- Evolution of CoSign HSM
- All the power of the new HSM with qualified signature, integrated with the usability of DocuSign
- Common Criteria EAL4 + certificate
- eIDAS compliant
- New HW
- New SW
- With built-in backup features
- Scalable to millions of users
eAll the power and security of the new signature server, an evolution of CoSign HSM
On 21 September 2016, OCSI issued the Certificate and Certificate of Conformity for the product “CoSign v8.2 at the EAL4 + guarantee level (AVA_VAN.5, ALC_FLR.1, ATE_DPT.2)” of the DocuSign company, marketed as DSA – DocuSign Signature Appliance.
DSA represents the natural evolution of CoSign HSM, the most used digital signature server in Italy. Millions of corporate signatories, public administrators and the most common cloud services have been using the renowned CoSign digital signature solution for automating signature-based processes for years. In addition to significant increases in staff efficiency and cost savings associated with paper, CoSign has provided security, reliability and scalability to millions of users to date. CoSign HSM was the first signature server to obtain EAL4 + certification in Italy and Europe. Today CoSign has evolved into DSA, increasing its performance, safety and business continuity characteristics.
With the definitive entry into force of the EU Regulation no. 910/2014, eIDAS and by virtue of the transitional provisions pursuant to art. 51 paragraph 1, the device “CoSign v8.2”, object of Assessment as a Safe Device for the creation of electronic signatures (SSCD), is also to be considered a Device for the creation of qualified electronic signatures (QSCD) in the context of eIDAS.
The Certification Report, which is valid internationally, was issued by OCSI at the end of the re-evaluation of the previous CoSign v7.5 version already certified by OCSI in October 2015 (Certificate No. 4/15), following some changes made to the product by the supplier Arx, a company acquired by DocuSign
Let’s look at the changes made:
- more powerful (for a performance increase up to 5 times faster);
- with two removable power supplies;
- completely revised look & feel;
can also be used on current hardware, so in reality there are TWO certifications in ONE. Certified products:
1) SW8.2 with HW8.0;
2) and SW8.2 with HW7.0 (already used in CoSign ver. 7.1 and 7.5);ad hoc
- configuration for “Seals” without the use of OTP, therefore automatic;
- backup functionality;
- in case of high availability configuration with two devices in cluster business continuity you can sign / seal on the second machine (alternate) in case of temporary failover of the first;
- use of a single OTP to apply multiple signatures within a session always attributable to the same signatory;
- can also be used with operating systems other than Windows (via WS-REST interface);
- scalable to millions of users.
The evaluation and certification process involved, as in the past, the IT Security Assessment Laboratory of IMQ – Italian Institute of Quality Mark which successfully completed all the hardware and software security tests provided.