Entrust Signature Activation Module (SAM)
Security at the heart of your digital signing services
Future-proof your eIDAS-compliant digital signing services
The Entrust Signature Activation Module (SAM) is a security element that can be implemented into signing services that follow the remote signing standards defined by CEN and ETSI as part of the eIDAS regulation.
The Entrust SAM was built for compliance with the CEN EN 419 241-2 standard, and is currently going through the associated Common Criteria certification process (planned completion: end of 2021).
The Entrust SAM verifies the origin and authenticity of signature requests and authorizes all key-related activities. Adding the Entrust SAM to your signing infrastructure today will not only raise the security posture of your remote signing service, but also ensure its compliance with eIDAS in the longer term.
Built for Entrust nShield® Solo XC and Connect XC HSMs
The Entrust nShield Solo XC and Connect XC Hardware Security Modules (HSMs) are CC EAL4+ (EN 419-221-5 protection profile) certified security appliances that deliver cryptographic services to a variety of applications.
The combined Entrust SAM and Entrust nShield Solo XC or Connect XC HSM provide a future proof Qualified Signature Creation Device (QSCD) for qualified signatures and seals
Benefits
- Provides segregation of roles by acting as security intermediate
- Authorizes the generation, deletion, and assignment of key pairs for the signers
- Verifies the origin and authenticity of signature requests
- Takes care of activating the signing process and sending the signed data back to the signing application
- Guarantees the uniqueness of the signers’ keys
- Generates audit records for all security events involved in its operations
How it works
Build a fully compliant remote signing service with Entrust
TrustedX eIDAS: On-premises solution for deploying a legally compliant, cloudbased signing service for individuals; easily accessible through a web API
Entrust nShield HSMs: Certified, networked appliances that deliver cryptographic key services to your signing application
Identity Enterprise: Integrated IAM platform that supports a full suite of workforce, consumer, and citizen use cases
Security Manager: On-premises PKI solution including certificate authority (CA) and administrative services registration authority; managed by API, command line, or web console-based administration
Timestamping Authority: On-premises timestamping solution designed to integrate easily and securely with your organization’s control systems
Validation Authority: Multi-CA, on-premises OCSP and CRL solution that reliably verifies the status of digital certificates