SAM APPLIANCE – Thiết bị quản lý khóa và sinh chữ ký số

High-Trust Remote Signing

Remote signing is the new buzz word in the industry. It enables users to authorise signing actions directly from their mobile devices, removing the need for smartcards or USB tokens. This coupled with high-trust provides a much better user experience.

Designed specifically with Qualified Trust Service Providers (QTSPs) in mind, the Ascertia ADSS SAM Appliance enables remote signing services to be set up and offered to customers. Together with Ascertia’s SigningHub and ADSS Server products, QTSPs are now able to provide fully hosted remote signing services or hybrid solutions, for example, where organisations require an on-premise front-end with a back-end hosted certified environment managing the PKI elements. Watch the video to find out more about Ascertia’s remote signing solutions or contact us for further details.

The eIDAS regulation (910/2014) and the new rules EN 419241-2 Protection Profile for remote signing requires that the highest levels of trust are used to ensure that user signing keys remain under the sole control of their owner. Ascertia created the ADSS SAM Appliance and ADSS Go>Sign Mobile app, leading the way and being first to market with a Common Criteria EAL4+ certified product which meets the EN 419241-2 Protection Profile – confirmation of providing the highest levels of assurance for Qualified or Advanced Remote Signing.

KEY POINTS

The first product to achieve Common Criteria EAL4+ certification against the eIDAS ETSI EN 419241 standard and the EN 419 241-2 Protection Profile with Level 2 Sole Control.

Seamless integration with Ascertia’s SigningHub and ADSS Server products and the new Ascertia Go>Sign mobile app for authorising signing actions from mobile devices.

A secure Trusted Path authorisation mechanism provides the CEN “Signature Activation Protocol (SAP)” requirements and ensures only the key owner can authorise the use of their centrally held signing key.

The SAP allows the user to review the “data to be displayed” and decide if this adequately describes what they are being asked to sign, if so they authorise the use of their remote signature.

Includes Utimaco’s most powerful HSM which is CC EAL4+ certified meeting the EN 419 221-5 protection profile – use to generate, protect and process all user signing keys. The ADSS Server SAM Service can also be configured to just run in software on Windows or Linux for testing or evaluation purposes. It can use software crypto, a software HSM simulator or a PKCS#11 HSM.

A high performance 1U hardware appliance that meets FIPS 140-2 Level 3 criteria.

SPECIFICATIONS

thêm cái bảng chỗ này: https://www.ascertia.com/products/adss-server-sam-appliance/

ARCHITECTURE

Thêm ảnh chỗ này: https://www.ascertia.com/wp-content/uploads/ADSS-Server-SAM-appliances-202181117A-768×508.png