Digital Signature: Efficient,Cut Cost and Manage RiskFormula for Strong Digital Security
SignatureA person’s name written in a distinctive way, patternor characteristic as a form of identification by whichsomeon...
Sumerians, inventor of writing also inventedthe first authentication mechanism, intricatesealsHistory of Signature
This practice remain unchanged for over1,400 years. Today it is still used andapplied in much the same way – byscribbling ...
Why fix somethingthat isn’t broken?
Security Objectives of A SignatureAuthenticationData IntegrityNon-repudiation
Easily forgedDoes not maintain data integrityCan be repudiatedHowever, HandwrittenSignatures…
Digital SignatureAlso known as “ElectronicSignature” or “Digital SignatureScheme” or “electronic seal”Binary or digital co...
Digital Signature Act1997
“Security and commitment are key issues for commercial onlinetransactions, as the Internet is an open network prone to pro...
Types of DigitalSignature
Certificate Authority (CA)RevokeSignedon 2008Basic SignatureTrust Status
Long-term Signature vs Basic SignatureLong-term signatureBasic signatureCertificate Status Info Timestamp101100110101…Hash...
Why long-term signature isimportant?E.g. Bank Negara require records to be kept for 7 years.In the period of 7 years, long...
How Does DigitalSignature BenefitsYour Business
Advanced Digital Signature Solution(ADSS)• Protecting information output– signing and timestamping, notarising and archivi...
ADSS - ServicesComprehensive e-business trust services• Digital Signature creation - Server-side & clientside• Digital Sig...
Comprehensive integration options• Web-services and HTTP, HTTPS services• Auto File Processor (Watched Folder Mode)• Secur...
ADSS – SupportedDocuments & SignaturePDF Documents- Basic signature (visible / invisible)- Certify signature- Sign & times...
ADSS – Signing Services
ADSS Client-side signingFirewallUserBusinessapplicationADSS InfrastructureServersFirewallSigning locally using local keysE...
ADSS Client-side signing• Documents can be signed anytime, anywhere• A move from expensive paper based process to electron...
ADSS Workflow Signing /VerificationSignVerifyTimestampReview/ApproveCountersignAuditVerifyWeb ApplicationReview/UploadRevi...
ADSS Workflow Signing /Verification• Document can be signed immediately by multiple person who might notreside in the same...
Auto File Processor (AFP) – File Signing &VerifyingAuto File ProcessorADSS ServerAuto File Processor is a separateClient A...
Auto File Processor (AFP) – FileSigning & Verifying• Multiple documents can be signed with a click of a mouse• Signed docu...
Internet1) ERP systemsends emailERPSystemRecipientSecure EmailServerADSSServer2) Requestsignature3) Signature4) Forwardema...
• Emails & attachments can be signed and verified automatically• Preserves integrity• Filter selection policies to be conf...
• Provides multiple services– Reducing the number of individual products required• Provides a range of interfacing options...
ADSS - ReferencesFINANCIAL INSTITUTION• Deutsche Bundesbank and Banca d’Italia – To verify XML signaturesusing long term a...
Thank you.
Upcoming SlideShare
Loading in …5
×

Digital signature efficient, cut cost and manage risk

601 views

Published on

Digital Signature for a efficient and paperless office

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
601
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Digital signature efficient, cut cost and manage risk

