Complete, Standards-Based Turnkey Solution.
Any Business Process, Any Document, Record or Transaction for Desktops, Servers, and Cloud-Based Applications.
Marketplace and Quality Assurance Presentation - Vincent Chirchir
CoSign Digital Signatures: General Presentation
1. ARX | 855 Folsom St. Suite 939 San Francisco, CA | (415) 839 8161 | www.arx.com | sales@arx.com
CoSign ® Digital Signatures
Complete, Standards-Based Turnkey Solution
Any Business Process
Any Document, Record or Transaction
for Desktops, Servers, and Cloud-Based Applications
2. Applicability & Benefits SummaryApplicability & Benefits Summary
Life Sciences
(Pharma)
•R&D
•Clinical Development
•Regulatory Affairs
•Marketing & Sales
Healthcare •Patient consent forms,
•Clinical orders,
•Health records/reports,
•Prescriptions,
•Lab Reports,
•Doctor orders,
•Clinical evaluation
Medical Devices •Product design
•Work assessments
•Field servicing
•Manufacturing
•Marketing & Sales
Insurance,
Banking &
Finance
•Application processing
•Claims processing
•Loan approval processing
•Scans of hand written documents
•Client records/reports
•Over-the-Counter POS
Government •Statutory documentation/memoranda
•Local Authority processes
•Service Providers
Engineering &
Manufacturing
•CAD, Quality Assurance
•ECO (Engineering Change Orders)
•Manufacturing processes/Quality Control
•Marketing & Sales
Human
Resources
•Recruitment processing
•Performance reviews
•Employee records
•HR forms
•HR declarations
Compliance
» E-sign (Electronic Signature in Global and national Commerce Act)
» EU Directive for Electronic Signatures
» FDA's 21 CFR Part 11
» Health Insurance Portability and Accountability (HIPAA)
» EU VAT Directive
» Uniform Electronic Commerce Act (UECA)
» ISO
» FAA's CFR Title 14
» Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley)
» Sarbanes Oxley
» ESTI Archival Standards
Going Paperless
Expediting processes
Increased document security
Cost Reduction
Competitive Advantage
3. Cost BenefitsCost Benefits
$0.06$0.06 PrintingPrinting
0.250.25 ScanningScanning
0.420.42 ArchivingArchiving
3.983.98 RoutingRouting
1.801.80 Finding and replacing lost document (avg)Finding and replacing lost document (avg)
6.506.50
X 500X 500 Docs/Year signed by authorised signerDocs/Year signed by authorised signer
$3,250$3,250
Traditional Signatures (2 x documents per day/user)
CoSign Digital Signatures
Low TCO
Near-zero IT footprint
Payback in months
ROI: 1000% +
4. Business DriversBusiness Drivers
Considering the documents that are printed out as part of your formal
approval processes, what proportion would you say are printed for
the purpose of adding one or more signatures?
In 56% of
organizations,
more than half
of the printed
documents are
printed just to
add a signature.
On average
55% of all
process docs.
5. PKI (Public Key Infrastructure) standardPKI (Public Key Infrastructure) standard
Digital Signature (FIPS PUB 186) is the Standard that replaces slow, inefficient,
paper-based signatures for electronic documents/records/drawings/designs.
Digital “fingerprint” of a document + Digital Identity of a signer
Digital signature is unique to both document & signer
Digitally signed documents have legal effect and trust outside of the organization
Document Digital
Signature
Signed
Document
++
Document
Hash
Signer’s
Private Key
Signer’s ID
& Public Key
++
CoSign named "Strongest Digital Signature
Solution" by Forrester Research, April 2013
http://www.arx.com/about/PR/forrester-research
6. The importance of StandardsThe importance of Standards
Standard technology that provides:
Universally verifiable signatures & documents anytime/anywhere
Signed documents that have effect outside the system that created them
Technology that will outlive vendor & user
Prevents vendor lock (and vendor gridlock)
Technology that is well known, peer-reviewed and vetted:
Stanford (Diffie-Hellman)
MIT & Weizmann Institute (RSA)
Signature technology that is immune to forgery
Technology that is endorsed by:
Governments
Standards & Regulatory Bodies
Fortune 500 Corporations
EU DIRECTIVE ON
ELECTRONIC
SIGNATURES
7. Traditional PKITraditional PKI
PKIPKI
Smart CardsSmart Cards
SystemSystem
IntegratorIntegrator
ApplicationApplication
SupportSupport
CertificationCertification
AuthorityAuthority
AdminAdmin
Help DeskHelp Desk
User DirectoryUser Directory
8. Centralized ApproachCentralized Approach
Smart CardsSmart Cards
SystemSystem
IntegratorIntegrator
ApplicationApplication
SupportSupport
CertificationCertification
AuthorityAuthority
CoSignCoSign –– Digital Signatures Made SimpleDigital Signatures Made Simple
AdminAdmin
Help DeskHelp Desk
User DirectoryUser Directory
9. CoSign architectureCoSign architecture
Signature
sent back
to
application
Keys’ lifecycle in
sync with user
management
User may add graphical
signature to CoSign
End-Users
User
Directory
Login
auth.
Optional
auth. per
signature
Snap-In for
Microsoft
Management
Console (MMC)
Administrator
Desktop Apps
Docum
ent Hash
sent securely
(SSL/TSL)
10. CoSign architectureCoSign architecture
(SharePoint Server-side Signing)(SharePoint Server-side Signing)
Keys’ lifecycle in
sync with user
management
End-Users
User
Directory
Login
auth.
