SignCloudRemote digital signature and key management
SignCloud is an enterprise-gradeclient-server solution for expanding
PKI infrastructure with remote digitalsignature functionality
DESKTOP AND MOBILE
REMOTE DIGITAL SIGNATURE
SignCloud is the solution for the enrolment, custody
and usage of PKI remote credentials. SignCloud
allows to digitally sign any document from any
platform, desktop and mobile, exploiting a secure
element on the Cloud, a Remote Virtual Token. It
releases the End User from the burden of using a
smart card, USB token or any other sort of
cryptographic device.
SignCloud has been developed with modular and
scalable state-of-the art architecture offering best-
in-class security, thanks to the FIPS certified HSMs
used for the protection of the digital identities.
SignCloud can be easily integrated with any existi ng
PKI infrastr ucture both on the client-side and on the
server side thanks to well-known standardized digital
signatures protocols and interfaces.
WHAT IS IT?LEGALLY BINDING DIGITAL SIGNATURE
SIGNING ANYWHERE, ANYTIME IN MOBILITY
FULLY DIGITAL WORKFLOW MANAGEMENT
SIMPLIFY APPROVAL PROCESS
• Support for CRL and OCSP protocols
• Compliant with RFC 5544 to bind
documents with timestamps
• Key length: 2048/4096 bit
• Supported platforms:
− Windows
− Linux
− MacOS
• Cross-browser support
• Support for standards:
− PKCS#11
− CSP
− TokenD
• Supported certificate profiles:
− X.509
− ETSI TS 101 862 V1.3.2
• Digital signature standards:
− XAdES (ETSI TS 101 903 V1.3.2)
− CAdES (ETSI TS 101 733 V1.7.4)
− PAdES (ETSI TS 102 778-1 V1.1.1 , TS
102 778-2 V1.2.1, TS 102 778-3
V1.1.1 , TS 102 778-4 V1.1.1 , TS 102
778-5 V1.1.1)
SOLUTION TECHNICAL SPECSSignCloud integrates a server side digital signatureengine, an authentication server, a certificate
Hardware Security Module (HSM) and an encryptedDB. During the enrollment phase the End User key-pairis generated on-board of the HSM in a secureenvironment.
The private keys are stored and protected by means ofthe Key Wrapping, a certified native mechani smoffered by the HSM. The creation and enrollment of a
Remote Virtual Token i s performed through Bit4idsmartCMS or API.
The credentials to bind a Virtual Token to an End Useridentity are created during thi s process. End Users havethe sole control of their Virtual Token, in fact key usageis allowed only by two factor authentication; afteridentification with username/password each signing
operation is protected by an OTP request.
REFERENCES• Notartel SPA (Italy)• Telecom Italia (Italy)
• Consejo de la Judicatura (Ecuador)
ABOUT USFounded in 2004, Bit4id has a solid know-how on information security technologies,
PKI and digital identity. A dynamic organization and a highly qualified team are key points for the success of Bit4id in the Italian and International markets.