  1. 1. Digital Signature: Efficient,Cut Cost and Manage RiskFormula for Strong Digital Security
  2. 2. SignatureA person’s name written in a distinctive way, patternor characteristic as a form of identification by whichsomeone or something can be identifiedRafidahAriffin
  3. 3. Sumerians, inventor of writing also inventedthe first authentication mechanism, intricatesealsHistory of Signature
  4. 4. This practice remain unchanged for over1,400 years. Today it is still used andapplied in much the same way – byscribbling one’s own name.Affixing handwritten signatures practicebegan within the Roman Empire in theyear AD 439, during the rule of ValentinianIIIHistory of Signature
  5. 5. Why fix somethingthat isn’t broken?
  6. 6. Security Objectives of A SignatureAuthenticationData IntegrityNon-repudiation
  7. 7. Easily forgedDoes not maintain data integrityCan be repudiatedHowever, HandwrittenSignatures…
  8. 8. Digital SignatureAlso known as “ElectronicSignature” or “Digital SignatureScheme” or “electronic seal”Binary or digital code attach to an electronic transmitmessage or document to authenticates and executes adocument and identifies the signatory.
  9. 9. Digital Signature Act1997
  10. 10. “Security and commitment are key issues for commercial onlinetransactions, as the Internet is an open network prone to problems suchas identity, legal commitment, third party interference and manipulationof information.”- Malaysian Communication and Multimedia Commission (MCMC)Introduces and implements the usage of DigitalCertificate for Internet based commercialtransactions.In effect since 1st Oct 1998
  11. 11. Types of DigitalSignature
  12. 12. Certificate Authority (CA)RevokeSignedon 2008Basic SignatureTrust Status
  13. 13. Long-term Signature vs Basic SignatureLong-term signatureBasic signatureCertificate Status Info Timestamp101100110101…Hash encrypted with signerprivate key101100110101…Hash encrypted with signerprivate key
  14. 14. Why long-term signature isimportant?E.g. Bank Negara require records to be kept for 7 years.In the period of 7 years, long-term signature will definitely preservethe validity of signer.
  15. 15. How Does DigitalSignature BenefitsYour Business
  16. 16. Advanced Digital Signature Solution(ADSS)• Protecting information output– signing and timestamping, notarising and archiving services for e-invoicing, statements, acceptances, reports etc• Protecting inbound information– notarising/timestamping and archiving services for any received information forlarger organisations• Protecting internal document workflows– signing/approving documents or data to confirm a chain of approval (Server or Clientheld documents)• Confirming external transactions– Using intelligent web-forms that results in both end-user signing andcorporate counter signing– Allowing client documents and files to be signed + uploaded
  17. 17. ADSS - ServicesComprehensive e-business trust services• Digital Signature creation - Server-side & clientside• Digital Signature Verification Service• Certificate Validation - OCSP client and OCSPServer• Timestamp - TSA Server• Web-services Certificate Authority Services
  18. 18. Comprehensive integration options• Web-services and HTTP, HTTPS services• Auto File Processor (Watched Folder Mode)• Secure Email Server• Integration with business application thatrequires workflowADSS – Integration Option
  19. 19. ADSS – SupportedDocuments & SignaturePDF Documents- Basic signature (visible / invisible)- Certify signature- Sign & timestamp & Long-term signaturesXML Documents- XML DSig (XAdES ES)- Timestamps (XAdES ES-T)- Long-term signatures (XAdES X-Long)- Explicit Policy and Archive (-EPES, ES–A)PKCS#7 / CMS / SMIME- Basic signature (CAdES ES)- Timestamps (CAdES ES-T)- Long-term signatures (CAdES X-Long)- Explicit Policy and Archive (-EPES, ES–A)Historic VerificationOCSP Validation (immediate verify & long term sign)Time Stamp Authority (TSA) ServerSign Verify         -  info@ascertia.com   
  20. 20. ADSS – Signing Services
  21. 21. ADSS Client-side signingFirewallUserBusinessapplicationADSS InfrastructureServersFirewallSigning locally using local keysExternal CAsfor OCSP andCRL dataGo>Sign Professionalincludes PDF viewingand signingfunctionalityIt also enables DLP bycontrolling localsaving, local printingand screen copy.Signature Verificationusing trusted CA details
  22. 22. ADSS Client-side signing• Documents can be signed anytime, anywhere• A move from expensive paper based process to electronicdocument• DLP features included• Signed using locally held private key from a Trustable thirdparty• Protected under Digital Signature Act 1997EFFICIENTCUT COSTMANAGE RISK
  23. 23. ADSS Workflow Signing /VerificationSignVerifyTimestampReview/ApproveCountersignAuditVerifyWeb ApplicationReview/UploadReview/Approve1 2 3 4
  24. 24. ADSS Workflow Signing /Verification• Document can be signed immediately by multiple person who might notreside in the same office• Can be integrated with any business application – documentmanagement system• A move from expensive paper based process to electronic document• A single solution which offers multiple functions – signing, timestamping & verificationEFFICIENTCUT COSTMANAGE RISK• Signed using private keys from a trustable third party• Document’s integrity guaranteed with time stamping• Protected under Digital Signature Act 1997• Documents hashed using SHA-1 or SHA-2 with long key lengths
  25. 25. Auto File Processor (AFP) – File Signing &VerifyingAuto File ProcessorADSS ServerAuto File Processor is a separateClient Application that can:• Watch multiple input folders• Process documents intelligently• Use one or multiple load-balancedADSS Servers to sign documents• Manages each Signing Profile• Manages all signing keys• Performs signature generation• Logs all transactions• Provides detailed reportsOne ADSS Server can be used orfor high availability two load balancedADSS Servers can be usedFinal documents(to be signed) Signed documentsOutput FoldersInput Folders
  26. 26. Auto File Processor (AFP) – FileSigning & Verifying• Multiple documents can be signed with a click of a mouse• Signed documents are placed in a separate folders• A move from expensive paper based process to electronic document• Add new features to existing business applicationEFFICIENTCUT COSTMANAGE RISK• Signed using private keys from a trustable third party• Document’s integrity guaranteed with time stamping• Protected under Digital Signature Act 1997• All requests are securely logged
  27. 27. Internet1) ERP systemsends emailERPSystemRecipientSecure EmailServerADSSServer2) Requestsignature3) Signature4) Forwardemail5) Recipientreceivessigned emailSign emails that are sent or receivedSign email attachmentsSecure Email Server - signing email &attachments
  28. 28. • Emails & attachments can be signed and verified automatically• Preserves integrity• Filter selection policies to be configured that define the type of emailsto verify• A move from expensive paper based process to electronic document• Add new features to existing business applicationEFFICIENTCUT COSTMANAGE RISK• Sender & receiver clearly identified• Signed using private keys from a trustable third party• Protected under Digital Signature Act 1997• All requests are securely loggedSecure Email Server - signing email &attachments
  29. 29. • Provides multiple services– Reducing the number of individual products required• Provides a range of interfacing options– Easy integration with existing business workflows• Handles a number of document formats– Supporting business needs for PDF, XML and Files• Provides a range of signature formats– Comprehensive signing and verification services• Provides a single point of management & audit– Comprehensive event and transactional logging– Secure web-based management with role-based access controls– Simplifies operational activities, reduces management and training costs, reducesimplementation & system costsAdvanced Digital Signature Solution(ADSS)
  30. 30. ADSS - ReferencesFINANCIAL INSTITUTION• Deutsche Bundesbank and Banca d’Italia – To verify XML signaturesusing long term and archive signature for security & legal strentgh• LeasePlan, Belgium selected ADSS PDF Server to sign invoices and otherdocuments. Several thousand documents are signed each month usinglong-term PDF PAdES signatures.GOVERNMENT• The British Library, UK - Long-term evidencing for the BL online digitalmedia archive.• The National Communications Authority (ANACOM), Portugal - Usesdigital signatures for traceability, accountability and integrity to itsbusiness document workflows.
  31. 31. Thank you.

×