Digital Signing Servers (formerly: TrustedX)

man sitting looking at mobile phone

Digital Signature Solutions for Enterprises and Trust Services Providers

Boost the digitalization of public and private services, greatly improve user and citizen's digital experience and fight against identity fraud with Digital Signature solutions.

Entrust Datacard's technology and expertise in digital signatures was acquired through large-scale projects for enterprises, governments, and Trust Services Providers. We can help you deploy digital signature services and adapt the digital signature processes to local regulations.

Regions currently supported: EMEA, LATAM


Contact Sales

Case Study: ANTEL

Entrust Datacard's TrustedX solution enables ANTEL, Uruguay’s state-owned telecommunications company, to build digital identity and signing infrastructure.

woman digitally signing looking at desktop with tablet and stylus

Automatic Signing Server: Integrate and automate digital signatures into your applications


The Entrust Datacard Automatic Signing Server is an on-premises signing platform for Enterprises and Trust Services Providers, providing a complete range of web services for integrating digital signatures into applications. It is designed to centrally incorporate digital signature operations in accordance with the standards of ETSI CAdES, XAdES and PAdES.


READ THE DATA SHEET

man sitting and looking at mobile phone smiling

Remote Signing Server: Provide tokenless digital signature capabilities for individuals


The Entrust Datacard Remote Signing Server is an on-premises solution for Trust Services Providers, for the deployment of a legally compliant cloud-based signing service, easily accessible through a Web API. Signing keys are centrally protected within an HSM, and document signatures are approved remotely by users from their device, without the need for a hardware or software token.


READ THE DATA SHEET

Technical Support

Support Your System

Get downloads, documentation and support for your On-Demand Card Issuance products:

Need More Help?

For immediate assistance Entrust Datacard has Customer Care Centers that are available to serve customers in the Americas, EMEA, and Asia Pacific regions.

CONTACT SUPPORT

Measurable Benefits

Automatic Signing Server



E-Signature Platform for Automated Processes

READ THE DATA SHEET




  • Integrate document signing and verification into your applications
  • Leverage semantic interpretation of signatures
  • Maintain strong compliance and auditing levels
  • Centralize your key and policy management for document signatures

The Automatic Signing Server incorporates functions that provide a set of security and trust mechanisms as services that can be used with different integration strategies:

  • SOAP/WS: Using the OASIS DSS standard as an access protocol for web services
  • REST/WS, SOAP/WS: Using the TrustedX integration gateway, which supports configuring traffic and data processing with an XML pipeline language
  • Java SDK: For easy integration of electronic signature services in native Java applications

Technical Specifications

  • Format: Software appliance (please contact us to learn more about supported hardware or virtual machines)
  • Event monitoring: Simple Network Management Protocol (SNMP)
  • Security services: OASIS WS-Security, DSS (Digital Signature Service) and SAML, SOAP, and SSL/TLS
  • Signature generation standards: PKCS#7, CMS, CAdES (ETSI TS 103 173), XML-DSig, XAdES (ETSI TS 103 171), signature for PDF documents (IETF), PAdES (ETSI TS 103 172) and S/MIME
  • Signature validation and augmentation standards: PKCS#7, CMS, CAdES (ETSI TS 103 173 and ETSI EN 319 122), XML-DSig, XAdES (ETSI TS 103 171 and ETSI EN 319 132), signature for PDF documents (IETF), PAdES (ETSI TS 103 172 and ETSI EN 319 142), and S/MIME
  • Encryption standards: PKCS#7, CMS, XML-Enc, and S/MIME
  • Digital timestamping support: IETF RFC 3161 and RFC 5816 compatible servers
  • Certificate validation support: Using CRLs, IETF OCSP compatible servers and customized mechanisms (OCSP is required for LTV signatures)
  • Database and directory access: Oracle, Microsoft SQL Server, PostgreSQL and MySQL, LDAP directory access protocol
  • Authentication and authorization: Native authentication methods based on passwords and digital certificates. Password validation can be delegated to LDAP/AD
  • HSM support: PKCS#11 devices approved by Entrust Datacard (a license is required for the HSM connector)
  • Network file systems supported: SMB/CIFS and NFS

Remote Signing Server



Remote Signing for Individuals

READ THE DATA SHEET




  • Provide advanced and qualified signatures as defined by eIDAS
  • Globally accepted signing standards
  • Remove the key management burden from your users
  • Ensure adequate authentication for each type of digital signatures

The Remote Signing Server acts as a server-based signature provider, allowing users to authenticate in order to activate their keys and authorize the signature of documents or document hashes.

Technical Specifications

  • Format: Virtual or hardware appliance. Hardware appliance is required for the Signature Activation Module. Contact us for more information about supported hardware or virtual machines.
  • Signature Activation Module (SAM): TrustedX eIDAS v4.2 implements a SAM conforming to CEN EN 419 241-2: Protection Profile for QSCD for Server Signing.
  • Authentication standards: OASIS SAML 2.0 and OAuth 2.0/OpenID Connect.
  • Native authentication methods: Passwords, digital certificates, SMS/email OTP, TrustedX Mobile ID.
  • Extending authenticators: Integration with Entrust Datacard‘s IntelliTrust or IdentityGuard products, or with third-party IdP using the provided SAML 2.0 connector or a custom connector.
  • Authentication classification: eIDAS’s levels of assurance (LoA), NIST’s authenticator assurance levels (AALs), ITU-T X.1254, ISO/IEC 29115.
  • Electronic signature standards: PAdES (ETSI TS 103 172 and ETSI EN 319 142), XAdES (ETSI TS 103 171 and ETSI EN 319 132), CAdES (ETSI TS 103 173 and ETSI EN 319 122), RSA PKCS#1 and Cloud Signature Consortium/ETSI TS 119 432.
  • External TSA and OCSPs: Entrust Datacard’s TSA and OCSP products or IETF TSA and IETF OCSP compatible servers to create LTV signatures with extended lifetime up to TSA certificate validity.
  • External PKI services: Entrust Datacard’s PKI or third-party PKI using the provided mechanism of custom connectors.
  • HSM support: nShield Connect+ and nShield Connect XC. The available functions may vary depending on the model chosen (nShield Connect XC is required for the SAM).
  • Event monitoring: Simple Network Management Protocol (SNMP). Syslog and raw format for processing with an external SIEM.
  • Database systems: Oracle, Microsoft SQL Server, and PostgreSQL. Consult us for other databases support.
  • SMS/Email gateway: An SMS Gateway and/or SMTP server is required for OTP methods.

Implementing digital signatures with Entrust Datacard Remote Signing Server

eIDAS-compliant digital signature capabilities without any key management for users