Trust Management

Connected objects identity management

Metasign

Atos, a European actor in IS security, provides metasign, an overall solution to create and verify electronic signatures.

In a context where organisations are moving to paperless transactions, it is necessary to electronically sign documents to guarantee their integrity and to be able to bring the proof of acceptance by the signer. The signature has to be verified strictly so as to detect any possible cause for invalidity.

Immediate verification (and augmentation)

Cryptographic signature verification following its creation and adding the necessary information to maintain its longterm validity with report generation

Signature formats

Metasign supports advanced electronic signatures conformant with the CMS, CAdES, XAdES and PAdES technicals specifications as defined by ETSI.

Expertise

As a European security leader, Atos has developed an unique expertise in securing information systems, delivering consultancy, integration and expertise services in trust technologies.

Conformity

►  Conformance with European directive 1999/93/CE
►  Conformance with French low N°2000-213 of March 13, 2000, for digital signature
►  EAL3+ CC certification and French RGS standard qualification (In progess)

System requirements

►  Metasign works in a Java 6, Java 7 or Java 8 runtime
►  The metasign implementation of norms and standards is validated throughout the frequently participation to ETSI interoperability plugtests
►  Server solutions metasign-server, metasign-adp and Vericert are running on Linux platforms (e.g. Red Hat or SUSE). These solutions are fully integrated and delivered with Open Source international components Apache, PostgreSQL, PHP and Tomcat

Norms and standards

►  Certificate format compliance with ITU-T X.509v3, RFC 5280 and RFC 3739
►  XAdES: XML Advanced Electronic Signature ETSI TS 101 903
►  CAdES: CMS Advanced Electronic Signature ETSI TS 101 733
►  PAdES: PDF Advanced Electronic Signature ETSI TS 102 778 including LTV format (part 4) and visual of signature (part6)

►  XML signature policy ETSI TR 102 038
►  RFC 3161: Time Stamp Protocol
►  PKCS#11 and MSCAPI for interfacing with smart cards. Support of IAS cards and pinpad readers
►  PKCS#11 for interfacing with a Hardware Security Module (HSM)
►  PKCS#12 for the storage (in the file case) of the signature private key and the certificate

Electronic signatures guarantee the integrity of documents and identify the signers. Once a signer has produced a signature and the signature has been verified, the signature is secure and may no longer be repudiated.

Each signer (e.g. a user or an application) uses a signature key pair (a public key and a private key) and a public key certificate generated by a Certification Authority. Metasign can use signature certificates generated by the Atos’s solution metapki or other PKI products.

For users, the signature private key and the signature certificate may be stored in a smart card or in a USB token protected by a PIN, or alternatively in a file in the PKCS#12 format. Private keys and certificates are accessible either through a PKCS#11 interface or a MSCAPI interface. For applications, Hardware Security Modules (HSM) may be used for the same purpose.

Metasign creates and verifies electronic signatures using the following formats: CMS, CAdES, XAdES or PAdES, and in conformance with declared signature policies. Metasign supports time-stamping tokens generated by Atos metatime or by other time-stamping solutions.

Metasign supports the following functions:
Signature creation: creation with the requested format using the signature policy and the configured cryptographic token; multiple signatures and co-signatures are supported
Immediate verification (and augmentation): cryptographic signature verification following its creation and adding the necessary information to maintain its longterm validity with report generation
Subsequent verification: verification by relying parties and generation of a report.

Related resources and actuality

Factsheet metasign

A reliable signature creating and verifying secure transactions

In a context where organisations are moving to paperless transactions, it is necessary to electronically sign documents to guarantee their integrity and to be able to bring the proof of acceptance by the signer. The signature has to be verified strictly so as to detect any possible cause for invalidity…

Newsroom

The « Assises de la Sécurité »

October 11-14th 2017, Monaco
Meet us on the Atos-Bull booth n°11

Partners program

Infineon

Atos provides products in the field of embedded device security in the context of Infineon Security Partner Network with a solution for connected cars.

LoRa Alliance

Atos is members of the LoRaAlliance and provides trust security services to deliver keys and certificate for IoT.

Private zone for customers and partners

Bull support consists of an international team of experts who will help you get optimal use out of our products in your specific environment every day.

 

Other Trust Management solutions

Device Security CardOS

Secure authentication and trusted identity delivering assurance and efficiency to every sector.
Visit product page >

Metapki

Recording, creation and management of secure electronic identities.
Visit product page >

Metatime

A reliable time-stamping solution for transactions and archives generating time-stamp tokens (TSTs).
Visit product page >

Metacrypt

Protecting sensible data by supporting the encryption and decryption of electronic documents.
Visit product page >

Vericert

Centralizing the validation of public key certificates.
Visit product page >

Cryptographic Data Preparation Device

Managing the creation and security of EMV smart card personalization elements.
Visit product page >

Interested in our metasign solution?