TrustCubes has entered into a strategic partnership with UK based Trustify as the exclusive distributor of TrustCubes PKI products, including all SSL+LEI Certificates. As part of the new relationship, Trustify will manage TrustCubes customer renewals and partner accounts. Trustify have a long, sucessful history and the TrustCubes executive team is excited to partner with a cyber security specialist that will maximise the market reach for the TrustCubes SSL+LEI product, as well as provide industry leading customer service to TrustCubes customers. TrustCubes continues to innovate digital identity products for its customers and partners through the numerous global technical alliances.
LEI + SSL
Get Legal Entity Identifiers (LEIs) in just minutes for your customer’s organisations. TrustCubes is the first SSL Provider to issue SSL Certs containing LEIs – offer SSL Certificates that contain validated and verifiable corporate identity. Available exclusively through Trustify.
Legal Entity Identifiers
As a TrustCubes partner, you can offer Legal Entity Identifiers to your customers without the need to be an accredited Local Operating Unit (LOU) with all the requisite legal agreements, liability and stringent audits.
Our signing solutions alllow enterprises to review and sign documents quickly, easily & securely. We offer eIDAS-compliant Qualified Signatures for cross-border legal recognition making the incorporation of legally binding e-signatures into business workflows easy.
TrustCubes is the authorised European partner for several cybersecurity vendors. Our team has been shaping the Certificate Authority and SSL world for over 15 years and includes founders and previous executives of GeoTrust, GlobalSign, Comodo and more. We use our customer first philosophy and years of experience to automate the SSL application process and give you the best means of buying industry-leading website security products for your customers.
European company, European focus:
- Local language
- Local currency
- Local support
- Local payment methods
- Local regulation understanding
Experience years of best practice:
- Pioneers of automation
- Mitigate single vendor risk
- Best of breed technology solutions
- Dedicated account manager
- Direct line for support/sales
Get the most from our Partner’s technology:
To provide the best possible solutions, TrustCubes maintains close strategic partnerships with
leading product and technology vendors:
- Adding Legal Entity Identifiers (LEI) to Document SigningFebruary 12, 2019In a previous blog we talked about how strong identities like BankID & eID can be used to digitally sign documents. Today, we go more in depth how to add extra identity to the digital seal encapsulated in a digitally signed document. For example, a typical use case where a qualified digital seal can be used is e-invoicing. Companies sending out the e-invoices will do so in a digital pdf version signed by a qualified digital certificate that’s been issued to the company name. Because of the verifiable integrity and non-repudiation of a digitally signed document, customers are assured that they are receiving and paying an invoice from the company. But is that identity information in the certificate enough? Is the consumer happy with the basic static identity information that a certificate provides? The subject field still captures the same basic information. CN:Common name, O: Organisation, OU: Organisation unit, L: Locality, S:State, C:Country Instead, let’s create a better ecosystem and give the customer the opportunity to check a live company identity database to not only verify which company signed this document but also who owns who. To do this we’re adding the LEI number in a company seal providing that extra information. What is LEI and why is it a good extra identity source? LEI stands for Legal Entity Identifier and is a globally verifiable unique code that confirms your company’s identity and group structure. The number refers to an open Database of company details to verifiable level 1 ‘who is who’ business data and level 2 ‘who owns who’ parental structures. LEIs are updated at least once a year in a live database and could be considered as an improved alternative to the static information given today in multi-year certificates. Local QGIS (i.e. a local Companies House) give only information about the first level of identity information ‘who is who’ but it’s missing to ‘who owns who’ data that an LEI is providing. They are also limited to just 1 jurisdiction. LEI on the other hand is a global Identity source available in an internationally agreed structured format backed by the G20 supporting ISO standards such as ISO 20275 and ISO 17742. Today, LEIs are often used to meet an increasing amount of regulation (e.g. MiFID II,MiFIR) and are essential for any company conducting financial transactions worldwide. It gives previously unavailable corporate identity transparency and are used by over a million companies around the world. LEI is a great additional Identity information source which can be added in signed or sealed documents. The consumer can see live identity data so he or she can immediately identify who signed or sealed that document, who owns who. The document remains valid for the long term. The certificate information will show you the static information of the company information only at the moment of signing. The LEI number will give you the information about who is who and who own who updated regularly so at any time you can consult your document and identify the company that signed the document. The end goal is clear. We want to improve the ecosystem so that relying parties immediately identify who they are doing business with today and in the past. Adding extra identity to document signing is a step in the right direction to achieve this....
