Electronic signature for your business
Unicity MSS (Mass Signing Server) is a high-performance mass signature server that satisfies the needs of all legal entities (companies, public services, associations etc.) that produce high volumes of electronic documents requiring signature. It enables different entities or departments within an organization to sign documents electronically (server stamp), whatever kind of business applications or document flows are involved, including, for example:
- Fast mass signing of invoices
- Signature of contractual documents
- Mass signing of all kinds of documents to guarantee integrity
- Countersignature of contracts by a legal entity
High-performance electronic signature
Do you need to sign high volumes of documents or produce electronic signatures at high speed as part of a complex business process? With Unicity MSS, processing speed will never be a hindrance! Depending on the configuration involved, Unicity MSS can produce several hundred signatures per second.Learn more
Unicity MSS is fast...
Unicity MSS is a stand-alone server that handles all operations, from the inbound connection to signature. Each server module has been optimized to offer you an extremely high-performing tool. With our optimized software drivers, you can get the most out of the capabilities of your HSM. Unless you use optical fiber, you will be limited by your network connection speed before being limited by Unicity MSS!
And it can be even faster!
Do you need to sign several million invoices in a single day? Unicity MSS can easily be installed in a cluster to leverage very significant processing capabilities. Using the integration library provided and the web services, you can delegate client-side operations processing and thereby substantially reduce network transmissions. The only thing you need to keep an eye on is the size of your event log!
Flexible signature configuration
It's simple: We can handle everything! PDF, PAdES, CMS, CAdES, XMLDsig, XAdES, detached, attached, enveloping, with or without timestamping, with co-signatures or countersignatures etc. Whatever kind of signature you wish to produce, Unicity MSS can do it!Learn more
Multiple keys, multiple signatories, multiple formats
Within the signature services, a signature key is linked to its signature environment:
Unicity MSS enables you to generate several signature keys, which can be linked to multiple signatories, all with their own signature format.
Advanced and qualified signature support
It is possible to configure Unicity MSS to obtain advanced signatures compliant with European directive 1999/93/EC. If your certificates are qualified, your signatures will be!
External signature mode with CUTE
In this mode, Unicity MSS takes care of all the details involved in the preparation and finalization of CAdES, XAdES or PAdES advanced signature formats. Thanks to CUTE, all that remains to be done is to produce a "raw" signature, the key being stored on a device such as a smartcard or SIM card. This mode enables end-users to generate signatures with their own key in an advanced format without having to know it or define it.
Designed for IT integration
Unicity MSS integrates very easily and quickly with your existing infrastructure. A corporate signature server interacts with multiple services and with different hardware:Learn more
Interaction with trusted third parties
Naturally, a signature server requires keys and certificates and must often integrate timestamp tokens into signatures. With Unicity MSS, there is no longer any need for command lines or for specific development to generate keys or obtain electronic certificates or timestamp tokens from services that are compliant with European electronic signature standards. All these operations can be performed with a user-friendly graphical interface in just a few clicks.
Signature requests via web services or hot folders
Whether from a .NET- or Java-based application server, or a Python, Perl or PHP web application, all Unicity MSS operations can be easily performed through web services (SOAP, XML-RPC and OASIS/DSS) and can therefore be easily called from any programming language.
To make integration of these interfaces even easier, and depending on your needs, Unicity MSS is supplied with:
Unicity MSS also offers the Hot folders mode. In this integration mode, the calling application deposits files for signature in a pre-configured folder on the Unicity MSS server. This folder is regularly inspected by Unicity MSS; when new files are found in it they are automatically signed and moved into a final folder. This mode allows simplified access to the signature services in addition to loose coupling between the calling application and the Unicity MSS server.
Compatibility with cryptographic hardware and software
Don’t be bothered by the keys and certificates token… By using international standards, Unicity MSS is capable of using all kinds of hardware security modules (HSMs), smartcards and software certificates, particularly since it supports PKCS#11, PKCS#12 and nCipher formats.
High level of security
End-to-end security is a fundamental requirement for a signature server used by corporate entities.Learn more
For optimal security, Unicity MSS integrates its own authentication layer and is based on the concept of role-based authorization control.
Integrated connection management
Unicity MSS is a stand-alone product that allows you to manage network connections and the SSL/TLS configuration directly from the graphical user interface. Configuration is therefore simplified, while end-to-end security is guaranteed from the calling application to Unicity MSS. The fact that it implements its own web services, its own web server and its own authentication layer means that Unicity MSS is not dependent on multiple third-party components for security or auditing. As with any critical configuration, the modification of inbound connection parameters can be tracked using the event log.
Role-based access control (RBAC)
Unicity MSS is based on the INCITS 359-2004 standard for secure and rigorous signatory access control. Each server operation is linked to a unique access permission and these access permissions are grouped by roles to fit with your organization's security model. Furthermore, for smooth integration with your infrastructure connection policies, it is possible to grant or deny some roles automatically, depending on the server entry point.
Signature key life cycle management
If you are already familiar with the handling of cryptographic material, you will know that full control of the signature key life cycle is especially important and sometimes even required to fulfill legal requirements associated with the production of electronic signatures. If you already have a key management policy in place and, for example, it requires that you use your HSM supplier's tools, there is nothing to worry about: Unicity MSS can also handle externally managed keys.
Extremely simple setup
Install - configure - sign. With one fully packaged solution and few installation steps, installing a mass signature server has never been so fast and easy!Learn more
Unicity MSS does not need an application server and can be installed on any operating system with a Java virtual machine. All the server modules are grouped together in a single package: There is no need to install third-party libraries or use funny configuration files. One tiny text file is enough to set up a ready-to-configure server using the graphical interface. The few installation and configuration steps are detailed in the installation and administration guide: Immediately after that, the graphical interface takes over and does all the hard work for you!
User-friendly graphical administration interface
All the Unicity MSS administration tasks are performed using a complete and intuitive graphical interface. Each operation in Unicity MSS generates an entry in the event log: server startup or shutdown, modification of any parameter, successful or unsuccessful signature requests, new user creation, granting or denial of roles etc. Each entry includes all details of the corresponding operation. If you need to check specific information, all the entries can be viewed from the administration interface. You can export the event log or view entries using the web services interfaces, for subsequent integration into your own reports.
Full compliance with standards
This is Cryptolog's constant promise: When creating electronic signatures, it is particularly important to be able to use material provided by third parties and to produce signatures that can be verified by any tool on the market.Learn more
Like all other products in our range, Unicity MSS carries our promise of full compliance with standards to satisfy your needs for interoperability.
Simple and advanced signature formats
Unicity MSS makes it very easy to implement all the main signature formats currently in use, in strict compliance with the latest international standards: CMS and CAdES, XMLDsig and XAdES, PDF and PAdES. Whatever the signature format, Cryptolog has implemented all the security levels described by the standards, from the most simple (BES and EPES) to the addition of an ES-T timestamp token.
Import signature policies
Signature policies compliant with the ETSI TR 102 038 and ETSI TR 102 272 standards can be easily imported to the Unicity MSS server. The signature policy rules are automatically updated and locked to prevent modification. The policy will then be referenced in the signature. Do you already have your own signature policies? Unicity MSS enables you to generate advanced electronic signatures that are compliant with them instantly!
I - Signature
Signature validation policies (EPES signatures):
II - Timestamping
III - Other functionalities