Digital signature efficient, cut cost and manage risk
Digital Signature: Efficient,Cut Cost and Manage RiskFormula for Strong Digital Security
SignatureA person’s name written in a distinctive way, patternor characteristic as a form of identification by whichsomeone or something can be identifiedRafidahAriffin
Sumerians, inventor of writing also inventedthe first authentication mechanism, intricatesealsHistory of Signature
This practice remain unchanged for over1,400 years. Today it is still used andapplied in much the same way – byscribbling one’s own name.Affixing handwritten signatures practicebegan within the Roman Empire in theyear AD 439, during the rule of ValentinianIIIHistory of Signature
Security Objectives of A SignatureAuthenticationData IntegrityNon-repudiation
Easily forgedDoes not maintain data integrityCan be repudiatedHowever, HandwrittenSignatures…
Digital SignatureAlso known as “ElectronicSignature” or “Digital SignatureScheme” or “electronic seal”Binary or digital code attach to an electronic transmitmessage or document to authenticates and executes adocument and identifies the signatory.
“Security and commitment are key issues for commercial onlinetransactions, as the Internet is an open network prone to problems suchas identity, legal commitment, third party interference and manipulationof information.”- Malaysian Communication and Multimedia Commission (MCMC)Introduces and implements the usage of DigitalCertificate for Internet based commercialtransactions.In effect since 1st Oct 1998
Certificate Authority (CA)RevokeSignedon 2008Basic SignatureTrust Status
Long-term Signature vs Basic SignatureLong-term signatureBasic signatureCertificate Status Info Timestamp101100110101…Hash encrypted with signerprivate key101100110101…Hash encrypted with signerprivate key
Why long-term signature isimportant?E.g. Bank Negara require records to be kept for 7 years.In the period of 7 years, long-term signature will definitely preservethe validity of signer.
How Does DigitalSignature BenefitsYour Business
Advanced Digital Signature Solution(ADSS)• Protecting information output– signing and timestamping, notarising and archiving services for e-invoicing, statements, acceptances, reports etc• Protecting inbound information– notarising/timestamping and archiving services for any received information forlarger organisations• Protecting internal document workflows– signing/approving documents or data to confirm a chain of approval (Server or Clientheld documents)• Confirming external transactions– Using intelligent web-forms that results in both end-user signing andcorporate counter signing– Allowing client documents and files to be signed + uploaded
ADSS Client-side signingFirewallUserBusinessapplicationADSS InfrastructureServersFirewallSigning locally using local keysExternal CAsfor OCSP andCRL dataGo>Sign Professionalincludes PDF viewingand signingfunctionalityIt also enables DLP bycontrolling localsaving, local printingand screen copy.Signature Verificationusing trusted CA details
ADSS Client-side signing• Documents can be signed anytime, anywhere• A move from expensive paper based process to electronicdocument• DLP features included• Signed using locally held private key from a Trustable thirdparty• Protected under Digital Signature Act 1997EFFICIENTCUT COSTMANAGE RISK
ADSS Workflow Signing /Verification• Document can be signed immediately by multiple person who might notreside in the same office• Can be integrated with any business application – documentmanagement system• A move from expensive paper based process to electronic document• A single solution which offers multiple functions – signing, timestamping & verificationEFFICIENTCUT COSTMANAGE RISK• Signed using private keys from a trustable third party• Document’s integrity guaranteed with time stamping• Protected under Digital Signature Act 1997• Documents hashed using SHA-1 or SHA-2 with long key lengths
Auto File Processor (AFP) – File Signing &VerifyingAuto File ProcessorADSS ServerAuto File Processor is a separateClient Application that can:• Watch multiple input folders• Process documents intelligently• Use one or multiple load-balancedADSS Servers to sign documents• Manages each Signing Profile• Manages all signing keys• Performs signature generation• Logs all transactions• Provides detailed reportsOne ADSS Server can be used orfor high availability two load balancedADSS Servers can be usedFinal documents(to be signed) Signed documentsOutput FoldersInput Folders
Auto File Processor (AFP) – FileSigning & Verifying• Multiple documents can be signed with a click of a mouse• Signed documents are placed in a separate folders• A move from expensive paper based process to electronic document• Add new features to existing business applicationEFFICIENTCUT COSTMANAGE RISK• Signed using private keys from a trustable third party• Document’s integrity guaranteed with time stamping• Protected under Digital Signature Act 1997• All requests are securely logged
Internet1) ERP systemsends emailERPSystemRecipientSecure EmailServerADSSServer2) Requestsignature3) Signature4) Forwardemail5) Recipientreceivessigned emailSign emails that are sent or receivedSign email attachmentsSecure Email Server - signing email &attachments
• Emails & attachments can be signed and verified automatically• Preserves integrity• Filter selection policies to be configured that define the type of emailsto verify• A move from expensive paper based process to electronic document• Add new features to existing business applicationEFFICIENTCUT COSTMANAGE RISK• Sender & receiver clearly identified• Signed using private keys from a trustable third party• Protected under Digital Signature Act 1997• All requests are securely loggedSecure Email Server - signing email &attachments
• Provides multiple services– Reducing the number of individual products required• Provides a range of interfacing options– Easy integration with existing business workflows• Handles a number of document formats– Supporting business needs for PDF, XML and Files• Provides a range of signature formats– Comprehensive signing and verification services• Provides a single point of management & audit– Comprehensive event and transactional logging– Secure web-based management with role-based access controls– Simplifies operational activities, reduces management and training costs, reducesimplementation & system costsAdvanced Digital Signature Solution(ADSS)
ADSS - ReferencesFINANCIAL INSTITUTION• Deutsche Bundesbank and Banca d’Italia – To verify XML signaturesusing long term and archive signature for security & legal strentgh• LeasePlan, Belgium selected ADSS PDF Server to sign invoices and otherdocuments. Several thousand documents are signed each month usinglong-term PDF PAdES signatures.GOVERNMENT• The British Library, UK - Long-term evidencing for the BL online digitalmedia archive.• The National Communications Authority (ANACOM), Portugal - Usesdigital signatures for traceability, accountability and integrity to itsbusiness document workflows.