OSI.CSS

Cloud Signature Services

OSI.CSS enables security services based on secure electronic signature that are necessary for providing integrity and authenticity of documents and transactions within implementation of business services through web portals or services in the cloud.

The key advantage of OSI.CSS is that it provides creation of remote electronic signatures in accordance with the new EU regulation (Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014). The regulation gives legal basis for creating remote electronic signatures, where environment for creating electronic signature is managed by trusted service provider on behalf of the signer.

Introduction of a remote electronic signature means that users cryptographic keys are safely stored on the remote system and signature is carried out on the remote system. It means that signer does not need any dedicated hardware and software for the storage of keys and signature implementation. The signer can therefore use service from any device, such as a personal computer, a smart phone or tablet, that has a web browser.

The holder is identified through strong authentication: username and password in combination with additional mechanism of one time password SMS or dedicated device, mobile applications for one time passwords or digital certificate.

Solution OSI.CSS consists of several modules, what therefore provides flexible installation and easier integration into environments that have already established an individual comparable functionality.

OSI.CSS.Crypto

Product OSI.CSS.Crypto uses keys of signatories to implement functions of cryptographic operations that are needed for creating remote electronic signatures.

Module is installed in a secure network segment at trusted service provider and is accessible for authenticated providers of application services through the programming interface and authenticated holders through the website. Module is responsible for formatting cryptographic digital signature objects by using cryptographic hardware security module (HSM) on which all operations with keys of signatories are carried out.

Secure storage of cryptographic keys is guaranteed with strong cryptographic mechanisms of hardware security module, which allow access to the key only to the holder. Holder’s keys can be activated and used to create a remote electronic signature only after successful authentication of the owner.

OSI.CSS.Sign

Product OSI.CSS.Sign provides functions to prepare a request for signing and creating an electronic envelope of signature of documents in different forms. Forms of electronic signature XML/XadES, PDF/PadES and PKCS7/CMS/CadES are supported.

OSI.CSS.Sign could be installed at a remote service provider or at a provider of web portal application service or service in cloud computing. Implementation at an application service provider is particularly suitable when it is not desired that the content of the document to be signed is sent to a remote electronic signature service provider.

In case of installation at an appliaction service provider the document does not need to be sent to electronic signature service provider and the content of the document stays at application service provider. Only the hash value of the document, that is beforehand calculated on the local OSI.CSS.Sign system, is sent to a remote electronic signature provider.

OSI.CSS.PKI

Product OSI.CSS.PKI is intended for managing digital certificates that are used to create remote electronic signature within the OSI.CSS.Crypto system.

The solution supports functions for automated management of the entire life cycle of digital certificates, or only functions needed for already established certification authority system. For example, if service provider already has an established Certification Authority, OSI.CSS.PKI may be used only for operations of acquisition of digital certificates for keys generated on OSI.CSS.Crypto. OSI.CSS.PKI enables integration with products for managing digital certificates of different manufacturers (eg.: Entrust, Microsoft, EJCBA …).

OSI.CSS.Verification

Product OSI.CSS.Verification provides functionality for verifying validity of electronic signature of documents in various forms. Forms of electronic signature XML/XadES, PDF/PadES and PKCS7/CMS/CadES are supported.

OSI.CSS.Verification service could be installed at remote electronic signature service provider or at an application service provider or at subject that verifies validity of electronic signature.

Installation of OSI.CSS.Verification module at the application service provider is particularly suitable when it is not desired that the content of the document for verification is sent to a third service provider for verifying electronic signature.

Want more information?