Optional
auth. per
signature
Snap-In for
Microsoft
Management
Console (MMC)
Administrator
SharePoint Server
Signature
sent back
to
application
Docum
ent Hash
sent securely
(SSL/TSL)
11. CoSign Web ApplicationCoSign Web Application
Signers
User Directory
(AD or LDAP)
IIS Server
Synchronize (Optional)
Authenticated
SSL/TLS Session
HTTP / HTTPS
No end-user software to install
Optimised for mobile/touch screens
Can sign local and cloud stored PDF’s
Automatically converts Word/Excel to
PDF
Deployable on standard MS IIS stack
Scalable, Enterprise Ready solution
12. Integration Options SummaryIntegration Options Summary
CoSign Client Desktop add-ins to Office, PDF, Outlook.
Supports any PKI-Aware application (AutoCAD, BlueBeam, etc)
CoSign Web
Application
.ASP application for client-less, browser based signing of local
or cloud stored documents. Supports both standard desktops
and mobile-touch interfaces.
SharePoint
plug-in
Office, PDF documents, SP Lists Items, InfoPath Forms.
Supports Nintex, K2, and natively developed workflows.
CoSign Signature
Web Agent
.ASP application for the “Signing Ceremony” including all web
UI components, ready for rapid integration with any web
application (using standard HTTP POST).
Supports both standard desktops and mobile-touch
interfaces.
CoSign 3rd
-Party
plug-ins
• OpenText Content Server
• Oracle WebCenter Content
• Siemens TeamCenter
• Alfresco
SAPI Low level API for Signing/Verifying PDF, Word, Excel, TIF, XML,
any data buffer
13. On-Site CoSign
Central Appliance
• Full Sync with Active Directory
• Single AD login
• Full integration options
• Once off purchase, +20% Annual Supp & Maint.
CoSign Cloud • User management through CoSign Cloud Admin
• All integration options (except SAPI)
• Subscription options:
Signer/Month
Signer/Year
Standard: CoSign Client / CoSign Express
Premium: + SharePoint Plug-in
Deployment Options SummaryDeployment Options Summary
14. TheThe CoSignCoSign AdvantageAdvantage
IT PerspectiveIT Perspective
Fit for the EnterpriseFit for the Enterprise
Secure Network Appliance
Easy, fast deployment
Synch with AD/LDAP/OID/NDS
Scalable to 10,000s, High Availability
Lowest TCO, Minimal footprintLowest TCO, Minimal footprint
No smartcards or tokens
Easy roll-out
No renewal costs
No need for helpdesk
Wide application supportWide application support
Plug-In’s for MS Office, PDF, content mgt systems
API, WebServices for very easy integration
Proven with many Doc Mgt and Workflow apps
Standards based TechnologyStandards based Technology
Accepted by Governments worldwide
Admissible in Court
Low risk, No vendor tie-in
User ExperienceUser Experience
Any application, any doc format
No smartcard/USB token
Simple, one-click signing
Multiple signatures
Graphical signatures
Single Sign-on
Mobility, device independence
Document Management and workflow
applications
Web-based applications
Signatures can be verified independently
High Usability + Simplicity =
Easy Adoption
Signed by:
Date:
Reason: I am approving this document
15. CoSign creates legally enforceable digital signatures in accordanceCoSign creates legally enforceable digital signatures in accordance
with:with:
EU Directive on Electronic Signatures 1999 (1999/93/EC, 2001/115/EC)
US Uniform Electronic Transactions Act (“UETA”) 1999 and US Electronic Signatures in
Global and National Commerce Act (ESIGN) 2000
Australia - Electronic Transaction Act 1999
All legislations modeled on UNCITAL (United Nations Commission on International Trade
Law
http://www.uncitral.org/uncitral/uncitral_texts/electronic_commerce/2001Model_signatures.html
Compliance with Legal/Regulatory RequirementsCompliance with Legal/Regulatory Requirements
US FDA's 21 CFR Part 11
US Health Insurance Portability and Accountability
Act (HIPAA)
US Sarbanes-Oxley Act (SOX)
US Department of Agriculture (USDA)
EU VAT Directive
SAFE BioPharma Association
» CoSign is FIPS 140-2 Level 3 validated:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-
1/140crt/140crt887.pdf
» CoSign is SAFE BioPharma certified:
http://www.arx.com/documents/SAFE.pdf
» For detailed analysis:
http://www.arx.com/documents/Digital-Signature-
Compliance-WhitePaper.php
The Cosign digital signature solution, when implemented with a properThe Cosign digital signature solution, when implemented with a proper
organizational policy, can comply with:organizational policy, can comply with:
16. The courts are concerned with:
Admissible evidence
Was a policy/procedure followed consistently in the execution of routine business?
Admissible evidence:
Attached to signed information
Uniquely linked to the signer
Capable of identifying the signer
Been created using means signer maintains under his/her control
Verifiable by anyone at anytime
Anyone at anytime should easily be able to detect changes to signed information
Organizational policy:
Digital signing should be part of a standard automated organizational policy/process
There should be a clear audit track
BestBest Practices for Digital Signature
Deployment
17. Q&AQ&A
Yuval PilavskyYuval Pilavsky
Business Development, Asia PacificBusiness Development, Asia Pacific
yuvalp@arx.com
+61 (0)2 8064 4475 (Sydney)
www.arx.com
Thank You.Thank You.