Code Signing

Code Signing --- a Solution Combining Thales e-Security Products & Services

Quickly deploy a secure, efficient, and scalable code signing process

Given the prevalence of malware and Advanced Persistent Threats (APTs), many software vendors, providers of online services, and enterprise IT organizations are under pressure to increase the security of their code signing process. The Thales Code Signing solution helps software producers of all types implement highly secure and efficient code signing processes that protect their organizations from risks associated with software tampering. Combining tamper-resistant nShield hardware security modules (HSMs) with services from Thales ASG, the Thales Code Signing solution is backed by our extensive expertise in code signing best practices and standards of due care.  Proven hardware security modules provide tamper-resistant, certified protection for private code signing keys and a secure platform to perform critical digital signature processes. Thales Code Signing also offers a flexible range of capabilities to simplify and automate the code signing request/approval workflow for organizations with more complex requirements.

Each Thales Code Signing solution includes one or more high-assurance nShield HSMs, the Thales Code Signing framework, and service days appropriate to your specific requirements. Thales ASG will design and configure your solution to support your specific code signing workflow. With the optional addition of Time Stamp Server, organizations can add trusted time stamping to these solutions, allowing them to validate precisely when code was signed.  Thales Code Signing is offered in three configurations:

  • Developer. This solution is designed for the individual developer workstation for low volumes of code signing. Your Thales ASG team will perform secure installation and configuration of the nShield Edge USB-attached HSM for secure code signing, and will work with your staff to develop basic policies and procedures for HSM and key management.
  • Workgroup. This solution is designed for organizations with multiple build stations where a shared signing resource is advantageous. It features the nShield Connect network-attached HSM for secure code signing. In addition to performing secure installation and configuration and developing policies and procedures, your Thales ASG team will develop a web service to centralize and automate key management associated with software signing requests from multiple platforms and build stations. The result is stronger security and a more streamlined code signing process.
  • Enterprise. This solution is designed for larger organizations with requirements for highly controlled software signing approval process workflows with robust end-to-end audit capabilities. The solution’s workflow automation simplifies and streamline business processes around code signing including accepting requests through a self-service web portal, notifying approvers, managing approvals

Code Signing Benefits:

  • Protect your company, intellectual property, brands, partners, and users from risks associated with software tampering.
  • Quickly implement a high-assurance code signing process appropriate to your organization’s size and scope.
  • Maximize protection from outsider and insider attacks with a tamper-resistant solution.
  • Simplify and streamline the code signing process using workflow automation capabilities.