Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Ā
SecureMAG Vol 3
1. Not for Sale
VO L UME 3 2011
SECUREMETRIC TECHNOLOGY GROUP
Not for Sale
Exhibitions 2011
Cyber Security for Government Asia
Cambodia Banking 2011
BankTech Asia 2011
Security World, Hanoi 2011
Banking Vietnam, Hanoi 2011
News
SecureMetric Technology on air at
Putra FM 90.7
SecureOTP protects OSK Investment
Bank
SecureMetric partners with Ascertia
SecureMetric partners with
PrimeKey
Awards
Silver Server Platform
SECUREMAG 2011 BY SECUREMETRIC TECHNOLOGY
Advanced Digital
SecureMetric Technology
Editorial Team
Signature Solution
CONTACT US:
Enhance Improve Go Paperless
SecureMetric Technology
Document
Address: 2-2, Incubator 2,
Efļæ½iciency
Technology Park Malaysia, Bukit Jalil,
Security
57000 Kuala Lumpur, Malaysia.
Tel: +603 8996 8225
Fax: +603 8996 7225
2. COVER STORY SECUREMETRIC TECHNOLOGY GROUP
Advanced Digital Signature Solution
e-Invoicing, e-Billing and e-Statement e-Notarization and Secure Archiving.
Any business application can send out e-documents in place of paper, however Very often organisations need to archive important business documents
in order to ensure authenticity and trust, itās important to digitally sign the anywhere from 2 to 10 years for compliance reasons. Specialist organisations
documents before they are sent externally. The organisationās reputation and responsible for maintaining archives on behalf of others, e.g. digital libraries may
brand protection can also be better protected if fraudulent documents are easy need to archive documents even for 100+ years!
to detect. Legislation such as the Electronic Signature Law in Vietnam and Digital
Signature Act 1997 in Malaysia also provide a business driver. There are several SecureMetric provides solutions to meet e-Notarisation and long-term archiving
ways in which digital signatures can be applied to outgoing documents. Typically needs in the following way:
the signature format will be XML DSig (including XAdES) and/or PDF Signatures
(including PAdES). 1. Server-side signing of data objects using a special archive key to create
long-term archive signatures with embedded timestamps and revocation info
SecureMetricās solution can be easily integrated with any business document that ensure the integrity and evidentiary capability of the preserved data.
production environment using our āWatched Folderā application called Auto File
Processor, or our high-level Java and .NET Client SDKs or via direct XML/SOAP 2. Creating long-term XML Evidence Record Syntax (XMLERS) archive objects
web service calls or even emails integration using secure email server. Signed based on the IETF LTANS Speciļ¬cation. The XMLERS archived objects can be
documents can be archived by making calls to the archive server. stored in the Archive Serverās SQL databases or returned to selected
enterprise content management (ECM) applications. The Archive Server
performs archive management, automated evidence refreshing based on
e-Tendering, e-Submission & ļ¬exible archive policy and archive retention policy management.
Secured Web Form upload
The volume of web-based business interactions is ever-increasing in the drive to Benefit
cut paper process by moving to automated online services. Common Businesses can save a substantial amount of money by moving from expensive
applications are e-Submissions or e-Filings, where end-users review and perhaps paper-based processes to electronic documents, ļ¬les and data. However this
upload completed documents to a central service. Other example applications process is often reverted back to paper at point of document sign-oļ¬ or approval,
include forms based systems such as online account management, online making the migration to digital only partially beneļ¬cial! Another poor alternative
purchasing plus local government services and central services such as e-Tax, is to use digital approval process but with no real security. Organisations need to
and e-Procurements. e-Tendering is a growing part of public sector business and prevent unauthorised change to key business documents to go unnoticed. They
has some speciļ¬c requirements. also need to bind originator and approver identities into the document to
provide traceability, accountability and a clear sign-oļ¬ audit trail. Systems and
The underlying requirement for all such applications is that the transaction or people reading the data need to know that it is original and unchanged.
document oļ¬ers proof of authenticity, data integrity and non-repudiation. In the
paper world ink is used. In the new electronic age digital signatures meet these Reputations are at risk when identities cannot be adequately conļ¬rmed, fraud
requirements and do it better than ink. and public embarrassment are the result when original documents are found to
1
have been changed. Within internal processes people need to have their
e-Document Approval signature on key documents so that they can be held accountable for their
actions. No signature means no security and therefore no trust! This is as a true
SECUREMAG 2011 BY SECUREMETRIC TECHNOLOGY
Organisations need to exchange documents for the purposes of sign-oļ¬ and in the digital world as in the physical world.