- Sign documents using the strong identities you already have todayOctober 17, 2018When you’re a regular reader of the TrustCubes blog or if you’ve appreciated the corporate vision of the company then you’ll know that we stand for identity and automation. We want to create Trust online. We want to improve todays ecosystem and better it for all organisations, users and relying parties operating within today’s connected online environment. We want to enable applications to benefit from extra identity layers that help end users understand with whom they are communicating and transacting. When it comes to Document Signing we have exactly the same vision. We want to see strong identities being used in Document Signing. Many companies today have transformed many of their business processes from manual paperwork to digital document workflows. However, when the document needs to be signed by someone of authority, we still see companies printing, signing, scanning and emailing/Dropboxing. Regardless of their digital transformation maturity they are still following manual processes as paper is printed, stored and then often send via snail mail because the only legal version of the document is the one that includes all wet ink signatures. To help solve this problem Europe took the lead and defined EIDAS where qualified digital certificates are seen as the legal equivalent of wet ink signature. Thanks to EIDAS we can now imagine automating the document signing process. For business to business (B2B) workflows this system works most of the time. Companies purchase Qualified or Advanced AATL certificates issued by approved CAs (Certificate Authorities) for their employees. The CA validates the company information and in the case of qualified certificate also the complete Identity of the signer (such as via face to face validation and verification of the national identity card). This process can take several weeks depending on the CA. I say most of the time, because quite often this system still isn’t working. One such example is that the company might use specific signing software that doesn’t support all certificates CAs. Unfortunately for business to consumer (B2C) workflows this system rarely works at all. As a fall back we tend to rely on electronic signatures, rather than digital signatures, which capture a signature of sorts but do not provide the identity proof of who the signature is there represent. In some workflows we also see customers being asked to visit an office or take a digital workflow back to paper based just to obtain a signature. The result is that all the advancements we’ve made in digital communications and transactions mean nothing when revert to paper based audit trails because we can’t provide the necessary levels of identity assurance. Additionally the cost to a consumer to obtain an Advanced AATL certificate is around EUR 250, and the average issuance time is around one week. Let’s imagine a digital signature is needed for a bank loan, it starts to become unreasonable to think that a consumer would pay EUR 250 and wait another week just to digitally sign an agreement from her bank. At Trustcubes we changed this system to make use of strong identity assurance more accessible to both B2B and B2C. Instead of expecting users to purchase and subsequently manage digital certificates, instead we use strong identities like eID and BankID (amongst others). USING STRONG IDENTITIES TO DIGITALLY SIGN DOCUMENTS How does it work? The user will simply login using a strong identity he already possesses today. (BankID, eID, Nemid, Itsme, etc). The Identity of the user is now verified and the identity information is captured. That identity information is then embedded within the document before it’s sealed digitally using an X.509 Qualified seal. Whereas there are some other providers that use their local national eID to embed identity information within the signed document, no-one can offer the breadth of strong identity support available through TrustCubes. Because we connected the Customer IAM functionality of Ubisecure to the signing solution, we currently support over 10 different integrations. To give a quick example. Using the TrustCubes solution I can sign a contract in the UK using my qualified digital certificate (because I took the time to obtain one!) and then send it for countersignature to my customers across Europe. It doesn’t matter that my customers do not have qualified digital certificates. My Belgian customers will sign with their eID or their itsme app, My Swedish customers will use their bankID, my Danish customers their NemID. There are no more delays or purchase costs for these digital certificates. The document is completely legal according the EIDAS regulation. We can finally digitalize the complete document Signing process for both B2B and B2C with an high assurance of who signed the document. What an exciting time!...
