ascertia adss server capabilities

www.ascertia.com

© Copyright 2001-2008 Ascertia Ltd.

Ascertia ADSS Server Capabilities

February 2008

2

www.ascertia.com


Ascertia Limited

• A Leader in e-Trust products and solutions – Comprehensive solutions for Global Trust– Focused on meeting real customer needs – Working with System Integrators & Service providers– Selling to resellers & end-users

• Mission– Making digital signatures easy to use and trust– Providing secure, flexible, multi-functional trust services for

businesses and managed service providers

• A private limited company– All products designed and developed in-house– Strong R&D investment continues at 25+%– Self-funded with tight expense controls– Carefully managing business growth– Wholly owned by Directors and staff

3

www.ascertia.com


Products - 2008

CLIENT SOFTWARE

Digital signaturesVerification & validation, Encryption

PDF Sign&Seal File Sign&Seal

ARP SE (OCSP & CRL services) ARP SDK (validation toolkit)

SERVER SOFTWARE

Digital signature creation,Verification & validation, Encryption & other options

ADSS Server - PDF Signer Server option - XML Signer Server option - File Signer Server option

ADSS Secure eMail Server [Q2]

ARP EE (OCSP & CRL services) Full validation + history logs

CRL and OCSP Service Monitorsand test tools

INFRASTRUCTURE SOFTWARE

- TrustFinderOCSP OCSP Server

- TrustFinderCA Enterprise credentials

- TrustFinderTSA TimeStamp Server

- TrustFinderSCVP XKMS Server [Q2]

- TrustFinderXKMS SCVP Server [Q3]

PKI ProtocolsDATA

4

www.ascertia.com


Business Workflow Example

Create

Sign

VerifyTimestamp

Review

Approve

VerifyCountersign

Review/Release

VerifyCountersign

Audit

Verify

ERPCRMECM

5

www.ascertia.com


Business Workflow Example

Create

SignCountersign

VerifyTimestamp

Review

Approve

Review/Release

Audit

Users identified using strong authentication techniqueswith an option to confirm and authorise signature and counter-signature

If using signed PDFs then Adobe® Reader also verifies at the desktop

6

www.ascertia.com


DESKTOP SOFTWARE

Desktop Applications:PDF Sign&SealFile Sign& Seal

ARP OCSP Client

Browser based (Server controlled):- PDF Signing- File Signing- XML Signing

- Signing & uploading files

SERVER SOFTWARE

ADSS Server- PDF signing, encryption & verification - XML signing and verification- File signing and verification- Timestamp Authority services- OCSP Validation Authority services

ARP OCSP Client (for servers)

Multiple document formats

Multiple signature formats

Notary archive services

Implementation Options

DATA

7

www.ascertia.com


ADSS Server – Business Usage

• Can be used to deliver trust for internal or external e-business workflows– Central or local Government– Financial, Telco, Pharma, Petrochemical, etc– Health services, multi-agency services, etc

• Satisfies business needs for – Traceability, audit, compliance– Identity assurance, integrity– Document and data authentication– Certainty in dealing with final, approved documents – Immediate, medium term and long-term trust– Optional digital notary services

8

www.ascertia.com


ADSS Server Product Architecture

ApplicationWeb Services

ApplicationJava API

Email Gateway

WatchedFolder

OCSP Clients SCVP clientsXKMS clientsusingHTTPHTTP/SXML/SOAP

Synchronous Asynchronous

= Q1 2008

9

www.ascertia.com


ADSS Server Powered Products

• PDF Signer Server– Signing & Verification

• XML Signer Server– Signing & Verification

• File Signer Server – Signing & Verification also Forms

• TrustFinderOCSP v5– RFC 2560 Validation Authority

• TrustFinderTSA v5– RFC 3161 Timestamp Authority

• In R&D– TrustFinderCA (Full features)– TrustFinderSCVP– TrustFinderXKMS

Note: You only need license and use what is needed today

10

www.ascertia.com


ADSS Server Product Differentiators

• Business applications need comprehensive services not just simple protocols

– ADSS Server is a comprehensive multi-functional server

• ADSS Server offers a single service point – For signing, for verification, for validation & timestamping– For application authorisation & transaction management

• ADSS saves time everywhere - for everyone– Solution Architect learning time– Solution delivery / build time – Operations Management training time– Security Audit training time

• All modules have a consistent look & feel

• Solution build & enhancement is easierADSS Server does it all from just one box!

OCSPServer

(XKMS/SCVP)

TSA

CA /RA

Server-sideSigning

&Verification

11

www.ascertia.com


Why use ADSS Server?