approval either with internal employees or external parties. Such documents
include sales contracts, HR documents like expense sheets, mortgage Our PKI digital signature solutions provide these trust services to business
documents, insurance claim forms, consultancy reports etc. documents and workļ¬ows. They can be used via web-interfaces or by application
APIs or automated systems. SecureMetricās document signing solution enables
Most current document management systems use a simple approve button to trust within PDF documents, XML data and other ļ¬les formats, web forms,
indicate approval ā however this provides little proof later that a particular user automated transactions and emails.
indeed signed-oļ¬ on a document. The document approval should instead by
given using digital signatures which add trust, integrity, assurance, traceability, The beneļ¬ts of our advanced digital signature solution are:
audit and ensure legal compliance
ā¢ A Veriļ¬able User Identity
ā¢ A Veriļ¬able Business Identity
ā¢ Binding Users/Business to Documents
ā¢ Providing Proof of Document Sign Oļ¬ or Approval
ā¢ Providing Non-Repudiable Legal Weight
Enhance Improve Go
ā¢ Document Signing Workļ¬ow with Time Stamp
Document Efļæ½iciency Paperless
Security
VOLUME 3 2011
3. PRODUCTS SECUREMETRIC TECHNOLOGY GROUP
AEP Series A
Secure Application Access 2500 . 4500 . 6500 . 8500
āWork is becoming something you do, not a place you go to.ā
The famous words of Woody Leonhard, the author of Underground Guide to In order to remain productive, employees need full access to the companyās
Telecommuting, rings true as advances in connectivity, hardware and software have corporate network; the computer-based applications, ļ¬les and data that today are at
resulted in workforces becoming increasingly mobile. People no longer have to be the heart of many work environments. However, one of the main concerns is to
tied to their desks all day, every day. As long as Internet connection is available, make sure that once these documents and applications are accessed from outside of
people can work remotely from anywhere: coļ¬ee shops, their homes, remote the private network, only authorized people are able to see them. This is where AEP
oļ¬ces or on public transport. Series A SSL VPN comes in handy.
Partner/ Supplier
Hosted VoIP
Branch Office
Private Cloud
Firewall AEP Series A Firewall
House Application Servers
Service Provider
Data Centre
Mobile Common usage of AEP Series A
Series A addresses the main concern employers have when deploying SSL VPN, Series A is also available in virtual appliance, called Series A Virtual Edition (VE) to
which is SECURITY. Series A oļ¬ers comprehensive network, endpoint and user support business continuity plans. Series A VE can support unlimited users and very
security where full network access is only given to trusted users and endpoints with scalable. It can be spin up or down as demand requires. Whatās more, Series A VE
AES 256 SSL Encryption. SecureMetricās SecureOTP hardware tokens can also be also comes in a more aļ¬ordable price.
used together with Series A as a two-factor authentication device for added
security. Besides that, it is the only SSL VPN Gateway with FIPS-140-2 Level 4 option. The features oļ¬ered by Series A beneļ¬ts a lot of people in the working world. For
So it does not compromise the security of the corporate network which is being example, employees working remotely form home can now have a better work-life
accessed remotely. balance. Employers can have a bigger talent pool since geographical distance is no
longer a hurdle and they can also employ disabled people who are more
From the userās point of view, Series A is known for of its ability to support a wide comfortable working from their home.
range of clients (Windows, Linux, iPhone, iPad and etc.) with diļ¬erent application
services (Windows Terminal Services, Citrix, Novell and etc.). All of the applications Since we agree that SSL VPN is a technology that can beneļ¬t almost everyone in the
can be used without the need to deploy and manage any user software or VPN working world, why not choose the best one for your company?
clients so it is a hassle free experience for the users. Users can also access ļ¬les or
applications on the oļ¬ce PC using Series A MyDesktop feature.
VOLUME 3 2011
4. AWARDS SECUREMETRIC TECHNOLOGY GROUP
SecureToken ST3 & SecureCOS PKI Hybrid won
Malaysian Common Criteria Evaluation and Certiļæ½ication (MyCC)
Malaysian Common Criteria Evaluation and Certiļ¬cation (MyCC) Scheme is a systematic process for
evaluating and certifying the security functionality of ICT products against deļ¬ned criteria or standards. It is
important to have a scheme to ensure high standards of competence and impartiality are maintained, and
that consistency is achieved.
MyCC Scheme evaluates and certiļ¬es the security functionality within ICT products against ISO/IEC 15408
standard which is known as Common Criteria (CC). The methodology use in the evaluation is also a
recognised standard known as Common Evaluation Methodology (CEM) or ISO/IEC 18045.
