apsec Webcast Digital Signature In Electronic Workflow Environments


Published on

Presentation on Digital Signatures in Electronic Workflow Environments and Document Signature for PDF, PDF/A, Office Documents, Graphic Documents

Published in: Business, Technology
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

apsec Webcast Digital Signature In Electronic Workflow Environments

  1. 1. Digital Signature in Electronic Workflow Environments Eng. Andreas Schuster Business Development Manager Applied Security (apsec) M.E.
  2. 2. Contents <ul><li>Difference of </li></ul><ul><ul><li>Electronic Signature </li></ul></ul><ul><ul><li>Visual Signature </li></ul></ul><ul><ul><li>Digital Signature </li></ul></ul><ul><li>Signing of electronic documents (Live Demo) </li></ul><ul><li>Verifying of digital signatures </li></ul><ul><li>Usage of smartcard & fingerprint </li></ul><ul><li>Solutions to be added </li></ul><ul><li>Advantages, Integration Examples </li></ul>
  3. 3. “ Electronic Signature” – Is it new? <ul><li>Electronic signature definition: “A signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document or transaction.” </li></ul><ul><li>Samples: </li></ul><ul><ul><li>PIN for ATM </li></ul></ul><ul><ul><li>Digital pen or signature pad for </li></ul></ul><ul><ul><ul><li>Signing a credit or debit slip </li></ul></ul></ul><ul><ul><ul><li>POS transaction </li></ul></ul></ul><ul><ul><ul><li>handover certificate / certificate of receipt (delivery) </li></ul></ul></ul><ul><ul><li>Fax transmission with a stamp and/or signature </li></ul></ul><ul><li>Security: </li></ul><ul><ul><li>Electronic signature is not protected by cryptographic methods, but considered as enforceable contract in most countries. </li></ul></ul><ul><ul><li>Forging and spoofing can not be prevented due the fact that the e-signature can be copied easily. </li></ul></ul>
  4. 4. Electronic “Visual” Signature <ul><li>Process of adding a handwritten signature to a electronic document. </li></ul><ul><li>Either: Signature line can be scanned once and the image can be added to the document later </li></ul><ul><li>Or: signature is captured every time by the use of a signature pad </li></ul><ul><li>Security: </li></ul><ul><ul><li>Signature graphic can be protected, but still can be extracted from any signed document and re-used unauthorized. </li></ul></ul><ul><ul><li>Automatic verification of the entered signature is not possible. Manual forensic signature analysis would be required. </li></ul></ul>Signature Scan Interlink ePad II approx. US$ 160
  5. 5. Electronic “Digital” Signature <ul><li>Digital signature uses a private (and secret) key to generate a digital signature for a specific document. </li></ul><ul><li>Anyone can use this document including the attached digital signature plus a public key to verify the authenticity of the document. </li></ul><ul><li>Security: </li></ul><ul><ul><li>Digital signature provides non-repudiation and allows originator authentication and identification. </li></ul></ul><ul><ul><li>Private key (the secret used to generate the digital signature) should be protected with 2-factor authentication </li></ul></ul><ul><ul><li>Digital signature cannot be copied, because it is valid for a single document only. </li></ul></ul>
  6. 6. Adding an Digital Signature <ul><li>Demonstration of an Office 2007 Signature </li></ul><ul><li>Demonstration of a PDF Signature with apsec fide AS ® sign 2.0 </li></ul>
  7. 7. Principle of digitally signing <ul><li>Build a one-way hash of the document </li></ul><ul><li>Encrypt the hash value with the private key of the signer </li></ul><ul><li>Encrypted hash + certificate = signature </li></ul><ul><li>Certain document- types allow to attach signature (e.g. PDF, PDF/A or XML) </li></ul><ul><li>For other documents the signature could be saved as an extra file </li></ul>unsigned electronic document one-way hash Key-card encrypted one-way hash certificate signed electronic document
  8. 8. Verification of electronically signed documents <ul><li>Separate signature from document </li></ul><ul><li>Check certificate (e.g. CRL, OCSP) </li></ul><ul><li>Decrypt hash with certificate </li></ul><ul><li>Compute hash of document </li></ul><ul><li>Compare the two hash values </li></ul>unsigned electronic document one-way hash encrypted one-way hash certificate signed electronic document encrypted one-way hash certificate decrypted one-way hash check if valid compare
  9. 9. Signature Verification of PDF-Documents <ul><li>PDF can be verified with Acrobat Reader </li></ul><ul><li>A simple click on the sign symbol in the document is enough </li></ul><ul><li>Certificates can be checked offline or online </li></ul>
  10. 10. <ul><li>Media to store the Private Key </li></ul><ul><ul><li>PKCS#12 – software certificate </li></ul></ul><ul><ul><li>PKCS#11 – smartcard or USB-token </li></ul></ul><ul><ul><ul><li>USB-token </li></ul></ul></ul><ul><ul><ul><li>Smartcard + smartcard reader </li></ul></ul></ul><ul><ul><li>Fingerprint Biometric </li></ul></ul><ul><ul><ul><li>e.g. Feitian BioPass 3000 </li></ul></ul></ul><ul><li>Public Key and the Digital Certificate </li></ul><ul><ul><li>Is used to verify the signature and is stored together with the document </li></ul></ul><ul><ul><li>Can define a time frame the keys/trusts are valid </li></ul></ul>Usage of Smartcards and Fingerprint Cryptographic Smartcard, Cryptographic USB-Token, Cryptographic Fingerprint Reader: 32K-72K secure memory, RSA key generation on card, optional biometric match on card
