The GuardTime Keyless Signature Service delivers and validates GuardTime Keyless Signatures within any business process or data workflow imaginable.
Keyless Signatures prove the time, integrity, and origin (machine, organization, individual) of the input data.
View the sections below to learn more about how the service is used to generate the independently-provable Keyless Signatures.
What the Keyless Signature Service Does
- Allows any amount of any type of data to be signed
- Provides online verification of the signatures for the life of the data
- Maintains and delivers the publishable Integrity Publication data for independent signature verification
How the Keyless Signature Service Works
- The business process is extended to utilize a Signature Client to sign data
- The Signature Client will take a hash (SHA-256) of the data to be signed – the unique hash value is used as part of the request for the signature
- The request for the signature is made via one or more Keyless Signature Servers, which merges it with the other hashes and then passes the signing request on to the Keyless Signature Core
- The Keyless Signature Core will generate the core component of the Keyless Signature and return it back to the Keyless Signature Server
- The Signature Server will receive the Keyless Signature from the Keyless Signature Core, add local information relevant to the Signature, and pass it down to the Signature Client
- The Signature Client will store the Keyless Signature per the requirements of the business process policy configuration
- The business process is extended to utilize a Signature Client to validate signatures
- The Signature Client will take a new hash (SHA-256) of the data to be validated plus the Keyless Signature previously generated for the signed data item
- The request for the signature validation is made via one or more Keyless Signature Servers
- The Keyless Signature Server will determine the validity of the signature and pass the signature status back to the requesting Keyless Signature Client
- The Keyless Signature Client will present the Keyless Signature status to the system, application, or user interface – as defined by the client integration selected
Sample Keyless Signature Solutions
- Certified Email
- Auditable Cloud Collaboration
- Auditable Document Exchange
- Intellectual Property Protection
- Auditable Scan to Cloud
- Auditable Financial Transaction Logs
- Code and Application Signing
For more detailed examples, please visit our Keyless Signature Solutions section.
Connecting to the Service Using a Keyless Signature Server Product
- GuardTime Data Audit Server (DAS)
- GuardTime Documents Signature Server (DSS)
- GuardTime Enterprise Messaging Server (EMS)
- GuardTime Cloud Audit Server (CAS)
By connecting to the service you accept the GuardTime Terms of Service.
For additional details regarding each of the products, click on the links above or browse the Keyless Signature Products section.
For additional details about the technology behind the service, including details regarding the Keyless Signature Servers, view the Keyless Signature Technology section.
What the Service Infrastructure Looks Like
The infrastructure is a hierarchical and redundant structure similar (in structure only) to the very widely-used domain name service (DNS) infrastructure. The lowest level of the hierarchy is called a Signature Server, identifiable by its IP address and TCP service port.
There are three primary variants of a Keyless Signature Server – shared, dedicated, and public. The service accessed through any of the public Signature Servers is anonymous, and therefore, is provided as-is.
Service Attributes
If you still have questions about how the GuardTime service and technology work together, please refer to the Frequently Asked Questions section or feel free to contact us.
