Methics Remote Signing solution provides technology which can implement a universal strong authentication service similar to Local Signing without PKI SIM card. Remote Signing is a new concept introduced after eIDAS regulation (910/2014) which enables users to perform PKI signature from their mobile devices without the need of SIM card applets. User’s signing key is securely held under user’s control and signature operations are done in a hardware security module (HSM) on the server end.
Kiuru Signature Activation Module (SAM) and Kiuru Alauda Front End (AFE) when connected with Kiuru Mobile Signature Service Provider (MSSP) platform, uses B17 key splitting and SRP6(b) protocols send or receive authentication/signing request from a Qualified Signature Creation Devices (QSCD) called Alauda PBY app.
Alauda PBY app communicates with Kiuru AFE server which is integrated with Kiuru MSSP having connection with Kiuru SAM and HSM. Transport encryption mechanism is employed to secure all traffic between SAM and PBY. Methics has a long experience of working with leading HSM providers of the world (such as Utimaco, nShield, Securosys), making the solution compatible with external hardware.
Remote Signing solution manages the protection of user’s signing key and signing process with sophisticated technology and open standards. In compliance with eIDAS standards (EN 419 421-1 and EN 419 241-2), an electronic signature creation data can be managed remotely by a trust service provider on behalf of the signatory. Kiuru Remote Signing Solution is certified for Common Criteria Standards EAL 4+ by EN 419241-2:2019 and ISO 15408. Authentication and remote signing can be integrated via REST or SOAP API. API libraries are also available in SDK format for integration in your existing app.
If you feel you need some more information to decide which Mobile ID wireless PKI client is good for your service, you can read our article post in detail about PKI security on SIM Applet (Local Signing Solution) and Smartphone App (Remote Signing Solution).
Methics also provides the opportunity of implementing Remote Signing with SIM cards by installing B17 applet in SIM cards (older version of cards which do not have PKI components). Read here about how Methics is implementing eIDAS compliant Remote Signing through SIM cards.
Feel free to get in touch with us if you want a user-friendly software for your TSP, implement authentication/sign in service, document signing solution, or want to increase your user adoption of PKI services.