Metasign for electronic signature verification and creation
How to create electronic signatures , verify them and to guarantee documents integrity?
In environments that require a high level of trust, such as government, finance or healthcare sectors, advanced or qualified electronic signatures are highly advised.
In a context where organisations are moving to paperless transactions, it is necessary to electronically sign documents to guarantee their integrity and to be able to bring the proof of acceptance by the signer. The signature has to be verified strictly so as to detect any possible cause for invalidity. Atos, a European actor in IS security, provides metasign, an overall solution to create and verify electronic signatures.
To follow or contact us:
Immediate verification (and augmentation)
Cryptographic signature verification following its creation and adding the necessary information to maintain its longterm validity with report generation
Metasign supports advanced electronic signatures conformant with the CMS, CAdES, XAdES and PAdES technicals specifications as defined by ETSI
As a European security leader, Atos has developed an unique expertise in securing information systems, delivering consultancy, integration and expertise services in trust technologies
The eIDAS regulation allows the European Union to provide a legal framework for transnational digital transactions. It is aiming for the enhancement of electronic exchanges’ trust. It establishes a framework for electronic identification and trust services, including the topic of the electronic signature. Thus, the eIDAS regulation enhances the transparency and reliability of transactions.
Discover how we can help you being compliant with our solutions.More information
Use case: Digital signature for healthcare organizations
How to improve the paperwork productivity in your hospital?
Healthcare organizations can be struggling with administrative costs, often due to the overuse of paper practices. In their journey to reduce paper, hospitals can adopt digital signature or expand it to the many departments in order to:
► Ensure the integrity of signed document and verify the identity of the signer (patient, doctor, administration…) to be sure they are only working with trusted actors
► Benefit from timestamping to be able to verify the signatures in a long-term perspective >>
► Simplify archiving, save money on printing and scanning, and reduce time spent on paper processing.
Enhance paperwork processes efficiency and reliability with digital signature.
► Compliance with European directive 1999/93/CE
► EAL3+ CC certification and French RGS standard qualification (In progess)
► Metasign works in a Java 6, Java 7 or Java 8 runtime
► The metasign implementation of norms and standards is validated throughout the frequently participation to ETSI interoperability plugtests
► Server solutions metasign-server, metasign-adp and Vericert are running on Linux platforms (e.g. Red Hat or SUSE). These solutions are fully integrated and delivered with Open Source international components Apache, PostgreSQL, PHP and Tomcat
Norms and standards
► Certificate format compliance with ITU-T X.509v3, RFC 5280 and RFC 3739
► XAdES: XML Advanced Electronic Signature ETSI TS 101 903
► CAdES: CMS Advanced Electronic Signature ETSI TS 101 733
► PAdES: PDF Advanced Electronic Signature ETSI TS 102 778 including LTV format (part 4) and visual of signature (part6)
► XML signature policy ETSI TR 102 038
► RFC 3161: Time Stamp Protocol
► PKCS#11 and MSCAPI for interfacing with smart cards. Support of IAS cards and pinpad readers
► PKCS#11 for interfacing with a Hardware Security Module (HSM)
► PKCS#12 for the storage (in the file case) of the signature private key and the certificate
Electronic signatures guarantee the integrity of documents and identify the signers. Once a signer has produced a signature and the signature has been verified, the signature is secure and may no longer be repudiated.
Each signer (e.g. a user or an application) uses a signature key pair (a public key and a private key) and a public key certificate generated by a Certification Authority. Metasign can use signature certificates generated by the Atos’s solution metapki or other PKI products.
For users, the signature private key and the signature certificate may be stored in a smart card or in a USB token protected by a PIN, or alternatively in a file in the PKCS#12 format. Private keys and certificates are accessible either through a PKCS#11 interface or a MSCAPI interface. For applications, Hardware Security Modules (HSM) may be used for the same purpose.
Metasign creates and verifies electronic signatures using the following formats: CMS, CAdES, XAdES or PAdES, and in conformance with declared signature policies. Metasign supports time-stamping tokens generated by Atos metatime or by other time-stamping solutions.
Metasign supports the following functions:
► Signature creation: creation with the requested format using the signature policy and the configured cryptographic token; multiple signatures and co-signatures are supported
► Immediate verification (and augmentation): cryptographic signature verification following its creation and adding the necessary information to maintain its longterm validity with report generation
► Subsequent verification: verification by relying parties and generation of a report.
In a context where organisations are moving to paperless transactions, it is necessary to electronically sign documents to guarantee their integrity and to be able to bring the proof of acceptance by the signer. The signature has to be verified strictly so as to detect any possible cause for invalidity…
In environments that require a high level of trust, advanced or qualified electronic signatures are highly advised.
But where to begin?
This infographic takes a look at how to manage your project from the identification of your security needs to the implementation and launch themselves.
Organisations moving to paperless exchanges, whether for internal communications or for relationships with partners or customers, may be required to demonstrate that certain transactions or actions occurred before a given date and time…