ADSS Server Trust Services
ADSS Server has been designed to provide a single platform for trust services, reducing the number of individual traditional products required to form a solution and thus saving considerable overheads in training multiple security administrators, operators and auditors.
The following Trust Services can be licensed for use within ADSS Server:
|
ADSS Trust Service |
Service Description |
Supported Formats/Standards |
|
Signing Service |
For applying digital signatures to electronic documents (either automated signing on the server or browser-based signing using locally held signing keys) |
PDF, PDF/A, Adobe® CDS, CMS, PKCS#7, XML DigSig, XAdES, CAdES and S/MIME signatures. |
|
Certification Service |
For generating, certifying and renewing signing keys and certificates using either an internal CA module or an external online or offline CAs. These certificates can later be used by the ADSS Signing Service or other ADSS Services. |
X.509 v3.0 Certificates; RSA 1024, 2048 and 4096 bit keys; ECDSA 192, 224, 256, 384 and 521 bit keys; SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 hashing algorithms. |
|
Verification Service |
For verifying digitally signed documents and certificates |
PDF, PDF/A, Adobe® CDS, CMS, PKCS#7, XML DigSig, XAdES, CAdES and S/MIME signatures. X.509 v1.0 and v3.0 certificates. |
|
OCSP Service |
For providing online certificate revocation status information services for all registered CAs. |
Fully compliant to IETF RFC 6960 and partially to RFC 5019 standards (OCSP). |
|
TSA Service |
For provision of timestamp services (for timestamping signatures or raw data). |
IETF RFC 3161 and RFC 5816 (TSP). |
|
XKMS Service |
For validating public keys and associated digital certificates based on the XKMS specifications; an XML encoded request/response protocol. |
The interface protocol for the XKMS Service is W3C XKMS (XKISS). |
| SCVP Service | For full delegated certificate path building and path validation based on the SCVP ASN.1 encoded request/response protocol. |
Server-based Certificate Validation protocol (SCVP). Both DPD (Delegated Path Discovery) and DPV (Delegated Path Validation) are supported. |
|
LTANS Service |
For long-term archiving and notary service. Facilitates the long-term secure archiving of corporate documents, emails and data using digital signature and timestamp technologies. Provides and manages document retention policies and policy-based refreshing of evidential data. |
The evidence information is stored according to the following specification: |
|
Decryption Service |
For decrypting encrypted documents. Supports decryption of documents using default key IDs referenced within the decryption profiles configured on the server; or the key IDs provided by the client within the decryption requests to the server. |
Web services interface is based upon: Encryption Profile from OASIS DSS-X group. |
| CRL Monitor | For retrieving,
verifying, storing and archiving CRLs from registered CAs so that other
ADSS Services can utilise a reliable source of certificate status
information. Note because of storing historical CRL, ADSS Server is also
capable of providing historical signature verification and certificate
validation. A local CRL publishing option is also provided, in case local
relying parties cannot access the external CRL publication location. |
X.509 v1.0 and v2.0
CRLs (supports both direct and indirect CRLs from multiple issuers). CRLs can be retrieved using LDAP/S and HTTP/S interfaces. |
The Trust Services described above can be accessed by automated business applications working independently or on-demand business applications which interact with users over the web. The interface to ADSS Server can be XML/SOAP based Web Services, optimised HTTP/S interfaces or via email gateways. These integration options are discussed in more detail in the ADSS Server Developer Guide and source code samples (in JAVA and .NET) and demo applications are also provided with the installation of the ADSS Client SDK.
See also