Based on the Common Criteria Recognition Arrangement (CCRA) requirement, a scheme is managed by a
sole Certiļ¬cation Body (CB). The Certiļ¬cation Body for the MyCC Scheme is known as Malaysian Common
Criteria Certiļ¬cation Body (MyCB), a department within CyberSecurity Malaysia. MyCB is responsible for
carrying out certiļ¬cation and overseeing the day-to-day management and operation of the scheme. MyCB
is independent from the Evaluation Facilities.
Both SecureMetricās product, SecureToken ST3 and SecureCOS PKI Hybrid, was recently awarded Common
Criteria Certiļ¬cate with Assurance Package EAL 1 under MyCCās programme. This certiļ¬cation has certainly
made SecureMetricās product more competitive especially in the European market.
SecureMetric Technology Received INNOCERT Award 2011
1-InnoCERT is a certiļ¬cation especially for recognition of innovative companies in Malaysia. Compare to
many other certiļ¬cations in Malaysia, this certiļ¬cation covers various industry including ICT, Green
Technology, Energy Eļ¬ciency, Manufacturing, and many other categories.
SecureMetric was awarded a AA rating for SMECorp's annual Innovation Showcase Expo recently in Kuala
Lumpur Convention Centre.
The certiļ¬cation process started in February 2011 where SMECorp and SIRIM sent auditors to
SecureMetric's oļ¬ce to audit SecureMetric in various capabilities such as the ability to innovate
technology and the ability to commercialise technology. SecureMetricās certiļ¬cation was under the
category of "Best Innovation Award in ICT & Electrical & Electronics".
During the Innovation Showcase Expo, SecureMetric was able to show it's various digital security products
2
to our Deputy Prime Minister Tan Sri Muhyiddin Yassin as well as other delegates from around the world.
SECUREMAG 2011 BY SECUREMETRIC TECHNOLOGY
SecureMetric's aim in innovation and to make Malaysia a well known country for innovation was
acknowledged with this AA rating. The company is aiming to get a AAA rating next year.
SecureMetric Technology Received Mircosoft Partner Network Certiļæ½ication
SecureMetric Technology has recently attained Microsoft Partner Silver
Server Status. The accreditation comes after SecureMetricās engineers
completed all the required training and certiļ¬cation.
Silver Server Platform
By attaining the Silver Server Platform competency, it demonstrates
SecureMetricās expertise in building, designing, deploying, and supporting the Windows Server operating
system, Windows Serverābased applications, and the Microsoft server infrastructure. SecureMetric is now
better positioned to support its customersā business strategies through high levels of availability, agility,
and automation.
For Microsoft, transparency, quality and the extent of consultation are the focus of customer support. The
Silver Server Platform also proves that SecureMetric has the expertise to address customersā needs by
controlling operating costs and increasing eļ¬ciencies through more eļ¬ective applications, reduced IT
labour and facilities costs, and consolidated servers.
VO LUME 3 2011
5. NEWS SECUREMETRIC TECHNOLOGY GROUP
SecureMetric Technology on air at
Putra FM 90.7
NEW PARTNERS
Recognising that there is a growing need in the digital
signature creation, veriļ¬cation, time stamping and secure
archiving products as well as eID validation in the South
East Asia region, SecureMetric partners with Ascertia from
UK to bring their premium solution to this region.
With the combination of SecureMetric PKI solution and
Ascertia eSecurity solution, SecureMetric can now oļ¬er a
On 27th April 2010, two of SecureMetricās expert, Lim Chin Wan and Raļ¬dah full end-to-end solution to many eDocument workļ¬ows
Ariļ¬n went on air at Putra FM to introduce Public Key Infrastructure (PKI) such as e-Invoicing, e-Tender, e-Billing as well as
technology. e-Submission solutions to businesses and governments in
this region.
The interview, which was titled āPengenalan Kepada Infrastruktur Kunci Awam
(PKI)ā aimed at giving an overview on how PKI works, its applications and how it
can be used in universities. They also discussed about the increasing cases of
cyber crimes in Malaysia
and how PKI can help to
reduce the occurrence of
cyber crimes. Although it
was their ļ¬rst time on air,
they did a pretty good job.
Hopefully after this, more
people will be aware of why SecureMetric is now the ļ¬rst and only certiļ¬ed partner of
PKI is needed to protect PrimeKey in the South East Asia region. SecureMetricās
people when they are engineer is now PrimeKey, the commercial arm of EJBCA,
online. certiļ¬ed consultants and trainers. PrimeKey specialises in
eID and ePassport projects in Europe and in the Middle
SecureOTP protects OSK Investment Bank
East. PrimeKey is especially well known for their
SECUREMAG 2011 BY SECUREMETRIC TECHNOLOGY
implementation is the French and Swedish Defense
Department. The Norway and Iceland Passport is also
issued using PrimeKeyās EJBCA implementation. There are
more than 200 EJBCA implementation around the world.
