What is an RSSP and why it is important?

Posted by Victoria Allen on Oct 13, 2021 10:31:26 AM

In our latest blog, we discuss RSSPs (Remote Signing Service Providers) and why they are important.

In the world of electronic and cloud-based remote signatures, regulations like eIDAS introduced the need for remote signing solutions to be delivered securely.

What is an RSSP (Remote Signing Service Provider) and its importance

Signature authentication and qualified digital certificates are provided by Trust Service Providers (TSP) and Qualified Trust Service Providers (QTSPs).

Remote Signing Service Providers (RSSPs) also play an important role in digital trust and remote signing.

Why remote signing is great for users, TSPs and QTSPs

Up until recently, a smart card or token would be used to sign a document digitally. Known as local signing, this would require a smart card reader, either installed into a laptop or plugged in as a separate device.

Every time a document needed to be signed, the signer would need to use their unique card or token and enter a pin into the machine to sign.

Remote signing eliminates the need to issue any tokens or smart cards while still offering the same Level of Assurance. All signing certificates can be held remotely in a secure on-premise or cloud based system, eliminating the need to carry a card or card reader.

This enables document signing from anywhere in the world as long as the signer has access to a reliable internet connection. As there’s no need to ship or replace hardware, this enables existing TSPs or QTSPs to issue certificates outside of their region and power cross-border business.

The role of an RSSP

RSSP stands for remote signing service provider. Typically, but not always, an RSSP is a TSP or a QTSP that delivers hash signing operations via the CSC (Cloud Signature Consortium) protocol.

When the signer applies their signature to the document electronically, the solution sends a hash to be signed via the CSC protocol to an RSSP. The RSSP solution will then complete the necessary authorisation, sign the hash and then return the hash back to the signing solution to compile into the signature.

A single RSSP can connect to multiple signing solutions such as SigningHub to deliver remote advanced or qualified electronic signatures.

The Cloud Signature Consortium (CSC) and the CSC protocol

The Cloud Signature Consortium is an initiative which provides a common technical specification for cloud signatures to make solutions interoperable for adoption in a global market. A key part of the CSC’s mission is to standardise the process of remote singing.

The CSC’s members (which includes Ascertia) have created a standard API to integrate the essential components of a remote signature solution across different service providers.

This API protocol is used by TSPs, QTSPs and Remote Signing Service Providers (RSSPs) to deliver high-trust remote signing services anywhere in the world.

This means that you could potentially have a consumer signing a document in one country using a CSC compliant signing solution such as SigningHub which connects to a local RSSP who follow local regulations and using the same signing solution share that document to an external signer who could be local or based in a different country signing using a different compliant RSSP following different local regulations.

That means that if all the signing service provider follows the CSC API protocol, then a document from any signing service provider can be signed with the existing CSC compliant solution. This interoperability between systems prevents delays and creates opportunity for global, cross-border business opportunities.

What is the benefit of becoming an RSSP?

As we have already mentioned, a key benefit of becoming an RSSP is the ability to connect to multiple signing solutions. One of the biggest challenges in the signing industry is that often, organisations are already using a form of signing application and want to continue using it. 

As RSSPs adhere to the CSC protocol, they can deliver remote advance or qualified signatures to multiple signing applications. In some instances, it’s even possible to use one form of authentication to complete signing actions across different platforms.

How Ascertia works with RSSPs

Ascertia’s solutions comply with the latest CSC standard API implementation and Ascertia works with many Trust Service Providers and Remote Signing Service Providers (RSSPs) to power their high-trust remote signing solutions.

A key example of a successful use case regarding business systems, is for one of our global partners.

With Ascertia’s help, one of our global partners became one of the first companies in the world to deliver remote qualified signatures under the regulation set out by eIDAS using Ascertia’s backend PKI services and the Ascertia SAM Appliance.

The standardised CSC protocol allowed them to use the existing Ascertia solutions to connect their signing services. The company is now able to offer eIDAS compliant remote qualified signing via multiple signing solutions including SigningHub.