Ascertia Adss Server Capabilities


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • This is a quick example to illustrate a sign-off process Most people think more about the signing process than the verification process, however why would you approve something that was not correct in some detail An important aspect is for the server to verify each signature as it is received and to deal with invalid signatures or certificates or local time And just because a signature exists doesn’t mean it is the right one, for example are you expecting the citizen eID certificate to be used or the company end-user certificate, or the corporate server certificate? Timestamping is a key issue since the originator may have a signficant time error on their local system. Perhaps they mean to submit a document after a deadline that actually appears to be signed before the deadline A central timestamp can confirm the time of receipt and of processing and provide evidence for any later time based or change based dispute. For any important process auditors will wish to review evidence logs of actions requested and completed, especially if required to by a court or a regulator
  • This slide brings together the main themes of this presentation We have covered why trust is need We have talked briefly about all these important aspects of trust services and how they can Reduce fraud, reduce costs, reduce risks – and help the environment by creating, using, printing and transporting less paper! Ascertia is a market leader It’s a small world and you may not have heard much about us – and yet we have excellent references
  • Ascertia Adss Server Capabilities

    1. 1. Ascertia ADSS Server Capabilities February 2008
    2. 2. Ascertia Limited <ul><li>A Leader in e-Trust products and solutions </li></ul><ul><ul><li>Comprehensive solutions for Global Trust </li></ul></ul><ul><ul><li>Focused on meeting real customer needs </li></ul></ul><ul><ul><li>Working with System Integrators & Service providers </li></ul></ul><ul><ul><li>Selling to resellers & end-users </li></ul></ul><ul><li>Mission </li></ul><ul><ul><li>Making digital signatures easy to use and trust </li></ul></ul><ul><ul><li>Providing secure, flexible, multi-functional trust services for businesses and managed service providers </li></ul></ul><ul><li>A private limited company </li></ul><ul><ul><li>All products designed and developed in-house </li></ul></ul><ul><ul><li>Strong R&D investment continues at 25+% </li></ul></ul><ul><ul><li>Self-funded with tight expense controls </li></ul></ul><ul><ul><li>Carefully managing business growth </li></ul></ul><ul><ul><li>Wholly owned by Directors and staff </li></ul></ul>
    3. 3. Products - 2008 <ul><li>CLIENT SOFTWARE </li></ul><ul><li>Digital signatures Verification & validation, Encryption </li></ul><ul><li>PDF Sign&Seal File Sign&Seal ARP SE (OCSP & CRL services) ARP SDK (validation toolkit) </li></ul>SERVER SOFTWARE Digital signature creation, Verification & validation, Encryption & other options ADSS Server - PDF Signer Server option - XML Signer Server option - File Signer Server option ADSS Secure eMail Server [Q2] ARP EE (OCSP & CRL services) Full validation + history logs CRL and OCSP Service Monitors and test tools INFRASTRUCTURE SOFTWARE - TrustFinderOCSP OCSP Server - TrustFinderCA Enterprise credentials - TrustFinderTSA TimeStamp Server - TrustFinderSCVP XKMS Server [Q2] - TrustFinderXKMS SCVP Server [Q3] PKI Protocols DATA
    4. 4. Business Workflow Example Verify Timestamp ERP CRM ECM Create Sign Review Approve Verify Countersign Review/ Release Verify Countersign Audit Verify
    5. 5. Business Workflow Example Create Sign Countersign Verify Timestamp Review Approve Review/ Release Audit Users identified using strong authentication techniques with an option to confirm and authorise signature and counter-signature If using signed PDFs then Adobe ® Reader also verifies at the desktop
    6. 6. <ul><li>DESKTOP SOFTWARE </li></ul><ul><li>Desktop Applications: PDF Sign&Seal File Sign& Seal </li></ul><ul><li>ARP OCSP Client Browser based (Server controlled): - PDF Signing - File Signing - XML Signing - Signing & uploading files </li></ul>SERVER SOFTWARE ADSS Server - PDF signing, encryption & verification - XML signing and verification - File signing and verification - Timestamp Authority services - OCSP Validation Authority services ARP OCSP Client (for servers) Multiple document formats Multiple signature formats Notary archive services Implementation Options DATA
