Definition: A Signature Activation Module is an additional security element that is implemented into signing services for the purpose of providing remote signing or sealing functionality.
Signature Activation Modules explained
Remote signature activation refers to the process of activating or generating a digital signature using a cryptographic key that is stored or managed remotely, typically in a secure environment. This method allows users to create digital signatures without having to physically hold the private key required for signing. For this purpose, remote signing applications require a Signature Application Module (SAM) to authorize a signature or operation.
Remote signature activation offers several advantages, including enhanced security by keeping the private key isolated from the user's device, centralized key management, and the ability to enforce stronger access controls and auditing mechanisms. It is frequently used for purposes requiring strong security and regulatory compliance, such as financial transactions, legal requirements, and government applications.
The remote signature activation process involves the following steps:
- Key Generation: A cryptographic key pair consisting of a private key and a corresponding public key is authorized and generated. The private key is securely stored in a remote location
- Signature Activation Request: The user initiates a signature activation request from their local device, such as a computer or a mobile device, and returns the signed data back to the signing application
- Authentication and Authorization: Verifies the user's identity and ensures that the user has the necessary authorization to activate a digital signature.
- Signature Generation: Once the user's identity is authenticated and authorized, a signature is generated using the stored private key. The data to be signed is sent to the remote location, where the signature is generated and returned to the user
- Signature Verification: The generated digital signature can then be used to verify the authenticity and integrity of the signed data. The corresponding public key, which is often widely available, is used to verify the signature. In turn, the origin and authenticity of the signature requests are verified.
Generation and storage of Qualified electronic signatures and seals (QES) and remote signing capabilities are achieved by utilizing certified Hardware Security Modules for this purpose - a ‘trusted’ computing device that provides extra security for sensitive data. A signature activation module is an additional security component that is integrated into a signing service that adheres to the remote signing requirements defined by CEN and ETSI as part of the eIDAS regulation.
Signature Activation Modules provide a scalable and reliable service, supplying a mechanism for securely authenticating and performing signatures. They are typically used by organizations to implement and deliver remote digital signature services to application providers and end users.