SignErgy – a Solution for the Replacement of Java PKI Applet Technology
In most existing implementations, where hardware PKI devices and X.509 certificates are used for digital signing in online services/web applications (such as Internet banking applications), Java applets are used to give the browser-based web application access to the resources installed and connected to the local computer operating system (e.g. a connected hardware PKI device).
Some web browser producers have already stopped supporting the Java plugin (Chrome), some have announced their plans to remove support (Mozilla), and some have launched a new browser version without the Java plugin support (MS Edge).
To solve this problem Asseco has developed a new concept that successfully transforms the existing technology based on Java applets into an all online digital signature service. The new concept is based on the use of Asseco's Java native application called SignErgy, which comes bundled with ready-made integration JS scripts and the related documentation for easy integration and usage in online services. A part of Asseco's existing customer base have already successfully switched to the new concept, others are in transition or are planning the transition to the new concept.
- The same SignErgy implementation supports all modern web browsers, such as MS Edge, MS IE, Google Chrome, Mozilla Firefox.
- Easy integration into online services.
- When Runtime is used the SignErgy application will be launched by the online service only when it is really necessary.
- Similar user experience as with Java applets.
- Secure https (TLS) communications between the Web browser, online services and the SignErgy application.
- Offers a safe way to change and validate client-side configuration parameters by a digitally signed server-side application parameter file.
- Support for the XML Signature (XMLDSig) signing standard.
- Support for different vendors of PKI hardware devices by using their PKCS#11 interface.
- The source code and the necessary resources of the application are protected by obfuscation and code signing.
- For protection against CSRF attacks online services authenticate SignErgy applications. On the other hand, the SignErgy application authenticates all messages that come to the application and check if they are digitally signed by the online service.
- Optionally, we can support digital signing of documents that do not leave the environment of online services in AdES/QES document formats (Advanced/Qualified Electronic Signature). For this feature, the Asseco's Advanced Electronic Signature Web service needs to be integrated with the web application.
SignErgy can be configured as a "What You See Is What You Sign" service.
- Optionally, the SignErgy application can be customized so that customer's infrastructure keys and customer's logo are used.
- In the development roadmap of the SignErgy product we intend to support Mac and Linux OS, and offer support for Microsoft CSP (Cryptographic Service Provider) interface to work with clients’ private keys on PKI devices, in addition to the already supported PKCS#11 interface.
With the use of Asseco's Validation Authority Service (VAS) for digital signature validation and for the signer’s certificate status validation, the online service gets everything needed for the proper implementation of PKI technology.