3-Heights™ Signature Creation and Verification Service – creating and verifying digital signatures
The 3‑Heights™ Signature Creation and Verification Service provides HTTP protocol based remote access to cryptographic providers such as smartcards, USB tokens, and other cryptographic infrastructure such as HSMs. By means of this service the tokens can be hosted centrally and used by any client computer which has access to the service.
The 3‑Heights™ Signature Creation and Verification Service relies on the PKCS#11 infrastructure for creating and verifying digital signatures. It constitutes the preferred infrastructure when dealing with hardware tokens and hardware security modules (HSM).
By means of the 3‑Heights™ Signature Creation and Verification Service personal tokens of employees may be hosted in a secure location and can be used remotely from any client computer which has access to the service by using individual credentials. The tokens may also be stored in a hardware security module (HSM).
The 3‑Heights™ Signature Creation and Verification Service uses a HTTP interface. This enables signature support for platforms that are otherwise not supported by the cryptographic infrastructure.
Restricted intranet access
The creation of a digital signature requires access to the servers of the certificate authority (CA) to be able to query the status of a certificate (OCSP or CRL) and optionally access to the servers of a time stamp authority (TS) to create trusted time stamps (TSP).
With the 3‑Heights™ Signature Creation and Verification Service these functions are centralized on a server and are not performed by the client any more. Thus, internet access is not required by the client computers and may be restricted to a dedicated server.
The fact that the signature creation and verification is done in a separate process greatly increases the robustness of the client application. If the cryptographic middleware produces a crash, only the respective worker process is terminated. The 3‑Heights™ Signature Creation and Verification Service and the client application remain untouched.
The service is configurable to handle multiple tokens and is secured via credentials.
While the service is running on a Windows computer, its clients can access it also from other platforms such as UNIX.
PKCS#11 is a widely used standard for providing extensive support in the area of digital signatures, including cryptographic algorithms and storage for certificates and keys
Central and secure storage and administration of private keys in an organization.
On‑line service for the creation and verification of digital signatures.
Centralized signature creation service in an enterprise application integration landscape.
The 3‑Heights™ Signature Creation and Verification Service can be used by any signature-aware 3‑Heights™ client software in particular with the following client software:
- HTTP 1.1
- Windows Vista, 7, 8, 8.1, 10 - 32 & 64 bit
- Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016 – 32 & 64 bit