    7. 7. ADSS Server – Business Usage <ul><li>Can be used to deliver trust for internal or external e-business workflows </li></ul><ul><ul><li>Central or local Government </li></ul></ul><ul><ul><li>Financial, Telco, Pharma, Petrochemical, etc </li></ul></ul><ul><ul><li>Health services, multi-agency services, etc </li></ul></ul><ul><li>Satisfies business needs for </li></ul><ul><ul><li>Traceability, audit, compliance </li></ul></ul><ul><ul><li>Identity assurance, integrity </li></ul></ul><ul><ul><li>Document and data authentication </li></ul></ul><ul><ul><li>Certainty in dealing with final, approved documents </li></ul></ul><ul><ul><li>Immediate, medium term and long-term trust </li></ul></ul><ul><ul><li>Optional digital notary services </li></ul></ul>
    8. 8. ADSS Server Product Architecture Application Web Services Application Java API Email Gateway Watched Folder OCSP Clients SCVP clients XKMS clients using HTTP HTTP/S XML/SOAP Synchronous Asynchronous    = Q1 2008
    9. 9. ADSS Server Powered Products <ul><li>PDF Signer Server </li></ul><ul><ul><li>Signing & Verification </li></ul></ul><ul><li>XML Signer Server </li></ul><ul><ul><li>Signing & Verification </li></ul></ul><ul><li>File Signer Server </li></ul><ul><ul><li>Signing & Verification also Forms </li></ul></ul><ul><li>TrustFinderOCSP v5 </li></ul><ul><ul><li>RFC 2560 Validation Authority </li></ul></ul><ul><li>TrustFinderTSA v5 </li></ul><ul><ul><li>RFC 3161 Timestamp Authority </li></ul></ul><ul><li>In R&D </li></ul><ul><ul><li>TrustFinderCA (Full features) </li></ul></ul><ul><ul><li>TrustFinderSCVP </li></ul></ul><ul><ul><li>TrustFinderXKMS </li></ul></ul>Note: You only need license and use what is needed today
    10. 10. ADSS Server Product Differentiators <ul><li>Business applications need comprehensive services not just simple protocols </li></ul><ul><ul><li>ADSS Server is a comprehensive multi-functional server </li></ul></ul><ul><li>ADSS Server offers a single service point </li></ul><ul><ul><li>For signing, for verification, for validation & timestamping </li></ul></ul><ul><ul><li>For application authorisation & transaction management </li></ul></ul><ul><li>ADSS saves time everywhere - for everyone </li></ul><ul><ul><li>Solution Architect learning time </li></ul></ul><ul><ul><li>Solution delivery / build time </li></ul></ul><ul><ul><li>Operations Management training time </li></ul></ul><ul><ul><li>Security Audit training time </li></ul></ul><ul><li>All modules have a consistent look & feel </li></ul><ul><li>Solution build & enhancement is easier </li></ul>ADSS Server does it all from just one box! OCSP Server (XKMS/SCVP) TSA CA / RA Server-side Signing & Verification
    11. 11. Why use ADSS Server? <ul><li>Maximises options and enables easy usage </li></ul><ul><ul><li>Multiple integration approaches, optional HSMs </li></ul></ul><ul><ul><li>Handles multiple document formats </li></ul></ul><ul><ul><li>Handles multiple signature locations and formats </li></ul></ul><ul><ul><li>Corporate signatures, end-user signatures </li></ul></ul><ul><li>Minimises internal effort to apply trust </li></ul><ul><ul><li>High level services – even using just one line of code ! </li></ul></ul><ul><ul><li>Manages all keys and certificates </li></ul></ul><ul><ul><li>Built-in management, logging, audit, reporting </li></ul></ul><ul><li>A world-class product for today and tomorrow! </li></ul><ul><ul><li>All the business options in one product </li></ul></ul><ul><ul><li>Services multiple concurrent applications </li></ul></ul><ul><ul><li>High availability and scalability </li></ul></ul><ul><ul><li>Easy to use, managed, controlled security </li></ul></ul>
    12. 12. Ascertia ADSS Server Trust Services Note: You only need license and use what is needed today PDF Documents - Basic signature (visible / invisible) - Certify - Sign & timestamp - Long-term signatures XML Documents - XML DSig (XAdES ES) - Timestamps (XAdES ES-T) - Long-term signatures (XAdES X-Long) PKCS#7 / CMS / SMIME - Basic signature (CAdES ES) - Timestamps (CAdES ES-T) - Long-term signatures (CAdES X-Long) Historic Verification OCSP Validation (immediate verify & long term sign) Time Stamp Authority (TSA) Server Sign Verify                     -    [email_address]  
    13. 13. Use case 1 Adding Trust to Outbound Documents For any internal, published or outgoing data Signed Invoices, Signed Receipts, Orders & Order Confirmations Regulatory Reporting, Policies and Procedures Internal Users Third parties SIGN + timestamp Business Applications ADSS Server Internal ERP, ECM, CRM Systems Notary archive option
    14. 14. Use case 2 Adding Trust to Inbound Documents For received documents or data eProcurement submissions, Financial Reports Regulations, Orders, Receipts, Statements Internal Systems Notary archive option VERIFY and/or SIGN & TIMESTAMP Business Applications ADSS Server Signed data from known systems Unsigned data from untrusted systems
