ADSS Server Features and Benefits
ADSS Server offers the following features and benefits:
Online, real-time, server-side signing of documents using keys generated and managed by ADSS Server. Using this service a business application can delegate all the complexities of signing a document to ADSS Server; it simply sends the document to the server which immediately returns the signed document.
Zero footprint client-side signing of documents using keys held on a user’s smartcard or secure USB token (the term “zero footprint” refers to the fact that the user’s machine needs no signing software to be installed, instead the Ascertia GoSign Applet is downloaded to perform the signing operation within the user’s browser in conjunction with the ADSS Server)
Online, real-time, server-side verification of signed documents. Using this service, a business application can delegate all the complexities of verifying a signed document to ADSS Server. The application sends the document to ADSS Server, which returns the full information on the signature and whether it can be trusted. It can even assess the quality of the signature and associated signer’s certificate. The verification service can also deal with historical signatures, to answer questions about whether a particular signature was valid at a specific date and time.
ADSS Server can optionally register users and generate signing keys and certificates using either its in-built CA module or via an external CA so that server-side signing can be easily accomplished.
ADSS Server can manage links with multiple certificate issuers so that a signature produced by a user from one PKI trust scheme can be verified by a user from a different trust scheme.
ADSS Server can sign and verify various types of signatures, counter-signatures and document formats. It includes support for all popular signature formats such as PDF signatures, XML DSig, PKCS#7/CMS, ETSI XAdES and CAdES.
Validating certificates i.e. ADSS Server provides revocation information of the certificates in question.
Archiving documents for a long-term validity by use of the ADSS Long Term Archive and Notary Service (LTANS).
Decrypting encrypted documents by use of the ADSS Decryption Service.
Requesting the inclusion of time stamp tokens for a variety of digital signature formats.
Requesting OCSP validation of signing certificates so that PDF, ETSI XAdES and CAdES X-Long, long-term signatures can be created and attached, wrapped or embedded as required.
ADSS CRL Monitoring Service is responsible for fetching, verifying and storing CRLs for the configured Certification Authorities. It can also republish the CRLs locally and alert operators in real-time in case of any failures as part of its monitoring service.
An optional sophisticated RFC 6960 and RFC 5019 OCSP Validation Authority services modules are available. Multiple CAs can be registered and CRLs are retrieved and validation services offered with a unique validation policy per CA together with resilient multi-server processing options. Similar but more complete certificate validation services are also available through the SCVP and W3C XKMS protocol interface.
An optional sophisticated RFC 3161 and RFC 5816 Timestamp Authority modules are available. This provides authenticated access to the service and detailed logging / reporting so that service access can be charged if required. Three deployment options are supported: (1) ADSS Server using its built in software cryptography library; (2) ADSS Server connected to an HSM to supply the cryptography; or (3) a full TSA appliance using atomic clock synchronisation where ADSS Server provides a full service management front-end.
Enhanced services are offered on a project basis for notary archiving and recovery so that received documents can be signed and/or timestamped and held in a document database (or returned to an ECM system). Also a Long-Term evidence archive module is deliverable within a project to provide secure archiving for 100+ years.
ADSS Server provides facilities for both Enterprise and Managed Services use, with effective dual control management using an initial request & subsequent approval style of processing for key actions, plus detailed event logs and transaction logs so that activities can be monitored or audited and information for billing reports can be extracted.
In summary ADSS Server offers the most comprehensive set of trust services for today, tomorrow and the future.
The management interface has been carefully designed to ensure that such a flexible product is still easy to configure and manage; for instance only those options that are licensed are made visible. ADSS Server uses a Java EE architecture to achieve high performance, high resilience and throughput on any style of server system.
See also