Skip to content

Remote Signing with Cloud Signature Consortium API

Cloud Signature Consortium (CSC) is the joint effort of businesses operating in global identity market to have common technical specifications to create a single digital market across the globe. It was created with purpose of easing up solution interoperability, complying internationally with eIDAS regulations. CSC paves the way for uniform adoption of Remote Signing.

Remote Signing is the process of producing electronic signatures (like QES and AdES), which are managed remotely by a Trust Service Provider (TSP) operating on behalf of the signer (end user). As explained in our Remote Signing blog post that user’s signing key is securely held under the user’s sole control, and signature operations are done in a Hardware Security Module (HSM) on the server end.

CSC acts as a standardized interface between trust services, allowing implementation of highly trusted digital signatures across the borders. Using these standards, the different services perform operations in a non-proprietary way.

Cloud Signature Consortium released an API specification for remote signature applications in 2019. This specification details a new API and architecture for remote signing. The architecture described in the CSC specification can be summarized in the following four corner model:

CSC Four Corner Model
CSC Architecture Four Corner Model

In this model, the Signature Application (top left corner) communicates with the RSSP (bottom right corner) to request signatures. The user can authorize signatures with the Signer Interface (bottom left corner). Finally, the RA/CA can be used by the Signature Application to validate signatures using OCSP.

In the model depicted above, the RSSP stands for Remote Signing Service Provider which is defined in the CSC specification. Typically RSSP is a service that provides CSC protocol for Signature Applications.

The CSC protocol offers various benefits over other standard signature protocols like ETSI TS 102 204:

  • Signatures are always requested for a hash, which leaves the document on user’s device
  • No third party application provider is required to perform the signature
  • Lightweight JSON protocol
  • Easy interoperability

Therefore, if a TSP/QTSP implementation follows the CSC API protocol, a document from any signing service provider can be signed with the existing CSC compliant solution. This interoperability between different vendor systems creates opportunity for global and cross-border business opportunities.

Kiuru MSSP version 6.0 brings support for the CSC protocol by implementing the RSSP component. This allows more flexible creation of document signing desktop applications. The following picture describes how Kiuru RSSP can be used with a Remote Signing app (Alauda PBY):

Kiuru RSSP Remote Signing Architecture

Kiuru RSSP offers support for both local signing, and Common Criteria certified remote signing.

For RSSP client support, we offer an open source CSC client in GitHub:

For more information about Remote Signing, check our solution page. If you are interested in our offering and want to know more details or want to schedule a demo, feel free to get in touch!

Publish Date: 18 November 2021
Written and Edited by: Eemeli Miettinen & Ammar Bukhari