Cryptomathic Signer is typically operated in a 3-tier environment
To commit to a document or a transaction, the user sends a signing request to Signer, authenticates himself (using strong authentication) to retain remote control over their signing key. The user´s signing key is stored centrally in the tamper resistant environment of the trust center. The signature value is then computed in the HSM and pushed to the client application, where it is embedded in the document using the appropriate signature profile.
Cryptomathic Signer offers a direct communication path from the browser to the Signature Activation Module inside the hardware security module (HSM).
Cryptomathic guarantees the highest level of signing security by operating on a framework of audited processes and controls that protect your information from unauthorized access.
Certificate Generation - Signer relies on open standards and can easily integrate with legacy PKI solutions. Our registration workflow supports the generation of PKCS#10 certificate requests for a smooth integration with any certificate authority. Signer supports the CMC/CMP interface for communication with CAs. Different Certificate Policies / Certificate Practice Statements can be supported.
Strong authentication - Signer supports open standards for strong user authentication such as OATH based authentication mechanisms. This makes it easy to step up from strong authentication to central signing. Multiple authentication methods can also be used with Signer via Cryptomathic Authenticator – the de facto authentication server for Signer. Alternative authentication servers can also be used in which case the integration is based on SAML v2 authentication assertions.
Cryptomathic Signer offers a unique signing experience, integrated into the business workflow so that the data can be effortlessly signed by users wherever they are. The solution is versatile and can be applied in various use cases. The only prerequisite is that the user has a connected device and a strong authentication mean. Signer offers user-side integration with:
Mobile Devices: app SDK for smart phone or tablet apps
Client PC applications: plug-in, e.g. for email signing/decryption or local PDF signing
Users’ keys are generated and used centrally under the sole control of their signatory. With this central design, certificate lifecycle management operations can be made painless to the user. Signer renders the keys unusable when the certificate is no longer valid (revoked or suspended). This also solves a traditional headache on signature validation as it is typically impossible with smart cards or USB tokens to guaranty that the certificate was valid at time of signing.
In addition, Signer allows for different key and certificate policies to be set thereby offering some granularity on the proposed security assurance levels and their usability.
The Signer security design is, together with end-user convenience, of the utmost importance. The product is certified as a QSCD to deliver Qualified Electronic Signatures (QES).
The security design includes:
System uptime, performance and flexibility are of utmost importance for a centralized service offering, which is exactly what Signer delivers. HSMs and servers can be added and removed from the platform to meet any SLA or throughput requirements.
Cryptomathic Signer allows Signature Generation Service Providers (SGSPs) to define their own assurance level for generating electronic signatures. Signer comes with a flexible key and command policy manager which allows SGSPs to easily offer different assurance levels for their signature provisioning - from Advanced (AdES) to Qualified Electronic Signatures (QES).
The solution is designed in strict compliance against:
At the leading edge of security provision within its key markets, Cryptomathic closely supports its global customer base with many multinationals as longstanding clients.