Technical Specifications
  • Optional Modules

Architecture

The Automatic Signing Server incorporates functions that provide a set of security and trust mechanisms as services that can be used with different integration strategies:

  • SOAP/WS: Using the OASIS DSS standard as an access protocol for web services
  • REST/WS, SOAP/WS: Using the TrustedX integration gateway, which supports configuring traffic and data processing with an XML pipeline language
  • Java SDK: For easy integration of electronic signature services in native Java applications

The following diagram illustrates a typical integration of the TrustedX Electronic Signature platform into your organization.

 

TrustedX electronic signature architecture

Features

ClipboardList

Authentication and Authorization

Supports native authentication methods based on passwords and digital certificates. The validation can be delegated to LDAP/AD.

blue file cabinet icon

Object and Entity Management

Manages platform entities and objects. External repositories, such as user LDAP/AD, databases, files, and HSMs can be added for protecting private keys.

pink certificate icon

Certificate Validation

Provides PKI functions for validating certification chains and querying certificate status. Supports OCSP/CRL and customized mechanisms (e.g., databases).

spell check icon in hex shape

Signature Creation and Validation

Creates and validates signatures compliant with the PAdES, XAdES, and CAdES standards; including document, email, and web services signatures.

Long-Term Validation (LTV)

Extends a signature’s validity up to the lifetime of the TSA certificate. Cryptographic reliability is preserved, the certification chain is incorporated as well as the certificate status information at the time of signing, and a timestamp.

Desktop icon

Auditing and Accounting

Logs are securely stored in a uniform and centralized way. It’s also possible to forward log data to an external SIEM tool for processing and generating a report.

Technical Specifications

  • Format: Software appliance (please contact us to learn more about supported hardware or virtual machines)
  • Event monitoring: Simple Network Management Protocol (SNMP)
  • Security services: OASIS WS-Security, DSS (Digital Signature Service) and SAML, SOAP, and SSL/TLS
  • Signature generation standards: PKCS#7, CMS, CAdES (ETSI TS 103 173), XML-DSig, XAdES (ETSI TS 103 171), signature for PDF documents (IETF), PAdES (ETSI TS 103 172) and S/MIME
  • Signature validation and augmentation standards: PKCS#7, CMS, CAdES (ETSI TS 103 173 and ETSI EN 319 122), XML-DSig, XAdES (ETSI TS 103 171 and ETSI EN 319 132), signature for PDF documents (IETF), PAdES (ETSI TS 103 172 and ETSI EN 319 142), and S/MIME Encryption standards: PKCS#7, CMS, XML-Enc, and S/MIME
  • Digital timestamping support: IETF RFC 3161 and RFC 5816 compatible servers
  • Certificate validation support: Using CRLs, IETF OCSP compatible servers and customized mechanisms (OCSP is required for LTV signatures)
  • Database and directory access: Oracle, Microsoft SQL Server, PostgreSQL and MySQL, LDAP directory access protocol
  • Authentication and authorization: Native authentication methods based on passwords and digital certificates. Password validation can be delegated to LDAP/AD
  • HSM support: PKCS#11 devices approved by Entrust Datacard (a license is required for the HSM connector)
  • Network file systems supported: SMB/CIFS and NFS

Optional Modules

TrustedX Electronic Signatures Resources