With this partnership, SecureMetric aims to bring the
best Certiļ¬cate Authority system to this region with
eID and ePassport capability. This partnership also beneļ¬ts
SecureMetric in that an expert in eID and ePassport like
PrimeKey will be transferring technology know-how to
SecureMetric and subsequently to this region.
SecureMetric has had EJBCA implementation experience
SecureMetricās SecureOTP product helps secure OSK Investment Bankās before in this region but this partnership formally
VPN. As an added security layer for their VPN, OSK Investment Bank recognise SecureMetric as the expert in EJBCA in South
introduces a 2 factor authentication for their VPN. This means each time East Asia. SecureMetricās expertise is in its
OSKās user needs to connect to their VPN, they would require an extra understanding of the local culture in this region.
One-Time-Password in addition to their regular username and password.
The implementation of this project only took 2 weeks which further proof
that SecureMetricās products are easy to deploy and user friendly.
VO LU M E 3 2011
6. EXHIBITIONS SECUREMETRIC TECHNOLOGY GROUP
Cyber Security Asia 2011 was a success. SecureMetric, a featured sponsor of the
event, was able to showcase its many PKI solutions for government agencies.
Chin Wan (SecureMetric Malaysia) and Bui Thanh Tung (SecureMetric Vietnam)
was at the event to talk to various government agency representatives from all
around Asia.
One of the speakers at the event, Mr. Dao Dinh Kha spoke about the
implementation of PKI in Vietnam for the country's citizens.
SecureMetric Technology participated
in Banking Cambodia 2011, on 24-25
February 2011 at Intercontinental Hotel
ambodia
Phnom Penh, Cambodia. The respond
SecureMetric got during the event was
very good.
Banking and Microļ¬nance Cambodia 2011 had 15 speakers and 500 conference BankTech Asia 2011, an annual banking technology conference & exhibition
attendees participating in one keynote session, three topic-speciļ¬c sessions hosted in Kuala Lumpur Convention Centre (KLCC) features top experts in
and two panel discussions. With the theme, āTowards modern banking & ļ¬nancial industry to speak and showcase the latest technologies available in the
Microļ¬nance Industry: An indispensable pathā, the two day event not only market today has always attracted decision makers from banking industry
delivered full market insights but also promoted latest technology around the region.
advancement in the banking and microļ¬nancing industry.
SecureMetric Technology, a fast growing and pioneer player in the digital
SecureMetric showcased itās PKI solution and how it could help big businesses security domain, was one of the exhibitor in BankTech Asia ā11 showcasing their
especially banks safe latest technologies and products featuring SecurePKI and SecureOTP card.
cost and reduce
business right using the One of the highlights of the event was SecureMetricās secureOTP card, a
right combination of PKI One-Time-Password (OTP) token integrated into a credit card. SecureOTP card is
solutions. During the just like any typical credit
event, many VIPs and card featuring smart chip
delegates engaged with and magnetic stripe
SecureMetricās experts except it contain a
in various issues microchip inside, 6 digit
regarding the digital display and 12-button
security space. touch keypad all power
by state of the art paper
battery which enable
SecureOTP maintain it
SecureMetric was a sponsor for the credit card size and
annual Banking Vietnam event in Hanoi slimness.
this year. Beside being a sponsor,
SecureMetric was also invited to send a
speaker to speak at their SAFETY AND
HANOI SECURITY INFORMATION SYSTEM session.
Chin Wan, SecureMetric's Regional Sales Director, was there to talk about how
SECUREMAG 2011 BY SECUREMETRIC TECHNOLOGY
PKI could be used to reduce business cost and risk.
Beside being a speaker at the event, SecureMetric was also invited to sit on the
panel of expertise in the eventās panel discussion forum which was held at the
last day of the prestigious event.
In addition, SecureMetric also showcased itās PKI solution is Advanced Digital
Signature Solution at their booth. The delegates who attended the event
showed positive reception towards SecureMetric's new Advanced Digital
Signature Solution and was keen to see how the solution would help their
organisation improve eļ¬ciency and save cost at the same time. The demo of SecureMetric participated as one of the Key Sponsor for Security World Hanoi,
the Advanced Digital Vietnam which being held in Hanoi Tower from 23rd to 24th March 2010. This
Signature Solution show has attracted many top representatives from Vietnam government
shown at the event also agencies, ļ¬nancial institutions and large corporations. As the continuously
gave delegates a chance eļ¬ort to position SecureMetric as the leading provider in Digital Security Sector,
to experience ļ¬rst hand SecureMetric again has demonstrated our willingness to share on the latest
how a digital signature digital security technology with our participation.
solution can help
towards reducing risk
and paper work in every
organisation.
VOLUME 3 2011