    15. 15. Use case 3 Server-controlled client-side signing eProcurement, eTendering, eBPM actions Purchasing, Business Agreements Accepting, Approving, Confirming Workflow / Confirmation SIGN & VERIFY Display Document Ask to Sign Signature Action End-user & Corporate Signatures Applied End-user signature verified & validated User keys GoSign Applet G Business Applications ADSS Server Display signed document
    16. 16. Use Case 4 Server-side multi-user signing eBPM actions, Purchasing, Business Agreements Accepting, Approving, Confirming Workflow / Confirmation PDF SIGN Display Document Ask to Sign Confirm wish to Sign Display signed document Action End-user & Corporate Signatures Applied User keys Business Applications ADSS Server Option to timestamp, long-term sign
    17. 17. Use case 5 Signed upload of client documents or files eBanking, eProcurement, eTendering Trade finance systems, etc VERIFY & TIMESTAMP Application Dialogue Ask to Upload Signed file uploaded Optional signed receipt is recommended! Workflow Action End-user signature verified & validated Optional timestamp applied to confirm time User keys GoSign Applet (local file signing option specified) G Business Applications ADSS Server
    18. 18. Use Case 6 Document Management Workflow eProcurement, eTendering, Project work E-Portal Documents and Workflow Management VERIFY & TIMESTAMP End-user and corporate signatures applied End-user signature verified & validated Multiple Users, Different Organisations SIGN G G Business Applications ADSS Server
    19. 19. Use case 7 Adding Trust to Emails and attachments Using Ascertia ADSS Secure eMail Server [Q2 2008] Sign or verify emails that are sent or received Sign or verify email attachments Archive/ recovery emails Intelligent handling of encryption / decryption Internal Users Third parties SIGN + timestamp Secure eMail Server ADSS Server Internal ERP, ECM, CRM Systems Notary archive option
    20. 20. ADSS Server Scalability / Resilience CA 1 CA 2 CA n CRLs CRLs CRLs OCSP OCSP OCSP Hardware Load Balancer ADSS Server Database replication E.g. Big-IP Cisco HSM 1 ADSS Server HSM 2 SQL Server or Oracle or PostgreSQL Signature / Verification / Validation requests (HTTP/HTTPS) Option for 1 or more CAs supported Optional HSMs
    21. 21. ADSS Server – Authority Services <ul><li>ADSS Certificate Authority </li></ul><ul><ul><li>Internal key generation and certification or interaction with an external CA </li></ul></ul><ul><li>ADSS Validation Authority </li></ul><ul><ul><li>Current validation using CRL checks </li></ul></ul><ul><ul><li>Current validation using OCSP calls </li></ul></ul><ul><ul><li>Historic validation using retained old CRLs </li></ul></ul><ul><ul><li>DNV VAS protocol </li></ul></ul><ul><ul><li>SCVP and XKMS options in Q1 2008 </li></ul></ul><ul><li>ADSS Time Stamp Authority </li></ul><ul><ul><li>Provides RFC3161 Timestamp Authority services </li></ul></ul><ul><ul><li>Provide good commercial management services </li></ul></ul>
    22. 22. Solution Summary <ul><li>Trust is essential for e-business </li></ul><ul><ul><li>Enhances credibility </li></ul></ul><ul><ul><li>Prevents changes to data </li></ul></ul><ul><ul><li>Meets legislative requirements </li></ul></ul><ul><ul><li>Enables legal acceptance </li></ul></ul><ul><ul><li>Enhances dispute resolutions </li></ul></ul><ul><ul><li>Prevents draft or unapproved data being used </li></ul></ul><ul><ul><li>Substantially reduces print and delivery costs </li></ul></ul><ul><ul><li>Reduces business risk and costs </li></ul></ul><ul><ul><li>Offers a competitive advantage </li></ul></ul><ul><li>Ascertia is a trust products leader </li></ul><ul><li>Ascertia has excellent references </li></ul>Sign-off & approval Clear ownership Assure traceability Legal weight signatures Strengthen audit & compliance Reduce identity fraud Strengthen internal policies Prevent document changes Reduce paper & postage costs And reduce your carbon footprint Provide undeniable evidence Protect archived data
    23. 23. Ascertia Summary <ul><li>Ascertia leads the world with its trust solutions </li></ul><ul><li>The right vision & capability to secure the future </li></ul><ul><li>The right company to do business with </li></ul><ul><li>The right architecture for the future </li></ul><ul><li>The right products for today’s market </li></ul><ul><li>The right attitude and commitment to our customers and partner </li></ul>
    24. 24. Questions: Rod Crook +44 1256 895416 [email_address]