accesskey_mod_content
CTT - Centro de Transferencia de Tecnología

eSignature Platform

  • Short Name :
    @firma
    Direct Access :
    FAQ
    Summary :
    Platforma@firma (the eSignature Platform) is a multi-PKI platform for electronic validation and signing.. . It provides services for authentication and electronic advanced singing quickly and effectively.
    Target audience :
    Any Public Administration
    Usage :
    Installable product , Network service integrable in customers applications
    Type of Solution :
    Open source application
    Status of the Solution :
    Production
    Organic area :
    State
    Technical area :
    Horizontal services for the AA.PP , Semantic Assets
    Functional area :
    Government and public sector , Personal documents
    License :
    EUPL (European Public License)
    Interoperability level :
    Technical , Political
    Programming language :
    JAVA , Web Services , .NET
    Operating system :
    Windows , Unix , Linux

    Description

    Public administrations offer electronic public services using electronic signature and advanced methods of identification or authentication based on digital certificates. Due to the multiple certificates that can be used and the multitude of standards, implementing systems that support all the features can be complex and costly.

    Therefore, the Ministry of Economic Affairs and Digital Transformation provides the validation services and multi-PkI electronic signature @firma platform, as a service of certificate validation and electronic signatures decoupled from applications. It is a reference solution to comply with the measures of identification and authentication described in Law 39/2015 of Common Administrative Procedure of the Public Administrations.

    The goal is to verify that the certificate used by the citizen is a valid certificate and has not been revoked and therefore remains fully valid to identify its owner. The services of the platform are applicable to all qualified electronic certificates published by any certification service provider supervised by the Ministry of Industry, Tourism and Commerce in Spain, including DNIe certificates corresponding to providers that are established and supervised in Spain, and to all European certificates included in the Trusted Lists (TSL) of its Member States.

    The validation platform of the Ministry of Economic Affairs and Digital Transformation operates as a non-intrusive service, which can be used by all the telematics services offered by the different public administrations, state, regional and local government. To facilitate the integration with the service, integration libraries 'Integr@' are provided, also allowing signature on the server.

    In addition to the service offered, it is available as software to be installed by public administrations (federal model) with multiple utilities of added value, among which are the creation and validation of electronic signatures in multiple formats.

    This solution has been released under the EUPL license, the source code and associated documentation are available through the Downloads section.

    There are other services of the ‘@firma Suite’ related to the validation platform @firma. This is the case of a platform for time stamping, a client of signature in user environments, a display of electronic signed documents, etc., which can be found at the corresponding initiative.

    New Architecture of @Firma 6.4

    The current version of @firma is 6.4 and constitutes an evolution of version 6.2 based on the contribution of multiple cooperating Public Organisations.

    The main objective of this evolution of the 'Suite @firma' has been to take it towards a new architecture that favors the maintainability and evolution of all the elements.

    Compared to the previous version, the changes included in the architecture of version 6.4 of @firma are:

    • The architecture is divided into three components: Administration, Base Services (Validation and Signature) and Asynchronous Services, all functionally working in "single-node".
    • The validation logic is extracted through TSLs to the VALet System and the integration with this System is carried out.
    • The configuration model and alarms are transferred to local hsqldb databases.
    • A synchronization mechanism is developed for the local Service node configuration databases based on the one registered in the Administration node.
    • The possibility of cluster configuration is eliminated.

    This evolution has involved updating the rest of the elements of the suite to find a better coupling with the redesign of the service components.

    The objective systems of this evolution have been the following:

    Service platforms:

    • @firma: Certificate Validation Platform and Electronic Signature
    • TS@: Time Stamping Authority

    Support elements:

    • Integr@: Integration libraries with @firma
    • VALIDE: Certificate Validation Portal and Electronic Signature
    • Monitoriz@: Monitoring System for the Services of @firma and VALet
    • VALet: Certificate Validation System Against TSL
    • @firmaCRL: System that allows the download and publication of CRLs of Registered Providers.
    • eVisor: Generator of reports and proof of signature.
    • Portafirmas: component for the integration of the signature in the organizational workflows.

    Client components:

    • Autofirma: Signature in Web Browser / Desktop
    • Firma Móvil: Native applications for Android and iOS mobile devices.
    • FIRe: electronic signature broker
    • Portafirmas Móvil: Mobile version of the Portafirmas to create signature flows

    Regarding @firma, version 6.4 has implied new administration capabilities and improvement in services and traceability and a new event management system:

    • Verification of DIR3 configuration at a strict level.
    • New functionalities for Federated clients.
    • Improvements in the management of user profiles in the administration backend.
    • Sending emails to those responsible for the applications with a certificate that is about to expire.
    • Improved response times in the administration backend.
    • New validation service (extended validation report).

    Improvements have been made to the administration, statistics and usability of the TSA.
    Regarding VALIDE, improvements have been made in the user experience:

    • Extended validation report.
    • Updating of the VALIDE web interface.
    • Integration with EEUtils.

    The evolution of Integr@ has involved an update of dependencies.

    The introduction in the architecture of the VALet system has implied improvements in the management and administration of TSLs:

    @firmaCRL has been adapted to support partitioned checklists.

    Regarding Cliente Firma Móvil and Portafirmas Móvil, the services have evolved, the user experience has been improved and the applications have been adapted to the new versions of the operating system:

    • Evolution of the authorization configuration.
    • Evolution of validator configuration.
    • Display of different types of signature lines.
    • Evolution of the adaptation of the Cl@ve identification service.
    • Improvements in the interface and in the import of certificates in iOS

    The usability of the FIRe system has been improved and the security of transactions has been improved:

    • Automatic selection of certificates.
    • Improvements in transaction security: update of flows, connectors and set of services.

    With regard to the Autofirma client, improvements have been made to the signing and installation processes, and improvements to the information shown to the user:

    • Improvements in PADES signatures.
    • Batch signature improvement.
    • Consistency between cosignatures.
    • Improvement in the triassic signature service.
    • Improved MSI installer
    • Improved display of error messages

    Regarding the global of the @firma suite:

    • The adaptation to the AGE 2.0 policy has been prepared.
    • Information traceability has been improved, improving consistency between applications and facilitating transaction tracking.
    • A new event management microservice has been created.

Responsable