Universal Safe Signing Interface (USSI)
USSI provides a hardware and software infrastructure (servers, databases, and software components) supporting digital signature services that is resilient and scalable. USSI will mitigate risk of creating signatures in the digital environment. It offers assurance of signatory identity and the application of that identity through digital signatures. USSI digital signature services conform to the regulatory requirements of 21 CFR Part 11.
The USSI provides the following services
  • Consistent signing user interface.
  • Derives the hash of the content within the object to be signed.
  • Checks to ensure the status of the users certificate being used for signing
  • Derives the elements to be incorporated in the PKCS#7 which is created via the browser plug-in.
  • Applies PKCS#7 block to the appropriate signature block in the object
  • Creates a signature block and/or signature element status report based on unsigned or signed elements of the object.
  • Provides validation details for all signatures previously applied to a PDF document.
A digital signature utilizes the combination of Digital Certificates tied to Public Key Infrastructures (PKI), Certificate Authorities (CA), Hashing Algorithms (the transformation of the contents of the document into a unique numeric value), and Client and/or Server Application interfaces/infrastructures to achieve the electronic equivalent of a wet signature. These elements allow a user to compute the hash of a document at a point in time, and sign that hash with their digital identity certificate. The public key and systems infrastructure provides mechanisms for that certificate to be checked for validity and revocation. This eliminates the need to print, physically sign, and then scan a document back into an electronic environment. Documents can finally stay in their electronic form so they can be distributed for review and consumption using much more effective means. It also eliminates the need for physical storage of documents by a corporate records management group. In fact, many argue that the combination of these elements and the real-time validation of the certificates provide a higher level of assurance as to the identity of the signer of the document.

USSI provides signing services through two paths. The signing services may be called from a subscribing application via web services/ job tickets or a user interface which leverages those same web services to support enabling business users to apply digital signatures to documents without a separate integrated application.

An application that wishes to integrate with the USSI, submits an XML job ticket to the USSI; this ticket defines the details of the signing operation as well as making the document be signed available to the USSI. Once the ticket is submitted by the application, the application redirects the user to USSI with job ID information and the standard USSI user interface is launched which ensures capture of any further information required to complete the signing process. Upon completion (or failure) of the signature event, the USSI service modifies the job ticket to reflect the status of the operation and the client application can retrieve the signed object based on delivery details specified in the XML job ticket. Alternatively, any signature, which has been applied to a PDF, can be checked to assure that it is still valid at any given time. Similar to a signing request an XML job ticket including the details of the validation operation and the PDF document, which needs to be validated, are sent to the USSI via the web service. The hash of the signed document version is compared against the hash contained in the signature to determine if the document version has been altered. Additionally the signed OCSP response is retrieved from the signature so that the embedded hash, as nonce, can be compared with the hash of the signature as well as the hash of the document version linking the 3 components together. Once all the validation data is constructed and assembled the Validation Report is presented.