• Maximises options and enables easy usage– Multiple integration approaches, optional HSMs– Handles multiple document formats– Handles multiple signature locations and formats – Corporate signatures, end-user signatures

• Minimises internal effort to apply trust– High level services – even using just one line of code !– Manages all keys and certificates– Built-in management, logging, audit, reporting

• A world-class product for today and tomorrow! – All the business options in one product– Services multiple concurrent applications– High availability and scalability– Easy to use, managed, controlled security

12

www.ascertia.com


Ascertia ADSS Server Trust Services

Note: You only need license and use what is needed today

PDF Documents - Basic signature (visible / invisible) - Certify - Sign & timestamp - Long-term signatures

XML Documents - XML DSig (XAdES ES) - Timestamps (XAdES ES-T) - Long-term signatures (XAdES X-Long)

PKCS#7 / CMS / SMIME - Basic signature (CAdES ES) - Timestamps (CAdES ES-T) - Long-term signatures (CAdES X-Long)

Historic VerificationOCSP Validation (immediate verify & long term sign)Time Stamp Authority (TSA) Server

Sign Verify

-

[email protected]

13

www.ascertia.com


Use case 1Adding Trust to Outbound Documents

For any internal, published or outgoing data

Signed Invoices, Signed Receipts, Orders & Order ConfirmationsRegulatory Reporting, Policies and Procedures

Internal Users

Third parties

SIGN+ timestamp

Business Applications

ADSS Server

Internal ERP, ECM, CRM Systems

Notary archiveoption

14

www.ascertia.com


Use case 2Adding Trust to Inbound Documents

For received documents or data

eProcurement submissions, Financial Reports Regulations, Orders, Receipts, Statements

Internal Systems


VERIFY and/orSIGN & TIMESTAMP


ADSS Server

Unsigned data fromuntrusted systems

Signed data fromknown systems

15

www.ascertia.com


eProcurement, eTendering, eBPM actionsPurchasing, Business AgreementsAccepting, Approving, Confirming

Workflow /Confirmation

SIGN & VERIFY

Display Document

Ask to Sign

SignatureAction

End-user & Corporate Signatures AppliedEnd-user signature verified & validated

Use case 3Server-controlled client-side signing

User keys

GoSign Applet

G


ADSS Server

Display signed document

16

www.ascertia.com


Use Case 4Server-side multi-user signing

eBPM actions, Purchasing, Business AgreementsAccepting, Approving, Confirming

Workflow /Confirmation

PDF SIGN

Display Document

Ask to Sign

Confirm wish to Sign

Display signed document

Action

End-user & CorporateSignatures Applied

User keys


ADSS ServerOption to timestamp, long-term sign

17

www.ascertia.com


eBanking, eProcurement, eTenderingTrade finance systems, etc

VERIFY & TIMESTAMP

Application Dialogue

Ask to Upload

Signed file uploaded

Optional signed receipt is recommended!

WorkflowAction

End-user signature verified & validated Optional timestamp applied to confirm time

Use case 5Signed upload of client documents or files

User keys

GoSign Applet(local file signing option specified)

G


ADSS Server

18

www.ascertia.com


Use Case 6Document Management Workflow

eProcurement, eTendering, Project work

E-Portal Documents and WorkflowManagement

VERIFY & TIMESTAMPEnd-user and corporate signatures appliedEnd-user signature verified & validated

Multiple Users,Different Organisations

SIGN

G

G


ADSS Server

19

www.ascertia.com


Use case 7Adding Trust to Emails and attachments

Using Ascertia ADSS Secure eMail Server [Q2 2008]

Sign or verify emails that are sent or receivedSign or verify email attachmentsArchive/ recovery emailsIntelligent handling of encryption / decryption

Internal Users

Third parties

SIGN+ timestamp

Secure eMail Server

ADSS Server

Internal ERP, ECM, CRM Systems


20

www.ascertia.com


ADSS Server Scalability / Resilience

CA 1

CA 2

CA n

CRLs

CRLs

CRLs

OCSP

OCSP

OCSP

Hardware Load Balancer

ADSSServer

Databasereplication

E.g.Big-IPCisco

HSM 1

ADSSServer

HSM 2

SQL Server or Oracleor PostgreSQL

Signature / Verification / Validation requests (HTTP/HTTPS)

Option for 1 or more CAs supported Optional HSMs

21

www.ascertia.com


ADSS Server – Authority Services

• ADSS Certificate Authority– Internal key generation and certification

or interaction with an external CA

• ADSS Validation Authority– Current validation using CRL checks– Current validation using OCSP calls– Historic validation using retained old CRLs– DNV VAS protocol – SCVP and XKMS options in Q1 2008

• ADSS Time Stamp Authority– Provides RFC3161 Timestamp Authority services – Provide good commercial management services

22

www.ascertia.com


Solution Summary

• Trust is essential for e-business– Enhances credibility – Prevents changes to data– Meets legislative requirements– Enables legal acceptance – Enhances dispute resolutions– Prevents draft or unapproved data being used– Substantially reduces print and delivery costs– Reduces business risk and costs– Offers a competitive advantage

• Ascertia is a trust products leader

• Ascertia has excellent references

Sign-off & approval

Clear ownership

Assure traceability

Legal weight signatures

Strengthen audit & compliance

Reduce identity fraud

Strengthen internal policies

Prevent document changes

Reduce paper & postage costs

And reduce your carbon footprint

Provide undeniable evidence

Protect archived data

23

www.ascertia.com


Ascertia Summary

• Ascertia leads the world with its trust solutions

• The right vision & capability to secure the future

• The right company to do business with

• The right architecture for the future

• The right products for today’s market

• The right attitude and commitment to our customers and partner

24

www.ascertia.com


Questions:Rod Crook+44 1256 [email protected]

ascertia adss server capabilities

Technology