X-Digital Signature Suite, included in Avain Technologies Oy's X-Suite product family, is a standalone, application-independent component, compatible with PKI and other signature standards, which can be used to create digital and advanced digital signatures in accordance with international standards and EU directives.

Advanced digital signatures

Currently, most of the electronic data contained in organisations is handled and managed in different systems. Data saved in electronic formats are more susceptible to covert editing than physical documents, which has often led to strict security measures and limitations on the mobility of documents.

Secure networks and other security measures have been successful in reducing the intentional and unintentional modification of documents, but none of these have been able to solve the problem of establishing the non-repudiation of documents or notes made on them. Digital signatures based on Public Key Infrastructure have been created for this purpose.

As a method, PKI is considered to be an advanced digital signature protocol, which is regulated by specific requirements in legislation related to digital signatures. The most significant requirement is the fact that advanced digital signatures must be indisputably linked to the document’s signatory. Similarly, the signatory must be possible to identify indisputably using the advanced digital signature. The signature must also be possible to use to confirm the integrity of the signed document.

In the PKI encryption method used by X-Digital Signature Suite the signatory is the only person who has access to the signature’s creation details. An individual number sequence is generated of the creation data, which becomes the user’s private key. When the private number sequence is combined with a specific algorithm during encryption, this leads to a unique packed message. The message can only be opened with a public key that corresponds to the signatory’s private key. The public key is held by a third certification authority. If information is changed after the signing event, the packed message is broken and a comparison with the original will immediately reveal the data modification.

Integrability of the X-Digital Signature Suite

From the user’s point of view, the X-Digital Signature Suite module operates as a controller of the digital document signing event. The signature server forms an XML signature, whose authenticity is checked at all stages of the signature process.

The X-Digital Signature Suite consists of server and customer components. Customer components consist of a browser plug-in (Microsoft Windows and Linux, Mozilla/Firefox/Netscape 6.0 or later, Microsoft Internet Explorer 5.0 or later) and their Javascript support. The plug-in can be set to install automatically or it can be provided centrally through the company’s intranet. The server components are designed as Java Servlets, which means that they are easy to transfer between platforms. The components can be integrated directly onto the server application’s www interface. Alternatively, the http Post protocol can be used.

There is a similar customer interface for confirmation of the signature: confirmation functions can be integrated directly into the user interface, or they can be accessed through http Post. Alternatively, the server applications can act directly as an interface together with the confirmation components by using the Java programming interface included in the programme.

Legally valid data security

X-DSS combines the best aspects of PKI encryption with its own new properties. This means that the user has access to XML-based digital signatures and authentication technology in a module, which is very easy to integrate into various server applications and information systems.

The technical advancements in digital signatures have caused changes in legislation. EU directive 1999/93/EC promotes the use of electronic transactions within the EU by setting standards for the granting of digital signatures within the Union. Digital signatures are now considered equivalent to paper signatures in the law. The PKI signature included in the X-Digital Signature Suite follows the XMLDSIG format of the W3C standard. Materials can be signed using a smart card or USB card, with a mobile phone or using the TUPAS bank signature. Systems can be made paperless by integrating the X-Digital Signature Suite into them.