  11. 11. Solutions to be added: fide AS ® sign <ul><li>Server or client based digital signing solution </li></ul><ul><li>Modular concept allows combining: </li></ul><ul><ul><li>Integration interfaces: </li></ul></ul><ul><ul><ul><li>GUI </li></ul></ul></ul><ul><ul><ul><li>Batch-mode </li></ul></ul></ul><ul><ul><ul><li>Email / SMTP connector </li></ul></ul></ul><ul><ul><ul><li>SOAP </li></ul></ul></ul><ul><ul><li>Signature and document types: </li></ul></ul><ul><ul><ul><li>PDF (embedded) </li></ul></ul></ul><ul><ul><ul><li>XML (embedded) </li></ul></ul></ul><ul><ul><ul><li>CMS-signature (for any document) </li></ul></ul></ul><ul><ul><li>Signature quality: </li></ul></ul><ul><ul><ul><li>from software keys for internal use </li></ul></ul></ul><ul><ul><ul><li>to different hardware solutions (like smart cards, tokens, biometric /w crypto chip) </li></ul></ul></ul>
  12. 12. <ul><li>Using electronic documents saves time and money: </li></ul><ul><ul><li>No paper / printing / mailing cost </li></ul></ul><ul><ul><li>Accelerated workflow </li></ul></ul><ul><ul><li>Easy, multi-user document archives </li></ul></ul><ul><li>Sign electronic documents to: </li></ul><ul><ul><li>Protect documents from manipulation </li></ul></ul><ul><ul><li>Secure an approval process </li></ul></ul><ul><ul><li>Identify the signer </li></ul></ul><ul><ul><li>Make an electronic document legally binding </li></ul></ul><ul><li>Digital Signature is legalized in most countries including the U.A.E., see TRA law from 2006: http://www.tra.ae/TRA-eCommerce-resolutions.php </li></ul>Usability & Security Advantages
  13. 13. Technical Advantages <ul><li>Easy-to-use </li></ul><ul><li>apsec CA is available to issue digital IDs </li></ul><ul><li>One PIN entry for thousands of signatures – even when using smart cards </li></ul><ul><li>Adjustable to your requirements </li></ul><ul><li>Works with most common key media types like </li></ul><ul><ul><li>Smart cards </li></ul></ul><ul><ul><li>USB-token </li></ul></ul><ul><ul><li>HSM Module </li></ul></ul><ul><ul><li>Biometric devices with crypto chip </li></ul></ul><ul><ul><li>Key files </li></ul></ul>Cryptographic Smartcard, USB-token, HSM, or Biometric: 32K-128K secure memory, RSA key generation on card, opt. biometric match on card
  14. 14. <ul><li>Internal workflows </li></ul><ul><ul><li>Simplify and accelerate work processes </li></ul></ul><ul><ul><li>Archive signed electronic documents to: </li></ul></ul><ul><ul><ul><li>Make sure that hat the document is genuine </li></ul></ul></ul><ul><ul><ul><li>Enable multi-user reading </li></ul></ul></ul><ul><ul><li>Reduced paper and printing cost </li></ul></ul><ul><li>Electronic contracts </li></ul><ul><ul><li>Multi-signing secures electronic contracts </li></ul></ul><ul><li>e-billing </li></ul><ul><ul><li>Save mailing, paper and printing costs </li></ul></ul><ul><ul><li>Ensure legal and secure e-billing </li></ul></ul>Application Advantages
  15. 15. Integration Examples Workflow <ul><li>Supported Integration Interfaces for Workflow Applications </li></ul><ul><ul><li>Java Wrapper (portlet) </li></ul></ul><ul><ul><li>IBM FileNet P8 Connector: Universal File Importer </li></ul></ul><ul><ul><li>Dokumentum Check-in Filter </li></ul></ul><ul><ul><li>Electronic Workflow Check-In / Check-Out </li></ul></ul><ul><ul><li>J2EE (pure Java portlet) </li></ul></ul><ul><ul><li>SOAP 1.1/1.2 XML Envelope </li></ul></ul><ul><ul><li>Native XML </li></ul></ul><ul><li>Batch signing (in-folder, out-folder) </li></ul><ul><li>Command line tool for simplest integration </li></ul><ul><li>Email / SMTP interface </li></ul>
  16. 16. Reference Story: City of Oberursel <ul><li>Use PKI solution to digital sign workflow documents </li></ul><ul><li>The documents are processed, signed and forwarded to the next person in charge. </li></ul><ul><li>Implemented: 2004, enhanced 2006 </li></ul><ul><li>Authentication: fingerprint + smartcard </li></ul><ul><li>apsec products integrated: </li></ul><ul><ul><li>fide AS ® sign </li></ul></ul><ul><ul><li>fide AS ® miniCA </li></ul></ul>public sector
  17. 17. See you soon on our next Webcast! <ul><li>Enhanced Encryption Technologies for Enterprises (planned 3 rd Week of June) </li></ul><ul><ul><li>Network / Server Encryption </li></ul></ul><ul><ul><li>Database Encryption </li></ul></ul><ul><ul><li>Email Encryption </li></ul></ul><ul><li>All participants will receive a free copy of our PC / notebook encryption solution fide AS ® file private </li></ul>
  18. 18. Thanks for your attention! Speak with us.. apsec offers full service for all aspects of data security. Applied Security GmbH Industriestraße 16 D-63811 Stockstadt Fon: +49(0)6027/4067-0 Fax: +49(0)6027/4067-99 Internet: http://www.apsec.de email: info@apsec.de Your contact: Andreas Schuster Applied Security UAE, Dubai [email_address]