- Connecting the Legal Entity Identifier (LEI) ecosystem to the SSL/TLS Certificate worldSeptember 4, 2018Connecting the Legal Entity Identifier (LEI) ecosystem to the SSL/TLS Certificate world In our recent blog we talked about how we believe the SSL/TLS ecosystem is better served when identity and encryption are viewed as separate (but connected) concepts. Interestingly we’re seeing a similar principle echoed (in part) across some members of the browser community, specifically Google Chrome, with the downgrading of the EV UI to display only encryption indicators. Whereas we understand Google’s approach, after all they have only done good things to help drive the adoption of SSL to all time high rates, we can’t help but wonder if there is a better way to connect identity and encryption in Certs and return some perceived value to the identity assurance aspects. We believe that identity has a firm place in the SSL/TLS world when implemented in a user friendly, secure and consistent way. We are excited to now be able to talk specifically about our approach to the ongoing identity and/or encryption debate and how we’re connecting SSL/TLS products to the traditionally physical corporate identity world. Identity assurance across online use cases Users relying on company identity data for any online use case need several things. They need it to be: Live and accurate – representative of the company at the time of relying it Regulated and consistent – there should be a credible standardized validation workflow of identity data Transparent – published to a publicly accessible and verifiable open database User friendly – Doing Business As should be supported where complicated group holding names would otherwise confuse users (KLM vs Koninklijke Luchtvaart Maatschappij N.V.) Detailed when needed – as well as providing the ‘who is who’ aspect of company identity, when needed give insight into ‘who owns whom’ for corporate structure understanding Challengeable – if inaccuracy is suspected, there should be a protocol to challenge The Legal Entity Identifier (LEI) ecosystem, overseen by the GLEIF (Global Legal Entity Identifier Foundation), was designed to meet all these requirements. Whereas the most common use case for LEIs today remains within financial reporting, the LEI has the potential to be a central single corporate identifier for a multitude of use cases: TrustCubes is initially focusing on the applicability of LEIs to SSL/TLS Certificates. Published LEI data is already known as a qualified data source to CAs, and some CAs already use LEI information when validating SSL applications. However that’s where the connection to LEIs ends rather than begins. This is where our approach is different. Due to our partnerships with DigiCert as our issuing CA and with Ubisecure as our LEI Issuer, TrustCubes is now running a pilot that sees us issue EV SSL Certificates containing Legal Entity Identifiers. For the first time we’re connecting two very separate ecosystems – the physical world company identity ecosystem of the GLEIF and the online SSL/TLS ecosystem of the Certification Authorities with an aim to enable better, more relevant identity in Certificates. Taking a deeper look at LEIs in SSL Certs TrustCubes issues LEI enabled EV SSL Certificates from our Intermediate Certificate Authority (operated and maintained as part of the DigiCert PKI hierarchy). To view an LEI enabled EV SSL Cert, go to https://www.trustcubes.com and click on the padlock and view the SSL Certificate. Open the ICA to view the Subject Details information. The TrustCubes ICA include two OIDs: 220.127.116.11.4.1.52266.1 is the Legal Entity Identifier number. This OID is registered by the GLEIF specifically to contain LEIs within Certificates. The OID references an LEI number that has been added to the GLEIF database – https://www.gleif.org/en/lei/search#query=984500505FE80CD0NE58 18.104.22.168.4.1.519.1 is the DUNS number. This is a secondary corporate identifier maintained by Dun & Bradstreet. We will discuss the applicability of DUNS in future blogs as we further develop the conversation around the value of including multiple identity indicators. We see a time soon where “two form identification” could provide real value to end users. End Entity Certificates issued by TrustCubes have a slightly different structure during the pilot phase: The LEI belonging to the company are entered into the OU field in the Subject DN. As the pilot progresses we will subsequently stop using the OU field and instead add the LEI to an OID in the End Entity Certificate to mirror the structure of the ICA. How to get an LEI enabled SSL Cert LEI enabled Certificates are available at https://www.trustcubes.com/lei-ssl, or for resellers via the Partner API. Talk to us today if you want to know more about this pilot. A few final thoughts. In a time where browser UI changes are making it harder for users to understand who the company is behind a website, connecting LEIs to SSL is a positive step towards a more standardized and useful company identity ecosystem. However these new advances and collaborations underpinning the availability and credibility of identity data should give all browser vendors an opportunity to consider how better to display identity assurance to their users....